exploit the possibilities
Showing 1 - 25 of 112 RSS Feed

Files from laurent gaffie

Email addresslaurent.gaffie at gmail.com
First Active2006-11-06
Last Active2017-02-02
Microsoft Windows 10 SMBv3 Tree Connect
Posted Feb 2, 2017
Authored by laurent gaffie

Microsoft Windows 10 SMBv3 tree connect proof of concept exploit.

tags | exploit, proof of concept
systems | windows
MD5 | 9c6a3b717fefb0568bc92f9e4261b766
LSASS SMB NTLM Exchange Remote Memory Corruption
Posted Nov 14, 2016
Authored by laurent gaffie

A vulnerability in Windows Local Security Authority Subsystem Service (LSASS) was found on Windows OS versions ranging from Windows XP through to Windows 10. This vulnerability allows an attacker to remotely crash the LSASS.EXE process of an affected workstation with no user interaction. Successful remote exploitation of this issue will result in a reboot of the target machine. Local privilege escalation should also be considered likely. Microsoft acknowledged the vulnerability and has published an advisory (MS16-137) and a patch, resolving this issue.

tags | exploit, remote, local
systems | windows, xp
advisories | CVE-2016-7237
MD5 | bb33f01e6d402ec6df87e93583bcdc46
Responder 2.1.3
Posted Nov 29, 2014
Authored by laurent gaffie | Site github.com

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

Changes: Several enhancements including analyze mode, inclusion of various rogue servers, and more.
tags | tool, web
systems | unix
MD5 | 2217529f94d9bc5e61a8d2a7fe606c77
Responder 2.0.8
Posted Jun 10, 2014
Authored by laurent gaffie | Site github.com

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

Changes: Various additions and improvements.
tags | tool, web
systems | unix
MD5 | 92a6bb38ee4ef0f4f6c61c1398c62896
PCredz 0.9
Posted Jun 9, 2014
Authored by laurent gaffie | Site github.com

This tool extracts credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, and more from a pcap file or from a live interface.

tags | tool, web, sniffer, imap
MD5 | 53dbaff0289eccf8b85cdc81bfc319a1
Microsoft DHCP INFORM Configuration Overwrite
Posted May 30, 2014
Authored by laurent gaffie

A vulnerability in Windows DHCP was found on Windows OS versions ranging from Windows 2000 through to Windows server 2003. This vulnerability allows an attacker to remotely overwrite DNS, Gateway, IP Addresses, routing, WINS server, WPAD, and server configuration with no user interaction. Successful exploitation of this issue will result in a remote network configuration overwrite. Microsoft acknowledged the issue but has indicated no plans to publish a patch to resolve it.

tags | advisory, remote
systems | windows, 2k
MD5 | 535d32799e8d5c79bd314ee2a3a71e9b
Microsoft SMB Server Zero Size Pool Allocation
Posted Aug 13, 2010
Authored by laurent gaffie | Site stratsec.net

A vulnerability in the Windows kernel can be triggered via SMB in Microsoft Windows versions ranging from Windows 2000 through to Windows 7. This vulnerability allows an attacker to trigger a kernel pool corruption by sending a specially crafted SMB_COM_TRANSACTION2 request. Successful exploitation of this issue may result in remote code execution with kernel privileges, while failed attempts will result in a denial of service condition.

tags | exploit, remote, denial of service, kernel, code execution
systems | windows, 2k, 7
MD5 | 7da37b9742180e99589a08d84a405ff9
MS10-054 Proof Of Concept
Posted Aug 12, 2010
Authored by laurent gaffie

Exploit for the Microsoft SMB Server Trans2 zero size pool alloc vulnerability as discussed in MS10-054.

tags | exploit
MD5 | 3c118daa82a8c0a40785ca5741116787
Netware SMB 1.0 Remote Stack Overflow
Posted Jun 18, 2010
Authored by laurent gaffie | Site stratsec.net

A vulnerability exists in the Netware CIFS.NLM driver which allows an attacker to trigger a kernel stack overflow by sending a specific 'Sessions Setup AndX' query. Successful exploitation of this issue will result in remote code execution with kernel privileges. Failed attempts may result in a remote denial of service. Netware SMB version 1.0 is vulnerable.

tags | exploit, remote, denial of service, overflow, kernel, code execution
MD5 | 6052914889052a4f8a8cc31d4c8446f6
Samba Denial Of Service
Posted May 12, 2010
Authored by laurent gaffie | Site stratsec.net

Two vulnerabilities were discovered within in the Samba Smbd daemon which allow an attacker to trigger a null pointer dereference or an uninitialized variable read by sending a specific 'Sessions Setup AndX' query. Successful exploitation of these issues will result in a denial of service. Versions 3.4.7 and below and 3.5.1 and below are affected.

tags | exploit, denial of service, vulnerability
MD5 | 07bd09ecdc231063575c4de7e922fb97
Windows 7/2008R2 SMB Client Trans2 Stack Overflow
Posted Apr 19, 2010
Authored by laurent gaffie

Microsoft Windows 7/2008R2 SMB Client Trans2 stack overflow exploit that leverages the vulnerability discussed in MS10-020.

tags | exploit, overflow
systems | windows, 7
MD5 | 3c9b4d9081839cfc8b59f2cc89b0e68f
MS10-006 SMB Client-Side Bug Proof Of Concept
Posted Apr 17, 2010
Authored by laurent gaffie

MS10-006 SMB client-side bug proof of concept exploit.

tags | exploit, proof of concept
MD5 | 360fa24adce8f8cc37e85ae31f81d3f3
Microsoft SMB Client Kernel Stack Overflow
Posted Apr 16, 2010
Authored by laurent gaffie, Renaud Feil | Site stratsec.net

A vulnerability exists in the SMB client of Microsoft Windows 7 and Windows Server 2008 R2. This vulnerability allows an attacker to trigger a kernel stack overflow by sending a specific "SMB_COM_TRANSACTION2" response. Attacking the SMB client can be achieved by convincing a user to connect to a malicious SMB server. Alternatively, the attacker could attempt man-in-the-middle attacks (such as ARP spoofing, NBNS packet spoofing, etc.) to redirect legitimate SMB connections to a malicious SMB server. Successful exploitation of this issue may result in remote code execution with kernel privileges.

tags | advisory, remote, overflow, kernel, spoof, code execution
systems | windows, 7
advisories | CVE-2010-0270
MD5 | b94d3c75bebc1980fee54731ca633da7
Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference
Posted Feb 26, 2010
Authored by H D Moore, laurent gaffie, sf | Site metasploit.com

This Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw.

tags | exploit
systems | windows, vista, 7
advisories | CVE-2009-3103
MD5 | 3020f10279af4ec16b64a2fdc43b26b2
Microsoft SMB Client Pool Overflow
Posted Feb 10, 2010
Authored by laurent gaffie, Renaud Feil | Site stratsec.net

A vulnerability exists in the Microsoft SMB client which allows an attacker to trigger a kernel pool memory corruption by sending a specific 'Negotiate Protocol' response.

tags | advisory, kernel, protocol
advisories | CVE-2010-0016, CVE-2010-0017
MD5 | f6e83519161c3ca7896a5bd5923d0751
ICMPv4/IP Fuzzer Prototype
Posted Nov 23, 2009
Authored by laurent gaffie | Site g-laurent.blogspot.com

This is the ICMPv4/IP fuzzer prototype code.

tags | fuzzer
MD5 | c38b3ad6980012a934bcede7cf360374
Windows 7 Remote Kernel Crash
Posted Nov 17, 2009
Authored by laurent gaffie

Proof of concept exploit that demonstrates a remote kernel crash vulnerability in Windows 7.

tags | exploit, remote, kernel, proof of concept
systems | windows, 7
MD5 | 32c8d4453a50cfdce6475335332288c6
Snort 2.8.5 IPv6 Remote Denial Of Service
Posted Oct 23, 2009
Authored by laurent gaffie

Snort versions 2.8.5 and below suffer from an IPv6 related remote denial of service vulnerability.

tags | exploit, remote, denial of service
MD5 | 3c22f17e6a527be646ae04024532eba1
Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference
Posted Sep 29, 2009
Authored by laurent gaffie

This Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw.

tags | exploit
systems | windows, vista, 7
advisories | CVE-2009-3103
MD5 | bd62fbcf8cbf9573b7dfd23935b5cdb8
Microsoft Windows SMB Blue Screen Of Death
Posted Sep 10, 2009
Authored by laurent gaffie

Windows Vista/7 suffers from a denial of service vulnerability when passed a malformed SMB header for the NEGOTIATE PROTOCOL REQUEST. Proof of concept code included.

tags | exploit, denial of service, protocol, proof of concept
systems | windows, vista
MD5 | 1a409754c9d0e146cf0525a53f91488a
WordPress 2.8.3 Admin Reset Password
Posted Aug 11, 2009
Authored by laurent gaffie

WordPress versions 2.8.3 and below suffer from an arbitrary administrative password reset vulnerability.

tags | exploit, arbitrary, add administrator
MD5 | ad7a7be8f39635f93bd349f5e4666da9
Soulseek 157 NS SEH Overwrite
Posted Jul 3, 2009
Authored by laurent gaffie

Soulseek versions 157 NS below 13e and all versions of 156 suffer from a remote peer search code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 3ba9a9d54e42e31df58673254f76bff3
Soulseek 157 NS Code Execution
Posted May 27, 2009
Authored by laurent gaffie

Soulseek versions 157 NS and 156 suffer from a remote distributed search code execution vulnerability.

tags | exploit, remote, code execution
MD5 | c523cff8e57293ce20e4f5a5d47a7799
VMware 2.5.1 Denial Of Service
Posted Jan 3, 2009
Authored by laurent gaffie

VMware versions 2.5.1 and below remote denial of service exploit.

tags | exploit, remote, denial of service
MD5 | 918090c873fe391fb0c2e18d414fdba6
Microsoft Windows Media Player .WAV Integer Overflow
Posted Dec 31, 2008
Authored by laurent gaffie

Microsoft Windows Media Player .WAV file remote integer overflow exploit.

tags | exploit, remote, overflow
systems | windows
MD5 | a6c464b23011ec8f7b56aeff4a98e693
Page 1 of 5
Back12345Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    3 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close