accept no compromises
Showing 1 - 25 of 408 RSS Feed

Operating System: Windows 2000

ECLIPSEDWING 1.5.2 Windows 2000 / 2003 / XP MS08-67 SMB Exploit
Posted Apr 15, 2017

ECLIPSEDWING exploits the SMB vulnerability patched by MS08-67. It affects Microsoft Windows 2000, 2003, and XP. Note that this exploit is part of the recent public disclosure from the "Shadow Brokers" who claim to have compromised data from a team known as the "Equation Group", however, there is no author data available in this content. Consider this exploit hostile and unverified. For research purposes only. Description has been referenced from http://medium.com/@networksecurity.

tags | exploit, web
systems | windows, 2k
MD5 | 27fca616dab5174663a045db979b893b
Microsoft DHCP INFORM Configuration Overwrite
Posted May 30, 2014
Authored by laurent gaffie

A vulnerability in Windows DHCP was found on Windows OS versions ranging from Windows 2000 through to Windows server 2003. This vulnerability allows an attacker to remotely overwrite DNS, Gateway, IP Addresses, routing, WINS server, WPAD, and server configuration with no user interaction. Successful exploitation of this issue will result in a remote network configuration overwrite. Microsoft acknowledged the issue but has indicated no plans to publish a patch to resolve it.

tags | advisory, remote
systems | windows, 2k
MD5 | 535d32799e8d5c79bd314ee2a3a71e9b
Packet Storm Advisory 2013-0827-1 - Oracle Java ByteComponentRaster.verify()
Posted Aug 27, 2013
Site packetstormsecurity.com

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

tags | advisory, java, remote, code execution, bug bounty, packet storm
systems | linux, windows, 2k, 9x, 32, apple, xp, 7
MD5 | 77519f9b4876e7d0d73f2f37ac46a425
Packet Storm Exploit 2013-0827-1 - Oracle Java ByteComponentRaster.verify() Memory Corruption
Posted Aug 27, 2013
Site packetstormsecurity.com

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, code execution, bug bounty, packet storm
systems | linux, windows, 2k, 9x, 32, apple, xp, 7
MD5 | 0484b9b754cdc4c848b8b28389bc8aaa
Packet Storm Advisory 2013-0819-1 - Oracle Java BytePackedRaster.verify()
Posted Aug 19, 2013
Site packetstormsecurity.com

The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataBitOffset" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

tags | advisory, java, remote, overflow, code execution, bug bounty, packet storm
systems | linux, windows, 2k, 9x, 32, apple, xp, 7
MD5 | d3b7d95ba0be7fa25a186fccfcc35995
Packet Storm Exploit 2013-0819-1 - Oracle Java BytePackedRaster.verify() Signed Integer Overflow
Posted Aug 19, 2013
Site packetstormsecurity.com

The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataBitOffset" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, overflow, code execution, bug bounty, packet storm
systems | linux, windows, 2k, 9x, 32, apple, xp, 7
MD5 | e8c53973c75ea825b56675a356e6958a
Packet Storm Advisory 2013-0813-1 - Oracle Java IntegerInterleavedRaster.verify()
Posted Aug 14, 2013
Site packetstormsecurity.com

The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataOffsets[0]" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

tags | advisory, java, remote, overflow, code execution, bug bounty, packet storm
systems | linux, windows, 2k, 9x, 32, apple, xp, 7
MD5 | 66b47dfda969e55a09e7ac25861c8486
Packet Storm Exploit 2013-0813-1 - Oracle Java IntegerInterleavedRaster.verify() Signed Integer Overflow
Posted Aug 14, 2013
Site packetstormsecurity.com

The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataOffsets[0]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, overflow, code execution, bug bounty, packet storm
systems | linux, windows, 2k, 9x, 32, apple, xp, 7
MD5 | 0dbe90f085f956db88aac3e897a70289
Packet Storm Advisory 2013-0811-1 - Oracle Java storeImageArray()
Posted Aug 12, 2013
Site packetstormsecurity.com

Oracle Java versions prior to 7u25 suffer from an invalid array indexing vulnerability that exists within the native storeImageArray() function inside jre/bin/awt.dll. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was obtained through the Packet Storm Bug Bounty program.

tags | advisory, java, remote, code execution, bug bounty, packet storm
systems | linux, windows, 2k, 9x, 32, apple, xp, 7
advisories | CVE-2013-2465, OSVDB-96269
MD5 | db785e46bf5c2d592d198749b74d7acd
Packet Storm Exploit 2013-0811-1 - Oracle Java storeImageArray() Invalid Array Indexing Code Execution
Posted Aug 12, 2013
Site packetstormsecurity.com

Oracle Java versions prior to 7u25 suffer from an invalid array indexing vulnerability that exists within the native storeImageArray() function inside jre/bin/awt.dll. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, code execution, bug bounty, packet storm
systems | linux, windows, 2k, 9x, 32, apple, xp, 7
advisories | CVE-2013-2465, OSVDB-96269
MD5 | 75f487c61517e74a3d453dff5eab12d5
SetNamedSecurityInfo() Ignores / Destroys Protected DACLs / SACLs
Posted Jun 19, 2012
Authored by Stefan Kanthak

With Windows 2000 Microsoft introduced the inheritance of access rights and new Win32-API functions like SetNamedSecurityInfo() which handle the inheritance. SetNamedSecurityInfo() but has a serious bug: it applies inheritable ACEs from a PARENT object to a target object even if it must not do so, indicated by the flags SE_DACL_PROTECTED and/or SE_SACL_PROTECTED in the security descriptor of the target object.

tags | advisory
systems | windows, 2k, 32
MD5 | 0ed4f85fb35e5a60a55c2633b90b012d
Oracle Weblogic Apache Connector POST Request Buffer Overflow
Posted May 18, 2012
Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. The connector fails to properly handle specially crafted HTTP POST requests, resulting a buffer overflow due to the insecure usage of sprintf. Currently, this module works over Windows systems without DEP, and has been tested with Windows 2000 / XP. In addition, the Weblogic Apache plugin version is fingerprinted with a POST request containing a specially crafted Transfer-Encoding header.

tags | exploit, web, overflow
systems | windows, 2k
advisories | CVE-2008-3257, OSVDB-47096
MD5 | 906cfff187bbb0026697ce9e23a575f1
libdvdcss 1.2.11
Posted Nov 16, 2011
Site videolan.org

libdvdcss is a cross-platform library for transparent DVD device access with on-the-fly CSS decryption. It currently runs under Linux, FreeBSD, NetBSD, OpenBSD, BSD/OS, Solaris, BeOS, Win95/Win98, Win2k/WinXP, MacOS X, HP-UX, QNX, and OS/2. It is used by libdvdread and most DVD players such as VLC because of its portability and because, unlike similar libraries, it does not require your DVD drive to be region locked.

Changes: This release improves RPC-II drive handling and contains a more robust keys retrieval mode. It also introduces fixes for MingW and OS/2 compilation, and has various bugfixes for small issues, memory leaks, crashes, and build issues.
tags | library
systems | linux, netbsd, windows, 2k, 9x, unix, solaris, freebsd, bsd, openbsd, hpux, beos, osx, xp
MD5 | 048134d398b4372a21ae304b9a9fa70b
del2info Windows Analyzer 0.1.2
Posted Jul 4, 2011
Authored by Filip Szymanski | Site code.google.com

The del2info utility was written to analyze Windows Recycle Bin INFO2 and $I?????? files. It can extract file deletion time, original path, and size of deleted files and whether they have been moved from the Recycle Bin. It supports files from Windows 2000 to 7.

Changes: Improved exception handling. Small code changes.
systems | windows, 2k, unix
MD5 | 6f677cd2c90d245fd1d1d7ab09b9beaf
del2info Windows Analyzer 0.1
Posted Jun 30, 2011
Authored by Filip Szymanski | Site code.google.com

The del2info utility was written to analyze Windows Recycle Bin INFO2 and $I?????? files. It can extract file deletion time, original path, and size of deleted files and whether they have been moved from the Recycle Bin. It supports files from Windows 2000 to 7.

systems | windows, 2k, unix
MD5 | bd154eed0759bff0967c003e1a0742a6
Microsoft SMB Server Zero Size Pool Allocation
Posted Aug 13, 2010
Authored by laurent gaffie | Site stratsec.net

A vulnerability in the Windows kernel can be triggered via SMB in Microsoft Windows versions ranging from Windows 2000 through to Windows 7. This vulnerability allows an attacker to trigger a kernel pool corruption by sending a specially crafted SMB_COM_TRANSACTION2 request. Successful exploitation of this issue may result in remote code execution with kernel privileges, while failed attempts will result in a denial of service condition.

tags | exploit, remote, denial of service, kernel, code execution
systems | windows, 2k, 7
MD5 | 7da37b9742180e99589a08d84a405ff9
Microsoft IIS ISAPI FrontPage fp30reg.dll Chunked Overflow
Posted Jul 26, 2010
Authored by H D Moore | Site metasploit.com

This is an exploit for the chunked encoding buffer overflow described in MS03-051 and originally reported by Brett Moore. This particular modules works against versions of Windows 2000 between SP0 and SP3. Service Pack 4 fixes the issue.

tags | exploit, overflow
systems | windows, 2k
advisories | CVE-2003-0822
MD5 | 03c71acda7b11ea0fb8eab5d2a1f6dd4
Windows 2000/XP/2003 win32k.sys SfnINSTRING Denial Of Service
Posted Apr 23, 2010
Authored by MJ0011

win32k.sys in Microsoft Windows 2000 / XP / 2003 suffers from a local kernel denial of service vulnerability related to SfnINSTRING.

tags | exploit, denial of service, kernel, local
systems | windows, 2k
MD5 | e0603a34a190c0a66e8938b656ace84d
Windows 2000/XP/2003 win32k.sys SfnLOGONNOTIFY Denial Of Service
Posted Apr 23, 2010
Authored by MJ0011

win32k.sys in Microsoft Windows 2000 / XP / 2003 suffers from a local kernel denial of service vulnerability related to SfnLOGONNOTIFY.

tags | exploit, denial of service, kernel, local
systems | windows, 2k
MD5 | 58fa005499f54a8f2a82800408bdf601
Windows Media Services ConnectFunnel Stack Buffer Overflow
Posted Apr 19, 2010
Authored by jduck | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in the Windows Media Unicast Service version 4.1.0.3930 (NUMS.exe). By sending a specially crafted FunnelConnect request, an attacker can execute arbitrary code under the "NetShowServices" user account. Windows Media Services 4.1 ships with Windows 2000 Server, but is not installed by default. NOTE: This service does NOT restart automatically. Successful, as well as unsuccessful exploitation attempts will kill the service which prevents additional attempts.

tags | exploit, overflow, arbitrary
systems | windows, 2k
advisories | CVE-2010-0478
MD5 | c628ec8e8cdc6b02bba2239149b248fb
Harden SSL/TLS Tool
Posted Feb 18, 2010
Authored by Thierry Zoller | Site g-sec.lu

"Harden SSL/TLS" hardens the default SSL/TLS settings of Windows 2000,2003,2008,2008R2, XP,Vista,7. It allows you to remotely set SSL/TLS policies allowing or denying certain ciphers/hashes or complete ciphersuites.

tags | encryption
systems | windows, 2k
MD5 | 5db5730516652db7e4920cf04249469b
Microsoft Workstation Service NetpManageIPCConnect Overflow
Posted Dec 31, 2009
Authored by jduck | Site metasploit.com

This Metasploit module exploits a stack overflow in the NetApi32 NetpManageIPCConnect function using the Workstation service in Windows 2000 SP4 and Windows XP SP2. In order to exploit this vulnerability, you must specify a the name of a valid Windows DOMAIN. It may be possible to satisfy this condition by using a custom dns and ldap setup, however that method is not covered here. Although Windows XP SP2 is vulnerable, Microsoft reports that Administrator credentials are required to reach the vulnerable code. Windows XP SP1 only requires valid user credentials. Also, testing shows that a machine already joined to a domain is not exploitable.

tags | exploit, overflow
systems | windows, 2k, xp
advisories | CVE-2006-4691
MD5 | e76d81bd330174da3b3561db126d28f5
MS03-046 Exchange 2000 XEXCH50 Heap Overflow
Posted Dec 31, 2009
Authored by H D Moore, patrick | Site metasploit.com

This is an exploit for the Exchange 2000 heap overflow. Due to the nature of the vulnerability, this exploit is not very reliable. This Metasploit module has been tested against Exchange 2000 SP0 and SP3 running a Windows 2000 system patched to SP4. It normally takes between one and 100 connection attempts to successfully obtain a shell. This exploit is *very* unreliable.

tags | exploit, overflow, shell
systems | windows, 2k
advisories | CVE-2003-0714
MD5 | 04b5da0fb13c72f42f0f285a8edfb33d
Microsoft IIS ISAPI FrontPage fp30reg.dll Chunked Overflow
Posted Nov 26, 2009
Authored by H D Moore | Site metasploit.com

This is an exploit for the chunked encoding buffer overflow described in MS03-051 and originally reported by Brett Moore. This particular modules works against versions of Windows 2000 between SP0 and SP3. Service Pack 4 fixes the issue.

tags | exploit, overflow
systems | windows, 2k
advisories | CVE-2003-0822
MD5 | d211f8dd86f04c39bcce6c3a6e31208a
FutureSoft TFTP Server 2000 Transfer-Mode Overflow
Posted Nov 26, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack overflow in the FutureSoft TFTP Server 2000 product. By sending an overly long transfer-mode string, we were able to overwrite both the SEH and the saved EIP. A subsequent write-exception that will occur allows the transferring of execution to our shellcode via the overwritten SEH. This Metasploit module has been tested against Windows 2000 Professional and for some reason does not seem to work against Windows 2000 Server (could not trigger the overflow at all).

tags | exploit, overflow, shellcode
systems | windows, 2k
advisories | CVE-2005-1812
MD5 | f9f7d6925a7ab16a58f9f0f0a9a894f5
Page 1 of 17
Back12345Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    2 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close