exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files from Rick

Email addressrick2600 at hotmail.com
First Active2008-11-19
Last Active2012-06-14
ComSndFTP 1.3.7 Beta USER Format String (Write4)
Posted Jun 14, 2012
Authored by Rick, corelanc0d3r, mr_me, ChaoYi Huang | Site metasploit.com

This Metasploit module exploits the ComSndFTP FTP Server version 1.3.7 beta by sending a specially crafted format string specifier as a username. The crafted username is sent to to the server to overwrite the hardcoded function pointer from Ws2_32.dll!WSACleanup. Once this function pointer is triggered, the code bypasses dep and then repairs the pointer to execute arbitrary code. The SEH exit function is preferred so that the administrators are not left with an unhandled exception message. When using the meterpreter payload, the process will never die, allowing for continuous exploitation.

tags | exploit, arbitrary
SHA-256 | 8ca8af4598071a83d2552f14b027f3fdb8f361c95b01bacf03d39857c306caea
MJM QuickPlayer 1.00 beta 60a / QuickPlayer 2010 .s3m Stack Buffer Overflow
Posted Apr 30, 2011
Authored by Rick, corelanc0d3r | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in MJM QuickPlayer 1.00 beta 60a and QuickPlayer 2010 (Multi-target exploit). When opening a malicious s3m file in one of these 2 applications, a stack buffer overflow can be triggered, resulting in arbitrary code execution. This exploit bypasses DEP & ASLR, and works on XP, Vista & Windows 7.

tags | exploit, overflow, arbitrary, code execution
systems | windows
SHA-256 | 40169fda292d731fa83423db95f72a9157b704f1e0c735313549ab77c3e54b4e
MJM Core Player 2011 .s3m Stack Buffer Overflow
Posted Apr 30, 2011
Authored by Rick, corelanc0d3r | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in MJM Core Player 2011 When opening a malicious s3m file in this applications, a stack buffer overflow can be triggered, resulting in arbitrary code execution. This exploit bypasses DEP & ASLR, and works on XP, Vista & Windows 7.

tags | exploit, overflow, arbitrary, code execution
systems | windows
SHA-256 | b34af7c1a1ed7cf2711905e10f913bce6d4781228c221060be316b6715a150a5
Odin Secure FTP 4.1 Stack Buffer Overflow (LIST)
Posted Oct 13, 2010
Authored by Rick, corelanc0d3r | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Odin Secure FTP 4.1, triggered when processing the response on a LIST command. During the overflow, a structured exception handler record gets overwritten.

tags | exploit, overflow
SHA-256 | 8ecb75c11b4c62e6ce7b842e1892561eaa88009d5a9d93ecdf9fc5bde92a10b0
Nuance PDF Reader v6.0 Launch Stack Buffer Overflow
Posted Oct 13, 2010
Authored by Rick, corelanc0d3r | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Nuance PDF Reader v6.0. The vulnerability is triggered when opening a malformed PDF file that contains an overly long string in a /Launch field. This results in overwriting a structured exception handler record. This exploit does not use javascript.

tags | exploit, overflow, javascript
SHA-256 | 7126b3b381c830c246515407ec24713960237606057c8a16a5129cdc22151571
Race River Integard Home/Pro LoginAdmin Password Stack Buffer Overflow
Posted Sep 16, 2010
Authored by Rick, corelanc0d3r, jduck, Lincoln, nullthreat, Node | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Race river's Integard Home/Pro internet content filter HTTP Server. Versions prior to 2.0.0.9037 and 2.2.0.9037 are vulnerable. The administration web page on port 18881 is vulnerable to a remote buffer overflow attack. By sending an long character string in the password field, both the structured exception handler and the saved extended instruction pointer are over written, allowing an attacker to gain control of the application and the underlying operating system remotely. The administration website service runs with SYSTEM privileges, and automatically restarts when it crashes.

tags | exploit, remote, web, overflow
SHA-256 | d01b8d0eccb2aec11afecf3d49371c3c926e2d006a81facbb808d6626fec7fa3
Race River Integard Home/Pro LoginAdmin Password Stack Buffer Overflow
Posted Sep 11, 2010
Authored by Rick, corelanc0d3r, jduck, Lincoln, nullthreat | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Race river's Integard Home/Pro internet content filter HTTP Server. Versions prior to 2.0.0.9037 and 2.2.0.9037 are vulnerable. The administration web page on port 18881 is vulnerable to a remote buffer overflow attack. By sending an long character string in the password field, both the structured exception handler and the saved extended instruction pointer are over written, allowing an attacker to gain control of the application and the underlying operating system remotely. The administration website service runs with SYSTEM privileges, and automatically restarts when it crashes.

tags | exploit, remote, web, overflow
SHA-256 | 39c01041cd7a953eb8e64486e1f5865273ee4d2db2d0b6b1cfb86aad1711e782
Integard Home And Pro 2 Buffer Overflow
Posted Sep 8, 2010
Authored by Rick, Lincoln, nullthreat

This is a Metasploit module that exploits a remote buffer overflow in Integard Home and Pro version 2.

tags | exploit, remote, overflow
SHA-256 | d4089119cb05d1fbda649606b655fb13dc6b8bd56736cee01e8bbc3e9d7072ab
S.O.M.P.L 1.0 Player Buffer Overflow
Posted Jun 4, 2010
Authored by Rick | Site metasploit.com

This Metasploit module exploits a buffer overflow in Simple Open Music Player version 1.0. When the application is used to import a specially crafted m3u file, a buffer overflow occurs allowing arbitrary code execution.

tags | exploit, overflow, arbitrary, code execution
SHA-256 | ff61fd7b9e078099ead07530144e241ebf1475c5b918f46fc1b891e77fc94f8f
ZipGenius 6.3.1.2552 Stack Buffer Overflow
Posted Apr 22, 2010
Authored by Rick | Site corelan.be

ZipGenius version 6.3.1.2552 suffers from a stack buffer overflow vulnerability.

tags | advisory, overflow
SHA-256 | ee6796d1e2a1356131c435a010f02986b0dd87176177a45a88cb77cf5428d21d
ZipGenius zgtips.dll Stack Buffer Overflow
Posted Apr 22, 2010
Authored by Rick, corelanc0d3r, mr_me | Site corelan.be

ZipGenius version 6.3.1.2552 stack buffer overflow exploit that leverages zgtips.dll.

tags | exploit, overflow
SHA-256 | 182f84b34d3061a772ef73d1cb7a337289948025589e93e60a5bbe0bbaa15630
Windows Messagebox With Custom Title And Text Shellcode
Posted Mar 25, 2010
Authored by Rick, corelanc0d3r

Windows Messagebox with custom title and text shellcode.

tags | shellcode
systems | windows
SHA-256 | bfb767a550c15f0127b50d18eb047c22434148eb8a29252b851930cbdc760bda
Remote Help 0.0.7 Denial Of Service
Posted Mar 22, 2010
Authored by Rick | Site corelan.be

Remote Help version 0.0.7 remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | defe99432d6b2eee6f03792639bad32f46c3fe9556a76c6ada5c12764d908146
Windisc 1.3 Stack Buffer Overflow
Posted Mar 16, 2010
Authored by Rick | Site corelan.be

Windisc version 1.3 suffers from a stack buffer overflow vulnerability. Full exploit code included.

tags | exploit, overflow
SHA-256 | 35273ce169912292844042a3d97dfc0662b96dd9a08ae743128e33f0a8217a9f
S.O.M.P.L. Player 1.0 Buffer Overflow
Posted Jan 20, 2010
Authored by Rick

S.O.M.PL. aka Simple Open Music Player suffers from a buffer overflow vulnerability. Proof of concept included.

tags | exploit, overflow, proof of concept
SHA-256 | 49c43c6a08970bf5d2ba90f05fbace520df46cf05783346936b3a3b9032389c1
Winplot Buffer Overflow
Posted Sep 21, 2009
Authored by Rick

Winplot local buffer overflow exploit that creates a malicious .wp2 file.

tags | exploit, overflow, local
SHA-256 | 82f998f301f4ab0ed6175236dec21034486bef1df09702ffad20aadbd958fd76
Changetrack 4.3-3 Privilege Escalation
Posted Sep 19, 2009
Authored by Rick

Changetrack version 4.3-3 suffers from a local privilege escalation vulnerability.

tags | exploit, local
SHA-256 | 1a24316e8b2fab56fbbf912c6014e79a481b5a2ce5574ff448911085fa63e591
Linux/x86 Port Binding Shellcode
Posted Jul 8, 2009
Authored by Rick

Linux/x86 shellcode that binds to port 4444 and is xor-encoded.

tags | x86, shellcode
systems | linux
SHA-256 | 42a49a8a5f2981bd589d213073aa7a301074373d1fe4dc5293614f9484bf8401
sudoers-shellcode.txt
Posted Nov 19, 2008
Authored by Rick

86 byte Linux/x86 edit /etc/sudoers for full access.

tags | x86, shellcode
systems | linux
SHA-256 | 7d3c24f1326c9839b67cda1c267ce7c0840d066c32b99df5a080ae3f91c26e2f
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close