Twenty Year Anniversary
Showing 1 - 25 of 417 RSS Feed

Operating System: Windows NT

SyncBreeze 10.1.16 SEH GET Overflow
Posted Oct 13, 2017
Authored by wetw0rk | Site

There exists an unauthenticated SEH based vulnerability in the HTTP server of Sync Breeze Enterprise version 10.1.16, when sending a GET request with an excessive length it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under the Windows NT AUTHORITY\SYSTEM account. The SEH record is overwritten with a "POP,POP,RET" pointer from the application library libspp.dll. This exploit has been successfully tested on Windows XP, 7 and 10 (x86->x64). It should work against all versions of Windows and service packs.

tags | exploit, web, x86
systems | windows, nt, xp
MD5 | d7371f0084bb280d35baaca73d2c929d
Disk Pulse Enterprise 9.9.16 GET Buffer Overflow
Posted Sep 21, 2017
Authored by Nipun Jaswal, Chance Johnson, Anurag Srivastava | Site

This Metasploit module exploits an SEH buffer overflow in Disk Pulse Enterprise version 9.9.16. If a malicious user sends a crafted HTTP GET request it is possible to execute a payload that would run under the Windows NT AUTHORITY\SYSTEM account.

tags | exploit, web, overflow
systems | windows, nt
MD5 | 4357afe77b3f0d509c9cfa2b76ef1a5a
Disk Pulse Enterprise 9.0.34 Login Buffer Overflow
Posted Nov 14, 2016
Authored by Chris Higgins, Tulpa | Site

This Metasploit module exploits a stack buffer overflow in Disk Pulse Enterprise 9.0.34. If a malicious user sends a malicious HTTP login request, it is possible to execute a payload that would run under the Windows NT AUTHORITY\SYSTEM account. Due to size constraints, this module uses the Egghunter technique.

tags | exploit, web, overflow
systems | windows, nt
MD5 | 0736a1a35a8b9a9b973e89997322136f
Windows NT/2K/XP/2K3/VISTA/2K8/7/8 EPATHOBJ Local ring0
Posted Jun 3, 2013
Authored by Tavis Ormandy, progmboy

There is a pretty obvious bug in win32k!EPATHOBJ::pprFlattenRec where the PATHREC object returned by win32k!EPATHOBJ::newpathrec does not initialize the next list pointer. This is a local ring0 exploit for Microsoft Windows NT/2K/XP/2K3/VISTA/2K8/7/8.

tags | exploit, local
systems | windows, nt
MD5 | 200aada714abad7e48075d77ab64032f
RegLookup Registry Parser 1.0.0
Posted Jun 20, 2011
Authored by Timothy D. Morgan | Site

RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later.

Changes: SK records and security descriptors are now accessible in pyregfi. Key caching was added to regfi, and SK caching was reintroduced. Minor API simplifications were made and documentation was improved. Numerous bugs were fixed.
tags | registry
systems | windows, unix, nt
MD5 | 1fb1eea7435d368a91ade8c4016b5be6
RegLookup Registry Parser 0.99.0
Posted May 2, 2011
Authored by Timothy D. Morgan | Site

RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later.

Changes: This 1.0 release candidate contains major improvements to regfi usability. regfi was made a proper library, and major improvements were made to the API. Python bindings (pyregfi) were added for regfi. The Make-based build system was replaced with a SCons-based one. Numerous improvements were made in regfi for multithreaded use and memory management. API documentation was improved.
tags | registry
systems | windows, unix, nt
MD5 | c86d45b55756ed754c04db13f7eac408
RegLookup Register Parser 0.12.0
Posted Mar 9, 2010
Authored by Timothy D. Morgan | Site

RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later.

Changes: Big data support was improved and added to reglookup-recover. A -i option was added to reglookup for assisting with timeline generation. Unicode support was improved by correctly interpreting UTF-16LE key and value names. Data type interpretation was moved into regfi, and the regfi library interface was reorganized. regfi documentation was improved and Doxygen formatting was added.
tags | registry
systems | windows, nt
MD5 | 7fa5bd1f55f3f8345952bf6a03ef2e1a
Windows NT/2K/XP/2K3/VISTA/2K8/7 NtVdmControl()-
Posted Jan 21, 2010
Authored by Tavis Ormandy

Microsoft Windows NT/2K/XP/2K3/VISTA/2K8/7 NtVdmControl()->KiTrap0d local ring0 exploit. Google flags this as malware so only use this if you know what you are doing. The password to unarchive this zip is the word "infected".

tags | exploit, local
systems | windows, nt
advisories | CVE-2010-0232
MD5 | ae115019e4304bb79e51f4536573fdf4
Terminal Server License Bypass
Posted Jan 11, 2010
Authored by Zorzan Urban Pawel | Site

This registry code allows any terminal client access to a Terminal Server. It bypasses the Microsoft "Terminal Server License" and allows the client to create a session on the server without a CAL (Client Access License) or MS Open License. It works on WinNT, Win2000, Win2003 server and Win2008 server.

tags | registry, bypass
systems | windows, nt
MD5 | 41053a7e4a261472d04cdc1eea0cae07
Microsoft IIS 4.0 .HTR Path Overflow
Posted Nov 26, 2009
Authored by stinko | Site

This exploits a buffer overflow in the ISAPI ISM.DLL used to process HTR scripting in IIS 4.0. This Metasploit module works against Windows NT 4 Service Packs 3, 4, and 5. The server will continue to process requests until the payload being executed has exited. If you've set EXITFUNC to 'seh', the server will continue processing requests, but you will have trouble terminating a bind shell. If you set EXITFUNC to thread, the server will crash upon exit of the bind shell. The payload is alpha-numerically encoded without a NOP sled because otherwise the data gets mangled by the filters.

tags | exploit, overflow, shell
systems | windows, nt
advisories | CVE-1999-0874
MD5 | 3b9914f3c7ce3d94567daaf53f52f817
Microsoft RPC DCOM Interface Overflow
Posted Nov 26, 2009
Authored by H D Moore, spoonm, cazz | Site

This Metasploit module exploits a stack overflow in the RPCSS service, this vulnerability was originally found by the Last Stage of Delirium research group and has bee widely exploited ever since. This Metasploit module can exploit the English versions of Windows NT 4.0 SP3-6a, Windows 2000, Windows XP, and Windows 2003 all in one request :)

tags | exploit, overflow
systems | windows, 2k, nt, xp
advisories | CVE-2003-0352
MD5 | 0e8c891f65d0c275b901a86b6cebc95d
Microsoft Server Service NetpwPathCanonicalize Overflow
Posted Nov 26, 2009
Authored by H D Moore | Site

This Metasploit module exploits a stack overflow in the NetApi32 CanonicalizePathName() function using the NetpwPathCanonicalize RPC call in the Server Service. It is likely that other RPC calls could be used to exploit this service. This exploit will result in a denial of service on on Windows XP SP2 or Windows 2003 SP1. A failed exploit attempt will likely result in a complete reboot on Windows 2000 and the termination of all SMB-related services on Windows XP. The default target for this exploit should succeed on Windows NT 4.0, Windows 2000 SP0-SP4+, Windows XP SP0-SP1 and Windows 2003 SP0.

tags | exploit, denial of service, overflow
systems | windows, 2k, nt, xp
advisories | CVE-2006-3439
MD5 | 09ce9abfa6366a47d09be140af9affef
Cisco Security Advisory 20081022-asa
Posted Oct 22, 2008
Authored by Cisco Systems | Site

Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances. These include Windows NT domain authentication bypass, IPv6 denial of service, and a Crypto Accelerator memory leak.

tags | advisory, denial of service, crypto, vulnerability, memory leak
systems | cisco, windows, nt
advisories | CVE-2008-3815, CVE-2008-3816, CVE-2008-3817
MD5 | f4da32a3b3d25ba6a9e818a6993789e3
Posted Jan 4, 2007
Authored by sapheal

A critical security vulnerability has been found in the Windows NT Message compiler. Arbitrary code execution might be possible.

tags | advisory, arbitrary, code execution
systems | windows, nt
MD5 | c0cbe312d8f92d18cef79225e95240e7
Posted Nov 29, 2006
Authored by Reed Arvin | Site

NetBIOS Enumeration Utility (NBTEnum) is a utility for Windows that can be used to enumerate NetBIOS information from one host or a range of hosts. The enumerated information includes the network transports, NetBIOS name, account lockout threshold, logged on users, local groups and users, global groups and users, and shares. If run under the context of a valid user account additional information is enumerated including operating system information, services, installed programs, Auto Admin Logon information and encrypted WinVNC/RealVNC passwords. This utility will also perform password checking with the use of a dictionary file. Runs on Windows NT 4.0/2000/XP/2003. PERL source included.

Changes: Bug fixes. Completely rewritten RestrictAnonymous bypass routine. Included source code for educational purposes.
tags | local, perl
systems | windows, nt
MD5 | 807fcb02ec2c5f28c6c5f3380dd063f3
Posted Aug 27, 2006
Authored by Aelphaeis Mangarae | Site

Whitepaper discussing the hardening of Windows NT.

tags | paper
systems | windows, nt
MD5 | ec1538b2f0f47f6d427178fa6c3986a3
Posted May 21, 2006
Authored by Derek Soeder | Site

eEye Digital Security has discovered a second vulnerability in the Microsoft Distributed Transaction Coordinator that could allow an attacker to take complete control over a vulnerable system to which he has network or local access. The vulnerable MSDTC component is an RPC server which is network accessible by default on Windows NT 4.0 Server and Windows 2000 Server systems, over a dynamic high TCP port.

tags | advisory, local, tcp
systems | windows, 2k, nt
MD5 | 0cacde8e729b39afddc354aea2ed008a
Posted Apr 12, 2006

lbture is a local Windows account password brute forcer. It supports dictionary attacks and resume. Works on Windows NT/2K/XP/2K3.

tags | local
systems | windows, nt
MD5 | 7b9101ddddd40f32e3d74eda14219e54
Posted Dec 14, 2005
Authored by Derek Soeder | Site

eEye Security Advisory - eEye Digital Security has discovered a local privilege escalation vulnerability in the Windows kernel that could allow any code executing on a Windows NT 4.0 or Windows 2000 system to elevate itself to the highest possible local privilege level (kernel).

tags | advisory, kernel, local
systems | windows, 2k, nt
advisories | CVE-2005-2827
MD5 | 204c949d2587d64927b34183a6cb0b46
Posted Nov 2, 2005
Authored by unl0ck, Darkeagle | Site

GoodTech Telnet Server for Windows NT/2000.

systems | windows, nt
MD5 | e2f693cc23d6c44aa82909ae5522405b
Posted Oct 30, 2005
Authored by Darkeagle | Site

318 byte useradd shellcode for Russian Windows NT/2k/XP variants.

tags | shellcode
systems | windows, nt
MD5 | 976a3d6d3788247f9cfd169f4f9ffeca
Debian Linux Security Advisory 830-1
Posted Oct 4, 2005
Authored by Debian | Site

Debian Security Advisory DSA 830-1 - Drew Parsons noticed that the post-installation script of ntlmaps, an NTLM authorization proxy server, changes the permissions of the configuration file to be world-readable. It contains the user name and password of the Windows NT system that ntlmaps connects to and, hence, leaks them to local users.

tags | advisory, local
systems | linux, windows, nt, debian
advisories | CVE-2005-2962
MD5 | 19ad4c454794750f6ef2b093cd9a5b1e
Posted Sep 23, 2005
Authored by Piotr Bania | Site

Protty is a ring 3 library developed to protect against shellcode execution on Windows NT based systems.

tags | shellcode, code execution, library
systems | windows, nt
MD5 | 833d0d950323ec667b1bfd68c54dad11
HP Security Bulletin 2005-10.23
Posted Aug 28, 2005
Authored by Hewlett Packard | Site

HP Security Bulletin - A potential vulnerability has been identified with Openview Network Node Manager (OV NNM). This vulnerability could be exploited remotely by an unauthorized user to gain privileged access. Affected versions: Openview Network Node Manager (OV NNM) 6.2, 6.4, 7.01, 7.50 running on HP-UX, Solaris, Windows NT, Windows 2000, Windows XP, and Linux.

tags | advisory
systems | linux, windows, 2k, nt, solaris, hpux, xp
MD5 | a23d7519d0ed8132aafb2267e18e949b
Posted Aug 17, 2005
Authored by Piotr Bania | Site

Efilter is an automatic exception reporting utility. It is very useful and handy while doing vulnerability research on any software designed to work under Windows NT platforms. Due to that it hooks KiUserExceptionDispatcher function, it acts BEFORE any of program's active SEH frames take over the exception. In short words it reports programs exceptions even if they are handled by original program.

systems | windows, nt
MD5 | 057d4656ce42a226d496129793e5afbb
Page 1 of 17

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By