what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files from John Leitch

Real NameJohn Leitch
Email addressjohn.leitch5 at gmail.com
Websiteautosectools.com
First Active2014-04-10
Last Active2018-04-24
View User Profile
BadParser 1.6.42218.0
Posted Apr 24, 2018
Authored by John Leitch

BadParser is a vulnerability parser designed to aid in the testing of fuzzers by simulating different kinds of memory corruption issues. Vulnerabilities are simulated by causing write-access violations at specific addresses, which serve as unique identifiers for the different issues. BadParser supports JSON and XML input files, with other file formats planned.

tags | tool, vulnerability, fuzzer
SHA-256 | 367f7dde5a91009874def600cffd3663977c783f792f9dde52d689d05d61d3af
Perl 5.22 VDir::MapPathA/W Out-Of-Bounds Reads / Buffer Over-Reads
Posted Apr 11, 2016
Authored by John Leitch

Perl version 5.22 suffers from two out-of-bounds reads and multiple small buffer over-read vulnerabilities in the VDir::MapPathA and VDir::MapPathW functions that could potentially be exploited to achieve arbitrary code execution.

tags | exploit, arbitrary, perl, vulnerability, code execution
advisories | CVE-2015-8608
SHA-256 | cd84d70480486213183c751f06e787f023b2261ad301971f1c15757a078757f7
SnappingTurtle Web Exploitation Tool 0.1.0411.1609
Posted Apr 11, 2016
Authored by John Leitch

Exploit web applications with SnappingTurtle, a cross-platform tool written in Aphid and compiled into Python. SnappingTurtle can exploit SQL injection, arbitrary upload, local file inclusion, and cross-site scripting.

Changes: Improved PHP shell polymorphism. Multiple reliability improvements for LFI to RCE. Several functional improvements to SQL injection.
tags | tool, web, arbitrary, local, xss, sql injection, python, file inclusion
systems | unix
SHA-256 | a5b8094701db252077afcb55bbe7d22f2e1f457fb1b671ab24b4f46b2f5011ce
SnappingTurtle: A Web Exploitation Tool
Posted Mar 24, 2016
Authored by John Leitch

This is a cross platform web exploitation tool written in Aphid and compiled into Python. Currently supports exploitation of PHP local file inclusion and SQL injection with more on the way.

tags | tool, web, local, php, sql injection, python, file inclusion
systems | unix
SHA-256 | 95b04c51ae4075a56716ce0a231f64be1caf216efe3d1a1e359c795e51ab9309
Python 2.7 check_multiply_size() Integer Overflow
Posted Nov 2, 2015
Authored by John Leitch

Several functions within the imageop module are vulnerable to exploitable buffer overflows due to unsafe arithmetic in check_multiply_size(). The problem exists because the check to confirm that size == product / y / x does not take remainders into account.

tags | advisory, overflow
SHA-256 | 4fbbcdb0014f6b5b36412b5b0d77e13fcea4362e7222692a9ca1f45aad0c9e23
Python 2.7 Hotshot pack_string Heap Buffer Overflow
Posted Nov 2, 2015
Authored by John Leitch

Python version 2.7 hotshot module suffers from a heap buffer overflow due to a memcpy in the pack_string function at line 633.

tags | exploit, overflow, python
SHA-256 | 215ced90e06682bf1853666f18abba9118707d5f15f9bdb78f63075a6ea12305
Python 3.6 audioop.lin2adpcm Buffer Over-Read
Posted Nov 2, 2015
Authored by John Leitch

Python versions 2.7 and 3.4 through 3.6 audioop.lin2adpcm function suffers from a buffer over-read caused by unchecked access to stepsizeTable at line 1436 of Modules\audioop.c.

tags | advisory, python
SHA-256 | 2c8b66929eceb72bf3da7c48c1148a09862a0cd29361eca125f67b93810e39c3
Python 3.6 audioop.adpcm2lin Buffer Over-Read
Posted Nov 2, 2015
Authored by John Leitch

Python versions 2.7 and 3.4 through 3.6 audioop.adpcm2lin function suffers from a buffer over-read caused by unchecked access to stepsizeTable at line 1545 of Modules\audioop.c.

tags | advisory, python
SHA-256 | ada2d4f0a482e3504f02bdd84933b923a7fbe62837b34a1a13838fd8b8480ca2
Python 3.5 Bytearray Pop And Remove Buffer Over-Read
Posted Nov 2, 2015
Authored by John Leitch

Python versions 2.7 and 3.2 through 3.5 bytearray pop and remove methods suffer from buffer over-reads caused by memmove use under the assumption that PyByteArrayObject ob_size is less than ob_alloc, leading to a single byte over-read. This condition can be triggered by creating a bytearray from a range of length 0x10, then calling pop with a valid index.

tags | advisory, python
SHA-256 | 4a88d411899b3dbec134ad2fd731df7ad8bb96206440397840cb6a04963e5ab7
Python 2.7 array.fromstring Use After Free
Posted Nov 2, 2015
Authored by John Leitch

Python 2.7 array.fromstring() method suffers from a use after free caused by unsafe realloc use. The issue is triggered when an array is concatenated to itself via fromstring() call.

tags | exploit, python
SHA-256 | 1a0162389dadd3c3ed027351470e8c0be159c0f185fd44220ede2cc603b48d8a
Python 2.7 strop.replace() Integer Overflow
Posted Nov 2, 2015
Authored by John Leitch

Python version 2.7 strop.replace() method suffers from an integer overflow that can be exploited to write outside the bounds of the string buffer and potentially achieve code execution. The issue can be triggered by performing a large substitution that overflows the arithmetic used in mymemreplace() to calculate the size of the new string.

tags | exploit, overflow, code execution, python
SHA-256 | 94542f2a805b7a58ea094d2832d50dc1b24b949fa6c966598dd788d4698a07fc
Python 3.5 product_setstate() Out-Of-Bounds Read
Posted Nov 1, 2015
Authored by John Leitch

Python versions 3.3 through 3.5 suffer from a vulnerability caused by the behavior of the product_setstate() function. When called, the function loops over the state tuple provided and clamps each given index to a value within a range from 0 up to the max number of pools. Then, it loops over the pools and gets an item from the pool using the previously clamped index value. However, for the upper bound, the clamping logic is using the number of pools and not the size of the individual pool, which can result in a call to PyTuple_GET_ITEM that uses an index outside of the bounds of the pool.

tags | exploit, python
SHA-256 | 93b02aa3ae19b663219ced42d062d599f4173fd86c326115247762c4c49f4875
Python 3.5 deque.index() Uninitialized Variable
Posted Nov 1, 2015
Authored by John Leitch

Python version 3.5 suffers from a vulnerability caused by the behavior of the newblock() function used by the collections.deque module. When called, newblock() allocates memory using PyMem_Malloc() and does not initialize it.

tags | advisory, python
SHA-256 | beb3e126e78bd70fe14f6262da0e8790ff307a93235f23188e500745b0a5be92
Python 3.4 / 3.5 xmlparse_setattro() Type Confusion
Posted Oct 31, 2015
Authored by John Leitch

Python versions 3.4 and 3.5 suffer from a vulnerability caused by the behavior of the xmlparse_setattro() function. When called, the function uses the provided name argument in several conditional statements which assume that the name argument is a string. However, if a name argument is provided that is not a string, this logic will make several calls to PyUnicode_CompareWithASCIIString that expect a string, yet receive some other type of object, leading to a type confusion vulnerability.

tags | exploit, python
SHA-256 | 2f285d0b1a031d0ca91b5be2513b66aa771b0b6b0abc07f26cece30a0372c084
Python 3.5 time_strftime() Buffer Over-Read
Posted Oct 31, 2015
Authored by John Leitch

Python 3.5 suffers from a vulnerability caused by the behavior of the time_strftime() function. When called, the function loops over the format string provided, using strchr to search for each instance of '%'. After finding a '%', it continues to search two characters ahead, assuming that each instance is the beginning of a well formed format string token. However, if a string ends with '%', this logic will result in a call to strchr that reads off the end of the format string buffer.

tags | exploit, python
SHA-256 | 247c41f7b289418808f840d29093ddf7d7fec17408a6503c55ac90be7d7cdeb1
Python 3.5 scan_eol() Buffer Over-Read
Posted Oct 30, 2015
Authored by John Leitch

Python 3.5 suffers from a vulnerability caused by the behavior of the scan_eol() function. When called, the function gets a line from the buffer of a BytesIO object by searching for a newline character starting at the position in the buffer. However, if the position is set to a value that is larger than the buffer, this logic will result in a call to memchr that reads off the end of the buffer.

tags | exploit, python
SHA-256 | 11ad4ff03a7d48ad669798a540d150f6b9a96705027ddfb79905aac9959c3fc9
PHP yaml_parse_url Double Free
Posted Oct 30, 2015
Authored by John Leitch

The yaml_* parsing functions suffers from an exploitable double free caused by the error path for the php_var_unserialize() call on line 797 of pecl/file_formats/yaml.git/parse.c.

tags | advisory
SHA-256 | 222691a6762e7a56ff629bdd866e2f3741c307b8856b25b0efcef4850bb9383f
PHP yaml_parse_url Unsafe Deserialization
Posted Oct 30, 2015
Authored by John Leitch

The PHP unserialize() function is considered unsafe due to its behavior regarding class instantiation; in cases where serialized data is attacker controlled, it can be tampered with, allowing for the instantiation of arbitrary PHP classes and thus code execution via destructor.

tags | advisory, arbitrary, php, code execution
SHA-256 | 25ba50f88dac6d73405bd6b613b421c3efdf062bb33df0303b3857f5a2f462f0
PHP 5.5.12 Locale::parseLocale Double Free Memory Corruption
Posted Nov 20, 2014
Authored by John Leitch

PHP version 5.5.12 suffers from a memory corruption vulnerability that could potentially be exploited to achieve remote code execution. The vulnerability exists due to inconsistent behavior in the get_icu_value_internal function of ext\intl\locale\locale_methods.c. In most cases, get_icu_value_internal allocates memory that the caller is expected to free. However, if the first argument, loc_name, satisfies the conditions specified by the isIDPrefix macro (figure 1), and fromParseLocal is true, loc_name itself is returned. If a caller abides by contract and frees the return value of such a call, then the pointer passed via loc_name is freed again elsewhere, a double free occurs.

tags | exploit, remote, php, code execution
systems | linux
SHA-256 | e1dcadb447af1ab80dabe070ca75aed52d71efed2b43a7c6a34d21061054de25
Cogent DataHub Command Injection
Posted Jun 25, 2014
Authored by John Leitch, juan vazquez | Site metasploit.com

This Metasploit module exploits an injection vulnerability in Cogent DataHub prior to 7.3.5. The vulnerability exists in the GetPermissions.asp page, which makes insecure use of the datahub_command function with user controlled data, allowing execution of arbitrary datahub commands and scripts. This Metasploit module has been tested successfully with Cogent DataHub 7.3.4 on Windows 7 SP1.

tags | exploit, arbitrary, asp
systems | windows
advisories | CVE-2014-3789
SHA-256 | ea90ec1ce02362764c088f9a23d4e3e49eb058ef8047c0f1c9b916a1d71d04e3
Bleed Out Heartbleed Command Line Tool 1.0.1.46
Posted Apr 23, 2014
Authored by John Leitch

Bleed Out is a command line tool written in C# for targeting instances of OpenSSL made vulnerable by the prolific "Heartbleed" bug. The tool aggressively exploits the OpenSSL vulnerability, dumping both ASCII and binary data to files. It also checks the uniqueness of each chunk before persisting it, to ensure that duplicate chunks are not saved.

Changes: Added probe option. Fixed binary dump bug that caused data to be overwritten. Removed hardcoded binary blobs and added proper TLS support. Structure positions and field values within packets are now randomized, making detection more difficult. Decreased TCP send/receive timeout.
tags | exploit
advisories | CVE-2014-0160
SHA-256 | b9dd8ee3053813f5ff75d34d8e0f41a37a3efeac003a6ab767604dd17a77f4ff
Bleed Out Heartbleed Command Line Tool 1.0.0.10
Posted Apr 10, 2014
Authored by John Leitch

Bleed Out is a command line tool written in C# for targeting instances of OpenSSL made vulnerable by the prolific "Heartbleed" bug. The tool aggressively exploits the OpenSSL vulnerability, dumping both ASCII and binary data to files. It also checks the uniqueness of each chunk before persisting it, to ensure that duplicate chunks are not saved.

Changes: Fixed exploitability test. Fixed argument validation. Fixed port exhaustion issue. Misc fixes. Minor CLI tweaks. Improved string searching. Added args for configuring retry. Changed target framework to .NET 4 for XP compatibility.
tags | exploit
advisories | CVE-2014-0160
SHA-256 | 8ac230f3902a7f35b6b76d9ad09ffa77ce032177754a06743c1ffa83672c1fcf
Bleed Out Heartbleed Command Line Tool 1.0.0.0
Posted Apr 10, 2014
Authored by John Leitch

Bleed Out is a command line tool written in C# for targeting instances of OpenSSL made vulnerable by the prolific "Heartbleed" bug. The tool aggressively exploits the OpenSSL vulnerability, dumping both ASCII and binary data to files. It also checks the uniqueness of each chunk before persisting it, to ensure that duplicate chunks are not saved.

tags | exploit
advisories | CVE-2014-0160
SHA-256 | 0154e0117391da9f265ff0a83bcd76a93f62d16f309e587ba789d69c8bbd8009
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close