![]() 12 new exploits Microsoft Windows 2000 - RPC DCOM Interface Denial of Service Microsoft Windows Server 2000 - RPC DCOM Interface Denial of Service Microsoft Windows 2003/XP - Samba Share Resource Exhaustion Exploit Microsoft Windows Server 2003/XP - Samba Share Resource Exhaustion Exploit Microsoft Windows 2000/XP - TCP Connection Reset Remote Attack Tool Microsoft Windows Server 2000/XP - TCP Connection Reset Remote Attack Tool Microsoft Windows 2003/XP - Remote Denial of Service Microsoft Windows Server 2003/XP - Remote Denial of Service Microsoft Windows 2003/XP - IPv6 Remote Denial of Service Microsoft Windows Server 2003/XP - IPv6 Remote Denial of Service Microsoft Windows 2000 - UPNP (getdevicelist) Memory Leak Denial of Service Microsoft Windows Server 2000 - UPNP (getdevicelist) Memory Leak Denial of Service Microsoft Windows 2003 - '.EOT' Blue Screen of Death Crash Microsoft Windows Server 2003 - '.EOT' Blue Screen of Death Crash Microsoft Windows 2000 < 2008 - Embedded OpenType Font Engine Remote Code Execution (MS09-065) (Metasploit) Microsoft Windows Server 2000 < 2008 - Embedded OpenType Font Engine Remote Code Execution (MS09-065) (Metasploit) Microsoft Windows 7/2008R2 - SMB Client Trans2 Stack Overflow (MS10-020) (PoC) Microsoft Windows 7/2008 R2 - SMB Client Trans2 Stack Overflow (MS10-020) (PoC) Microsoft Windows 2000/XP/2003 - 'win32k.sys' SfnLOGONNOTIFY Local kernel Denial of Service Microsoft Windows 2000/XP/2003 - 'win32k.sys' SfnINSTRING Local kernel Denial of Service Microsoft Windows Server 2000/2003/XP - 'win32k.sys' SfnLOGONNOTIFY Local kernel Denial of Service Microsoft Windows Server 2000/2003/XP - 'win32k.sys' SfnINSTRING Local kernel Denial of Service Microsoft Windows 2003 - AD Unauthenticated BROWSER ELECTION Remote Heap Overflow Microsoft Windows Server 2003 - AD Unauthenticated BROWSER ELECTION Remote Heap Overflow Microsoft Windows 2000/95/98/ME/NT 3.5.x/Enterprise Server 4.0/Terminal Server 4.0/Workstation 4.0 Microsoft DoS Device Name - Denial of Service Microsoft Windows Server 2000/95/98/ME/NT 3.5.x/Enterprise Server 4.0/Terminal Server 4.0/Workstation 4.0 Microsoft DoS Device Name - Denial of Service NT 4.0 / Windows 2000 - TCP/IP Printing Service Denial of Service Microsoft Windows Server 2000/NT 4.0 - TCP/IP Printing Service Denial of Service Microsoft Windows 2000 - Telnet Server Denial of Service Microsoft Windows Server 2000 - Telnet Server Denial of Service Microsoft Windows 2000 - Telnet 'Username' Denial of Service Microsoft Windows Server 2000 - Telnet 'Username' Denial of Service Microsoft Windows 2000 - RunAs Service Denial of Service Microsoft Windows Server 2000 - RunAs Service Denial of Service Microsoft Windows 2000/NT - Terminal Server Service RDP Denial of Service Microsoft Windows Server 2000/NT - Terminal Server Service RDP Denial of Service Microsoft Windows 2000/XP - GDI Denial of Service Microsoft Windows Server 2000/XP - GDI Denial of Service Microsoft Windows 2000 - Internet Key Exchange Denial of Service (1) Microsoft Windows 2000 - Internet Key Exchange Denial of Service (2) Microsoft Windows Server 2000 - Internet Key Exchange Denial of Service (1) Microsoft Windows Server 2000 - Internet Key Exchange Denial of Service (2) Microsoft Windows 2000/NT 4 - TCP Stack Denial of Service (1) Microsoft Windows 2000/NT 4 - TCP Stack Denial of Service (2) Microsoft Windows Server 2000/NT 4 - TCP Stack Denial of Service (1) Microsoft Windows Server 2000/NT 4 - TCP Stack Denial of Service (2) Microsoft Windows 2000 - Lanman Denial of Service (1) Microsoft Windows 2000 - Lanman Denial of Service (2) Microsoft Windows Server 2000 - Lanman Denial of Service (1) Microsoft Windows Server 2000 - Lanman Denial of Service (2) Microsoft Windows 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (1) Microsoft Windows 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (2) Microsoft Windows Server 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (1) Microsoft Windows Server 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (2) Microsoft Windows 2000/2003/XP - Graphical Device Interface Library Denial of Service Microsoft Windows Server 2000/2003/XP - Graphical Device Interface Library Denial of Service Microsoft Windows 2000/XP - Internet Protocol Validation Remote Code Execution (1) Microsoft Windows Server 2000/XP - Internet Protocol Validation Remote Code Execution (1) Microsoft Windows 2000/2003/XP - MSDTC TIP Denial of Service (MS05-051) Microsoft Windows Server 2000/2003/XP - MSDTC TIP Denial of Service (MS05-051) Microsoft Windows 2000/2003/XP - CreateRemoteThread Local Denial of Service Microsoft Windows Server 2000/2003/XP - CreateRemoteThread Local Denial of Service Microsoft Windows 2000/XP - Registry Access Local Denial of Service Microsoft Windows Server 2000/XP - Registry Access Local Denial of Service Microsoft Windows 2000 - Multiple COM Object Instantiation Code Execution Vulnerabilities Microsoft Windows Server 2000 - Multiple COM Object Instantiation Code Execution Vulnerabilities Microsoft Windows XP/2003 - Explorer .WMF File Handling Denial of Service Microsoft Windows Server 2003/XP - Explorer .WMF File Handling Denial of Service Microsoft Windows 2003/Vista - 'UnhookWindowsHookEx' Local Denial of Service Microsoft Windows Server 2003/Vista - 'UnhookWindowsHookEx' Local Denial of Service Microsoft Windows 10 - SMBv3 Tree Connect (PoC) Google Android - 'rkp_set_init_page_ro' RKP Memory Corruption Microsoft Windows 2003 - Token Kidnapping Local Exploit (PoC) Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) Microsoft Windows Server 2003 - Token Kidnapping Local Exploit (PoC) Microsoft Windows Server 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) Microsoft Windows NT/2000/XP/2003/Vista/2008/7 - User Mode to Ring Escalation (KiTrap0D) (MS10-015) Microsoft Windows NT/2000/2003/2008/XP/Vista/7 - User Mode to Ring Escalation (KiTrap0D) (MS10-015) Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) Microsoft Windows Server 2003/XP - 'afd.sys' Privilege Escalation (MS11-080) Microsoft Windows 2000/95/98/NT 4.0 - Long Filename Extension Microsoft Windows Server 2000/95/98/NT 4.0 - Long Filename Extension Microsoft Windows 2000 - Named Pipes Predictability Microsoft Windows Server 2000 - Named Pipes Predictability Microsoft Windows 2000 - Still Image Service Privilege Escalation Microsoft Windows Server 2000 - Still Image Service Privilege Escalation Microsoft Windows 2000/NT 4 - DLL Search Path Microsoft Windows Server 2000/NT 4 - DLL Search Path Microsoft Windows 2000 - Debug Registers Microsoft Windows Server 2000 - Debug Registers Microsoft Windows 2000 - RunAs Service Named Pipe Hijacking Microsoft Windows Server 2000 - RunAs Service Named Pipe Hijacking Microsoft Windows 2000/NT 4 - NTFS File Hiding Microsoft Windows Server 2000/NT 4 - NTFS File Hiding Microsoft Windows 2000 / NT 4.0 - Process Handle Local Privilege Elevation Microsoft Windows Server 2000/NT 4.0 - Process Handle Local Privilege Elevation Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (1) Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (2) Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (3) Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (4) Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (5) Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (6) Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (7) Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (8) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (1) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (2) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (3) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (4) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (5) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (6) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (7) Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (8) Microsoft Windows 2000/XP/NT 4 - NetDDE Privilege Escalation (1) Microsoft Windows 2000/XP/NT 4 - NetDDE Privilege Escalation (2) Microsoft Windows Server 2000/NT 4/XP - NetDDE Privilege Escalation (1) Microsoft Windows Server 2000/NT 4/XP - NetDDE Privilege Escalation (2) Microsoft Windows 2000 - Help Facility .CNT File :Link Buffer Overflow Microsoft Windows Server 2000 - Help Facility .CNT File :Link Buffer Overflow Microsoft Windows 2000 - RegEdit.exe Registry Key Value Buffer Overflow Microsoft Windows Server 2000 - RegEdit.exe Registry Key Value Buffer Overflow Microsoft Windows 2000 - CreateFile API Named Pipe Privilege Escalation (1) Microsoft Windows 2000 - CreateFile API Named Pipe Privilege Escalation (2) Microsoft Windows Server 2000 - CreateFile API Named Pipe Privilege Escalation (1) Microsoft Windows Server 2000 - CreateFile API Named Pipe Privilege Escalation (2) Microsoft Windows 2000/NT 4 - Local Descriptor Table Privilege Escalation (MS04-011) Microsoft Windows Server 2000/NT 4 - Local Descriptor Table Privilege Escalation (MS04-011) Microsoft Windows 2000/NT 4 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020) Microsoft Windows Server 2000/NT 4 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020) Microsoft Windows NT/2000/XP/2003/Vista/2008/7/8 - Local Ring Exploit (EPATHOBJ) Microsoft Windows NT/2000/2003/2008/XP/Vista/7/8 - Local Ring Exploit (EPATHOBJ) Microsoft Windows 2000/2003/XP - Keyboard Event Privilege Escalation Microsoft Windows Server 2000/2003/XP - Keyboard Event Privilege Escalation Microsoft Windows 2003/XP - ReadDirectoryChangesW Information Disclosure Microsoft Windows Server 2003/XP - ReadDirectoryChangesW Information Disclosure Microsoft Windows XP/2003/Vista/2008 - WMI Service Isolation Privilege Escalation Microsoft Windows XP/2003 - RPCSS Service Isolation Privilege Escalation Microsoft Windows Server 2003/2008/XP/Vista - WMI Service Isolation Privilege Escalation Microsoft Windows Server 2003/XP - RPCSS Service Isolation Privilege Escalation Microsoft Windows 2000/XP/2003 - Desktop Wall Paper System Parameter Privilege Escalation Microsoft Windows Server 2000/2003/XP - Desktop Wall Paper System Parameter Privilege Escalation Microsoft Windows 2000/XP/2003/Vista - Double-Free Memory Corruption Privilege Escalation Microsoft Windows Server 2000/2003/XP/Vista - Double-Free Memory Corruption Privilege Escalation Ghostscript 9.20 - 'Filename' Command Execution Microsoft Windows 2000 - RSVP Server Authority Hijacking (PoC) Microsoft Windows Server 2000 - RSVP Server Authority Hijacking (PoC) Microsoft Windows 2000/XP - RPC Remote (Non Exec Memory) Exploit Microsoft Windows Server 2000/XP - RPC Remote (Non Exec Memory) Exploit Microsoft Windows 2000 SP1/SP2 - isapi .printer Extension Overflow (1) Microsoft Windows 2000 SP1/SP2 - isapi .printer Extension Overflow (2) Microsoft Windows Server 2000 SP1/SP2 - isapi .printer Extension Overflow (1) Microsoft Windows Server 2000 SP1/SP2 - isapi .printer Extension Overflow (2) Microsoft Windows 2000 - WINS Remote Code Execution Microsoft Windows Server 2000 - WINS Remote Code Execution Microsoft Windows XP/2003 - Metafile Escape() Code Execution (Metasploit) Microsoft Windows Server 2003/XP - Metafile Escape() Code Execution (Metasploit) WarFTP 1.65 (Windows 2000 SP4) - (USER) Remote Buffer Overflow (Python) WarFTP 1.65 (Windows 2000 SP4) - (USER) Remote Buffer Overflow (Perl) WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow (Python) WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow (Perl) Microsoft Windows 2000 SP4 - DNS RPC Remote Buffer Overflow Microsoft Windows Server 2000 SP4 - DNS RPC Remote Buffer Overflow Microsoft IIS 5.0/6.0 FTP Server - Remote Stack Overflow (Windows 2000) Microsoft IIS 5.0/6.0 FTP Server (Windows 2000) - Remote Stack Overflow Microsoft Windows XP/2003/Vista - Metafile Escape() SetAbortProc Code Execution (MS06-001) (Metasploit) Microsoft Windows Server 2003/XP/Vista - Metafile Escape() SetAbortProc Code Execution (MS06-001) (Metasploit) Microsoft Internet Explorer 5 (Windows 2000/95/98/NT 4) - XML HTTP Redirect Microsoft Internet Explorer 5 (Windows 95/98/2000/NT 4) - XML HTTP Redirect Microsoft Index Server 2.0 / Indexing Services (Windows 2000) - Directory Traversal Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - Directory Traversal Cat Soft Serv-U FTP Server 2.5/a/b (Windows 2000/95/98/NT 4.0) - Shortcut Exploit Cat Soft Serv-U FTP Server 2.5/a/b (Windows 95/98/2000/NT 4.0) - Shortcut Exploit Microsoft Windows 2000 - Remote CPU-overload Microsoft Windows Server 2000 - Remote CPU-overload Microsoft Windows 2000 - telnet.exe NTLM Authentication Microsoft Windows Server 2000 - telnet.exe NTLM Authentication Microsoft Indexing Services (Windows 2000/NT 4.0) - '.htw' Cross-Site Scripting Microsoft Indexing Service (Windows 2000/NT 4.0) - '.htw' Cross-Site Scripting Microsoft Indexing Services (Windows 2000) - File Verification Microsoft Indexing Service (Windows 2000) - File Verification SurfControl SuperScout WebFilter for windows 2000 - File Disclosure SurfControl SuperScout WebFilter for windows 2000 - SQL Injection Microsoft Windows 2000/XP/NT 4 - Help Facility ActiveX Control Buffer Overflow SurfControl SuperScout WebFilter for Windows 2000 - File Disclosure SurfControl SuperScout WebFilter for Windows 2000 - SQL Injection Microsoft Windows Server 2000/NT 4/XP - Help Facility ActiveX Control Buffer Overflow Microsoft Windows 2000 - Active Directory Remote Stack Overflow Microsoft Windows Server 2000 - Active Directory Remote Stack Overflow Microsoft Windows 2000/NT 4 Media Services - 'nsiislog.dll' Remote Buffer Overflow Microsoft Windows Server 2000/NT 4 Media Services - 'nsiislog.dll' Remote Buffer Overflow Microsoft Windows 2000 - Subnet Bandwidth Manager RSVP Server Authority Hijacking Microsoft Windows Server 2000 - Subnet Bandwidth Manager RSVP Server Authority Hijacking Microsoft Windows 2000/2003/XP - winhlp32 Phrase Integer Overflow Microsoft Windows 2000/2003/XP - winhlp32 Phrase Heap Overflow Microsoft Windows Server 2000/2003/XP - winhlp32 Phrase Integer Overflow Microsoft Windows Server 2000/2003/XP - winhlp32 Phrase Heap Overflow Microsoft Windows 2000/XP - Internet Protocol Validation Remote Code Execution (2) Microsoft Windows Server 2000/XP - Internet Protocol Validation Remote Code Execution (2) Microsoft Windows 2000/2003 - Recursive DNS Spoofing (1) Microsoft Windows 2000/2003 - Recursive DNS Spoofing (2) Microsoft Windows Server 2000/2003 - Recursive DNS Spoofing (1) Microsoft Windows Server 2000/2003 - Recursive DNS Spoofing (2) Linux - Multi/Dual mode Reverse Shell Shellcode (129 bytes) Travel Portal Script 9.33 - SQL Injection Movie Portal Script 7.35 - SQL Injection Itech Travel Portal Script 9.33 - SQL Injection Itech Movie Portal Script 7.35 - SQL Injection Auction Script 6.49 - SQL Injection Itech Auction Script 6.49 - 'mcid' Parameter SQL Injection Itech News Portal Script 6.28 - SQL Injection Itech News Portal Script 6.28 - 'inf' Parameter SQL Injection Video Sharing Script 4.94 - SQL Injection Itech Video Sharing Script 4.94 - 'v' Parameter SQL Injection Itech Classifieds Script 7.27 - 'pid' Parameter SQL Injection Itech Classifieds Script 7.27 - SQL Injection Video Sharing Script 4.94 - 'uid' Parameter SQL Injection Itech Video Sharing Script 4.94 - SQL Injection WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Python) WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Ruby) Itech Travel Portal Script 9.35 - SQL Injection Property Listing Script - 'propid' Parameter Blind SQL Injection Itech Inventory Management Software 3.77 - SQL Injection Itech Movie Portal Script 7.37 - SQL Injection Itech News Portal Script 6.28 - 'sc' Parameter SQL Injection Itech Auction Script 6.49 - 'pid' Parameter SQL Injection |
||
---|---|---|
platforms | ||
files.csv | ||
README.md | ||
searchsploit |
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | ./windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | ./windows/local/40564.c
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash
, sed
, grep
, awk
, etc.) for the core features to work. The self updating function will require git
, and the Nmap XML option to work, will require xmllint
(found in the libxml2-utils
package in Debian-based systems).