exploit the possibilities
Showing 1 - 16 of 16 RSS Feed

Files from b33f

First Active2011-06-01
Last Active2017-08-22
Windows Escalate UAC Protection Bypass (Via COM Handler Hijack)
Posted Aug 22, 2017
Authored by b33f, OJ Reeves, Matt Nelson | Site metasploit.com

This Metasploit module will bypass Windows UAC by creating COM handler registry entries in the HKCU hive. When certain high integrity processes are loaded, these registry entries are referenced resulting in the process loading user-controlled DLLs. These DLLs contain the payloads that result in elevated sessions. Registry key modifications are cleaned up after payload invocation. This Metasploit module requires the architecture of the payload to match the OS, but the current low-privilege Meterpreter session architecture can be different. If specifying EXE::Custom your DLL should call ExitProcess() after starting your payload in a separate process. This Metasploit module invokes the target binary via cmd.exe on the target. Therefore if cmd.exe access is restricted, this module will not run correctly.

tags | exploit, registry
systems | windows
MD5 | 73fea9d04345bcd15b0dc980da1ce0e1
MS16-032 Secondary Logon Handle Privilege Escalation
Posted Jul 12, 2016
Authored by b33f, James Forshaw, khr0x40sh | Site metasploit.com

This Metasploit module exploits the lack of sanitization of standard handles in Windows' Secondary Logon Service. The vulnerability is known to affect versions of Windows 7-10 and 2k8-2k12 32 and 64 bit. This Metasploit module will only work against those versions of Windows with Powershell 2.0 or later and systems with two or more CPU cores.

tags | exploit
systems | windows, 7
advisories | CVE-2016-0099
MD5 | 37a34759947c810455938c65ab482084
Microsoft Internet Explorer OLE Pre-IE11 Code Execution
Posted Nov 21, 2014
Authored by b33f, GradiusX

Microsoft Internet Explorer OLE Pre-IE11 automation array remote code execution / powershell VirtualAlloc MS14-064 exploit.

tags | exploit, remote, code execution
advisories | CVE-2014-6332
MD5 | da2fa4b2d8bb3cc98525529d648a25da
BlazeVideo HDTV Player Pro 6.6 Filename Handling
Posted Nov 30, 2012
Authored by sinn3r, b33f | Site metasploit.com

This Metasploit module exploits a vulnerability found in BlazeVideo HDTV Player's filename handling routine. When supplying a string of input data embedded in a .plf file, the MediaPlayerCtrl.dll component will try to extract a filename by using PathFindFileNameA(), and then copies whatever the return value is on the stack by using an inline strcpy. As a result, if this input data is long enough, it can cause a stack-based buffer overflow, which may lead to arbitrary code execution under the context of the user.

tags | exploit, overflow, arbitrary, code execution
advisories | OSVDB-80896
MD5 | 18479af99cd876aea7ca8d3a6f0c35fb
Windows XP Pro SP3 Full ROP Calc Shellcode
Posted Nov 5, 2012
Authored by b33f

Microsoft Windows Pro SP3 full ROP calc.exe shellcode.

tags | shellcode
systems | windows
MD5 | ecb75b2d1a4ea65fd73bdc977807f20c
Aladdin Knowledge System Ltd ChooseFilePath Buffer Overflow
Posted Nov 1, 2012
Authored by shinnai, sinn3r, b33f, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Aladdin Knowledge System's ActiveX component. By supplying a long string of data to the ChooseFilePath() function, a buffer overflow occurs, which may result in remote code execution under the context of the user.

tags | exploit, remote, overflow, code execution, activex
advisories | OSVDB-86723
MD5 | 40789844caa3e2d6a9f865696f2155f6
Aladdin Knowledge System Ltd Buffer Overflow
Posted Oct 28, 2012
Authored by b33f

Aladdin Knowledge System Ltd PrivAgent.ocx ChooseFilePath buffer overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
MD5 | bc4b47c4dbd52167097d51c7901c8d01
NCMedia Sound Editor Pro 7.5.1 Buffer Overflow
Posted Oct 3, 2012
Authored by b33f

NCMedia Sound Editor Pro version 7.5.1 buffer overflow exploit with SEH and DEP.

tags | exploit, overflow
MD5 | 559148d69b97bf44b89fbd9bb9717a57
Lattice Semiconductor PAC-Designer 6.21 Overflow
Posted Jun 8, 2012
Authored by b33f

Lattice Semiconductor PAC-Designer version 6.21 suffers from a stack-based buffer overflow.

tags | exploit, overflow
advisories | CVE-2012-2915
MD5 | e2d419e0753bbc4b2c0d1b3a78951dfe
TFTP Server 1.4 ST(RRQ) Buffer Overflow
Posted May 14, 2012
Authored by b33f, JK

This Metasploit module creates a buffer overflow condition by sending a Read Request (RRQ) packet to TFTP server version 1.4.

tags | exploit, overflow
MD5 | bfa756879d45113dca4168ae8602ac87
BlazeVideo HDTV Player 6.6 Professional Buffer Overflow
Posted Apr 4, 2012
Authored by b33f

BlazeVideo HDTV Player version 6.6 Professional buffer overflow exploit with SEH + DEP + ASLR bypass.

tags | exploit, overflow
MD5 | 9bb3ee2666e35d7e301d2f9019600056
Blade API Monitor Unicode Bypass Buffer Overflow
Posted Feb 20, 2012
Authored by b33f

Blade API Monitor unicode bypass exploit that leverages a serial number buffer overflow vulnerability.

tags | exploit, overflow, bypass
MD5 | 4cd92675751d47508f32cdf4adaf7be7
TFTP Server 1.4 ST RRQ Overflow
Posted Jan 11, 2012
Authored by b33f

TFTP Server version 1.4 read request packet buffer overflow exploit that spawns a reverse shell to port 9988.

tags | exploit, overflow, shell
MD5 | 52dfa4446ea68bd5d74f34e3c329c377
Microsoft Office 2003 Home/Pro Buffer Overflow
Posted Jan 8, 2012
Authored by b33f, g11tch

Microsoft Office 2003 Home/Pro buffer overflow exploit with a magic payload download.

tags | exploit, overflow
MD5 | 2f470ec1a673bd430ff05f79ea798f44
ActFax Server FTP Remote Buffer Overflow
Posted Jun 9, 2011
Authored by b33f

ActFax Server FTP post authentication remote buffer overflow exploit.

tags | exploit, remote, overflow
MD5 | d83c177faf4eac0c7d7c844af096fcc7
Easy FTP Server Buffer Overflow
Posted Jun 1, 2011
Authored by b33f

Easy FTP Server version post authentication buffer overflow exploit.

tags | exploit, overflow
MD5 | e12184204f724898fca9ca5180055fc1
Page 1 of 1

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    15 Files
  • 4
    Apr 4th
    5 Files
  • 5
    Apr 5th
    5 Files
  • 6
    Apr 6th
    27 Files
  • 7
    Apr 7th
    31 Files
  • 8
    Apr 8th
    18 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2016 Packet Storm. All rights reserved.

Security Services
Hosting By