exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files from Matt Miller

Email addressmmiller at hick.org
First Active2000-02-24
Last Active2008-10-13
uninformed-10.tgz
Posted Oct 13, 2008
Authored by Matt Miller, H D Moore, Skywing, uninformed, mxatone | Site uninformed.org

Uninformed is pleased to announce the release of its tenth volume which is composed of 4 articles: Can you find me now? Unlocking the Verizon Wireless xv6800 (HTC Titan), Using dual-mappings to evade automated unpacker, Analyzing local privilege escalations in win32k, and Exploiting Tomorrow's Internet Today: Penetration testing with IPv6.

tags | local
SHA-256 | e88f63b59cd99b5222f1427aefd7f83c0b9a99bc49ee4a80852eb736c8296ba6
uninformed-vol9.tgz
Posted Jan 28, 2008
Authored by Matt Miller, warlord, I)ruid, Skywing, uninformed | Site uninformed.org

Uninformed is pleased to announce the release of its ninth volume. This volume includes 4 articles on reverse engineering and exploitation technology. These articles include - Engineering in Reverse: An Objective Analysis of the Lockdown Protection System for Battle.net. Exploitation Technology: ActiveX - Active Exploitation. Exploitation Technology: Context-keyed Payload Encoding. Exploitation Technology: Improving Software Security Analysis using Exploitation Properties.

tags | activex
SHA-256 | 23204c2fa4fa808fc62b756a27911c4c41e187e0ee04cf3d9b776e2b1c45f249
ani_loadimage_chunksize-email.rb.txt
Posted Apr 3, 2007
Authored by Matt Miller, H D Moore

This Metasploit module exploits a buffer overflow vulnerability in the LoadAniIcon() function of USER32.dll. The flaw is triggered through Outlook Express by using the CURSOR style sheet directive to load a malicious .ANI file. This vulnerability was discovered by Alexander Sotirov of Determina and was rediscovered, in the wild, by McAfee.

tags | exploit, overflow
advisories | CVE-2007-1765, CVE-2007-0038
SHA-256 | 157b4e60ef0c519b39cdcd14ed1785bcf8179f18b70a23331ef92a5645137481
ani_loadimage_chunksize-browser.rb.txt
Posted Apr 3, 2007
Authored by Matt Miller, H D Moore

This Metasploit module exploits a buffer overflow vulnerability in the LoadAniIcon() function of USER32.dll. The flaw is triggered through Internet Explorer (6 and 7) by using the CURSOR style sheet directive to load a malicious .ANI file. Internet Explorer will catch any exceptions that occur while the invalid cursor is loaded, causing the exploit to silently fail when the wrong target has been chosen.

tags | exploit, overflow
advisories | CVE-2007-1765, CVE-2007-0038
SHA-256 | 6b5f6b6710a71a3732c8bd3e9bdaa13eef0f941340da69f23d19c64b17e8f8bd
uninformed-vol6.tgz
Posted Jan 16, 2007
Authored by Matt Miller, H D Moore, Johnny Cache, Skywing, uninformed | Site uninformed.org

Uninformed is pleased to announce the release of its sixth volume. This volume includes 3 articles on reverse engineering and exploitation technology. These articles include - Engineering in Reverse: Subverting PatchGuard Version 2, Engineering in Reverse: Locreate: An Anagram for Relocate, Exploitation Technology: Exploiting 802.11 Wireless Driver Vulnerabilities on Windows. PDFs of all articles and related code are included in this tarball.

tags | vulnerability
systems | windows
SHA-256 | 77ce1bc8aec65cc4a56356bef955197cab0127a53332ee6046b934865b61016f
broadcom_wifi_ssid.rb.txt
Posted Nov 14, 2006
Authored by Matt Miller, H D Moore, Johnny Cache, Chris Eagle | Site projects.info-pull.com

This Metasploit module exploits a stack overflow in the Broadcom Wireless driver that allows remote code execution in kernel mode by sending a 802.11 probe response that contains a long SSID. The target MAC address must be provided to use this exploit. The two cards tested fell into the 00:14:a5:06:XX:XX and 00:14:a4:2a:XX:XX ranges.

tags | exploit, remote, overflow, kernel, code execution
SHA-256 | 2ff6d29125b46d296be9c00aba6e22b7ec7b8b26fb33105084e75a05c8cc0a55
dlink_wifi_rates.rb.txt
Posted Nov 14, 2006
Authored by Matt Miller, H D Moore, Johnny Cache, LMH | Site projects.info-pull.com

This Metasploit module exploits a stack overflow in the A5AGU.SYS driver provided with the D-Link DWL-G132 USB wireless adapter. This stack overflow allows remote code execution in kernel mode. The stack overflow is triggered when a 802.11 Beacon frame is received that contains a long Rates information element. This exploit was tested with version 1.0.1.41 of the A5AGU.SYS driver and a D-Link DWL-G132 USB adapter (HW: A2, FW: 1.02). Newer versions of the A5AGU.SYS driver are provided with the D-Link WUA-2340 adapter and appear to resolve this flaw, but D-Link does not offer an updated driver for the DWL-G132. Since this vulnerability is exploited via beacon frames, all cards within range of the attack will be affected. The tested adapter used a MAC address in the range of 00:11:95:f2:XX:XX.

tags | exploit, remote, overflow, kernel, code execution
SHA-256 | 5245f37a2a49581c658dd9bdd9e766576bf78b633852da860acdc8bc666fa469
elfcmp-1.0.0.tar.gz
Posted Oct 21, 2003
Authored by Matt Miller | Site hick.org

Elfcmp compares running processes to the their respective binary image to ensure that the process image in memory has not been tampered with after execution. This is useful for security auditing, as other methods that rely strictly on checking disk image checksums are not reliable if only the process image is being tampered with.

systems | linux
SHA-256 | cc834fee066f13e42f1cba14a95de3239289c91042562ea57d720564a2a26f41
smb.c
Posted Aug 31, 2002
Authored by Matt Miller | Site uninformed.org

Denial of service exploit for Core ST's recently discovered Windows SMB vulnerability which works against Windows NT/2k/XP.

tags | exploit, denial of service
systems | windows
SHA-256 | e15996cb0517207f90b82190146c6c98da17a98d4c7fcd481f0f963988811a36
decimate.tar.gz
Posted Feb 24, 2000
Authored by Matt Miller | Site afro-productions.com

Decimate removes files in an ext2 filesystem so they are not recoverable. Includes some cool examples of how regular rming can be recovered.

tags | tool
systems | unix
SHA-256 | f2267590b03a2861c683fd881192e6081fca39626f9fe86c3173912300ed06f8
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close