Cisco IOS connectback shellcode that creates a new tty and sets the privilege level 15 and then connects back on port 21.
7d7536d0f4ca415c80e65de21d25fef5ae8347250d1d27bf918e7129b54be89b
Cisco IOS tiny shellcode that creates a new tty and sets the privilege level 15.
382805b63d61450f3bfac3b7092aa9452ac364ec3384116fdf99e7f630891f6e
It has been more than a year since Michael Lynn first demonstrated a reliable code execution exploit on Cisco IOS at Black Hat 2005. Although his presentation received a lot of media coverage in the security community, very little is known about the attack and the technical details surrounding the IOS check_heaps() vulnerability. This paper is a result of research carried out by IRM to analyze and understand the check_heaps() attack and its impact on similar embedded devices.
40dd024bc2d874958a21e126057bd31b7ed7d0c86e440e3d7f7f5635a1c9819c
Exploit that makes use of the PHP memory limit vulnerability discovered in July of 2004.
2c97cd1c958eda9cb6b3a5a97720fabb55603f0d0d23e1c106b84fb552ebbcfa
Remote CVS exploit for versions 1.11.15 and below that makes use of the Argumentx error_prog_name double free heap overflow on RedHat 8.0.
1ef0f00bc5dd2efbcfedccbeaf427ca4d38d3c2fcf5a2710c02762f6489148f1
Subversion 1.0.2 remote exploit that makes use of a stack overflow in the svn_time_from_cstring() function. Binds a shell to port 36864. Tested against RedHat 8.0 Psyche build.
d02b1feccebffc24878e8b25042a2f7c26807f4574998ffb926f8c0216c55f63
Local root exploit for sendmail versions 8.12.9 and below that makes use of the prescan function vulnerability originally discovered by Michal Zalewski back in September.
6b92118a7fe3130fa6ec45d888da04dc8d72dfd1264fed483ce66005c203ca9d
Remote Pine exploit for versions 4.56 and below. Makes use of a vulnerability discussed here. Binds a shell to port 10000. Tested against RedHat Linux 7.0.
902cb346d20aea5cb1ef62db8c36a27a7f7588fb1b62a8d42cc9f4c7751ba3f6