Twenty Year Anniversary
Showing 1 - 25 of 44 RSS Feed

Files from prdelka

Email addressprdelka at
First Active2005-10-12
Last Active2017-04-14
SedSystems D3 Decimator Default Credentials / File Disclosure
Posted Apr 14, 2017
Authored by prdelka

SedSystems D3 Decimator suffers from default credential and local file disclosure vulnerabilities.

tags | exploit, local, vulnerability, info disclosure
MD5 | 42f55b9862ca901a579f90787e41797e
Heartbleed TLS/DTLS Information Leak
Posted Apr 9, 2014
Authored by prdelka

This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned encrypted and is then decrypted, decompressed and wrote to a file to annoy IDS/forensics. The exploit can set the heatbeart payload length arbitrarily or use two preset values for 0x00 and MAX length. The vulnerability occurs due to bounds checking not being performed on a heap value which is user supplied and returned to the user as part of DTLS/TLS heartbeat SSL extension. All versions of OpenSSL 1.0.1 to 1.0.1f are known affected. You must run this against a target which is linked to a vulnerable OpenSSL library using DTLS/TLS.

Changes: Multiple bug fixes have been added since the first release. Please ensure you have the latest copy.
tags | exploit
advisories | CVE-2014-0160
MD5 | 1fcb27d5626960bf7954eecbb97b6a10
JDWP Exploitation
Posted Jul 24, 2013
Authored by prdelka

This is a whitepaper discussing arbitrary java code execution leveraging the Java Debugging Wire Protocol (JDWP).

tags | exploit, java, arbitrary, code execution, protocol
MD5 | d2393fd5c46ac860e38c29fc4e30d965
MobileIron Virtual Smartphone Platform Privilege Escalation
Posted Jun 11, 2013
Authored by prdelka

The MobileIron VSP appliance provides a restricted "clish" java application that can be used for performing a minimal amount of configuration and requires an "enable" password for elevated privileges. Probing under the hood of this shell indicates that certain commands are run in the native linux OS with sudo, by using the "show processes" command you can see the commands being used. Due to a lack of input sanitization, it is possible to run arbitrary commands as root.

tags | exploit, java, arbitrary, shell, root
systems | linux
MD5 | 0be013d55686cd5577023a981879beda
Cisco ASA Ethernet Information Leak
Posted Jun 10, 2013
Authored by prdelka

This is the Cisco ASA ethernet information leak exploit that leverages the vulnerability noted in CVE-2003-0001. Versions prior to and are affected.

tags | exploit
systems | cisco
advisories | CVE-2003-0001
MD5 | 056d929318ca4984da2379f95e63735f
Rubilyn 0.0.1
Posted Oct 6, 2012
Authored by prdelka | Site

This is a 64bit Mac OS-X kernel rootkit that uses no hardcoded address to hook the BSD subsystem in all OS-X Lion and below. It uses a combination of syscall hooking and DKOM to hide activity on a host. String resolution of symbols no longer works on Mountain Lion as symtab is destroyed during load, this code is portable on all Lion and below but requires re-working for hooking under Mountain Lion.

tags | tool, kernel, rootkit
systems | unix, bsd, apple, osx
MD5 | 4e8726f077ff7d1b0a761ab15d4d8bc9
MS11-083 Denial Of Service
Posted Nov 12, 2011
Authored by prdelka

MS11-083 denial of service proof of concept exploit. It attempts to trigger the ICMP refCount overflow in TCP/IP stack of Win7/Vista/Win2k8 hosts. This requires sending 2^32 UDP packets to a host on a closed port, or 4,294,967,296 packets. A dereference function must be called that is not triggered via UDP but ICMP echo packets. This exploit creates 250 threads and floods a host with UDP packets and then attempts to trigger the de-ref using ping.

tags | exploit, denial of service, overflow, udp, tcp, proof of concept
MD5 | 008b8b944a3292e2c174e887ef165b2c
Hacking Embedded Devices For Fun And Profit
Posted Nov 7, 2011
Authored by prdelka

These are slides from a talk called Hacking Embedded Devices for Fun and Profit. It uses Sky Broadband as a case study.

tags | exploit, paper
MD5 | f9efc36a6b7bcb29f56ee41189b2cf50
Linux 2.6.37-rc1 serial_core TIOCGICOUNT Leak
Posted Mar 14, 2011
Authored by prdelka

Information leak exploit for Linux kernel versions 2.6.37-rc1 and below which leaks kernel stack space back to userland due to uninitialized struct member "reserved" in struct serial_icounter_struct copied to userland. Uses ioctl to trigger memory leak, dumps to file and displays to command line.

tags | exploit, kernel, memory leak
systems | linux
advisories | CVE-2010-4077
MD5 | 5561330a1567df8efd9ee941ff262eb5
Linux Kernel 2.6.37 Denial Of Service
Posted Mar 1, 2011
Authored by prdelka

Linux kernel versions 2.6.37 and below local kernel denial of service exploit that leverages a divide-by-zero error in tcp_select_initial_window when processing user supplied TCP_MAXSEG.

tags | exploit, denial of service, kernel, local
systems | linux
advisories | CVE-2010-4165
MD5 | 8b511f6f9abf85cdb0a69e2d17c92230
Oracle Solaris su NULL Pointer
Posted Oct 14, 2010
Authored by prdelka | Site

Oracle Sun Solaris 10 su NULL point proof of concept exploit.

tags | exploit, proof of concept
systems | solaris
advisories | CVE-2010-3503
MD5 | 12522e812cbd7d210fa5a20184a0dd37
Apple 10.6.3 chpass BSD Insecure Temp File Creating In /etc
Posted May 19, 2010
Authored by prdelka | Site

Apple Mac OS X versions 10.6.3 and below suffer from a chpass BSD insecure temp file creation in /etc vulnerability. A user can create a file with rw perms in /etc as owner and populate it with arbitrary data. This could be utilized to fill the disk or write configuration file information that could be combined with another flaw to elevate local privileges.

tags | exploit, arbitrary, local
systems | bsd, apple, osx
MD5 | 65bf96fd0c7c09a26da670a07518646e
Mac OS X 10.5.6/10.5.7 ptrace() Mutex Handling Denial Of Service
Posted Nov 5, 2009
Authored by prdelka | Site

Mac OS X versions 10.5.6 and 10.5.7 ptrace() mutex handling denial of service exploit. This code should be run in a loop and due to problems with mutex handling in ptrace a denial of service can occur when a destroyed mutex is attempted to be interlocked by the OSX kernel giving rise to a race condition. You may need to run this code multiple times.

tags | exploit, denial of service, kernel
systems | apple, osx
MD5 | 26dcc6d967acfaa58df417503ccb75ed
Sun VirtualBox 3.0.6 Local Root
Posted Oct 17, 2009
Authored by prdelka | Site

Sun VirtualBox versions 3.0.6 and below local root exploit that takes advantage of a popen() meta char shell injection vulnerability.

tags | exploit, shell, local, root
advisories | CVE-2009-3692
MD5 | c406efbe8e998f36edbb0aa6652790fe
Linux 2.6.29 ptrace_attach() Race Condition
Posted May 15, 2009
Authored by prdelka | Site

This is a local root exploit for the Linux 2.6.29 ptrace_attach() race condition that allows a process to gain elevated privileges under certain conditions.

tags | exploit, local, root
systems | linux
MD5 | 2406d30eaa6ecc2fd2340203ddef7c7a
Posted Jan 22, 2008
Authored by prdelka | Site

Citadel SMTP versions 7.10 and below remote overflow exploit.

tags | exploit, remote, overflow
MD5 | fa27394dcf10b6b59b508ceb07097bd3
Posted Jan 22, 2008
Authored by prdelka | Site

Windows RSH daemon versions 1.8 and below remote buffer overflow exploit.

tags | exploit, remote, overflow
systems | windows
MD5 | 2df046b9b1e8f48d5cd5f4aec6ec05a8
Posted Jul 21, 2007
Authored by prdelka, Dominic Chell

Lotus Domino IMAP4 server version 6.5.4 / Windows 2000 Advanced Server x86 remote buffer overflow exploit.

tags | exploit, remote, overflow, x86
systems | windows, 2k
MD5 | c034bc24a2ccbd22b9171961180e067a
Posted Mar 9, 2007
Authored by prdelka | Site

WinZip versions 10.0.7245 and below FileView ActiveX buffer overflow exploit.

tags | exploit, overflow, activex
MD5 | 913c84a6dd47879e09db4eeadfb75fc3
Posted Jan 20, 2007
Authored by prdelka | Site

GNU/Linux mbse-bbs versions 0.70.0 and below local root exploit that makes use of a stack overflow.

tags | exploit, overflow, local, root
systems | linux
MD5 | ceb4aa8738a2e9e9172391ee528ad4f4
Posted Nov 16, 2006
Authored by prdelka | Site

WinZIP versions 10.0.7245 and below FileView ActiveX control remote buffer overflow exploit.

tags | exploit, remote, overflow, activex
MD5 | 421934b64e514f5fd6e14e2a68eee841
Posted Nov 16, 2006
Authored by prdelka | Site

WinZIP versions 10.0.7245 and below FileView ActiveX control stack overflow proof of concept exploit.

tags | exploit, overflow, activex, proof of concept
MD5 | e5fa1c5b814dfd7c07d77f162db6b969
Posted Oct 27, 2006
Authored by prdelka | Site

Solaris in.telnetd 8.0 and prior remote exploit. A boundary condition error exists in telnet daemons derived from the BSD telnet daemon. Under certain circumstances, the buffer overflow can occur when a combination of telnet protocol options are received by the daemon. The function responsible for processing the options prepares a response within a fixed sized buffer, without performing any bounds checking. This exploit has been tested against Solaris 7 & Solaris 8 (sparc).

tags | exploit, remote, overflow, protocol
systems | solaris, bsd
MD5 | 113abf242f87ad50cf0bf00692925a89
Posted Oct 27, 2006
Authored by prdelka | Site

SGI IRIX 6.5 /usr/sysadm/bin/runpriv local root exploit.

tags | exploit, local, root
systems | irix
MD5 | 4b1c2d6a99b7463829ce9ccb4d234784
Posted Oct 27, 2006
Authored by prdelka | Site

SCO Openserver 5.0.7 termsh exploit. 'termsh' is a program to view or modify an existing terminal entry on SCO Openserver. A stack based overflow exists in the handling of command line arguments, namely the [-o oadir] argument. It is installed setgid auth in a default SCO Openserver 5.0.7 install. An attacker may use this flaw to gain write access to /etc/passwd or /etc/shadow allowing for local root compromise.

tags | exploit, overflow, local, root
MD5 | 54d689a2345b1a2e628537500f0f9df8
Page 1 of 2

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    18 Files
  • 15
    Aug 15th
    38 Files
  • 16
    Aug 16th
    16 Files
  • 17
    Aug 17th
    22 Files
  • 18
    Aug 18th
    3 Files
  • 19
    Aug 19th
    3 Files
  • 20
    Aug 20th
    21 Files
  • 21
    Aug 21st
    7 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By