what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 46 RSS Feed

Files from Osanda Malith

Email addressOsandaJayathissa at gmail.com
First Active2013-12-21
Last Active2019-05-12
Windows 7 / 8 LSASS Process Dump Shellcode
Posted May 12, 2019
Authored by Osanda Malith

Windows 7 and 8 LSASS process dumping shellcode for x86_64.

tags | shellcode
systems | windows
SHA-256 | 41b5bde446f3043a2efedae4355ae03bcae36187bd0a4e190e8e57e8f1deccfd
Windows 10 / Server 2019 LSASS Process Dump Shellcode
Posted May 12, 2019
Authored by Osanda Malith

Windows 10 and Windows Server 2019 LSASS process dumping shellcode for x86_64.

tags | shellcode
systems | windows
SHA-256 | 1777d6af23b3ee7baf94df617caec3220389b8eadd263c5188ed616a60099b85
EE 4GEE Mini Local Privilege Escalation
Posted Sep 25, 2018
Authored by Osanda Malith

EE 4GEE Mini suffers from a unquoted service path local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2018-14327
SHA-256 | c1b7aa39cbec823fe71e2b733e4df2dac3df5252f2e6af9a8594b06b5823418f
MySQL UDF Exploitation
Posted Feb 17, 2018
Authored by Osanda Malith

Whitepaper called MySQL UDF Exploitation.

tags | paper
SHA-256 | e3f1baa170d27afb7c63c85824246d5dacb72df1f9b55d3c574624348aab3380
CMS Made Simple 2.1.6 Code Execution / Cross Site Scripting
Posted May 12, 2017
Authored by Osanda Malith

CMS Made Simple version 2.1.6 suffers from code execution and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss
SHA-256 | 30eaff6ebd04dc3917930b8ae8e436030b22b272cc193fab53f323c5fec4f76c
89 Bytes Position Independent Shellcode
Posted Mar 29, 2017
Authored by Osanda Malith

89 bytes small WinExec position independent calc shellcode.

tags | shellcode
SHA-256 | e51e0f27d14fd2d6eb13fde09bc881228c8126c446a729735ae078f6e2a7548a
CreateFile Shellcode
Posted Mar 20, 2017
Authored by Osanda Malith

This shellcode uses CreateFile and tries to read a non existing network path. You can use tools such as Responder to capture NetNTLM hashes. The shellcode can be modified to steal hashes over internet. SMBRelay attacks can also be performed.

tags | shellcode
SHA-256 | 2491b63c867c622c3989731692259fbf0c1e25e9f5dc567cec8b45443580d9f2
Extracting Data From UPDATE And INSERT
Posted Feb 4, 2017
Authored by Osanda Malith

The traditional in-band method in INSERT, UPDATE injections would be by fixing the query. For example in INSERT statements one can simply fix the query, comment out the rest and extract the data once it is echoed out by the application. Same goes with the UPDATE statement, but only if the query has more than one column we can fix the query. What if we face a situation where UPDATE or INSERT has one column or simply we don’t know the exact query to fix? What if mysql_error() is not echoed out? This paper discusses how this works in-depth.

tags | paper
SHA-256 | e7e9068d43e4f86618c09b4979313f1ccd2c4a3b121b0a980a5ccc8d648fc1c0
MySQL OOB Hacking
Posted Jan 29, 2017
Authored by Osanda Malith

This is a paper that discussing MySQL OOB hacking techniques under Windows.

tags | paper
systems | windows
SHA-256 | 2247188880eb740f7ce4589272459ef60a338fc40904dccee82018aa011cdc78
Alternative For Information_Schema.Tables In MySQL
Posted Jan 29, 2017
Authored by Osanda Malith

Brief paper discussing an alternative technique to use instead of 'information_schema.tables' when extracting table names in SQL injections.

tags | paper, sql injection
SHA-256 | 8006a7c0f0af2402a7ed534eb5b6b5a2613ea2701de03a1ce153a9ff29ed3eab
D-Link DIR-615 Open Redirection / Cross Site Scripting
Posted Jan 13, 2017
Authored by Osanda Malith

D-Link DIR-615 suffers from cross site scripting and open redirection vulnerabilities. Hardware version E3 with firmware version 5.10 is affected.

tags | exploit, vulnerability, xss
SHA-256 | a064b4156c0da33a3966fee4dfb137fa8926b8e38df505f768ebfd0be0ab208a
MySQL Procedure Analyse Denial Of Service
Posted May 28, 2016
Authored by Osanda Malith

MySQL Procedure Analyse denial of service exploit that affects versions up to 5.5.45.

tags | exploit, denial of service
advisories | CVE-2015-4870
SHA-256 | d572109b0189ecd815c569ad47520780444acf35842b036897634bb7c97017fb
MySQL Error Based SQL Injection Using EXP
Posted Aug 22, 2015
Authored by Osanda Malith

This paper discusses an overflow in the DOUBLE data type in MySQL.

tags | paper, overflow
SHA-256 | 994da41348fedec81430a33635725f5ef5bf21eaded32a286053dfd2938cf982
BIGINT Overflow Error Based SQL Injection
Posted Aug 5, 2015
Authored by Osanda Malith

This whitepaper deep dives into using BIGINT overflow errors in MySQL in order to extract data upon injection.

tags | paper, overflow, sql injection
SHA-256 | e8fbee2a079d4d4558ea961db0b57f97cb03c62856ccc42dab34844750c3ec48
GNS3 1.2.3 DLL Hijacking
Posted May 2, 2015
Authored by Osanda Malith

GNS3 version 1.2.3 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
advisories | CVE-2015-2667
SHA-256 | 3327679db8b0169f95b0e2c95d2cbace0ec6da60ad331bd34a0afda21ff93630
PROLiNK H5004NK Cross Site Request Forgery
Posted Apr 21, 2015
Authored by Osanda Malith

PROLiNK H5004NK suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | b210515168778f66be7b43848af94d8ab68b509ccefdebb2e6027e6451d59008
79 Bytes Add Mapping /etc/hosts
Posted Mar 2, 2015
Authored by Osanda Malith

79 bytes small shellcode for armv6l that adds a mapping in /etc/hosts.

tags | shellcode
SHA-256 | 318b8a39ccbe95150914624284fab185bb8e44b9b248cd2b89f8701e7946d1e9
Exif Pilot 4.7.2 Buffer Overflow
Posted Jan 21, 2015
Authored by Osanda Malith

Exif Pilot version 4.7.2 SEH-based buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 5117c0bf1833397b5724a6e62d92a06d4545cab17646d109905ba7c4d8ebbd49
Sim Editor 6.6 Buffer Overflow
Posted Jan 16, 2015
Authored by Osanda Malith

Sim Editor version 6.6 stack-based buffer overflow exploit.

tags | exploit, overflow
advisories | CVE-2015-1171
SHA-256 | 0f061824fc59baa0d38bfd9364ff194c26e0a2185d52c693740a5897afacaa48
Google.lk Mapping Addition To /etc/hosts Shellcode
Posted Oct 29, 2014
Authored by Osanda Malith

110 byte shellcode that adds an entry for google.lk to /etc/hosts.

tags | shellcode
SHA-256 | 2a29f118b2f3d44252f36a47223954660e1741b17e76194ef86d6c3da1d82e4d
ESTsoft ALUpdate 8.5.1.0.0 Privilege Escalation
Posted Oct 28, 2014
Authored by Osanda Malith

ESTsoft ALUpdate version 8.5.1.0.0 suffers from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2014-8494
SHA-256 | 2ac6441238ee7b081bebbe85cb5cc78a62c50c26bd6433f839deaadbcc8214cd
Huawei Mobile Partner DLL Hijacking
Posted Oct 21, 2014
Authored by Osanda Malith

Huawei Mobile Partner suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
advisories | CVE-2014-8358, CVE-2014-8359
SHA-256 | 913927cdd94e02084afad32b696a3ca202f8c09234d1c117b3a97dac19da2ff7
Hamster Free ZIP Archiver 2.0.1.7 DLL Hijacking
Posted Oct 16, 2014
Authored by Osanda Malith

Hamster Free ZIP Archiver version 2.0.1.7 DLL hijacking exploit.

tags | exploit
systems | windows
advisories | CVE-2014-0619
SHA-256 | d5d2c6500d69eeeed43f4f03d733064412af5cb611b1560b1a19e273f16d028a
Moodle 2.7 Cross Site Scripting
Posted Jul 25, 2014
Authored by Osanda Malith

Moodle version 2.7 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-3544
SHA-256 | 959eea10516335cfd227b085fe290db6e24c09b51b65eae621a5fba7876d90e6
Concrete 5.6.2.1 REFERER Cross Site Scripting
Posted Jul 16, 2014
Authored by Osanda Malith

Concrete version 5.6.2.1 suffers from a REFERER header-based cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5132ad0d776021270916cb7e3a628f5ae97560841c95e08123603a834cf8f018
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close