all things security
Showing 1 - 19 of 19 RSS Feed

Files from Rick

Email addressrick2600 at hotmail.com
First Active2008-11-19
Last Active2012-06-14
ComSndFTP 1.3.7 Beta USER Format String (Write4)
Posted Jun 14, 2012
Authored by Rick, corelanc0d3r, mr_me, ChaoYi Huang | Site metasploit.com

This Metasploit module exploits the ComSndFTP FTP Server version 1.3.7 beta by sending a specially crafted format string specifier as a username. The crafted username is sent to to the server to overwrite the hardcoded function pointer from Ws2_32.dll!WSACleanup. Once this function pointer is triggered, the code bypasses dep and then repairs the pointer to execute arbitrary code. The SEH exit function is preferred so that the administrators are not left with an unhandled exception message. When using the meterpreter payload, the process will never die, allowing for continuous exploitation.

tags | exploit, arbitrary
MD5 | ad58b74e16513fde63bd760903b78714
MJM QuickPlayer 1.00 beta 60a / QuickPlayer 2010 .s3m Stack Buffer Overflow
Posted Apr 30, 2011
Authored by Rick, corelanc0d3r | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in MJM QuickPlayer 1.00 beta 60a and QuickPlayer 2010 (Multi-target exploit). When opening a malicious s3m file in one of these 2 applications, a stack buffer overflow can be triggered, resulting in arbitrary code execution. This exploit bypasses DEP & ASLR, and works on XP, Vista & Windows 7.

tags | exploit, overflow, arbitrary, code execution
systems | windows, 7
MD5 | 26923cb503840c5307da191b999e0d76
MJM Core Player 2011 .s3m Stack Buffer Overflow
Posted Apr 30, 2011
Authored by Rick, corelanc0d3r | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in MJM Core Player 2011 When opening a malicious s3m file in this applications, a stack buffer overflow can be triggered, resulting in arbitrary code execution. This exploit bypasses DEP & ASLR, and works on XP, Vista & Windows 7.

tags | exploit, overflow, arbitrary, code execution
systems | windows, 7
MD5 | 20bedf4e31c1f9ca93bc6df99db159c9
Odin Secure FTP 4.1 Stack Buffer Overflow (LIST)
Posted Oct 13, 2010
Authored by Rick, corelanc0d3r | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Odin Secure FTP 4.1, triggered when processing the response on a LIST command. During the overflow, a structured exception handler record gets overwritten.

tags | exploit, overflow
MD5 | c0537ecf5cdaae1f550e28ce84cf31ac
Nuance PDF Reader v6.0 Launch Stack Buffer Overflow
Posted Oct 13, 2010
Authored by Rick, corelanc0d3r | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Nuance PDF Reader v6.0. The vulnerability is triggered when opening a malformed PDF file that contains an overly long string in a /Launch field. This results in overwriting a structured exception handler record. This exploit does not use javascript.

tags | exploit, overflow, javascript
MD5 | 6f6a9fe2850fbbba68008f1135580e7e
Race River Integard Home/Pro LoginAdmin Password Stack Buffer Overflow
Posted Sep 16, 2010
Authored by Rick, corelanc0d3r, jduck, Lincoln, nullthreat, Node | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Race river's Integard Home/Pro internet content filter HTTP Server. Versions prior to 2.0.0.9037 and 2.2.0.9037 are vulnerable. The administration web page on port 18881 is vulnerable to a remote buffer overflow attack. By sending an long character string in the password field, both the structured exception handler and the saved extended instruction pointer are over written, allowing an attacker to gain control of the application and the underlying operating system remotely. The administration website service runs with SYSTEM privileges, and automatically restarts when it crashes.

tags | exploit, remote, web, overflow
MD5 | bb6a939603cc7cb3cca5941b99529d4a
Race River Integard Home/Pro LoginAdmin Password Stack Buffer Overflow
Posted Sep 11, 2010
Authored by Rick, corelanc0d3r, jduck, Lincoln, nullthreat | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Race river's Integard Home/Pro internet content filter HTTP Server. Versions prior to 2.0.0.9037 and 2.2.0.9037 are vulnerable. The administration web page on port 18881 is vulnerable to a remote buffer overflow attack. By sending an long character string in the password field, both the structured exception handler and the saved extended instruction pointer are over written, allowing an attacker to gain control of the application and the underlying operating system remotely. The administration website service runs with SYSTEM privileges, and automatically restarts when it crashes.

tags | exploit, remote, web, overflow
MD5 | 647d8990db0dbe0d59c18c7f7d7d73ff
Integard Home And Pro 2 Buffer Overflow
Posted Sep 8, 2010
Authored by Rick, Lincoln, nullthreat

This is a Metasploit module that exploits a remote buffer overflow in Integard Home and Pro version 2.

tags | exploit, remote, overflow
MD5 | 251a1fa774a8771e7fdd5c688a54d282
S.O.M.P.L 1.0 Player Buffer Overflow
Posted Jun 4, 2010
Authored by Rick | Site metasploit.com

This Metasploit module exploits a buffer overflow in Simple Open Music Player version 1.0. When the application is used to import a specially crafted m3u file, a buffer overflow occurs allowing arbitrary code execution.

tags | exploit, overflow, arbitrary, code execution
MD5 | 6daa54721c502f760887f69573a8501e
ZipGenius 6.3.1.2552 Stack Buffer Overflow
Posted Apr 22, 2010
Authored by Rick | Site corelan.be

ZipGenius version 6.3.1.2552 suffers from a stack buffer overflow vulnerability.

tags | advisory, overflow
MD5 | 0aa5025cee0b659f33d17a94642da0fa
ZipGenius zgtips.dll Stack Buffer Overflow
Posted Apr 22, 2010
Authored by Rick, corelanc0d3r, mr_me | Site corelan.be

ZipGenius version 6.3.1.2552 stack buffer overflow exploit that leverages zgtips.dll.

tags | exploit, overflow
MD5 | 4d518559b979a2379c36ea7d32f45e20
Windows Messagebox With Custom Title And Text Shellcode
Posted Mar 25, 2010
Authored by Rick, corelanc0d3r

Windows Messagebox with custom title and text shellcode.

tags | shellcode
systems | windows
MD5 | fb2b02877b771c2364c1285fd3427af8
Remote Help 0.0.7 Denial Of Service
Posted Mar 22, 2010
Authored by Rick | Site corelan.be

Remote Help version 0.0.7 remote denial of service exploit.

tags | exploit, remote, denial of service
MD5 | 0862cb5ea69bf819f2355814c5da528f
Windisc 1.3 Stack Buffer Overflow
Posted Mar 16, 2010
Authored by Rick | Site corelan.be

Windisc version 1.3 suffers from a stack buffer overflow vulnerability. Full exploit code included.

tags | exploit, overflow
MD5 | ae169a1b3bef09878c6b43b25193a365
S.O.M.P.L. Player 1.0 Buffer Overflow
Posted Jan 20, 2010
Authored by Rick

S.O.M.PL. aka Simple Open Music Player suffers from a buffer overflow vulnerability. Proof of concept included.

tags | exploit, overflow, proof of concept
MD5 | bb288a29cc98d4a5a1a56130e7f028bc
Winplot Buffer Overflow
Posted Sep 21, 2009
Authored by Rick

Winplot local buffer overflow exploit that creates a malicious .wp2 file.

tags | exploit, overflow, local
MD5 | 3ba6ffc57ccb8a45004f2ffc17162a28
Changetrack 4.3-3 Privilege Escalation
Posted Sep 19, 2009
Authored by Rick

Changetrack version 4.3-3 suffers from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | da2d3adca468d33b7b44f20338dc3771
Linux/x86 Port Binding Shellcode
Posted Jul 8, 2009
Authored by Rick

Linux/x86 shellcode that binds to port 4444 and is xor-encoded.

tags | x86, shellcode
systems | linux
MD5 | d6c354e12ce4bbcb7469da7115d00e00
sudoers-shellcode.txt
Posted Nov 19, 2008
Authored by Rick

86 byte Linux/x86 edit /etc/sudoers for full access.

tags | x86, shellcode
systems | linux
MD5 | 75ac9ea204450e8db590b8f578f55103
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close