bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
912 commits 1 branch 0 tags 338 MiB
C 27.8%
Python 26.4%
Ruby 15.2%
Perl 8.3%
HTML 8.2%
Other 13.7%
Find a file
Offensive Security d06dff59f9 DB: 2016-07-26 
16 new exploits

Ubuntu Breezy 5.10 - Installer Password Disclosure
Ubuntu 5.10 - Installer Password Disclosure

BSD/x86 - setuid/portbind (TCP 31337) shellcode (94 bytes)
BSD/x86 - setuid/portbind 31337/TCP shellcode (94 bytes)
Linux/x86 - shellcode that forks a HTTP Server on port tcp/8800 (166 bytes)
Linux/x86 - listens for shellcode on tcp/5555 and jumps to it (83 bytes)
Linux/x86 - Forks a HTTP Server on port 8800/TCP shellcode (166 bytes)
Linux/x86 - Listens for shellcode on 5555/TCP and jumps to it (83 bytes)

Linux/x86 - Shellcode Polymorphic chmod(_/etc/shadow__666) (54 bytes)
Linux/x86 - Polymorphic chmod(_/etc/shadow__666) Shellcode (54 bytes)

Linux/x86 - Add root user _r00t_ with no password to /etc/passwd shellcode (69 bytes)
Linux/x86 - Add root user 'r00t' with no password to /etc/passwd shellcode (69 bytes)

Linux/x86 - SET_PORT() portbind 31337 tcp shellcode (100 bytes)
Linux/x86 - SET_PORT() portbind 31337/TCP shellcode (100 bytes)

Linux/x86 - Add User _xtz_ without Password to /etc/passwd shellcode (59 bytes)
Linux/x86 - Add User 'xtz' without Password to /etc/passwd shellcode (59 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp shellcode (80 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp + fork() shellcode (98 bytes)
Linux/x86 - Bind /bin/sh to 31337/TCP shellcode (80 bytes)
Linux/x86 - Bind /bin/sh to 31337/TCP + fork() shellcode (98 bytes)

Linux/x86 - connect-back shellcode 127.0.0.1:31337/tcp (74 bytes)
Linux/x86 - Connect-back shellcode 127.0.0.1:31337/TCP (74 bytes)

Linux/x86 - Add user _t00r_ encrypt shellcode (116 bytes)
Linux/x86 - Add user 't00r' encrypt shellcode (116 bytes)

Linux/x86 - Add user _t00r_ shellcode (82 bytes)
Linux/x86 - Add user 't00r' shellcode (82 bytes)

Linux/x86 - Add user _z_ shellcode (70 bytes)
Linux/x86 - Add User 'z' shellcode (70 bytes)

Solaris/x86 - portbind/tcp shellcode (Generator)
Solaris/x86 - portbind/TCP shellcode (Generator)

Linux/x86 - append _/etc/passwd_ & exit() shellcode (107 bytes)
Linux/x86 - append '/etc/passwd' & exit() shellcode (107 bytes)

Linux/x86 - sends _Phuck3d!_ to all terminals shellcode (60 bytes)
Linux/x86 - sends 'Phuck3d!' to all terminals shellcode (60 bytes)

Linux/x86 - change mode 0777 of _/etc/shadow_ with sys_chmod syscall shellcode (39 bytes)
Linux/x86 - change mode 0777 of '/etc/shadow' with sys_chmod syscall shellcode (39 bytes)

Linux/x86 - change mode 0777 of _/etc/passwd_ with sys_chmod syscall shellcode (39 bytes)
Linux/x86 - change mode 0777 of '/etc/passwd' with sys_chmod syscall shellcode (39 bytes)

Linux/ARM - Add root user _shell-storm_ with password _toor_ shellcode (151 bytes)
Linux/ARM - Add root user 'shell-storm' with password 'toor' shellcode (151 bytes)

OS-X/Intel - reverse_tcp shell x86_64 shellcode (131 bytes)
OS-X/Intel (x86_64) - reverse_tcp shell shellcode (131 bytes)

Linux/SuperH (sh4) - Add root user _shell-storm_ with password _toor_ shellcode (143 bytes)
Linux/SuperH (sh4) - Add root user 'shell-storm' with password 'toor' shellcode (143 bytes)

Linux/MIPS - Add user(UID 0) _rOOt_ with password _pwn3d_ shellcode (164 bytes)
Linux/MIPS - Add user(UID 0) 'rOOt' with password 'pwn3d' shellcode (164 bytes)

Linux/x86-64 - Bind TCP 4444 Port Shellcode (81 bytes / 96 bytes with password)
Linux/x86-64 - Bind 4444/TCP Port Shellcode (81 bytes / 96 bytes with password)

Linux/x86 - TCP Bind Shell 33333 Port Shellcode (96 bytes)
Linux/x86 - Bind Shell 33333/TCP Port Shellcode (96 bytes)

OS-X/x86-64 - tcp 4444 port bind Nullfree shellcode (144 bytes)
OS-X/x86-64 - 4444/TPC port bind Nullfree shellcode (144 bytes)
Linux/x86-64 - Bind TCP 4444 Port Shellcode (103 bytes)
Linux/x86-64 - TCP 4444 port Bindshell with Password Prompt shellcode (162 bytes)
Linux/x86-64 - Bind 4444/TCP Port Shellcode (103 bytes)
Linux/x86-64 - Bindshell 4444/TCP with Password Prompt shellcode (162 bytes)

Linux/x86-64 - Bind TCP Port 1472 shellcode (IPv6) (199 bytes)
Linux/x86-64 - Bind 1472/TCP shellcode (IPv6) (199 bytes)

Linux/x86 - TCP Bind Shell Port 4444 shellcode (656 bytes)
Linux/x86 - Bind Shell Port 4444/TCP shellcode (656 bytes)

Linux/x86 - TCP Bind Shell Port 4444 shellcode (98 bytes)
Linux/x86 - Bind Shell Port 4444/TCP shellcode (98 bytes)

Rapid7 AppSpider 6.12 - Local Privilege Escalation
Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Remote Command Execution (Metasploit)
Barracuda Spam & Virus Firewall 5.1.3.007 - Remote Command Execution (Metasploit)
MediaCoder 0.8.43.5852 - .m3u SEH Exploit
Drupal CODER Module 2.5 - Remote Command Execution (Metasploit)
CodoForum 3.2.1 - SQL Injection
CoolPlayer+ Portable 2.19.6 - .m3u Stack Overflow (Egghunter+ASLR bypass)
GRR Système de Gestion et de Réservations de Ressources 3.0.0-RC1 - Arbitrary File Upload
PHP gettext (gettext.php) 1.0.12 - Unauthenticated Code Execution
PHP 7.0.8_ 5.6.23 and 5.5.37 - bzread() Out-of-Bounds Write
Ubee EVW3226 Modem/Router 1.0.20 - Multiple Vulnerabilities
Technicolor TC7200 Modem/Router STD6.02.11 - Multiple Vulnerabilities
Hitron CGNV4 Modem/Router 4.3.9.9-SIP-UPC - Multiple Vulnerabilities
Compal CH7465LG-LC Modem/Router CH7465LG-NCIP-4.50.18.13-NOSH - Multiple Vulnerabilities
Bellini/Supercook Wi-Fi Yumi SC200 - Multiple Vulnerabilities
Micro Focus Filr 2 2.0.0.421_ Filr 1.2 1.2.0.846 - Multiple Vulnerabilities
2016-07-26 05:04:05 +00:00
platforms DB: 2016-07-26 2016-07-26 05:04:05 +00:00
files.csv DB: 2016-07-26 2016-07-26 05:04:05 +00:00
README.md searchsploit -u // Works better with Homebrew (add remote git repo) 2016-04-03 14:28:35 +01:00
searchsploit searchsploit -u // Works better with Homebrew (add remote git repo) 2016-04-03 14:28:35 +01:00

README.md

The Exploit-Database Git Repository

This is the official repository of The Exploit Database, a project sponsored by Offensive Security.

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.

This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.

Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms.

root@kali:~# searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]
Example:
  searchsploit afd windows local
  searchsploit -t oracle windows

=========
 Options
=========
   -c, --case      Perform a case-sensitive search (Default is inSEnsITiVe).
   -e, --exact     Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
   -h, --help      Show this help screen.
   -o, --overflow  Exploit title's are allowed to overflow their columns.
   -p, --path      Show the full path to an exploit (Copies path to clipboard if possible).
   -t, --title     Search just the exploit title (Default is title AND the file's path).
   -u, --update    Update exploit database from git.
   -w, --www       Show URLs to Exploit-DB.com rather than local path.
       --colour    Disable colour highlighting.
       --id        Display EDB-ID value rather than local path.

=======
 Notes
=======
 * Use any number of search terms.
 * Search terms are not case sensitive, and order is irrelevant.
   * Use '-c' if you wish to reduce results by case-sensitive searching.
   * And/Or '-e' if you wish to filter results by using an exact match.
 * Use '-t' to exclude the file's path to filter the search results.
   * Remove false positives (especially when searching numbers/major versions).
 * When updating from git or displaying help, search terms will be ignored.

root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
 Exploit Title                                                                   |  Path
                                                                                 | (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows 2003/XP - AFD.sys Privilege Escalation Exploit (K-plugin)      | ./windows/local/6757.txt
Microsoft Windows XP - AFD.sys Local Kernel DoS Exploit                          | ./windows/dos/17133.c
Microsoft Windows XP/2003 Afd.sys - Local Privilege Escalation Exploit (MS11-080)| ./windows/local/18176.py
Microsoft Windows - AfdJoinLeaf Privilege Escalation (MS11-080)                  | ./windows/local/21844.rb
Microsoft Windows - AFD.SYS Dangling Pointer Privilege Escalation (MS14-040)     | ./win32/local/39446.py
Microsoft Windows 7 x64 - AFD.SYS Privilege Escalation (MS14-040)                | ./win64/local/39525.py
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#