Twenty Year Anniversary
Showing 1 - 23 of 23 RSS Feed

Files from Unyun

Email addressshadowpenguin at backsection.net
First Active1999-09-24
Last Active2012-08-18
Apple Windows Quicktime Plugin 4.1.2 Overflow
Posted Aug 18, 2012
Authored by Unyun

The Apple Quicktime plugin for Windows is vulnerable to a remote buffer overflow vulnerability.

tags | exploit, remote, overflow
systems | windows, apple
advisories | CVE-2001-0198
MD5 | d6883f83dcd72ffbb980a600a3eedd65
ex_winproxy.c
Posted Nov 14, 2000
Authored by Unyun, shadowpenguin | Site shadowpenguin.backsection.net

Shadow Penguin Security Advsory #37 - WinProxy 2.0.0/2.0.1 (now known as Black Jumbo dog) contains many remotely exploitable buffer overflows. Exploit for the POP3 service included, tested on Japanese Windows98.

tags | exploit, overflow
MD5 | 198c837d86b4acc67f7042d7d8ed65f9
sps39.acrobat.txt
Posted Jul 27, 2000
Authored by Unyun, shadowpenguin | Site shadowpenguin.backsection.net

Shadowpenguin Security Advisory #39 - Adobe Acrobat Series PDF File buffer overflow. Many versions of Acrobat for Windows95/98/NT/2000 overflows when reading the PDF file which has long Registry or Ordering. The EIP can be controled and arbitrary code can be executed on the machine which views the PDF file. Patches available here.

tags | overflow, arbitrary, registry
MD5 | 4d24ea755d6dc347ec13d981db9ba98c
tinyftpd.exploit.txt
Posted Feb 1, 2000
Authored by Unyun | Site shadowpenguin.backsection.net

Tiny FTPd 0.52 beta3 (Windows FTP Server) has remotely exploitable buffer overflow vulnerabilities. Even anonymous users can execute code. Exploit tested on Windows98(+IE5.01).

tags | exploit, overflow, vulnerability
systems | windows
MD5 | 216eb9a4a0a113773584ea377084cef9
ex_vdolive.c
Posted Dec 10, 1999
Authored by Unyun | Site shadowpenguin.backsection.net

Remote exploit for VDO Live Player 3.02 for Windows95/98/NT. If VDO Live Player is installed on the system and the browser is configured default, .vdo file is downloaded and executed without confirmation. So, if the clients visit the webpage which is written the automatic download code of vdo file (such as META tag) that contains the attack code, the client machine will be cracked by the instructions which are written in vdo file.

tags | exploit, remote
MD5 | bce11829416919e33e0c0811420694b1
getcode010.lzh
Posted Dec 9, 1999
Authored by Unyun, shadowpenguin | Site shadowpenguin.backsection.net

Getcode assists you in coding windows exploits by getting the codes for jmp reg,call reg,push reg;ret from some loaded dlls.

systems | windows
MD5 | 210e177dc620f8156becafff0ce8bd90
ex_inc.c
Posted Nov 25, 1999
Authored by Unyun, shadowpenguin | Site shadowpenguin.backsection.net

ex_inc.c exploits a bounds checking error in /usr/jp/bin/mh/inc which was distributed with the mh-6.8.3 package. Local root compromise.

tags | exploit, local, root
systems | unix
MD5 | 72428b901f7f45c05e3c1b5048f8275e
ex_bbc.c
Posted Nov 25, 1999
Authored by Unyun, shadowpenguin | Site shadowpenguin.backsection.net

ex_bbc.c exploits a bounds checking error in /usr/jp/bin/mh/bbc which was distributed with the mh-6.8.3 package. Local root compromise.

tags | exploit, local, root
systems | unix
MD5 | a5b2d66a75247c7d8c9cb5c5bceb2ce4
ex_kcms_configure86.c
Posted Nov 25, 1999
Authored by Unyun, shadowpenguin | Site shadowpenguin.backsection.net

kcms_configure has a overflow bug with "-P" option and it has been reported(107339-01). But this program has another hole. This hole has not been not reported, and the paches are not published at this time. kcms_configure overflows if long string is specified in NETPATH environment, and it is exploitable. I have included an exploit for Solaris7 intel edition to obtain root privilege.

tags | exploit, overflow, root
systems | unix
MD5 | 96891067efbb4ca666ca294943ae33b0
ex_kcms_configuresp.c
Posted Nov 25, 1999
Authored by Unyun, shadowpenguin | Site shadowpenguin.backsection.net

The vulnerability in kcms_configure also exists in Solaris 2.6 and 2.7 sparc edition. Exploit included.

tags | exploit
systems | unix, solaris
MD5 | e2e854ae8bed8bd41d390b8b8c6423e1
ex_mailtool.c
Posted Nov 25, 1999
Authored by Unyun, shadowpenguin | Site shadowpenguin.backsection.net

The mailer programs (mailtool and dtmail) and mail message print filter (dtmailpr) which are installed on Solaris7 have exploitable buffer overflow bugs. These programs are sgid (mail group) programs, local user can obtain mail group. The mail files are generated with 660 permission, so any user can read/write other user's mail files. I coded the exploits to get mail gid(egid=6). There are for Intel Solaris7. There are same kind of problems on Sparc Solaris7 and Solaris2.6 (Intel,Sparc).

tags | exploit, overflow, local
systems | unix
MD5 | 68399227ff709fd06cd83d967dcf842a
ex_w4server.c
Posted Nov 16, 1999
Authored by Unyun | Site shadowpenguin.backsection.net

Cgitest.exe CGI is distributed with W4-Server2.6a/32-bits has a buffer overflow. Any instructions can be executed on the victim host by using this buffer overflow exploit.

tags | exploit, overflow, cgi
MD5 | b6ac9a29a2b6efd91a2dd9a7ccd261da
ie5.file.txt
Posted Nov 8, 1999
Authored by Unyun | Site shadowpenguin.backsection.net

Microsoft Internet Explorer 4/5 overflows when the handling of "file://" specification. (file://test/AAAAAAAAAAAA....) This is a typical exploitable buffer overflow. Exploit for Japanese Win98 included.

tags | exploit, overflow
systems | windows
MD5 | 26355eb89b68767f35bb253abb28294b
irfan.view32.txt
Posted Nov 8, 1999
Authored by Unyun | Site shadowpenguin.backsection.net

The popular Image viewer "Irfan View32" contains the buffer overflow problem, this problem exists in the handling of Adobe Photoshop image file. Irfan view checks the image type by the image header, if "8BPS" pattern is found in the header, Irfan view judges this file as Photo Shop image. The overflow happens at the handling of reading this marker. Exploit included.

tags | exploit, overflow
MD5 | 2ac77296d538e198251ac576be9c0562
ex_emc.c
Posted Nov 5, 1999
Authored by Unyun, shadowpenguin | Site shadowpenguin.backsection.net

Buffer overflow in E-MailClub Ver1.0.0.5. It overflows when that receives the long From: in POP3 handling. If the host recives the mail which contains the exploit code, the host has been cracked by any instructions which are coded in the exploit code. This example generates the e-mail which contains the exploit code that reboot the target host. This exploit is coded for Windows98 Japanese edition, but if you change some parameters written in the sample exploit program, it will may works on Windows95 and WindowsNT.

tags | exploit, overflow
systems | windows
MD5 | f1fa3e703ec2bd44f3d36fa744003039
ex_webbbs.c
Posted Nov 5, 1999
Authored by Unyun, shadowpenguin | Site shadowpenguin.backsection.net

At the initial authorization handling of WebBBS, If the long longin name or password has been received, this CGI overflows. This overflow overwrites the RET address, EIP can be controlled. This overflow is used to execute any instructions which are included in the user name and password.

tags | exploit, overflow, cgi
systems | windows
MD5 | 39f137e50459f957f97c268bb91c6bb0
ex_ssmail.c
Posted Nov 2, 1999
Authored by Unyun | Site shadowpenguin.backsection.net

We found the overflow bug of Skyfull Mail Server 1.1.4. It overflows when that receives the long MAIL FROM: in SMTP handling.If the host recives the packet which contains the exploit code, the host has been cracked by any instructions which are coded in the exploit code. This example sends the exploit code that executes any command on the host which is running the Skyfull Mail Server 1.1.4. This exploit is coded for Windows98, but if you change some parameters written in the sample exploit program, it will may works on Windows95 and WindowsNT.

tags | exploit, overflow
MD5 | abb470afc2b73babde2fe2376ef8da48
ex_zommail.c
Posted Nov 2, 1999
Authored by Unyun | Site shadowpenguin.backsection.net

We found the overflow bug of ZOM-MAIL 1.09. It overflows when that receives the long attachment file name. If ZOM-MAIL 1.09 recives the e-mail which contains the exploit code, the host has been cracked by any instructions which are coded in the exploit code. This program can send the e-mail to any e-mail address, which is contained an exploit code that removes a "c:\windows\test.txt" file on the host. This exploit is coded for Windows98, but if you change some parameters written in the sample exploit program, it will may works on Windows95 and WindowsNT.

tags | exploit, overflow
systems | windows
MD5 | 1abc03f41b29896419cfaa58090f3864
ex_midiplug.c
Posted Nov 2, 1999
Authored by Unyun | Site shadowpenguin.backsection.net

Midi-Plugin program "YAMAHA MidiPlug 1.10b" for Windows IE4/5 contains the buffer overflow bug. If the long "TEXT" variable is specified in EMBED tag, the buffer overflow occurs. If attacker sets the exploit on the webpage, visitor's host will be cracked by the any instructions written in the "TEXT" variable. here is a demo site which is generated by this exploit as demonstration. if this plugin is installed and the setting of ActiveX is default, "c:\windows\welcome.exe" will be executed(it's for Japanese Windows98 only).

tags | exploit, overflow, activex
systems | windows
MD5 | b522483bdad7bb88fccdeb4b699464ea
url.live-1.0.txt
Posted Oct 28, 1999
Authored by Unyun | Site shadowpenguin.backsection.net

URL Live! 1.0 WebServer for Windows95/98/NT which is released by Pacific Software Publishing, Inc. (http://www.urllive.com/) also has a "../" security problem, any users can download any files on the victim host.

tags | exploit, web
MD5 | a0e18ec3378b03dc8ad9123138dcd0db
ex_imagemap.c
Posted Oct 22, 1999
Authored by Unyun

imagemap CGI which is distributed with OmniHTTPd 1.01 and Pro2.04 has a buffer overflow bug, I coded an exploit which can execute any command on the victim host. The Shadow Penguin Security.

tags | exploit, overflow, cgi
MD5 | 6737cb80be42e1d6177bcde4aa45fc08
ex_canuum.c
Posted Oct 7, 1999
Authored by Unyun | Site shadowpenguin.backsection.net

I found the security vulnerability in canumm Japanese Kana-Kanji FEP. This program is installed on Turbolinux series with default. /usr/jp/canna/bin/canuum is a suid program. It overflows if the long argment is specified with many kind of options such as -k, -c, -n. I coded an exploit for the Linux, the local user can obtain a root privilege.

tags | exploit, overflow, local, root
systems | linux
MD5 | 2ec60b05c8f74be5718f63c1e5fa2b06
ex_uum.c
Posted Sep 24, 1999
Authored by Unyun | Site shadowpenguin.backsection.net

I found the security vulnerability in uum Japanese Kana-Kanji FEP. This program is installed on many Japanese UNIX with default. /usr/bin/uum is a suid program, it overflows if the long argment is specified with -D option. I coded an exploit for the Linux, the local user can obtain a root privilege. I also confirmed this overflow on the following OSs. Solaris 2.6,2.7, IRIX 5.3,6.2,6.3,6.4,6.5.

tags | exploit, overflow, local, root
systems | linux, unix, solaris, irix
MD5 | 72679fb5546c76ce1ef977d779aafd76
Page 1 of 1
Back1Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    13 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close