exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 83 RSS Feed

Files from Bobby Cooke

Real NameBobby Cooke
Email addressprivate
First Active2019-12-13
Last Active2022-12-22
View User Profile

Personal Background

Just a dude who's passionate about infosec.


macOS/x64 Execve Caesar Cipher String Null-Free Shellcode
Posted Dec 22, 2022
Authored by Bobby Cooke

286 bytes small macOS/x64 execve Caesar cipher string null-free shellcode.

tags | shellcode
SHA-256 | aa23ac4a240ae6871b72d0723b1c8d4ebded5889ad862b0dd0455f86699c05a2
macOS/x64 Execve Null-Free Shellcode
Posted Dec 22, 2022
Authored by Bobby Cooke

253 bytes small macOS/x64 execve null-free shellcode.

tags | shellcode
SHA-256 | 8b589116ca43d93bd39b3f0f87c1530ec372e055ebb8ddff6b021bf288966dd7
Library Management System 1.0 SQL Injection
Posted Sep 17, 2021
Authored by Bobby Cooke, Adeeb Shah

Library Management System version 1.0 suffers from a remote blind time-based SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 09e215838b64206f4d4119c058c5e284bdd8e98c69dab8b13f7377a4746d602f
GetSimple CMS Custom JS 0.1 CSRF / XSS / Code Execution
Posted May 2, 2021
Authored by Bobby Cooke, Abhishek Joshi

The Custom JS plugin version 0.1 for GetSimple CMS suffers from a cross site request forgery vulnerability that allows remote unauthenticated attackers to inject arbitrary client-side code into authenticated administrators browsers, which results in remote code execution on the hosting server, when an authenticated administrator visits a malicious third party website.

tags | exploit, remote, arbitrary, code execution, csrf
SHA-256 | 37fb00eaa335aa6aa61ddf4f19d244b74484eafd86b630f87d5ad3af340ea879
Windows/x64 Inject All Processes With Meterpreter Reverse Shell Shellcode
Posted May 2, 2021
Authored by Bobby Cooke

655 bytes small 64-bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.

tags | shell, shellcode
systems | windows
SHA-256 | 9b8f41be48c0a71cc5b34fd0d409faea955538963763a4a5c5ca27e1ec4d2afb
Windows/x64 Dynamic Null-Free WinExec PopCalc Shellcode
Posted May 2, 2021
Authored by Bobby Cooke

205 bytes small 64-bit Windows 10 shellcode that dynamically resolves the base address of kernel32.dll via PEB and ExportTable method. It contains no null bytes (0x00), and therefore will not crash if injected into typical stack buffer overflow vulnerabilities.

tags | overflow, vulnerability, shellcode
systems | windows
SHA-256 | 6143eebe8156ea982d4ef3362eab1915ca829a3ac99ed38af8a6c4ca2e852a0d
Windows/x64 Dynamic NoNull Add RDP Admin Shellcode
Posted May 2, 2021
Authored by Bobby Cooke

387 bytes small 64-bit Windows 10 shellcode that adds user BOKU:SP3C1ALM0V3 to the system and the localgroups. Shellcode must be executed from a process with either a HIGH or SYSTEM integrity level.

tags | shellcode
systems | windows
SHA-256 | 0e9ecdb6d32c850a8cd46f1c273c31f8a22128d898a75e6f5be2706159ec67b0
GetSimple CMS My SMTP Contact 1.1.1 CSRF/ XSS / Code Execution
Posted Apr 23, 2021
Authored by Bobby Cooke

GetSimple CMS My SMTP Contact plugin versions 1.1.1 and below cross site request forgery to persistent cross site scripting to remote code execution exploit.

tags | exploit, remote, code execution, xss, csrf
SHA-256 | 41f7e0ef54e05dad22d7753afc0b084638622f4b9593b685c302c7652a13556c
GetSimple CMS My SMTP Contact 1.1.1 CSRF / Remote Code Execution
Posted Apr 16, 2021
Authored by Bobby Cooke

GetSimple CMS My SMTP Contact plugin versions 1.1.1 and below cross site request forgery to remote code execution exploit.

tags | exploit, remote, code execution, csrf
SHA-256 | 2258d141aff440b13bbfd4362d347becfdafdef8d0b55521c249b9ab20702509
GetSimple CMS 3.3.16 Cross Site Scripting / Shell Upload
Posted Mar 30, 2021
Authored by Bobby Cooke

GetSimple CMS version 3.3.16 cross site scripting to remote shell upload exploit.

tags | exploit, remote, shell, xss
advisories | CVE-2020-23839
SHA-256 | ff447b6110d359109791159d602b028e64b080305d8c9119c22a55bb1534f865
House Rental 1.0 SQL Injection
Posted Nov 25, 2020
Authored by Bobby Cooke, hyd3sec

House Rental version 1.0 remote SQL injection exploit that leverages the keywords variable.

tags | exploit, remote, sql injection
SHA-256 | f3ce405357239bc159864db3af6456bd0791342c989bbfdf3d252560b427b3d3
CloudMe 1.11.2 Buffer Overflow
Posted Sep 29, 2020
Authored by hyp3rlinx, Bobby Cooke

CloudMe version 1.11.2 exploit that uses MSVCRT.System to create a new user (boku:0v3R9000!) and add the new user to the Administrators group. A requirement of successful exploitation is the CloudMe.exe process must be running as administrator.

tags | exploit, overflow
advisories | CVE-2018-6892
SHA-256 | fa72c3ffb403b1cf08f01966de80e025ee648636329bef78008faa0a5aee32e9
Tailor MS 1.0 Cross Site Scripting
Posted Sep 15, 2020
Authored by Bobby Cooke, hyd3sec

Tailor MS version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e5d3f596826a09594cd3da84dcda261dea5ea9721eb1dcd54f95e306795f8d75
GetSimple CMS Multi User 1.8.2 Cross Site Request Forgery
Posted Aug 13, 2020
Authored by Bobby Cooke, hyd3sec

GetSimple CMS Multi User plugin version 1.8.2 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | 075778612c10f536d4c7290644af4418086d7b993e4b199b7293a0ab52418e5e
Travel Management System 1.0 Remote Code Execution
Posted Aug 11, 2020
Authored by Bobby Cooke, hyd3sec

Travel Management System version 1.0 unauthenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | ae792bbf40d2a842ca65d8accf25592c3e2dabed687c3b2b2ed5ea3351984110
Travel Management System 1.0 SQL Injection
Posted Aug 11, 2020
Authored by Bobby Cooke, hyd3sec

Travel Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 760a289450add3ed69ac34686c2ac0875e492c2eaedd8b52cd0215906b35ebdc
Warehouse Inventory System 1.0 Cross Site Request Forgery
Posted Aug 10, 2020
Authored by Bobby Cooke, hyd3sec

Warehouse Inventory System version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 9259a5dd56037ce00a387f69f7055e6c55dbde1233f6394e2f390ff750bc8b9b
Tailor MS 1.0 Cross Site Scripting
Posted Aug 10, 2020
Authored by Bobby Cooke, hyd3sec

Tailor MS version 1.0 reflected cross site scripting key logger exploit.

tags | exploit, xss
SHA-256 | 24220cad535f63bbf6ab9fb8609e3780a5eb9b381a139bf42293242409ed5b05
BarracudaDrive 6.5 Local Privilege Escalation
Posted Aug 10, 2020
Authored by Bobby Cooke, hyd3sec

BarracudaDrive version 6.5 suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | bd93725c180cdafc139079c727d570922f7d871548126bc0ba7bf1843d4f7cb3
House Rental 1.0 SQL Injection
Posted Aug 10, 2020
Authored by Bobby Cooke, hyd3sec

House Rental version 1.0 SQL injection exploit that changes the administrative password. Written in python.

tags | exploit, sql injection, python
SHA-256 | 03add875cfdb342001765974b146763270038bf46f6fe406f0e48df2834e06a7
Car Rental Management System 1.0 Cross Site Scripting
Posted Aug 7, 2020
Authored by Bobby Cooke

Car Rental Management System version 1.0 unauthenticated persistent cross site scripting session harvester exploit.

tags | exploit, xss
SHA-256 | b40d22bc3d4f56d3e0cef9a50ef2bae88ee704433658470af06ab12026f23b0a
Stock Management System 1.0 Cross Site Request Forgery
Posted Aug 3, 2020
Authored by Bobby Cooke

Stock Management System version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 8721d9d0b4fda87f3d87fe69d111a14351e5052fb99acd5d3ea19f598339654b
Stock Management System 1.0 Cross Site Scripting
Posted Aug 3, 2020
Authored by Bobby Cooke

Stock Management System version 1.0 cross site scripting credential harvesting exploit.

tags | exploit, xss
SHA-256 | 0aa55b6e25b3a9933f28634730833294cbcfe2ff2ac206b516d5e1c2fa64234a
Online Bike Rental 1.0 Shell Upload
Posted Aug 1, 2020
Authored by Bobby Cooke, hyd3sec

Online Bike Rental version 1.0 suffers from an authenticated remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 3df5a1467fc3909370ba828c15f93e72b4265fd87271aa821233dcccaae9f382
Daily Tracker System 1.0 SQL Injection
Posted Jul 31, 2020
Authored by Bobby Cooke, hyd3sec

Daily Tracker System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
advisories | CVE-2020-24193
SHA-256 | a8be4ff2a62d77c301deb8c022913ab021be0ba97c5458a6e843f74c9b13d029
Page 1 of 4
Back1234Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close