what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files from bannedit

Email addressbannedit at blacksecurity.org
First Active2006-07-24
Last Active2014-04-29
Adobe Flash Player Type Confusion Remote Code Execution
Posted Apr 29, 2014
Authored by bannedit, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a type confusion vulnerability found in the ActiveX component of Adobe Flash Player. This vulnerability was found exploited in the wild in November 2013. This Metasploit module has been tested successfully on IE 6 to IE 10 with Flash 11.7, 11.8 and 11.9 prior to 11.9.900.170 over Windows XP SP3 and Windows 7 SP1.

tags | exploit, activex
systems | windows
advisories | CVE-2013-5331
SHA-256 | 2547432fd02f1ba4aff29ae93a0c14c41a56c95f4cec7e25e1165d0846aa03ec
Foxit Reader 3.0 Open Execute Action Stack Based Buffer Overflow
Posted May 22, 2012
Authored by bannedit, Francisco Falcon | Site metasploit.com

This Metasploit module exploits a buffer overflow in Foxit Reader 3.0 builds 1301 and earlier. Due to the way Foxit Reader handles the input from an "Launch" action, it is possible to cause a stack-based buffer overflow, allowing an attacker to gain arbitrary code execution under the context of the user.

tags | exploit, overflow, arbitrary, code execution
advisories | OSVDB-55614
SHA-256 | 009165bbb7f39c130705ca1779b5bf21f2c3fd6f324d13329ecce60c590e0dcc
Citrix Gateway ActiveX Control Stack Based Buffer Overflow
Posted Aug 31, 2011
Authored by Michal Trojnara, bannedit, sinn3r | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in the Citrix Gateway ActiveX control. Exploitation of this vulnerability requires user interaction. The victim must click a button in a dialog to begin a scan. This is typical interaction that users should be accustom to. Exploitation results in code execution with the privileges of the user who browsed to the exploit page.

tags | exploit, overflow, code execution, activex
advisories | CVE-2011-2882, OSVDB-74191
SHA-256 | 09d9e8b876ca54fa2ea6081f2db151f089cbcc1f38aaa0b3ae3a8349a4c63825
Apache Struts < 2.2.0 Remote Command Execution
Posted Aug 19, 2011
Authored by Meder Kydyraliev, bannedit | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions < 2.2.0. This issue is caused by a failure to properly handle unicode characters in OGNL extensive expressions passed to the web server. By sending a specially crafted request to the Struts application it is possible to bypass the "#" restriction on ParameterInterceptors by using OGNL context variables. Bypassing this restriction allows for the execution of arbitrary Java code.

tags | exploit, java, remote, web, arbitrary
advisories | CVE-2010-1870, OSVDB-66280
SHA-256 | f3dc9c6ae8fc8270cc4ef71f82c223ad04ea9e8725f94ee4894465c9a0bfbc4b
CA Arcserve D2D GWT RPC Credential Information Disclosure
Posted Aug 2, 2011
Authored by rgod, bannedit | Site metasploit.com

This Metasploit module exploits an information disclosure vulnerability in the CA Arcserve D2D r15 web server. The information disclosure can be triggered by sending a specially crafted RPC request to the homepage servlet. This causes CA Arcserve to disclosure the username and password in cleartext used for authentication. This username and password pair are Windows credentials with Administrator access.

tags | exploit, web, info disclosure
systems | windows
SHA-256 | 7c8e30e3bf5a9fd18f843efebdc225b819266ca4ca82d428c51238a4afa9d1c6
IBM Tivoli Endpoint Manager POST Query Buffer Overflow
Posted Jun 12, 2011
Authored by bannedit, Jeremy Brown | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in the way IBM Tivoli Endpoint Manager versions 3.7.1, 4.1, 4.1.1, 4.3.1 handles long POST query arguments. This issue can be triggered by sending a specially crafted HTTP POST request to the service (lcfd.exe) listening on TCP port 9495. To trigger this issue authorization is required. This exploit makes use of a second vulnerability, a hardcoded account (tivoli/boss) is used to bypass the authorization restriction.

tags | exploit, web, overflow, tcp
advisories | CVE-2011-1220, OSVDB-72713, OSVDB-72751
SHA-256 | e26c45a50f92baafd2fb68a99ebdaa1c0b4d55454982b873642bcb3d0f2a41d7
Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute
Posted Jun 7, 2011
Authored by bannedit | Site metasploit.com

This Metasploit module exploits a vulnerability in the Cisco AnyConnect VPN client vpnweb.ocx ActiveX control. This control is typically used to install the VPN client. An attacker can set the 'url' property which is where the control tries to locate the files needed to install the client. The control tries to download two files from the site specified within the 'url' property. One of these files it will be stored in a temporary directory and executed.

tags | exploit, activex
systems | cisco
advisories | CVE-2011-2039, OSVDB-72714
SHA-256 | ef1996fa8324f29a9b671331d440a114bd14ca14534139ba1cdb0b9541a1ba33
GoldenFTP PASS Stack Buffer Overflow
Posted Jun 3, 2011
Authored by bannedit | Site metasploit.com

This Metasploit module exploits a vulnerability in the Golden FTP service. This Metasploit module uses the PASS command to trigger the overflow.

tags | exploit, overflow
advisories | CVE-2006-6576, OSVDB-35951
SHA-256 | 6ba50b9d749a73eb361bcea253eb0bf927451c37d0d2ba653f58227c262ae8db
Zend Server Java Bridge Arbitrary Java Code Execution
Posted Apr 6, 2011
Authored by bannedit | Site metasploit.com

This Metasploit module takes advantage of a trust relationship issue within the Zend Server Java Bridge. The Java Bridge is responsible for handling interactions between PHP and Java code within Zend Server. When Java code is encountered Zend Server communicates with the Java Bridge. The Java Bridge then handles the java code and creates the objects within the Java Virtual Machine. This interaction however, does not require any sort of authentication. This leaves the JVM wide open to remote attackers. Sending specially crafted data to the Java Bridge results in the execution of arbitrary java code.

tags | exploit, java, remote, arbitrary, php
advisories | OSVDB-71420
SHA-256 | 0b7ab4865dc9886b7d46ce4b5433ed01d7157a9568397fc5d7d07dd4d712244f
Adobe Flash Player AVM Bytecode Verification
Posted Mar 23, 2011
Authored by bannedit | Site metasploit.com

This Metasploit module exploits a vulnerability in AVM2 action script virtual machine used in Adobe Flash Player versions 9.0 through 10. The AVM fails to properly verify bytecode streams prior to executing it. This can cause uninitialized memory to be executed. Utilizing heap spraying techniques to control the uninitialized memory region it is possible to execute arbitrary code. Typically Flash Player is not used as a standalone application. Often, SWF files are embedded in other file formats or specifically loaded via a web browser. Malcode was discovered in the wild which embedded a malformed SWF file within an Excel spreadsheet. This exploit is based off the byte stream found within that malcode sample.

tags | exploit, web, arbitrary
advisories | CVE-2011-0609
SHA-256 | 42f45f3260ab9c5b8cc16ebc8f87909c47dfc836d8362769726a745db24e2709
RealNetworks RealPlayer CDDA URI Initialization Vulnerability
Posted Mar 18, 2011
Authored by bannedit, sinn3r | Site metasploit.com

This Metasploit module exploits a initialization flaw within RealPlayer 11/11.1 and RealPlayer SP 1.0 - 1.1.4. An abnormally long CDDA URI causes an object initialization failure. However, this failure is improperly handled and uninitialized memory executed.

tags | exploit
advisories | CVE-2010-3747, OSVDB-68673
SHA-256 | 62839465e28e0ea9cf0ef9d9a77ebcf656fe7aa1aca009b4ad424e57e87ca3f2
Foxit PDF Reader 4.2 Javascript File Write
Posted Mar 14, 2011
Authored by Chris Evans, bannedit | Site metasploit.com

This Metasploit module exploits an unsafe Javascript API implemented in Foxit PDF Reader version 4.2. The createDataObject() Javascript API function allows for writing arbitrary files to the file system. This issue was fixed in version Note: This exploit uses the All Users directory currently, which required administrator privileges to write to. This means an administrative user has to open the file to be successful. Kind of lame but thats how it goes sometimes in the world of file write bugs.

tags | exploit, arbitrary, javascript
advisories | OSVDB-71104
SHA-256 | d026ecdeb70b4e79e1a300231786aff558d631a15efcc80798eb6c642d176d5e
Command Stager Web Test
Posted Feb 17, 2010
Authored by bannedit | Site metasploit.com

This Metasploit module tests the command stager mixin against a shell.jsp application installed on an Apache Tomcat server.

tags | exploit, shell
SHA-256 | d8dd64919cdfb10de8c7a3cdcde49d5fbf78ea5803b2d4d65ba04543e2ee4058
Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
Posted Dec 31, 2009
Authored by bannedit, jduck | Site metasploit.com

This exploit takes advantage of a stack based overflow. Once the stack corruption has occurred it is possible to overwrite a pointer which is later used for a memcpy. This gives us a write anything anywhere condition similar to a format string vulnerability.

tags | exploit, overflow
advisories | CVE-2006-2502
SHA-256 | eb9a55064f6e381a97138b188135a0635600efe4ead2bdf62f7751369e16a37e
Timbuktu <= 8.6.6 PlughNTCommand Named Pipe Buffer Overflow
Posted Dec 31, 2009
Authored by bannedit | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in Timbuktu Pro version <= 8.6.6 in a pretty novel way. This exploit requires two connections. The first connection is used to leak stack data using the buffer overflow to overwrite the nNumberOfBytesToWrite argument. By supplying a large value for this argument it is possible to cause Timbuktu to reply to the initial request with leaked stack data. Using this data allows for reliable exploitation of the buffer overflow vulnerability. Props to Infamous41d for helping in finding this exploitation path. The second connection utilizes the data from the data leak to accurately exploit the stack based buffer overflow vulnerability. TODO: hdm suggested using meterpreter's migration capability and restarting the process for multishot exploitation.

tags | exploit, overflow
advisories | CVE-2009-1394
SHA-256 | 1a3eb49398ce9b0ab57cd1e8f8fcef3eb6dad5ad3499db7694e64b4fa58552a2
HP OpenView NNM 7.53, 7.51 OVAS.EXE Pre-Authentication SEH Overflow
Posted Dec 31, 2009
Authored by Mati Aharoni, bannedit | Site metasploit.com

This Metasploit module exploits a stack overflow in HP OpenView Network Node Manager versions 7.53 and earlier. Specifically this vulnerability is caused by a failure to properly handle user supplied input within the HTTP request including headers and the actual URL GET request. Exploitation is tricky due to character restrictions. It was necessary to utilize a egghunter shellcode which was alphanumeric encoded by muts in the original exploit. If you plan on using exploit this for a remote shell, you will likely want to migrate to a different process as soon as possible. Any connections get reset after a short period of time. This is probably some timeout handling code that causes this.

tags | exploit, remote, web, overflow, shell, shellcode
advisories | CVE-2008-1697
SHA-256 | 3dc7da1a36dedf13ddf7ea5539aaac3f51e4cbdb8ecfab2652405871dd1aca71
Posted Dec 7, 2007
Authored by bannedit | Site blacksecurity.org

Send ICMP nasty garbage append file logrotate exploit that makes use of sing.

tags | exploit
SHA-256 | 66b2e94faa752f7db45c993144f3a91713c980d4d184f0f642fbc06f37962d07
Posted Aug 28, 2007
Authored by bannedit | Site blacksecurity.org

BitchX version 1.1 Final remote heap overflow exploit that binds a TCP shell to port 4444.

tags | exploit, remote, overflow, shell, tcp
SHA-256 | 3199f543fb31d066f849b9da09c089cd39b2ca2d158a738330f4a690bbcad49e
Posted Jul 24, 2006
Authored by bannedit | Site blacksecurity.org

Functioning cyrus-imapd pop3d exploit that will bypass VA Randomization. Written in Ruby.

tags | exploit, ruby
SHA-256 | cacdc5be8bfaa3e014d1b725ab854c63f95de8e238d93ae9918354c38df1be94
Page 1 of 1

File Archive:

June 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    18 Files
  • 2
    Jun 2nd
    13 Files
  • 3
    Jun 3rd
    0 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    32 Files
  • 6
    Jun 6th
    39 Files
  • 7
    Jun 7th
    22 Files
  • 8
    Jun 8th
    17 Files
  • 9
    Jun 9th
    20 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By