exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 44 RSS Feed

Files from prdelka

Email addressprdelka at segfault.net
First Active2005-10-12
Last Active2017-04-14
SedSystems D3 Decimator Default Credentials / File Disclosure
Posted Apr 14, 2017
Authored by prdelka

SedSystems D3 Decimator suffers from default credential and local file disclosure vulnerabilities.

tags | exploit, local, vulnerability, info disclosure
SHA-256 | 30e71a2e924700d68946538cff7d0f87bb02615b8297043b63f0dbb2275f4336
Heartbleed TLS/DTLS Information Leak
Posted Apr 9, 2014
Authored by prdelka

This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned encrypted and is then decrypted, decompressed and wrote to a file to annoy IDS/forensics. The exploit can set the heatbeart payload length arbitrarily or use two preset values for 0x00 and MAX length. The vulnerability occurs due to bounds checking not being performed on a heap value which is user supplied and returned to the user as part of DTLS/TLS heartbeat SSL extension. All versions of OpenSSL 1.0.1 to 1.0.1f are known affected. You must run this against a target which is linked to a vulnerable OpenSSL library using DTLS/TLS.

Changes: Multiple bug fixes have been added since the first release. Please ensure you have the latest copy.
tags | exploit
advisories | CVE-2014-0160
SHA-256 | 68bcedd2a727967e92d3a342ff6f366dc236929be5c2a5f69dba9ed2c35f299a
JDWP Exploitation
Posted Jul 24, 2013
Authored by prdelka

This is a whitepaper discussing arbitrary java code execution leveraging the Java Debugging Wire Protocol (JDWP).

tags | exploit, java, arbitrary, code execution, protocol
SHA-256 | 0adc9316e503d0fe3daa7da5e64d578c4f345eb5aeee58462a82afd7494b1a6d
MobileIron Virtual Smartphone Platform Privilege Escalation
Posted Jun 11, 2013
Authored by prdelka

The MobileIron VSP appliance provides a restricted "clish" java application that can be used for performing a minimal amount of configuration and requires an "enable" password for elevated privileges. Probing under the hood of this shell indicates that certain commands are run in the native linux OS with sudo, by using the "show processes" command you can see the commands being used. Due to a lack of input sanitization, it is possible to run arbitrary commands as root.

tags | exploit, java, arbitrary, shell, root
systems | linux
SHA-256 | b4ff0c23630c23454621f19b315444b641a2dc3df5ce86782a719ea37d53d3e6
Cisco ASA Ethernet Information Leak
Posted Jun 10, 2013
Authored by prdelka

This is the Cisco ASA ethernet information leak exploit that leverages the vulnerability noted in CVE-2003-0001. Versions prior to 8.4.4.6 and 8.2.5.32 are affected.

tags | exploit
systems | cisco
advisories | CVE-2003-0001
SHA-256 | ada92ec408b17ad98b8a34bbb874aa0239b2511cafe8e2286f516be9b06a52b8
Rubilyn 0.0.1
Posted Oct 6, 2012
Authored by prdelka | Site nullsecurity.net

This is a 64bit Mac OS-X kernel rootkit that uses no hardcoded address to hook the BSD subsystem in all OS-X Lion and below. It uses a combination of syscall hooking and DKOM to hide activity on a host. String resolution of symbols no longer works on Mountain Lion as symtab is destroyed during load, this code is portable on all Lion and below but requires re-working for hooking under Mountain Lion.

tags | tool, kernel, rootkit
systems | unix, bsd, apple, osx
SHA-256 | b104cfd2f826400eb9d8d5a81941ae270ed54b62ebfb9893fc474185b717dd60
MS11-083 Denial Of Service
Posted Nov 12, 2011
Authored by prdelka

MS11-083 denial of service proof of concept exploit. It attempts to trigger the ICMP refCount overflow in TCP/IP stack of Win7/Vista/Win2k8 hosts. This requires sending 2^32 UDP packets to a host on a closed port, or 4,294,967,296 packets. A dereference function must be called that is not triggered via UDP but ICMP echo packets. This exploit creates 250 threads and floods a host with UDP packets and then attempts to trigger the de-ref using ping.

tags | exploit, denial of service, overflow, udp, tcp, proof of concept
SHA-256 | 8599b0b1ac07fed75a167b44758ada7368eb687ba515c6c1f6c4ea9d3e84cbf4
Hacking Embedded Devices For Fun And Profit
Posted Nov 7, 2011
Authored by prdelka

These are slides from a talk called Hacking Embedded Devices for Fun and Profit. It uses Sky Broadband as a case study.

tags | exploit, paper
SHA-256 | c47817875f30772c127c3169814a0db083ad87a06d51af5acdb3128b68dce9c6
Linux 2.6.37-rc1 serial_core TIOCGICOUNT Leak
Posted Mar 14, 2011
Authored by prdelka

Information leak exploit for Linux kernel versions 2.6.37-rc1 and below which leaks kernel stack space back to userland due to uninitialized struct member "reserved" in struct serial_icounter_struct copied to userland. Uses ioctl to trigger memory leak, dumps to file and displays to command line.

tags | exploit, kernel, memory leak
systems | linux
advisories | CVE-2010-4077
SHA-256 | fc5c06243bfa87c53d6e5f3c22e2104a377b95a4b22238e7d035f9b2e20066f4
Linux Kernel 2.6.37 Denial Of Service
Posted Mar 1, 2011
Authored by prdelka

Linux kernel versions 2.6.37 and below local kernel denial of service exploit that leverages a divide-by-zero error in tcp_select_initial_window when processing user supplied TCP_MAXSEG.

tags | exploit, denial of service, kernel, local
systems | linux
advisories | CVE-2010-4165
SHA-256 | f20e0d2ebc4ff05467a9771775dda2115edfe394b7365dba0410ad1d236a4eab
Oracle Solaris su NULL Pointer
Posted Oct 14, 2010
Authored by prdelka | Site prdelka.blackart.org.uk

Oracle Sun Solaris 10 su NULL point proof of concept exploit.

tags | exploit, proof of concept
systems | solaris
advisories | CVE-2010-3503
SHA-256 | eba90a94a7182395d586cd8f497035232e075f309dfba27247a0e3361c6309b0
Apple 10.6.3 chpass BSD Insecure Temp File Creating In /etc
Posted May 19, 2010
Authored by prdelka | Site prdelka.blackart.org.uk

Apple Mac OS X versions 10.6.3 and below suffer from a chpass BSD insecure temp file creation in /etc vulnerability. A user can create a file with rw perms in /etc as owner and populate it with arbitrary data. This could be utilized to fill the disk or write configuration file information that could be combined with another flaw to elevate local privileges.

tags | exploit, arbitrary, local
systems | bsd, apple, osx
SHA-256 | 7612d1322811886943d0e1ba838ed0c5d2209c568bc240a49eeb336f0af2080c
Mac OS X 10.5.6/10.5.7 ptrace() Mutex Handling Denial Of Service
Posted Nov 5, 2009
Authored by prdelka | Site prdelka.blackart.org.uk

Mac OS X versions 10.5.6 and 10.5.7 ptrace() mutex handling denial of service exploit. This code should be run in a loop and due to problems with mutex handling in ptrace a denial of service can occur when a destroyed mutex is attempted to be interlocked by the OSX kernel giving rise to a race condition. You may need to run this code multiple times.

tags | exploit, denial of service, kernel
systems | apple, osx
SHA-256 | 280d49ab7dc2a6f1d65feb29ee1a9c5ba38aedb401fb0e81e12ef3860ea1d82f
Sun VirtualBox 3.0.6 Local Root
Posted Oct 17, 2009
Authored by prdelka | Site prdelka.blackart.org.uk

Sun VirtualBox versions 3.0.6 and below local root exploit that takes advantage of a popen() meta char shell injection vulnerability.

tags | exploit, shell, local, root
advisories | CVE-2009-3692
SHA-256 | e2ddedb66eb6b5695c18761f7fb3938a54e20b5be176b2e29ef59c221c7f1e0f
Linux 2.6.29 ptrace_attach() Race Condition
Posted May 15, 2009
Authored by prdelka | Site prdelka.blackart.org.uk

This is a local root exploit for the Linux 2.6.29 ptrace_attach() race condition that allows a process to gain elevated privileges under certain conditions.

tags | exploit, local, root
systems | linux
SHA-256 | db9565192db3ee04f85227cfe9fa0b007cf4b055bb2747ed491261b3a6efd308
prdelka-vs-GNU-citadel.tar.gz
Posted Jan 22, 2008
Authored by prdelka | Site prdelka.blackart.org.uk

Citadel SMTP versions 7.10 and below remote overflow exploit.

tags | exploit, remote, overflow
SHA-256 | 17d73e7c5984975be22f519415b7f5914aaaa74629f78f76ee5f4586a019b28d
prdelka-vs-MS-rshd.tar.gz
Posted Jan 22, 2008
Authored by prdelka | Site prdelka.blackart.org.uk

Windows RSH daemon versions 1.8 and below remote buffer overflow exploit.

tags | exploit, remote, overflow
systems | windows
SHA-256 | 1c530d10caf782cb1a6270dae0b0e5974153013a57ef1f83b6166717ed3a1918
lotus-overflow.txt
Posted Jul 21, 2007
Authored by prdelka, Dominic Chell

Lotus Domino IMAP4 server version 6.5.4 / Windows 2000 Advanced Server x86 remote buffer overflow exploit.

tags | exploit, remote, overflow, x86
systems | windows
SHA-256 | b914a5a129df141a9e81efa513ca01b96c180ff72cea7dafc716b3203367e1a3
winzip-heap.txt
Posted Mar 9, 2007
Authored by prdelka | Site blogs.23.nu

WinZip versions 10.0.7245 and below FileView ActiveX buffer overflow exploit.

tags | exploit, overflow, activex
SHA-256 | 13135b625739a870d46e0156520936ebef5b93a66dc0bdbacf68dd04b7de0584
prdelka-vs-GNU-mbsebbs.c
Posted Jan 20, 2007
Authored by prdelka | Site prdelka.blackart.org.uk

GNU/Linux mbse-bbs versions 0.70.0 and below local root exploit that makes use of a stack overflow.

tags | exploit, overflow, local, root
systems | linux
SHA-256 | b9b6c8e90f30995598ab9252882b6e7bfe68361174d80d1b09bb34e24378764c
winzip-bof.txt
Posted Nov 16, 2006
Authored by prdelka | Site prdelka.blackart.org.uk

WinZIP versions 10.0.7245 and below FileView ActiveX control remote buffer overflow exploit.

tags | exploit, remote, overflow, activex
SHA-256 | a55c09bb96fdc249ab51759f91535b4960838cdf65004233a7630f189ec5dda1
winzipFAC.txt
Posted Nov 16, 2006
Authored by prdelka | Site prdelka.blackart.org.uk

WinZIP versions 10.0.7245 and below FileView ActiveX control stack overflow proof of concept exploit.

tags | exploit, overflow, activex, proof of concept
SHA-256 | 45e7ef5aa4bed66d4ed69bb7ffcbf9d14a655fc54a25b33506fdc4372ff0f652
prdelka-vs-SUN-telnetd.c
Posted Oct 27, 2006
Authored by prdelka | Site prdelka.blackart.org.uk

Solaris in.telnetd 8.0 and prior remote exploit. A boundary condition error exists in telnet daemons derived from the BSD telnet daemon. Under certain circumstances, the buffer overflow can occur when a combination of telnet protocol options are received by the daemon. The function responsible for processing the options prepares a response within a fixed sized buffer, without performing any bounds checking. This exploit has been tested against Solaris 7 & Solaris 8 (sparc).

tags | exploit, remote, overflow, protocol
systems | solaris, bsd
SHA-256 | 8b1b9e7b12ccde64848ee3e68e52d71b897094c36e01d0c6aefb642d65d2014b
prdelka-vs-SGI-xrunpriv
Posted Oct 27, 2006
Authored by prdelka | Site prdelka.blackart.org.uk

SGI IRIX 6.5 /usr/sysadm/bin/runpriv local root exploit.

tags | exploit, local, root
systems | irix
SHA-256 | 87ee2433cea6d25492bbf29d76ac2dddfffb1036915de7f4e24d87a028286cbe
prdelka-vs-SCO-termshx.c
Posted Oct 27, 2006
Authored by prdelka | Site prdelka.blackart.org.uk

SCO Openserver 5.0.7 termsh exploit. 'termsh' is a program to view or modify an existing terminal entry on SCO Openserver. A stack based overflow exists in the handling of command line arguments, namely the [-o oadir] argument. It is installed setgid auth in a default SCO Openserver 5.0.7 install. An attacker may use this flaw to gain write access to /etc/passwd or /etc/shadow allowing for local root compromise.

tags | exploit, overflow, local, root
SHA-256 | 80848a38a842001ba4c5cb1a4aa2616cfde210738c9f9ac3f9e0ec9ee9fa8266
Page 1 of 2
Back12Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close