iOS 7 suffered from an arbitrary code execution vulnerability in kernel mode.
a80dfd22eb4297c3c38e28620d240742691ea94f1473c9e9c446334c23938dff
This Metasploit module triggers a Denial of Service condition in the Cisco IOS HTTP server. By sending a GET request for "/%%", the device becomes unresponsive. IOS 11.1 through 12.1 are reportedly vulnerable. This module tested successfully against a Cisco 1600 Router IOS v11.2(18)P.
dc39510366736d85c7a14577002a973c7089c8dcc345300bb523a6451e277efe
This Metasploit module triggers a Denial of Service condition in the Cisco IOS telnet service affecting multiple Cisco switches. Tested against Cisco Catalyst 2960 and 3750.
b34b9041baa0587ea20e9b2b8e484f9f7d889ca02139c5e0e0f58f6deab94156
Zero day exploit for Nehelper Wifi Info on iOS 15.0. XPC endpoint com.apple.nehelper accepts user-supplied parameter sdk-version, and if its value is less than or equal to 524288, the com.apple.developer.networking.wifi-info entitlement check is skipped. This makes it possible for any qualifying application (e.g. possessing location access authorization) to gain access to Wifi information without the required entitlement. This happens in -[NEHelperWiFiInfoManager checkIfEntitled:] in /usr/libexec/nehelper.
0af5f880ff757d8f4ecf82631a976eb88cd98d6646578d823eeb66b9199ddf29
Zero day exploit for nehelper on iOS 15.0 that allows any user-installed application to determine whether any application is installed on the device given its bundle ID.
375980bf93ee070923c3bb357ef6f80b43ca064d6099d8de7d730edb2ea93c70
Zero day exploit for Gamed on iOS 15.0 that demonstrates information disclosure vulnerabilities.
064f75f646068bb009495ba2efc5724b31cd4cd7265da1713630bea9d23cab50
Whitepaper called iOS Swift Anti-Jailbreak Bypass with Frida.
0bbd66f367356086c12e07df9456f96e99b2ff41cbae2bc41796dac87704aff2
iOS IOUSBDeviceFamily version 12.4.1 IOInterruptEventSource heap corruption proof of concept exploit.
e4196c53ac344849d403a2ef7101a57bf8050d2953b3ed572749d231a2e2985b
This repository contains several tools Project Zero uses to test iPhone messaging. It includes SmsSimulator: an SMS simulator for iPhone, iMessage: tools for sending and dumping iMessage messages, and imapiness: a fuzzer for IMAP clients. See the directory for each tool for further instructions and contact information. This is not an officially supported Google product. These tools were released and presented at BlackHat USA 2019.
fa8f560293640c4759f220069490d2498cf18f75ce1183b3ab8f77dd819585e5
iOS version 12.1.3 cfprefsd memory corruption exploit.
c1a454b673b9c6b375cf0181560083c3376a36d37bb7bc6fcc390399237cc5d4
Apple iOS versions prior to 10.3.1 kernel exploit that demonstrates a sandbox escape.
103a1cd8dfe8bcd292b357f7210598a04715f7f0c33d9dfc09c87d9f23994fcf
It was discovered that a number of the protocol handlers (referred to as IO slaves) did not satisfactorily handle malicious input. It is possible for an attacker to inject JavaScript by manipulating IO slave URI such that the JavaScript from the manipulated request is returned in the response.
e347068492c2b02155919e28caab949adb5a3b0bc7cde80b54669e096dfe6353
This module provides security enhancements against (HTTP) Flood and Brute Force Attacks for native PHP or .NET scripts at the web application level. Scanning, crawling, and floor tools can be detected and blocked by this module via htaccess or iptables, etc.
12678f9ec1be90549e9ec56df43ef737708150240ad1ffb39db4ea94844cf7d1
iOS versions 5.1.1 and below Safari Browser JS match(), search() crash proof of concept exploit.
88bf13ee6936fd4a41664c0ccb5fe91fdf90eb621dae78246483afea0a274ca3
This whitepaper details some of the vulnerabilities observed over the past year while performing regular security assessments of iPhone and iPad applications. MDSec documents some of the vulnerabilities identified as well as the methods to exploit them, and recommendations that developers can adopt to protect their iOS applications. It covers not only the security features of the platform, but provides in depth information on how to perform both black box and white box iOS penetration tests, along with suggested methodologies and compliance.
334c947d960799417387ce8f1c27188fc7f859bd204b9dc50890663d07a20fba
Apple iOS PDF jailbreaking exploit that gives root access.
4691dbbc9d8dd98485b6f917c2adaa6692a40f9d9b9acae745d5150a7b9f93d6
Cisco IOS Interior Routing Protocols cheatsheet.
7d379fbaf749e0a87deb01cf65906a242532b037fce0f051336f41166e938419
Cisco IOS IPv4 Access Lists cheatsheet. Version 2.0.
828feacd072c97dde81d4756ac327b9170657323c669c3d0bad56820ad848574
Whitepaper called Cisco IOS Router Exploitation. This paper describes the challenges with the exploitation of memory corruption software vulnerabilities in Cisco IOS. The goal is to map out the problem space in order to allow for the anticipation of developments in the future, as current research suggests that exploitation of such vulnerabilities in the wild is not currently the case. By understanding the challenges that an attacker faces, defensive strategies can be better planned, a required evolution with the current state of Cisco IOS router networks.
c8f425e5b59d8610a92403e4d24fbd0a74109b64e2b2600c739f8f66b44a6701
Version-independent IOS shellcode that does not require hard-coded IOS addresses.
a8749a2b8fbe30c8e89d87a164b28543061e8b5d42e9fadf68560774e487a883
Cisco IOS Bind shellcode that creates a new tty, allocates a password, and then sets the privilege level 15.
78004bea1c811d3b1130e4c102e7c364b8e5b3618caf2a933d1d0de421f3fdb7
Cisco IOS connectback shellcode that creates a new tty and sets the privilege level 15 and then connects back on port 21.
7d7536d0f4ca415c80e65de21d25fef5ae8347250d1d27bf918e7129b54be89b
Cisco IOS tiny shellcode that creates a new tty and sets the privilege level 15.
382805b63d61450f3bfac3b7092aa9452ac364ec3384116fdf99e7f630891f6e
Intranet Open Source suffers from a remote password database disclosure vulnerability.
969163db779ff2ab8971e6581b1ffab00066fbe385e8382da5538c00723d28ba
Simple command reference chart for Cisco IOS.
003e265e3fdd250b8ce1669cf175b73bee530ab50625b8afcdf732bb045773db
Cisco Systems IOS 11.x UDP echo memory leak remote sniffer. The UDP echo service (UDP port 7) has to be enabled on the device. The bug will cause the Cisco router to send about 20 kilobytes of data from the interface buffer pools containing packets in the send/recv/forward queues. This tool will identify IOS memory blocks, find the router specific offset for packets in the block and decode the packet to the screen. Note that this is not a full dump of the traffic through the remote router but rather a subset of received data. Features include a packet checksum cache to prevent repeated output of the same packet, auto identification of packets and buffer offsets, and IPv4 decoding.
88c96f5f35ee8e8f230938a70d6e512ac19d921be8f468c01cdb28507adc9a83