what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files from b33f

First Active2011-06-01
Last Active2023-03-30
Ancillary Function Driver (AFD) For Winsock Privilege Escalation
Posted Mar 30, 2023
Authored by Christophe de la Fuente, b33f, Yarden Shafir, chompie | Site metasploit.com

A vulnerability exists in the Windows Ancillary Function Driver for Winsock (afd.sys) can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. Due to a flaw in AfdNotifyRemoveIoCompletion, it is possible to create an arbitrary kernel Write-Where primitive, which can be used to manipulate internal I/O ring structures and achieve local privilege escalation. This exploit only supports Windows 11 22H2 up to build 22621.963 (patched in January 2023 updates).

tags | exploit, arbitrary, kernel, local
systems | windows
advisories | CVE-2023-21768
SHA-256 | d5a189a643f3c07d66a853b96018a65f135901780840ff23dc17f6a405330ebb
Windows Escalate UAC Protection Bypass (Via COM Handler Hijack)
Posted Aug 22, 2017
Authored by b33f, OJ Reeves, Matt Nelson | Site metasploit.com

This Metasploit module will bypass Windows UAC by creating COM handler registry entries in the HKCU hive. When certain high integrity processes are loaded, these registry entries are referenced resulting in the process loading user-controlled DLLs. These DLLs contain the payloads that result in elevated sessions. Registry key modifications are cleaned up after payload invocation. This Metasploit module requires the architecture of the payload to match the OS, but the current low-privilege Meterpreter session architecture can be different. If specifying EXE::Custom your DLL should call ExitProcess() after starting your payload in a separate process. This Metasploit module invokes the target binary via cmd.exe on the target. Therefore if cmd.exe access is restricted, this module will not run correctly.

tags | exploit, registry
systems | windows
SHA-256 | 5643c9d59dd3082682db29197c72dec6efcfecef92c481633dd466d8973ffddb
MS16-032 Secondary Logon Handle Privilege Escalation
Posted Jul 12, 2016
Authored by b33f, James Forshaw, khr0x40sh | Site metasploit.com

This Metasploit module exploits the lack of sanitization of standard handles in Windows' Secondary Logon Service. The vulnerability is known to affect versions of Windows 7-10 and 2k8-2k12 32 and 64 bit. This Metasploit module will only work against those versions of Windows with Powershell 2.0 or later and systems with two or more CPU cores.

tags | exploit
systems | windows
advisories | CVE-2016-0099
SHA-256 | 26f03a91eb8c8dde8874f73e8d5a247d4da47b1e8ea13cc74ba383ffcb0b25c5
Microsoft Internet Explorer OLE Pre-IE11 Code Execution
Posted Nov 21, 2014
Authored by b33f, GradiusX

Microsoft Internet Explorer OLE Pre-IE11 automation array remote code execution / powershell VirtualAlloc MS14-064 exploit.

tags | exploit, remote, code execution
advisories | CVE-2014-6332
SHA-256 | d3053b664458c408fee9df099a23f568d9bd4a2935dc2bc5f92cc1ab8dda07aa
BlazeVideo HDTV Player Pro 6.6 Filename Handling
Posted Nov 30, 2012
Authored by sinn3r, b33f | Site metasploit.com

This Metasploit module exploits a vulnerability found in BlazeVideo HDTV Player's filename handling routine. When supplying a string of input data embedded in a .plf file, the MediaPlayerCtrl.dll component will try to extract a filename by using PathFindFileNameA(), and then copies whatever the return value is on the stack by using an inline strcpy. As a result, if this input data is long enough, it can cause a stack-based buffer overflow, which may lead to arbitrary code execution under the context of the user.

tags | exploit, overflow, arbitrary, code execution
advisories | OSVDB-80896
SHA-256 | ab34370a5debea1b2a8db24c582834304ee72c0e5a992dbbbcfedc31867011f6
Windows XP Pro SP3 Full ROP Calc Shellcode
Posted Nov 5, 2012
Authored by b33f

Microsoft Windows Pro SP3 full ROP calc.exe shellcode.

tags | shellcode
systems | windows
SHA-256 | 289f3c1bf7939844f15a89531a486537d36030fca3be043135f9d4ec1f1d3550
Aladdin Knowledge System Ltd ChooseFilePath Buffer Overflow
Posted Nov 1, 2012
Authored by shinnai, sinn3r, b33f, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Aladdin Knowledge System's ActiveX component. By supplying a long string of data to the ChooseFilePath() function, a buffer overflow occurs, which may result in remote code execution under the context of the user.

tags | exploit, remote, overflow, code execution, activex
advisories | OSVDB-86723
SHA-256 | 52766c2b3fde61f7b666e4b1325dcd3fd7b5e615f7cb3ac20c90295ebd3f492b
Aladdin Knowledge System Ltd Buffer Overflow
Posted Oct 28, 2012
Authored by b33f

Aladdin Knowledge System Ltd PrivAgent.ocx ChooseFilePath buffer overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
SHA-256 | 6b0e1f5b8ce0b43f6fe89b5aefc2eb998856bca69d78c4825813a7b9d9459d3d
NCMedia Sound Editor Pro 7.5.1 Buffer Overflow
Posted Oct 3, 2012
Authored by b33f

NCMedia Sound Editor Pro version 7.5.1 buffer overflow exploit with SEH and DEP.

tags | exploit, overflow
SHA-256 | 4195ae37fdb252cffc6ea369a4e3f28b378fc74c86697f3ab2e437a9b9fbd9c1
Lattice Semiconductor PAC-Designer 6.21 Overflow
Posted Jun 8, 2012
Authored by b33f

Lattice Semiconductor PAC-Designer version 6.21 suffers from a stack-based buffer overflow.

tags | exploit, overflow
advisories | CVE-2012-2915
SHA-256 | 520230c976f66176275e60d6714d34242413e22d709e7dd05023f8285270adbe
TFTP Server 1.4 ST(RRQ) Buffer Overflow
Posted May 14, 2012
Authored by b33f, JK

This Metasploit module creates a buffer overflow condition by sending a Read Request (RRQ) packet to TFTP server version 1.4.

tags | exploit, overflow
SHA-256 | fa9a0be38e83a3162d8474b2cb10cba8e6ec243cb4cbcc36423fedb3d72656ab
BlazeVideo HDTV Player 6.6 Professional Buffer Overflow
Posted Apr 4, 2012
Authored by b33f

BlazeVideo HDTV Player version 6.6 Professional buffer overflow exploit with SEH + DEP + ASLR bypass.

tags | exploit, overflow
SHA-256 | f5b576d7baf1601664d205e9e05ca99f4fbeb993a5658b7404fac8d5620e1548
Blade API Monitor Unicode Bypass Buffer Overflow
Posted Feb 20, 2012
Authored by b33f

Blade API Monitor unicode bypass exploit that leverages a serial number buffer overflow vulnerability.

tags | exploit, overflow, bypass
SHA-256 | c109d660b442ebc03a56a50cd730ba3d2d076545a02df2184c4d3368a7dd25c8
TFTP Server 1.4 ST RRQ Overflow
Posted Jan 11, 2012
Authored by b33f

TFTP Server version 1.4 read request packet buffer overflow exploit that spawns a reverse shell to port 9988.

tags | exploit, overflow, shell
SHA-256 | a201aaa089a6bcd7806a570bb387706be9f0b4e2056e93422d3b8acf44b2a9c1
Microsoft Office 2003 Home/Pro Buffer Overflow
Posted Jan 8, 2012
Authored by b33f, g11tch

Microsoft Office 2003 Home/Pro buffer overflow exploit with a magic payload download.

tags | exploit, overflow
SHA-256 | a5df7f790abb9961479c3b3d997d64657f4eb426c3b9605dd2ffa79bf09958af
ActFax Server FTP Remote Buffer Overflow
Posted Jun 9, 2011
Authored by b33f

ActFax Server FTP post authentication remote buffer overflow exploit.

tags | exploit, remote, overflow
SHA-256 | 4be2f3a68350281866ccffc27102dc7ca96ae58300eeb928a65f39b7f23e1fea
Easy FTP Server Buffer Overflow
Posted Jun 1, 2011
Authored by b33f

Easy FTP Server version post authentication buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 2a6596bad306c2f92f31a99a5af952a2ecb1fa44c6c4f1578665dd5c22713689
Page 1 of 1

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By