exploit the possibilities
Showing 1 - 5 of 5 RSS Feed

Files from Blasty

Email addressblasty at geekz.nl
First Active2003-10-21
Last Active2021-02-05
Sudo 1.8.31p2 / 1.9.5p1 Buffer Overflow
Posted Feb 5, 2021
Authored by Blasty, Spencer McIntyre, Qualys Security Advisory, bwatters-r7, Alexander Krog | Site metasploit.com

A heap based buffer overflow exists in the sudo command line utility that can be exploited by a local attacker to gain elevated privileges. The vulnerability was introduced in July of 2011 and affects version 1.8.2 through 1.8.31p2 as well as 1.9.0 through 1.9.5p1 in their default configurations. The technique used by this implementation leverages the overflow to overwrite a service_user struct in memory to reference an attacker controlled library which results in it being loaded with the elevated privileges held by sudo.

tags | exploit, overflow, local
advisories | CVE-2021-3156
MD5 | 5a520123546e73d450b7fef8df23c9de
Nagios3 history.cgi Host Command Execution
Posted Jan 17, 2013
Authored by Blasty, temp66, Jose Selvi | Site metasploit.com

This Metasploit module abuses a command injection vulnerability in the Nagios3 history.cgi script.

tags | exploit, cgi
advisories | CVE-2012-6096, OSVDB-88322
MD5 | 04213b4213cc880905bf2de8beb622c7
Nagios 3.x Remote Command Execution
Posted Jan 15, 2013
Authored by Blasty

Nagios version 3.x suffers from a remote command execution vulnerability in history.cgi.

tags | exploit, remote, cgi
advisories | CVE-2012-6096
MD5 | f306d0ac336ba440f38dc661546bb7f4
Samba SetInformationPolicy AuditEventsInfo Heap Overflow
Posted Sep 28, 2012
Authored by unknown, Blasty, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module triggers a vulnerability in the LSA RPC service of the Samba daemon because of an error on the PIDL auto-generated code. Making a specially crafted call to SetInformationPolicy to set a PolicyAuditEventsInformation allows to trigger a heap overflow and finally execute arbitrary code with root privileges. The module uses brute force to guess the system() address and redirect flow there in order to bypass NX. The start and stop addresses for brute forcing have been calculated empirically. On the other hand the module provides the StartBrute and StopBrute which allow the user to configure his own addresses.

tags | exploit, overflow, arbitrary, root
advisories | CVE-2012-1182, OSVDB-81303
MD5 | 9fe748ff6a579ca40cd64088d23c1d29
gEEk-fuck-khaled.c
Posted Oct 21, 2003
Authored by Blasty | Site geekz.nl

mIRC v6.1 and below remote exploit which takes advantage of the bug described in mirc61.txt. Creates a HTML file which overflows the irc:// URI handling, spawning a local cmd.exe window. The exploit works even if mIRC is not started - The HTML can be in a HTML email or on a web page. Tested against Windows XP build 2600.xpclient.010817-1148.

tags | exploit, remote, web, overflow, local
systems | windows
MD5 | bdc38dfedffb7977637c36ede12ea4e8
Page 1 of 1
Back1Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close