what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files from Cesar Cerrudo

Email addresscesar at argeniss.com
First Active2003-09-18
Last Active2010-08-12
Microsoft Windows Tracing Registry Key ACL Privilege Escalation
Posted Aug 12, 2010
Authored by Cesar Cerrudo

Microsoft Windows tracing register key ACL privilege escalation demonstration code.

tags | exploit
systems | windows
advisories | CVE-2010-2554
SHA-256 | fda37dcda8d4a51a61a3269e617929ac5ffe8cfc2d68baee5d4ca6d5c52c2849
Opening Intranets To Attacks By Using Internet Explorer
Posted Apr 7, 2009
Authored by Cesar Cerrudo | Site argeniss.com

Whitepaper called Opening Intranets to attacks by using Internet Explorer. This document covers the topic of hacking Intranet websites through various unconventional means. Technical details shed light on the impact of default security configuration settings within Internet Explorer that can be leveraged to attack internal Intranet websites remotely (from the Internet as well as remote users on the same LAN segment).

tags | paper, remote
SHA-256 | 66045593d07f37903e7829c8dda101ab6b67ff339f8df92f4176b09b3a79d14e
Churrasco.zip
Posted Oct 9, 2008
Authored by Cesar Cerrudo

Elevation of privileges proof of concept exploit for Token Kidnapping on Windows 2003.

tags | exploit, proof of concept
systems | windows
SHA-256 | 7d1d0e2a463f6fec3a3278c0dadb8c9b85f4e47ebada5e0e3b9e5e8d084d5680
TokenKidnapping.pdf
Posted Apr 21, 2008
Authored by Cesar Cerrudo

Whitepaper discussing token kidnapping on Microsoft Windows.

tags | paper
systems | windows
SHA-256 | 3aa72e11552701698d4dc68d94e3923dd75717343681d1d9ed97c4867016095a
D2T1_-_Cesar_Cerrudo_-_Token_Kidnapping.zip
Posted Apr 21, 2008
Authored by Cesar Cerrudo | Site conference.hitb.org

Token Kidnapping - This presentation is about a new technique for elevating privileges on Windows mostly from services, this technique exploits design weaknesses in Microsoft Windows XP, 2003, Vista and even Windows 2008. While in Windows Vista and 2008 many new security protections have been added, because of other weaknesses some of the new protection mechanisms are almost useless.

systems | windows
SHA-256 | 40e7a53ef53b12614b71cc8defc384e185161986510e109617ac0fd30faa1aaf
ibmdb2-overwrite.txt
Posted Apr 18, 2008
Authored by Cesar Cerrudo | Site appsecinc.com

Team SHATTER Security Advisory - IBM DB2 UDB suffers from an arbitrary file overwrite vulnerability in the SYSPROC.NNSTAT procedure.

tags | advisory, arbitrary
SHA-256 | 5341890b3227b414075c1b956314d51adf6ce18ad13d13edb5b06ae739893562
HackingDatabases.zip
Posted Apr 17, 2007
Authored by Cesar Cerrudo

Whitepaper entitled "Hacking Databases For Owning Your Data". This paper goes into specifics on how to compromise MS-SQL and Oracle databases. It includes tools and exploits as well.

tags | exploit
SHA-256 | 4f0613de36a3479fd1e5e7c57266df8715f1eb1c690eea5f55baf65e0ef90793
10MinSecAudit.zip
Posted Mar 14, 2007
Authored by Cesar Cerrudo

Whitepaper that demonstrates an extremely simple technique to quickly audit a software product in order to infer how trustable and secure it is. Oracle is used as a test case. Proof of concept exploit is included.

tags | paper, proof of concept
SHA-256 | 904c6850febb646527b3645a17ff83d6aba25216e7fbcf87791119aa245eb915
WLSI.zip
Posted Mar 15, 2006
Authored by Cesar Cerrudo | Site argeniss.com

Whitepaper entitled "WLSI - Windows Local Shellcode Injection" that describes a new technique to create 100% reliable local exploits for Microsoft Windows operating systems. The technique uses some Windows design weaknesses that allow low privileged processes to insert data into almost any Windows process regardless of their current privilege level. After a brief introduction and a description of the technique, a couple of samples (Exploits for MS05-012 and MS05-040) are included so the reader will be enabled to write their own exploits.

tags | paper, local, shellcode
systems | windows
SHA-256 | 0edd124aeb55cb3125140eb5cdb86f78449fba1ac22466a4b4325fdf39c92857
SSExploit.c
Posted Aug 14, 2005
Authored by Cesar Cerrudo | Site argeniss.com

Exploit for the COM structured storage vulnerability as described in MS05-012. Work on Win2k SP4, WinXP SP2, and Win2k3 SP0.

tags | exploit
systems | windows
advisories | CVE-2005-0047
SHA-256 | b0254015a10b6594140ffe50bc4155344c5a36122f3f931e66aab2e4ea94425e
Oracle9R2-unpatched.txt
Posted Jul 23, 2005
Authored by Cesar Cerrudo | Site argeniss.com

Oracle 9R2 has an unpatched, known vulnerability in the CWM2_OLAP_AW_AWUTIL package. A flaw that was reported months ago and was claimed to be fixed in this last release.

tags | advisory
SHA-256 | 4baacbeb7d755cb771ca19159c31c5adc4d70a971c8a33ae6de73c73c76e6667
ARGENISS-ADV-030501.txt
Posted Mar 15, 2005
Authored by Cesar Cerrudo | Site argeniss.com

Argeniss Security Advisory - Oracle database servers versions 8i and 9i are susceptible to directory traversal attacks.

tags | exploit
SHA-256 | fbdd2328be239c99f2f1f4d9662604a2451eee01ce19ea3fcb94fd2005ce1cc0
AppSecInc.winheap.txt
Posted Jan 12, 2005
Authored by Cesar Cerrudo | Site appsecinc.com

AppSecInc Advisory - The Microsoft Windows LPC (Local Procedure Call) mechanism is susceptible to a heap overflow that allows for privilege escalation.

tags | advisory, overflow, local
systems | windows
SHA-256 | 8aff40b0ee0ad0cc1af142ebe5ba1bdbdb9b46ace767d159bfba4e3fac06d6fe
AppSecInc.token.txt
Posted Jan 12, 2005
Authored by Cesar Cerrudo | Site appsecinc.com

AppSecInc Advisory - Improper token validation in Microsoft Windows allows for local privilege elevation in Windows 2000, Windows XP, and Windows 2003 (all service packs).

tags | advisory, local
systems | windows
SHA-256 | 59bdf12ab86d79cfc7916c6e95e0723e09b96782d162187d4d75392b97ca2ca9
AppSecInc.Oracle.txt
Posted Sep 9, 2004
Authored by Cesar Cerrudo, Esteban Martinez Fayo | Site appsecinc.com

AppSecInc Advisory - Multiple buffer overflow and denial of service (DoS) vulnerabilities exist in the Oracle Database Server which allow database users to take complete control over the database and optionally cause denial of service. Forty-four buffer overflows have been found. Exploitation of these vulnerabilities will allow an attacker to completely compromise the OS and the database if Oracle is running on Windows platform, because Oracle must run under the local System account or under an administrative account. If Oracle is running on *nix then only the database would be compromised because Oracle runs mostly under oracle user which has restricted permissions.

tags | advisory, denial of service, overflow, local, vulnerability
systems | windows
SHA-256 | 36977a3722720f6c3f2f1e3bbe50f6af68d1a8103afc604a75caff18382bb344
msWinUtilMan.txt
Posted Jul 14, 2004
Authored by Cesar Cerrudo

A local elevation of privileges exists in the Windows Utility Manager which allows any user to take complete control over the operating system. This vulnerability affects the Windows 2000 operating system family.

tags | advisory, local
systems | windows
advisories | CVE-2004-0213
SHA-256 | 06783ccb4127e8dc09bf4a647613438415e9c60af8c3a29e7ebdd29c4ff3750f
msaspCookie.txt
Posted May 7, 2004
Authored by Cesar Cerrudo

The Microsoft Active Server Pages (ASP) engine does not properly handle special cookie values when they are retrieved. Because of this, an unhandled error is returned to the client. This behavior can be used maliciously to gather sensitive information from web applications. All Microsoft Internet Information Server (IIS) web applications using Active Server Pages (ASP) are affected.

tags | advisory, web, asp
SHA-256 | 219594d6344f26a93e4767585c0c158ebb409b44abf565c8eeabc7209a00c60c
activeX.txt
Posted Oct 16, 2003
Authored by Cesar Cerrudo

Security Advisory detailing original research from the Microsoft Local Troubleshooter ActiveX control buffer overflow that affects all versions of Microsoft Windows 2000.

tags | advisory, overflow, local, activex
systems | windows
SHA-256 | 3123057a0e33003e32d0c1dcbd81e7c68fe2683392807470c9f4cf6b670e203b
yahooactive.txt
Posted Sep 18, 2003
Authored by Cesar Cerrudo

Yahoo! Webcam ActiveX controls are remotely susceptible to both a heap and stack based overflow vulnerability.

tags | advisory, overflow, activex
SHA-256 | 77415dcf52c38a6a335911442a1fbde9f49c7a2c7184a6d87d15d4affb71051a
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close