what you don't know can hurt you
Showing 1 - 25 of 46 RSS Feed

Files from Osanda Malith

Email addressOsandaJayathissa at gmail.com
First Active2013-12-21
Last Active2019-05-12
Windows 7 / 8 LSASS Process Dump Shellcode
Posted May 12, 2019
Authored by Osanda Malith

Windows 7 and 8 LSASS process dumping shellcode for x86_64.

tags | shellcode
systems | windows, 7
MD5 | 6ea474b6dc51324c55fff0a04700b797
Windows 10 / Server 2019 LSASS Process Dump Shellcode
Posted May 12, 2019
Authored by Osanda Malith

Windows 10 and Windows Server 2019 LSASS process dumping shellcode for x86_64.

tags | shellcode
systems | windows
MD5 | 27558db0ca06e1d38e522c2d9cd968fc
EE 4GEE Mini Local Privilege Escalation
Posted Sep 25, 2018
Authored by Osanda Malith

EE 4GEE Mini suffers from a unquoted service path local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2018-14327
MD5 | d71768f1287eb098635fd936af125dfb
MySQL UDF Exploitation
Posted Feb 17, 2018
Authored by Osanda Malith

Whitepaper called MySQL UDF Exploitation.

tags | paper
MD5 | 274e9471a6448b9f3cf177b0869dd261
CMS Made Simple 2.1.6 Code Execution / Cross Site Scripting
Posted May 12, 2017
Authored by Osanda Malith

CMS Made Simple version 2.1.6 suffers from code execution and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss
MD5 | fe8ae1a4ea67237579bd325e4d507415
89 Bytes Position Independent Shellcode
Posted Mar 29, 2017
Authored by Osanda Malith

89 bytes small WinExec position independent calc shellcode.

tags | shellcode
MD5 | b2f1fda802d38a1e9b3f08d5089722e8
CreateFile Shellcode
Posted Mar 20, 2017
Authored by Osanda Malith

This shellcode uses CreateFile and tries to read a non existing network path. You can use tools such as Responder to capture NetNTLM hashes. The shellcode can be modified to steal hashes over internet. SMBRelay attacks can also be performed.

tags | shellcode
MD5 | e53e653c870322fe99dc73d75e082b05
Extracting Data From UPDATE And INSERT
Posted Feb 4, 2017
Authored by Osanda Malith

The traditional in-band method in INSERT, UPDATE injections would be by fixing the query. For example in INSERT statements one can simply fix the query, comment out the rest and extract the data once it is echoed out by the application. Same goes with the UPDATE statement, but only if the query has more than one column we can fix the query. What if we face a situation where UPDATE or INSERT has one column or simply we don’t know the exact query to fix? What if mysql_error() is not echoed out? This paper discusses how this works in-depth.

tags | paper
MD5 | b7f93b900e475675844e4bcace0d312d
MySQL OOB Hacking
Posted Jan 29, 2017
Authored by Osanda Malith

This is a paper that discussing MySQL OOB hacking techniques under Windows.

tags | paper
systems | windows
MD5 | f927be9e4e0c76f1ea9267c22544c206
Alternative For Information_Schema.Tables In MySQL
Posted Jan 29, 2017
Authored by Osanda Malith

Brief paper discussing an alternative technique to use instead of 'information_schema.tables' when extracting table names in SQL injections.

tags | paper, sql injection
MD5 | 8e6048a99360f0516cf7cb6a2eae3e08
D-Link DIR-615 Open Redirection / Cross Site Scripting
Posted Jan 13, 2017
Authored by Osanda Malith

D-Link DIR-615 suffers from cross site scripting and open redirection vulnerabilities. Hardware version E3 with firmware version 5.10 is affected.

tags | exploit, vulnerability, xss
MD5 | bbfaa1463e868d5175d7ec50ef497376
MySQL Procedure Analyse Denial Of Service
Posted May 28, 2016
Authored by Osanda Malith

MySQL Procedure Analyse denial of service exploit that affects versions up to 5.5.45.

tags | exploit, denial of service
advisories | CVE-2015-4870
MD5 | 1a85e20529f00c83a924fa4025add3b4
MySQL Error Based SQL Injection Using EXP
Posted Aug 22, 2015
Authored by Osanda Malith

This paper discusses an overflow in the DOUBLE data type in MySQL.

tags | paper, overflow
MD5 | 6719c22c4e76623f9156b543969a0c83
BIGINT Overflow Error Based SQL Injection
Posted Aug 5, 2015
Authored by Osanda Malith

This whitepaper deep dives into using BIGINT overflow errors in MySQL in order to extract data upon injection.

tags | paper, overflow, sql injection
MD5 | 6b07eab8ef3d32101a729a41d8d83e52
GNS3 1.2.3 DLL Hijacking
Posted May 2, 2015
Authored by Osanda Malith

GNS3 version 1.2.3 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
advisories | CVE-2015-2667
MD5 | 4a4f601198814a9c67a2d5154912731e
PROLiNK H5004NK Cross Site Request Forgery
Posted Apr 21, 2015
Authored by Osanda Malith

PROLiNK H5004NK suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | 99d988f46dbb1689e7b5a349ea496173
79 Bytes Add Mapping /etc/hosts
Posted Mar 2, 2015
Authored by Osanda Malith

79 bytes small shellcode for armv6l that adds a mapping in /etc/hosts.

tags | shellcode
MD5 | ffb92e150f52393601489605eb64f490
Exif Pilot 4.7.2 Buffer Overflow
Posted Jan 21, 2015
Authored by Osanda Malith

Exif Pilot version 4.7.2 SEH-based buffer overflow exploit.

tags | exploit, overflow
MD5 | 3d0bd0dd5cd32cf14c0979fb26e04e3f
Sim Editor 6.6 Buffer Overflow
Posted Jan 16, 2015
Authored by Osanda Malith

Sim Editor version 6.6 stack-based buffer overflow exploit.

tags | exploit, overflow
advisories | CVE-2015-1171
MD5 | 9f387336173b3416ae4cf4c02298ab1d
Google.lk Mapping Addition To /etc/hosts Shellcode
Posted Oct 29, 2014
Authored by Osanda Malith

110 byte shellcode that adds an entry for google.lk to /etc/hosts.

tags | shellcode
MD5 | 85e4f105321ffc287c48abd2f572fa33
ESTsoft ALUpdate 8.5.1.0.0 Privilege Escalation
Posted Oct 28, 2014
Authored by Osanda Malith

ESTsoft ALUpdate version 8.5.1.0.0 suffers from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2014-8494
MD5 | 1ffa37aae8784b3305279987120f2b25
Huawei Mobile Partner DLL Hijacking
Posted Oct 21, 2014
Authored by Osanda Malith

Huawei Mobile Partner suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
advisories | CVE-2014-8358, CVE-2014-8359
MD5 | 08089a4db7b02aeef254f63cc26e0353
Hamster Free ZIP Archiver 2.0.1.7 DLL Hijacking
Posted Oct 16, 2014
Authored by Osanda Malith

Hamster Free ZIP Archiver version 2.0.1.7 DLL hijacking exploit.

tags | exploit
systems | windows
advisories | CVE-2014-0619
MD5 | 5346a73a621064512191f1f9d1e7de52
Moodle 2.7 Cross Site Scripting
Posted Jul 25, 2014
Authored by Osanda Malith

Moodle version 2.7 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-3544
MD5 | a076640d243f0a4e976fa846da42ddae
Concrete 5.6.2.1 REFERER Cross Site Scripting
Posted Jul 16, 2014
Authored by Osanda Malith

Concrete version 5.6.2.1 suffers from a REFERER header-based cross site scripting vulnerability.

tags | exploit, xss
MD5 | fd75a5bd594fc578e865d97e017b1acd
Page 1 of 2
Back12Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    19 Files
  • 28
    Oct 28th
    29 Files
  • 29
    Oct 29th
    13 Files
  • 30
    Oct 30th
    8 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close