exploit the possibilities
Showing 1 - 19 of 19 RSS Feed

Files from Cesar Cerrudo

Email addresscesar at argeniss.com
First Active2003-09-18
Last Active2010-08-12
Microsoft Windows Tracing Registry Key ACL Privilege Escalation
Posted Aug 12, 2010
Authored by Cesar Cerrudo

Microsoft Windows tracing register key ACL privilege escalation demonstration code.

tags | exploit
systems | windows
advisories | CVE-2010-2554
MD5 | 69bfbae5eedd0e4a8cbb13490de57eb9
Opening Intranets To Attacks By Using Internet Explorer
Posted Apr 7, 2009
Authored by Cesar Cerrudo | Site argeniss.com

Whitepaper called Opening Intranets to attacks by using Internet Explorer. This document covers the topic of hacking Intranet websites through various unconventional means. Technical details shed light on the impact of default security configuration settings within Internet Explorer that can be leveraged to attack internal Intranet websites remotely (from the Internet as well as remote users on the same LAN segment).

tags | paper, remote
MD5 | 98b92d80a44cb14ddf0e4fdde94bde10
Churrasco.zip
Posted Oct 9, 2008
Authored by Cesar Cerrudo

Elevation of privileges proof of concept exploit for Token Kidnapping on Windows 2003.

tags | exploit, proof of concept
systems | windows
MD5 | a133719375519c641a32b7c2aef28d45
TokenKidnapping.pdf
Posted Apr 21, 2008
Authored by Cesar Cerrudo

Whitepaper discussing token kidnapping on Microsoft Windows.

tags | paper
systems | windows
MD5 | fc55befe4d486f4b668dc6a4ebf1f79c
D2T1_-_Cesar_Cerrudo_-_Token_Kidnapping.zip
Posted Apr 21, 2008
Authored by Cesar Cerrudo | Site conference.hitb.org

Token Kidnapping - This presentation is about a new technique for elevating privileges on Windows mostly from services, this technique exploits design weaknesses in Microsoft Windows XP, 2003, Vista and even Windows 2008. While in Windows Vista and 2008 many new security protections have been added, because of other weaknesses some of the new protection mechanisms are almost useless.

systems | windows, xp, vista
MD5 | c6b3d60974ac3f57fd6280046e499b17
ibmdb2-overwrite.txt
Posted Apr 18, 2008
Authored by Cesar Cerrudo | Site appsecinc.com

Team SHATTER Security Advisory - IBM DB2 UDB suffers from an arbitrary file overwrite vulnerability in the SYSPROC.NNSTAT procedure.

tags | advisory, arbitrary
MD5 | c624ca8b2e7f283918eac4c013a73fbc
HackingDatabases.zip
Posted Apr 17, 2007
Authored by Cesar Cerrudo

Whitepaper entitled "Hacking Databases For Owning Your Data". This paper goes into specifics on how to compromise MS-SQL and Oracle databases. It includes tools and exploits as well.

tags | exploit
MD5 | 3440277c1163266452d9a9306f134a5c
10MinSecAudit.zip
Posted Mar 14, 2007
Authored by Cesar Cerrudo

Whitepaper that demonstrates an extremely simple technique to quickly audit a software product in order to infer how trustable and secure it is. Oracle is used as a test case. Proof of concept exploit is included.

tags | paper, proof of concept
MD5 | f03e3ab2a438557da1a24abb32338a7c
WLSI.zip
Posted Mar 15, 2006
Authored by Cesar Cerrudo | Site argeniss.com

Whitepaper entitled "WLSI - Windows Local Shellcode Injection" that describes a new technique to create 100% reliable local exploits for Microsoft Windows operating systems. The technique uses some Windows design weaknesses that allow low privileged processes to insert data into almost any Windows process regardless of their current privilege level. After a brief introduction and a description of the technique, a couple of samples (Exploits for MS05-012 and MS05-040) are included so the reader will be enabled to write their own exploits.

tags | paper, local, shellcode
systems | windows
MD5 | e6e381e24020aea49b16759a19981d23
SSExploit.c
Posted Aug 14, 2005
Authored by Cesar Cerrudo | Site argeniss.com

Exploit for the COM structured storage vulnerability as described in MS05-012. Work on Win2k SP4, WinXP SP2, and Win2k3 SP0.

tags | exploit
systems | windows, 2k
advisories | CVE-2005-0047
MD5 | f1c3fda65a4fd6c37c5c3622fa25e795
Oracle9R2-unpatched.txt
Posted Jul 23, 2005
Authored by Cesar Cerrudo | Site argeniss.com

Oracle 9R2 has an unpatched, known vulnerability in the CWM2_OLAP_AW_AWUTIL package. A flaw that was reported months ago and was claimed to be fixed in this last release.

tags | advisory
MD5 | b27b66b35c2615076263b7e86866bdac
ARGENISS-ADV-030501.txt
Posted Mar 15, 2005
Authored by Cesar Cerrudo | Site argeniss.com

Argeniss Security Advisory - Oracle database servers versions 8i and 9i are susceptible to directory traversal attacks.

tags | exploit
MD5 | 0e886d91c292cb9b627ca6f50976bdef
AppSecInc.winheap.txt
Posted Jan 12, 2005
Authored by Cesar Cerrudo | Site appsecinc.com

AppSecInc Advisory - The Microsoft Windows LPC (Local Procedure Call) mechanism is susceptible to a heap overflow that allows for privilege escalation.

tags | advisory, overflow, local
systems | windows
MD5 | 8230ac79b610f3e607be8fdf31740552
AppSecInc.token.txt
Posted Jan 12, 2005
Authored by Cesar Cerrudo | Site appsecinc.com

AppSecInc Advisory - Improper token validation in Microsoft Windows allows for local privilege elevation in Windows 2000, Windows XP, and Windows 2003 (all service packs).

tags | advisory, local
systems | windows, 2k, xp
MD5 | a8183467b2662157250253c0ff2e1fc5
AppSecInc.Oracle.txt
Posted Sep 9, 2004
Authored by Cesar Cerrudo, Esteban Martinez Fayo | Site appsecinc.com

AppSecInc Advisory - Multiple buffer overflow and denial of service (DoS) vulnerabilities exist in the Oracle Database Server which allow database users to take complete control over the database and optionally cause denial of service. Forty-four buffer overflows have been found. Exploitation of these vulnerabilities will allow an attacker to completely compromise the OS and the database if Oracle is running on Windows platform, because Oracle must run under the local System account or under an administrative account. If Oracle is running on *nix then only the database would be compromised because Oracle runs mostly under oracle user which has restricted permissions.

tags | advisory, denial of service, overflow, local, vulnerability
systems | windows
MD5 | 7c09d30119ac5d228eab0169c18d5b60
msWinUtilMan.txt
Posted Jul 14, 2004
Authored by Cesar Cerrudo

A local elevation of privileges exists in the Windows Utility Manager which allows any user to take complete control over the operating system. This vulnerability affects the Windows 2000 operating system family.

tags | advisory, local
systems | windows, 2k
advisories | CVE-2004-0213
MD5 | 2b4514b7f08e2e518c0e9d06663ed71d
msaspCookie.txt
Posted May 7, 2004
Authored by Cesar Cerrudo

The Microsoft Active Server Pages (ASP) engine does not properly handle special cookie values when they are retrieved. Because of this, an unhandled error is returned to the client. This behavior can be used maliciously to gather sensitive information from web applications. All Microsoft Internet Information Server (IIS) web applications using Active Server Pages (ASP) are affected.

tags | advisory, web, asp
MD5 | 75c0cc47922f883dd028dd0ea48ef8d9
activeX.txt
Posted Oct 16, 2003
Authored by Cesar Cerrudo

Security Advisory detailing original research from the Microsoft Local Troubleshooter ActiveX control buffer overflow that affects all versions of Microsoft Windows 2000.

tags | advisory, overflow, local, activex
systems | windows, 2k
MD5 | b8d4a3696bc3358e92c12c6462e166e8
yahooactive.txt
Posted Sep 18, 2003
Authored by Cesar Cerrudo

Yahoo! Webcam ActiveX controls are remotely susceptible to both a heap and stack based overflow vulnerability.

tags | advisory, overflow, activex
MD5 | 065758791ae0dc0b0351bfbf770d7209
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    7 Files
  • 19
    Oct 19th
    1 Files
  • 20
    Oct 20th
    4 Files
  • 21
    Oct 21st
    5 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close