exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 29 RSS Feed

Files from Pedram Amini

Real NamePedram Amini
Email addressprivate
Websitepedram.openrce.org
First Active2002-05-10
Last Active2011-05-07
View User Profile
Fuzzing Frameworks
Posted May 7, 2011
Authored by Pedram Amini

This brief whitepaper is called Fuzzing Frameworks. It is an excerpt from “Fuzzing: Brute Force Vulnerability Discovery” published by Addison-Wesley Professional.

tags | paper
SHA-256 | 7a58b127bbb01a9480084e31c4e546867fef99e12d372503e69b1e430a85cf50
HP OpenView Data Protector Cell Manager Heap Overflow
Posted Dec 21, 2009
Authored by Pedram Amini | Site dvlabs.tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Cell Manager Database Service, rds.exe, which binds to TCP port 1530.

tags | advisory, remote, arbitrary, tcp
advisories | CVE-2007-2281
SHA-256 | b35ddf22dfed2acfe23b890459bbb716db5b8a870f760c3daf55fac1b650ebad
CAID-brightstor.txt
Posted Dec 8, 2007
Authored by eEye Digital Security, Pedram Amini, cocoruder, Tenable Network Security, Dyon Balding, shirkdog | Site www3.ca.com

CA Security Advisory - Multiple vulnerabilities exist in BrightStor ARCserve Backup that can allow a remote attacker to cause a denial of service, execute arbitrary code, or take privileged action.

tags | advisory, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2007-5326, CVE-2007-5329, CVE-2007-5327, CVE-2007-5325, CVE-2007-5328, CVE-2007-5330, CVE-2007-5331, CVE-2007-5332
SHA-256 | eeb6c53417ccc26b912aa3b7ee71b7c4d770d635ec4f613ec8a5036d63014596
TPTI-07-14.txt
Posted Aug 15, 2007
Authored by Pedram Amini, Aaron Portnoy, Cody Pierce | Site dvlabs.tippingpoint.com

Vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of multiple Hewlett-Packard (HP) OpenView products, including: Performance Manager, Performance Agent, Reporter, Operations, Operations Manager, Service Quality Manager, Network Node Manager, Business Process Insight, Dashboard and Performance Insight. Authentication is not required to exploit these vulnerabilities. The specific flaws exists within the OpenView Shared Trace Service. A service that is distributed with multiple products as ovtrcsvc.exe and OVTrace.exe. The vulnerable service may be found bound to TCP port 5053 (ovtrcsvc.exe) or TCP port 5051 (OVTrace.exe). Specially crafted data through opcode handlers 0x1a and 0x0f can result in arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, vulnerability, code execution
advisories | CVE-2007-1676
SHA-256 | 0f9b632a8194e66912be70699b2b63b542bb327aadc02228f6f4671e2435c7ca
TPTI-07-09.txt
Posted Jun 7, 2007
Authored by Pedram Amini | Site dvlabs.tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Business Objects Crystal Reports. Exploitation requires the target to visit a malicious web site. This specific flaw exists within the ActiveX control with CLSID 85A4A99C-8C3D-499E-A386-E0743DFF8FB7. Specifying large values to two specific functions available in this control results in an exploitable stack based buffer overflow.

tags | advisory, remote, web, overflow, arbitrary, activex
advisories | CVE-2007-2419
SHA-256 | e24ae113a22f3a7a7506ceb077927a8ccada365b76855ce78837eb1e93290125
TPTI-07-06.txt
Posted May 3, 2007
Authored by Pedram Amini | Site dvlabs.tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Rendezvous / XMPP (Extensible Messaging and Presence Protocol) messaging subsystem. Trillian locates nearby users through the '_presence' mDNS (multicast DNS) service on UDP port 5353. Once a user is registered through mDNS, messaging is accomplished via XMPP over TCP port 5298.

tags | advisory, remote, arbitrary, udp, tcp, protocol
advisories | CVE-2007-2418
SHA-256 | 2fbe961a03444391b1fc35b9482c4017e92353628e9ec1605fa9996224f7441b
TSRT-07-02.txt
Posted Feb 23, 2007
Authored by Pedram Amini | Site tippingpoint.com

These vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit these vulnerabilities. The specific flaws exist within the eng50.dll library.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2007-1070
SHA-256 | 63da17fc2b11d30b0183ecabd7487368709d4188640674209fe69ac0bfe2c32a
TSRT-07-01.txt
Posted Feb 23, 2007
Authored by Pedram Amini | Site tippingpoint.com

Multiple vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit these vulnerabilities. The specific flaws exist within the StCommon.dll library and are reachable remotely through a DCE/RPC endpoint on TCP port 5168 bound to by the service SpntSvc.exe.

tags | advisory, arbitrary, tcp, vulnerability
advisories | CVE-2007-1070
SHA-256 | 2538733d750d9c2baaf8646c834988989befa2641962eda5f35f1d05adb574ba
TSRT-06-13.txt
Posted Nov 9, 2006
Authored by Pedram Amini | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable device installations of HP OpenView Client Configuraton Manager (CCM). Authentication is not required to exploit this vulnerability. The CCM server is not affected. OpenView Client Configuration Manager version 1.0 is affected.

tags | advisory, remote, arbitrary
advisories | CVE-2006-5782
SHA-256 | 44a89aa95a1bae411c8bdd385cbc8355ab9385be996a42c9eee2149f0069b9e6
TSRT-06-12.txt
Posted Oct 9, 2006
Authored by Pedram Amini | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates ARCserver Backup. Authentication is not required exploit this vulnerability and both the client and server are affected. The problem specifically exists within the handling of long messages received over the Mailslot named 'CheyenneDS'. As no explicit MaxMessageSize is supplied in the call to CreateMailslot, an attacker can cause an exploitable stack-based buffer overflow.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2006-5142
SHA-256 | c63b9f680348a05a9c714b24b61cca1344e26cdd1b743becb2ce05d8cbabd78d
TSRT-06-11.txt
Posted Oct 9, 2006
Authored by Pedram Amini | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Backup, Enterprise Backup, Server Protection Suite and Business Protection Suite. Authentication is not required to exploit this vulnerability and both client and servers are affected. The problem specifically exists within DBASVR.exe, the Backup Agent RPC Server. This service exposes a number of vulnerable RPC routines through a TCP endpoint with ID 88435ee0-861a-11ce-b86b-00001b27f656 on port 6071. The most trivial of the exposed vulnerabilities results in an exploitable stack overflow.

tags | advisory, remote, overflow, arbitrary, tcp, vulnerability
advisories | CVE-2006-5143
SHA-256 | 6db0cdce65e6bfa48946db5e30be84d72faec9442b55e745fae38640005bc4f1
TSRT-06-10.txt
Posted Aug 18, 2006
Authored by Pedram Amini | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable applications that utilize Microsoft Hyperlink Component Object Model (COM) objects. Specifically, this includes at least Microsoft Word, PowerPoint and Excel. Exploitation over the web is doable via Office Web Components (OWC). It is not required for the target to have OWC installed.

tags | advisory, remote, web, arbitrary
advisories | CVE-2006-3086
SHA-256 | d8d3c87b1ba6bb1e1400f579fa2ee1f092e95d727fbaf20eac30d77c0be0dd20
TSRT-06-07.txt
Posted Aug 18, 2006
Authored by Pedram Amini | Site zerodayinitiative.com

The eIQnetworks Enterprise Security Analyzer suffers from multiple vulnerabilities that allow remote attackers the ability to execute arbitrary code.

tags | advisory, remote, arbitrary, vulnerability
advisories | CVE-2006-3838
SHA-256 | 0c958ba0e58c280878e97816e04c3b684803e7205a47ff82e11b381192278831
RECON2006-Amini.zip
Posted Jul 26, 2006
Authored by Pedram Amini | Site openrce.org

Slides from the PaiMei presentation given at RECON2006. PaiMei is a reverse engineering framework consisting of multiple extensible components. T

tags | paper
SHA-256 | 79d922cf0e59a4d205fd7c3a5de2dfe26ffd04a589e92b01772f64ecd60c715c
PaiMei-1.0-REV88.zip
Posted Jul 26, 2006
Authored by Pedram Amini | Site openrce.org

PaiMei is a reverse engineering framework consisting of multiple extensible components. The goal of the framework is to reduce the time from "idea" to prototype to a matter of minutes, instead of days. PaiMei is written entirely in Python and exposes at the highest level a debugger, a graph based binary abstraction and a set of utilities for accomplishing various repetitive tasks. The framework can essentially be thought of as a reverse engineer's swiss army knife and has already been proven effective for a wide range of both static and dynamic tasks such as: fuzzer assistance, code coverage tracking, data flow tracking and more.

tags | python, fuzzer
systems | linux
SHA-256 | f027a3b0b418697874b0a94638fd5384a09eea2e16778ac1bf21c0ea708b4c9a
TSRT-06-02.txt
Posted Jul 12, 2006
Authored by H D Moore, Pedram Amini | Site tippingpoint.com

The Microsoft SRV.SYS driver suffers from a memory corruption flaw when processing Mailslot messages. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Microsoft Windows operating system. Authentication is not required to exploit this vulnerability and code execution occurs within the context of the kernel.

tags | advisory, remote, arbitrary, kernel, code execution
systems | windows
advisories | CVE-2006-1314
SHA-256 | 7ecbc9c470fe349666dc38c15db04ebb879ba6bf0f07f04da1973e974ec14ce4
iDEFENSE Security Advisory 2005-12-14.5
Posted Dec 15, 2005
Authored by Pedram Amini, iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 12.14.05 - Remote exploitation of a denial of service vulnerability in Trend Micro Inc.'s ServerProtect EarthAgent daemon allow attackers to cause the target process to consume 100% of available CPU resources. The problem specifically exists within ServerProtect EarthAgent in the handling of maliciously crafted packets transmitted with the magic value \x21\x43\x65\x87 targeting TCP port 5005. A memory leak also occurs with each received exploit packet allowing an attacker to exhaust all available memory resources with repeated attack. iDefense has confirmed the existence of this vulnerability in Trend Micro ServerProtect for Windows Management Console 5.58 running with Trend Micro Control Manager 2.5/3.0 and Trend Micro Damage Cleanup Server 1.1. It is suspected that earlier versions and versions for other platforms are vulnerable as well.

tags | advisory, remote, denial of service, tcp, memory leak
systems | windows
advisories | CVE-2005-1928
SHA-256 | 9bfc7d11f02284f37766b9dc9b287113f0e17149f9dbd9f529e9d3d436cff490
iDEFENSE Security Advisory 2005-09-01.2
Posted Sep 5, 2005
Authored by Pedram Amini, iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 09.01.05-2 - Remote exploitation of a heap overflow vulnerability in Novell Inc.'s NetMail IMAP daemon allows unauthenticated attackers to execute arbitrary code with the privileges of the underlying user. iDEFENSE has confirmed the existence of the vulnerability in the latest version of Novell NetMail, version 3.5.2. It is suspected that earlier versions of NetMail are also affected.

tags | advisory, remote, overflow, arbitrary, imap
advisories | CVE-2005-1758
SHA-256 | f2cbaf9e51063add484b80d860008619bf019d716f633dd213c3d1184df5168e
process_stalker.zip
Posted Jul 7, 2005
Authored by Pedram Amini | Site labs.idefense.com

Process Stalker is a software package that combines the process of run-time profiling, state mapping, and tracing. Consisting of a series of tools and scripts, the goal of a successful stalk is to provide the reverse engineer with an intuitive visual interface to filtered, meaningful, run-time block-level trace data.

SHA-256 | 3a30d65f7bdbc70cfcc59dcf2aa597d2a0f5acd7981ba4815857853a58aae382
olly_bp_man.zip
Posted Apr 17, 2005
Authored by Pedram Amini | Site labs.idefense.com

iDEFENSE Labs release of the OllyDbg Breakpoint Manager, an OllyDbg plug-in developed to address some shortcomings of the built-in breakpoint management functionality. The plug-in provides three main functions - breakpoint exporting, breakpoint importing and automatic breakpoint loading. Offsets are used in place of absolute addresses to support setting and restoring breakpoints on modules that move around in memory.

SHA-256 | 6f0b6e17aaf43ea3a8cfa6eeaa0d4e8024a305c86be77798b68c8152896b0253
ida_rpc_enum.zip
Posted Mar 26, 2005
Authored by Pedram Amini | Site idefense.com

This IDC script will scan through an IDA database locating and marking the relevant RPC server data structures. It will then enumerate the dispatch routines from the DispatchTable. The script outputs the addresses of the discovered structs / functions and was designed to automate the otherwise tedious manual process of locating RPC routines to audit.

SHA-256 | 09a462953000492e97d310f1b0d80939c4d23e6a76122104321941414c268117
pGRAPH.zip
Posted Mar 3, 2005
Authored by Pedram Amini | Site labs.idefense.com

Built on top of the IDA Function Analyzer, pGRAPH (Pedram's Grapher), provides an interface to generate more detailed and user defined control-flow graphs using the bundled Wingraph package. Extended features include: support for chunked functions, instruction level coloring, edge customization (manhattan vs splines), layout algorithm and more.

SHA-256 | e884794cd3dfa8188c3837653c79596619bda49502f9fe0b4395d9e6fd15a5b0
function_analyzer.zip
Posted Mar 3, 2005
Authored by Pedram Amini | Site labs.idefense.com

Written as a C++ class, Function Analyzer was originally developed to provide an abstracted layer over chunked functions frequently found in Microsoft optimize compiled binaries. As of IDA version 4.7 much of this functionality is built into the SDK. However, Function Analyzer can be used to construct plug-ins compatible across older versions and provides abstracted next_ea()/prev_ea() routines for stepping through an internal unchunked instruction list. The abstraction layer also exposes the following function-level information: basic block enumeration (nodes, edges), call count, MD5 hash, CRC and customizable GDL (Wingraph) generation.

SHA-256 | e45937cff22b0b58d2d2f6281711df2324ba077e1b6057559639aaee26a72207
ida_sync.zip
Posted Mar 3, 2005
Authored by Pedram Amini | Site labs.idefense.com

IDA Sync was written to allow multiple analysts to synchronize their reverse engineering efforts with IDA Pro in real time. Users connect to a central server through the ida_sync plugin. Once connected, all comments and name changes made with the registered hot keys are immediately transmitted to all other users working on the same project. The central server stores a copy of all changes as well, allowing new analysts to jump on the project and immediately receive up to date information. Included in the source release is a C++ class providing IDA Pro plugin developers with an abstracted asynchronous I/O interface.

SHA-256 | a8ace8b8c3a60a7793256dfbcfd40b4789f253acf72167fdee3968a049b8502c
dnshijacker-1.3.tar.gz
Posted Dec 15, 2002
Authored by Pedram Amini | Site pedram.redhive.com

Dnshijacker v1.3 is a libnet/libpcap based DNS sniffer/spoofer. A versatile tool, it supports tcpdump-style filters that allow you to specifically target victims. DNS answers are forged based on entries in a 'fabrication table' or by simply forging one answer to all requests. DNS Hijacker is an excellent tool for blocking and removing advertisements at the network level. The package comes with a default rule file for blocking about 780 known ad servers, as well as instructions on how to incorporate with RRDTool for ad blocking statistics generation. Archived prank: here. Future versions will be ported to use Libnet 1.1.0.

systems | unix
SHA-256 | 4040cb211860bec4dd43af09e157da25ebd20189d35884c11639d281ef7cd16a
Page 1 of 2
Back12Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close