Email address | berendjanwever at gmail.com |
---|---|
Website | skypher.com |
First Active | 2003-04-10 |
Last Active | 2016-12-21 |
BETA can convert raw binary shellcode into text that can be used in exploit source-code. It can convert raw binary data to a large number of encodings. It can also do the reverse: decode encoded data into binary from the same types of encodings.
1b45c685a458df166b54860c098ca9021ba8ff6a73dc10f90d7420bdb9c6d2ca
Microsoft Internet Explorer suffers from a Content-Encoding: deflate memory corruption vulnerability.
80fa117d24dc8845f2994b4d1e1342b08f6ff97d25b492bb4f924064b92e3e2c
Various reproduction code that demonstrates memory corruption when loading/unloading Adobe objects through an EMBED tag in Firefox.
cbfab4ccb60d417d49251f98b1b677a08ea4a6fa400b4d5b3cd721ce1aeb2be8
Windows x86 null-free bindshell for Windows 5.0 through 7.0 all service packs.
04ba99e6d3d4bd989ede7e23e3b2fdf261d5b2e942f08b2197bed07ec00ccd9d
Microsoft Windows x86 null-free bindshell shellcode for Windows 5.0 through 6.0 all service packs.
e30984bbffd193b9456095ecf59c11dc4559ea1dda013038d818184452fc953f
Microsoft Internet Explorer EMBED memory corruption proof of concept exploit that leverages the vulnerability discussed in MS09-014.
fc11bf53d21ba40129e201b7ccaa7856a96e3592bd369f3ebd690e007de4df83
This is a small piece of shellcode written in assembler that can scan the user-land address space for small blocks of memory ("eggs") and recombine the eggs into one large block.
8f64a632ae31b520f87ac44f9927c36b3d08aeef8e12e7ea7b7456352c7aadbb
Mozilla Firefox 3.0.7 OnbeforeUnLoad DesignMode reference crash exploit.
02291ecdde47dce048dcb42adac3b1508cdea7e7ab5645016e1f5be7b0b67ea1
A NULL pointer read vulnerability exists in Microsoft Internet Explorer versions 6.0, 7.0, and 8.0 Beta.
da104f3d68f39d3929b4c38e3bf2f61ce309b27f516300071bd2635ddb8f20f7
Safari array integer overflow proof of concept exploit.
8d018a338ed08422a4dc3a1d1c8f2bef6a08cd0487577e9ff3d96102ba6ea272
ASCII Art / shellcode hybrid called "Julia". This shellcode was created using Ars Ex Machina Coda. The shellcode will only work when it is run in writable and executable memory and if ECX points to the base address of the shellcode.
89cdfca38f956e1128ed018784978d1e02fff9f7c01ce163ba847b1d3b640bc1
This is a very cool ASCII Art / shellcode hybrid of "SkyLined".
e752389d0a9b04a413b2b3d936d5fcf8f4d6d34efdbbe2e00c65ccfaa79fd27b
This is a very cool ASCII Art / shellcode hybrid of "SkyLined".
3f50a06a3908cc0e38e66c20fcc5a7aff47435b0847640a4d88ce552494096b6
PwnZilla 5 - Exploit for the IDN host name heap buffer overrun in Mozilla browsers such as Firefox, Mozilla, and Netscape.
5fd84b75e862d1b3f6cac437ba7e571a8da0bd7fe4f45638c172f865b261d320
Research and development has led to a 90% reliable working exploit for the IDN Heap Buffer overrun in FireFox on WinXP and Win2k3 as long as DEP is turned off and JavaScript is enabled.
58cfafa307dfccf01eda97c1848bac293eebcf18ec5734852be83abf76e17e11
A number of issues have been reported lately by various sources about Internet Explorer vulnerabilities in relation to specific COM objects. Research has shown that the root cause is the fact that these COM objects are not designed to be loaded in IE at all. These objects therefore make wrongful assumptions about the state of the process they are loaded into, specifically about the contents of heap memory. This can be abused to uncover unwanted features, like the ability to run arbitrary code on a victims machine.
035a6aa16f04f9d73cacf13f2f3a7db3188f82cf0bd18a282634937ba184ab53
Proof-of-Concept exploit code for the MSIE DHTML object handling vulnerabilities (described in MS05-20).
c26eff210455c49cb3320cc55bf604d64f8ad0b37b6bea90265783cad726472f
InternetExploiter 3, .ANI-file Animation header length stack based buffer overflow exploit for Internet Explorer. Uses Cascading Style Sheets to load a malicious animated cursor. Runs a bindshell on port 28876.
2c241ffbbd01971af65ed38f537c9d5cc267d13e058013c5e7fd39635abbc94c
Another MSIE flaw that allows for a nest sort loop to cause an exception.
f9e3153a835e256b97c1f3cb90599d1eddf85c9d3a051a20d07215e32baf0dfe
Tool that can encode shellcode in various ways. Released by the author of the InternetExploiter exploit. Documentation for this tool available here.
66588988e27151588f35c1d98e2e115206867e3150312b3abbf669ddfdcc4681
Writing IA32 Restricted Instruction Set Shellcode Decoder Loops - This article addresses the requirements for writing a shellcode decoder loop using a limited number of characters that limits the instruction set. Most of it is based on the author's experience with alphanumeric decoders but the principles apply to any piece of code that is written to work with a limited instruction set.
2aea2ebf088e500f6e82bebaad1ecbf8639a257cb6f76e1538ffef1687c2a19a
InternetExploiter.html is a remote exploit for the IE IFRAME html tag buffer overflow vulnerability which binds a shell to tcp port 28876. Tested against IE 6.0 on Win XP SP1 and IE 6.0 on Win2k.
0ecca01eb05bab171b33265b3ea3ac3e0cd2cac3fc0ae02350d422d833d55e3f
ALPHA 2 Zero-tolerance is a shellcode encoder that will convert any x86 shellcode into 100% alphanumeric code. The resulting code has an OS independent decoder that will convert the encoded shellcode back to the original code and execute it. Features include creating 100% uppercase and unicode-proof code. It also supports automatic EIP grabbing for win32 targets using the Structured Exception Handler. A working version is available for testing on-line at http://www.edup.tudelft.nl/~bjwever.
e066bd9f3ea43a9d5f1e8b0a761255877f816d6e725b96a4cdc15c2c5b381033
Remote exploit that makes use of a buffer overrun in the Serv-U FTP server versions 4.2 and below that binds a shell to port 28876.
ea506acc9b54478ebcde1305c05e03a4d7a82d57254fcf230248bb00ffe76634
Coppermine Photo Gallery, the picture gallery which allows users to HTTP upload pictures, fails to extension check pictures that are uploaded. Due to this, a file with the extension .jpg.php can be uploaded allowing a remote attacker to execute commands. Sample .jpg.php included. Patch available here.
0d2fe1a4e09dda1f2380a7d53ddb87733772a50e381a3cc8e5217a10c4ca5dab