what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files

Linux Kernel Econet Privilege Escalation
Posted Sep 6, 2011
Authored by Jon Oberheide

This exploit leverages three vulnerabilities to escalate privileges. The primary vulnerability is a kernel stack overflow, not a stack buffer overflow as the CVE description incorrectly states. This may be the first public exploit for a kernel stack overflow, and it turns out to be a bit tricky due to some particulars of the econet vulnerability. It involves the econet_sendmsg function, ec_dev_ioctl function, and the ipc subsystem. Linux kernel versions prior to 2.6.36.2 are affected.

tags | exploit, overflow, kernel, vulnerability
systems | linux
advisories | CVE-2010-3848, CVE-2010-3850, CVE-2010-4073
SHA-256 | 2d37f538eada970a47c67a722a79c8dce6b69007ccd606d4168c8d3c2c9a2c21

Related Files

WordPress Popular Posts 5.3.2 Remote Code Execution
Posted Dec 20, 2021
Authored by h00die, Simone Cristofaro, Jerome Bruandet | Site metasploit.com

This exploit requires Metasploit to have a FQDN and the ability to run a payload web server on port 80, 443, or 8080. The FQDN must also not resolve to a reserved address (192/172/127/10). The server must also respond to a HEAD request for the payload, prior to getting a GET request. This exploit leverages an authenticated improper input validation in WordPress plugin Popular Posts versions 5.3.2 and below. The exploit chain is rather complicated. Authentication is required and gd for PHP is required on the server. Then the Popular Post plugin is reconfigured to allow for an arbitrary URL for the post image in the widget. A post is made, then requests are sent to the post to make it more popular than the previous #1 by 5. Once the post hits the top 5, and after a 60 second server cache refresh (the exploit waits 90 seconds), the homepage widget is loaded which triggers the plugin to download the payload from the server. The payload has a GIF header, and a double extension (.gif.php) allowing for arbitrary PHP code to be executed.

tags | exploit, web, arbitrary, php
advisories | CVE-2021-42362
SHA-256 | 90db5fa8de8fdf34a913230d5320fbeba171c2aac53e75371d7b3d5919bde065
Microsoft Spooler Local Privilege Elevation
Posted Jan 18, 2021
Authored by bwatters-r7, Peleg Hadar, sailay1996, 404death, Tomer Bar | Site metasploit.com

This exploit leverages a file write vulnerability in the print spooler service which will restart if stopped. Because the service cannot be stopped long enough to remove the dll, there is no way to remove the dll once it is loaded by the service. Essentially, on default settings, this module adds a permanent elevated backdoor.

tags | exploit
advisories | CVE-2020-1337
SHA-256 | 88e1248d5e21e3a00dd23e98ab5d2075610af6a2f071e96ac3de2656c5624198
Microsoft Spooler Local Privilege Elevation
Posted Sep 17, 2020
Authored by bwatters-r7, shubham0d, Yarden Shafir, Alex Ionescu | Site metasploit.com

This exploit leverages a file write vulnerability in the print spooler service which will restart if stopped. Because the service cannot be stopped long enough to remove the dll, there is no way to remove the dll once it is loaded by the service. Essentially, on default settings, this module adds a permanent elevated backdoor.

tags | exploit
advisories | CVE-2020-1048
SHA-256 | 042eb96d4be3493ee746dfaae2491220ba9b12278e37c6ccaaa1b2d1f175f42f
AsusWRT LAN Unauthenticated Remote Code Execution
Posted Feb 23, 2018
Authored by Pedro Ribeiro | Site metasploit.com

The HTTP server in AsusWRT has a flaw where it allows an unauthenticated client to perform a POST in certain cases. This can be combined with another vulnerability in the VPN configuration upload routine that sets NVRAM configuration variables directly from the POST request to enable a special command mode. This command mode can then be abused by sending a UDP packet to infosvr, which is running on port UDP 9999 to directly execute commands as root. This exploit leverages that to start telnetd in a random port, and then connects to it. It has been tested with the RT-AC68U running AsusWRT Version 3.0.0.4.380.7743.

tags | exploit, web, root, udp
advisories | CVE-2018-5999, CVE-2018-6000
SHA-256 | 6da7c92100a89101fa69018aa3816aa9505957ebeb1384b2e303db3bf235ef0c
Razer Synapse rzpnk.sys ZwOpenProcess
Posted Jul 22, 2017
Authored by Spencer McIntyre | Site metasploit.com

A vulnerability exists in the latest version of Razer Synapse (v2.20.15.1104 as of the day of disclosure) which can be leveraged locally by a malicious application to elevate its privileges to those of NT_AUTHORITY\SYSTEM.

tags | exploit, web, arbitrary, shellcode
advisories | CVE-2017-9769
SHA-256 | 9240ec8d6ca5d5eb386ea5fd8d70c4669a8c2b74388b4cb929f23fc1508d1dd8
Microsoft Word MTA Handler Remote Code Execution
Posted Jun 27, 2017
Authored by Juan Sacco

This exploit leverages an MTA handler remote code execution vulnerability in Microsoft Word.

tags | exploit, remote, code execution
advisories | CVE-2017-0199
SHA-256 | 65b89848eff3dfa0514bb59a5330c3a17145a3d071de4db54112a08e95e91b96
MS17-010 SMBv1 SrvOs2FeaToNt OOB Remote Code Execution
Posted May 10, 2017
Authored by Juan Sacco

SMBv1 SrvOs2FeaToNt OOB is prone to a remote code execution vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. This exploit leverages this vulnerability as described in MS17-010.

tags | exploit, remote, code execution
SHA-256 | a8aa061521a024a2681c43faf9e0f6857ab4aabefda62ecf82da7a024aea3165
Mac OS X NFS Mount Privilege Escalation
Posted Apr 25, 2014
Authored by joev, Kenzley Alphonse | Site metasploit.com

This exploit leverage a stack overflow vulnerability to escalate privileges. The vulnerable function nfs_convert_old_nfs_args does not verify the size of a user-provided argument before copying it to the stack. As a result by passing a large size, a local user can overwrite the stack with arbitrary content. Mac OS X Lion Kernel versions equal to and below xnu-1699.32.7 except xnu-1699.24.8 are affected.

tags | exploit, overflow, arbitrary, kernel, local
systems | apple, osx
SHA-256 | 7dda844fc6c2159587750ff9bbb7d5956502e05e69840baeb969d48120b1443f
Apple Mac OS X Lion Kernel xnu Privilege Escalation
Posted Apr 11, 2014
Authored by Kenzley Alphonse

Apple Mac OS X Lion kernel xnu versions 1699.32.7 except 1699.24.8 NFS mount privilege escalation exploit. This exploit leverage a stack overflow vulnerability to escalate privileges. The vulnerable function nfs_convert_old_nfs_args does not verify the size of a user-provided argument before copying it to the stack. As a result by passing a large size, a local user can overwrite the stack with arbitrary content.

tags | exploit, overflow, arbitrary, kernel, local
systems | apple, osx
SHA-256 | 8e779edf9df04a55e329faff795fd22465cd1d2fb570d611ba39e3d3871a8731
Packet Storm Exploit 2013-1022-1 - Microsoft Silverlight Invalid Typecast / Memory Disclosure
Posted Oct 23, 2013
Authored by Vitaliy Toropov | Site packetstormsecurity.com

This exploit leverages both invalid typecast and memory disclosure vulnerabilities in Microsoft Silverlight 5 in order to achieve code execution. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program. Google flags this as malware so only use this if you know what you are doing. The password to unarchive this zip is the word "infected".

tags | exploit, remote, vulnerability, code execution, bug bounty, packet storm
systems | windows
advisories | CVE-2013-0074, CVE-2013-3896
SHA-256 | 52cb4ddd1cdf46517f03dc3f821a50041e929ed003d1d7575ad883ef43571280
ARRIS DG860A NVRAM Backup Compressor / Decompressor
Posted Oct 18, 2013
Authored by Justin Oberdorf

This exploit lets your extract the ARRIS DG860A NVRAM backup where password information is stored in plain text.

tags | exploit
SHA-256 | 5017f2e38a000e389ed35e33f98d69940a068ef699bb039cef9ec919fd229db5
PHP Charts 1.0 Remote Code Execution
Posted Jun 26, 2013
Authored by infodox

This exploit leverages an eval() bug in the PHP Charts library allowing for remote code execution. A reverse shell is delivered using Perl.

tags | exploit, remote, shell, perl, php, code execution
SHA-256 | 029603a16bd1c86cec4981c7cc5216c1aedd6bad4d2e981fafffc02c8f122825
Thomson Wireless VoIP Cable Modem Authentication Bypass
Posted Sep 20, 2012
Authored by Glafkos Charalambous, George Nicolaou

This exploit leverages authentication bypass vulnerabilities in the Thomson wireless VoIP cable modem. It affects the TWG850-4 model.

tags | exploit, vulnerability, bypass
SHA-256 | cea6a6e04ceba1664ef59c383e65c0570aaf9427e085e40ab86134400cb990c6
Oracle 10g R2 Buffer Overflow
Posted Nov 8, 2011
Authored by The GreenSQL Team, David Maman

This exploit leverages a buffer overflow vulnerability in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle 10g R2 in order to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2007-4517
SHA-256 | b843e054129de742b928dfcf7c169d90f401035413423e617c87fc40387cea10
halflife-dos.txt
Posted Jan 7, 2008
Authored by Eugene Minaev | Site itdefence.ru

Half-Life CSTRIKE Server version 1.6 denial of service exploit.

tags | exploit, denial of service
SHA-256 | 6aa7e1222d6a89877ce1486f4d33264868795f9e8cc41bdc3a723d7450e2800f
halfLifeDoS.txt
Posted Feb 9, 2006
Authored by Firestorm

Remote denial of service exploit for Half-Life engines that cause it to fall in an infinite loop and stop processing requests.

tags | exploit, remote, denial of service
SHA-256 | 47b10922cc1fe2a7499cae6d2e6022254c20339cfd77789cfe63b9f4c6ee69da
halflifeclient.txt
Posted Jul 29, 2003
Authored by Luigi Auriemma | Site aluigi.altervista.org

Half-Life client versions 1.1.1.0 and below (including all MODs based on the game, such as Counter-Strike and DoD) on Windows has a remote buffer overflow in the connection routine.

tags | advisory, remote, overflow
systems | windows
SHA-256 | 9540a71644397aa409518bdea6814beebd68bcc6d4a27ae30c029fa370e794df
halflife.txt
Posted Jul 29, 2003
Authored by Luigi Auriemma | Site aluigi.altervista.org

Half-Life server versions 1.1.1.0 and below (including all MODs based on the game, such as Counter-Strike and DoD) on both Windows and Linux suffer from a remote buffer overflow and are vulnerable to a denial of service attack. Affects both the game and dedicated servers.

tags | advisory, remote, denial of service, overflow
systems | linux, windows
SHA-256 | 5dce8cfa8b96e9ceeb1fbb028948c1988e64d953e047db3459746c6114ef207b
half-life.txt
Posted Oct 19, 2000
Authored by Mark Cooper

The Half-Life Dedicated Server for Linux v3.1.0.3 and below contains a remotely exploitable buffer overflow. Exploit code available here.

tags | exploit, overflow
systems | linux
SHA-256 | 321410a4245baf94d24899baac40728a163cf83df38b90575b4aac920f73f359
halfscan.c
Posted Aug 17, 1999

Halflife's port scanner.

tags | tool, scanner
systems | unix
SHA-256 | ad796a96410d45b90f9685b47d41ec87e12e7499f1eafda05d3389d731cfb894
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close