exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files

ELIGIBLEBACHELOR TOPSEC Firewall Exploit
Posted Aug 18, 2016

This is an exploit with an unclear attack vector for TOPSEC firewalls running TOS operating system versions 3.2.100.010, 3.3.001.050, 3.3.002.021 and 3.3.002.030. Note that this exploit is part of the recent public disclosure from the "Shadow Brokers" who claim to have compromised data from a team known as the "Equation Group", however, there is no author data available in this content. This archive also includes the BLATSTING implant that works in conjunction with this exploit.

tags | exploit
SHA-256 | ae4f378ecbad405382fac8e24df03e338500f8f2240c84275feef4f4de371f1d

Related Files

FruityWifi Remote Code Execution
Posted Mar 26, 2022
Authored by Knights of Nynex

This is an exploit for FruityWifi that binds a shell to tcp port 4444 using a remote code execution vulnerability leveraged via a SOAP request.

tags | exploit, remote, shell, tcp, code execution
SHA-256 | 1fbc099825cc98358311d77554470a0efa5ba3cd62aac47f9426a08630b11b78
Samsung Security Manager 1.5 ActiveMQ Broker Service PUT Method Remote Code Execution
Posted Aug 6, 2016
Authored by mr_me | Site metasploit.com

This is an exploit against Samsung Security Manager that bypasses the patch in CVE-2015-3435 by exploiting the vulnerability against the client side. This exploit has been tested successfully against IE, FireFox and Chrome by abusing a GET request XSS to bypass CORS and reach the vulnerable PUT. Finally, a traversal is used in the PUT request to upload the code just where we want it and gain Remote Code Execution as SYSTEM.

tags | exploit, remote, code execution
advisories | CVE-2015-3435
SHA-256 | 73f23908956d6ea94bcc26b81f8a3497f76a508c71653023ffa4e3ff18b4779e
Prestige Software CMS Local File Disclosure
Posted Sep 5, 2013
Authored by bie gabby

This is an exploit that leverages a local file disclosure vulnerability in systems running Prestige Software CMS in order to gain database information and credentials.

tags | exploit, local, info disclosure
SHA-256 | 27a08ed1766b1a787e4d304b3c3b415e4c40310fa22976f85822c4bacc05b08e
NVidia Display Driver Buffer Overflow
Posted Jan 18, 2013
Authored by Peter Winter-Smith, Sean de Regge

This is an exploit for a stack buffer overflow in the NVidia Display Driver Service. The service listens on a named pipe (\\pipe\\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability. This is updated by Sean de Regge to target the 30 Aug 2012 nvvsvc.exe build.

tags | exploit, remote, overflow
systems | windows
SHA-256 | 824e71b2ccad1dc6738764ed7ad37c509efaedb2901fd0a0583430d31a361995
NVidia Display Driver Buffer Overflow
Posted Dec 27, 2012
Authored by Peter Winter-Smith

This is an exploit for a stack buffer overflow in the NVidia Display Driver Service. The service listens on a named pipe (\pipe\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability.

tags | exploit, remote, overflow
systems | windows
SHA-256 | a93753892580d6dad44444623d6355d154269fccaba04b2dcab06daf83d116a5
WordPress W3 Total Cache Data Disclosure
Posted Dec 24, 2012
Authored by zx2c4

This is an exploit for W3 Total Cache called W3 Total Fail that works by attempting to guess SQL queries that might contain important password hashes.

tags | exploit
SHA-256 | 2e978aeab0aad073084fa3c762212c6feb62f882be9a85f79fe5a5effb151596
Internet Explorer Remote Code Execution With DEP And ASLR Bypass
Posted Aug 17, 2012
Authored by FaryadR

The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized or is deleted, aka "Time Element Memory Corruption Vulnerability." This is an exploit for the vulnerability noted in MS11-050.

tags | exploit, remote, arbitrary
systems | windows
advisories | CVE-2011-1255
SHA-256 | ce6d03f8afb8da5e9fab7773161352eac8d3bfb7b25bc19d2aa5c97279ad7812
Bleeding Life 2 Exploit Pack
Posted Oct 24, 2011
Site blackhatacademy.org

Black Hat Academy has decided to go open source with the Bleeding Life 2 exploit pack. This is an exploit pack that affects Windows-based web browsers via Adobe and Java.

tags | exploit, java, web
systems | linux, windows
advisories | CVE-2008-2992, CVE-2010-1297, CVE-2010-2884, CVE-2010-0188, CVE-2010-0642, CVE-2010-3552
SHA-256 | 36303b4d6d25064a2ca162802f5dd9c42e121666c9a8518b0f3c3041b3c36994
Microsoft IIS ISAPI FrontPage fp30reg.dll Chunked Overflow
Posted Jul 26, 2010
Authored by H D Moore | Site metasploit.com

This is an exploit for the chunked encoding buffer overflow described in MS03-051 and originally reported by Brett Moore. This particular modules works against versions of Windows 2000 between SP0 and SP3. Service Pack 4 fixes the issue.

tags | exploit, overflow
systems | windows
advisories | CVE-2003-0822
SHA-256 | db54b7c9894b5bd5fa70fd5fb0cfa3771711f595d035ff5f695b79fe36ab615c
MS03-046 Exchange 2000 XEXCH50 Heap Overflow
Posted Dec 31, 2009
Authored by H D Moore, patrick | Site metasploit.com

This is an exploit for the Exchange 2000 heap overflow. Due to the nature of the vulnerability, this exploit is not very reliable. This Metasploit module has been tested against Exchange 2000 SP0 and SP3 running a Windows 2000 system patched to SP4. It normally takes between one and 100 connection attempts to successfully obtain a shell. This exploit is *very* unreliable.

tags | exploit, overflow, shell
systems | windows
advisories | CVE-2003-0714
SHA-256 | 26a51fce399b6448d8c4a7690d9c8391601cf7dd1c9478bdf2b4167db5d655ee
Microsoft IIS ISAPI FrontPage fp30reg.dll Chunked Overflow
Posted Nov 26, 2009
Authored by H D Moore | Site metasploit.com

This is an exploit for the chunked encoding buffer overflow described in MS03-051 and originally reported by Brett Moore. This particular modules works against versions of Windows 2000 between SP0 and SP3. Service Pack 4 fixes the issue.

tags | exploit, overflow
systems | windows
advisories | CVE-2003-0822
SHA-256 | 87fab5b32fdb6232a2161630eb76486145af6d237e5b23d3b403788baa5d0747
McAfee ePolicy Orchestrator / ProtectionPilot Overflow
Posted Nov 26, 2009
Authored by H D Moore, patrick, muts, xbxice | Site metasploit.com

This is an exploit for the McAfee HTTP Server (NAISERV.exe). McAfee ePolicy Orchestrator 2.5.1 <= 3.5.0 and ProtectionPilot 1.1.0 are known to be vulnerable. By sending a large 'Source' header, the stack can be overwritten. This Metasploit module is based on the exploit by xbxice and muts. Due to size constraints, this module uses the Egghunter technique. You may wish to adjust WfsDelay appropriately.

tags | exploit, web
advisories | CVE-2006-5156
SHA-256 | 4e64f2bde60479894b56b37f3ca9106dbfee008011c45a3a524a30225b19046b
Microsoft IIS Phone Book Service Overflow
Posted Nov 26, 2009
Authored by patrick | Site metasploit.com

This is an exploit for the Phone Book Service /pbserver/pbserver.dll described in MS00-094. By sending an overly long URL argument for phone book updates, it is possible to overwrite the stack. This Metasploit module has only been tested against Windows 2000 SP1.

tags | exploit
systems | windows
advisories | CVE-2000-1089
SHA-256 | 0e561c8f11c38a6ebd0de7aa176eab37b866399106f3bb7dd08428cdcb0ccc69
Microsoft ASN.1 Library Bitstring Heap Overflow
Posted Nov 26, 2009
Authored by Solar Eclipse | Site metasploit.com

This is an exploit for a previously undisclosed vulnerability in the bit string decoding code in the Microsoft ASN.1 library. This vulnerability is not related to the bit string vulnerability described in eEye advisory AD20040210-2. Both vulnerabilities were fixed in the MS04-007 patch. You are only allowed one attempt with this vulnerability. If the payload fails to execute, the LSASS system service will crash and the target system will automatically reboot itself in 60 seconds. If the payload succeeeds, the system will no longer be able to process authentication requests, denying all attempts to login through SMB or at the console. A reboot is required to restore proper functioning of an exploited system. This exploit has been successfully tested with the win32/*/reverse_tcp payloads, however a few problems were encounted when using the equivalent bind payloads. Your mileage may vary.

tags | exploit, vulnerability
systems | windows
advisories | CVE-2003-0818
SHA-256 | 8d9c928e6cd1a6002436a9b5bc1e9d94a868525515b51e06f0839ad3d7e7a68e
Serv-U FTPD MDTM Overflow
Posted Nov 26, 2009
Authored by spoonm | Site metasploit.com

This is an exploit for the Serv-U's MDTM command timezone overflow. It has been heavily tested against versions 4.0.0.4/4.1.0.0/4.1.0.3/5.0.0.0 with success against nt4/2k/xp/2k3. I have also had success against version 3, but only tested 1 version/os. The bug is in all versions prior to 5.0.0.4, but this exploit will not work against versions not listed above. You only get one shot, but it should be OS/SP independent. This exploit is a single hit, the service dies after the shellcode finishes execution.

tags | exploit, overflow, shellcode
advisories | CVE-2004-0330
SHA-256 | 1c3b43752311b6b529c56a7854e3eb5c43f864c5807deb857ed7f03bb39f179f
Microsoft SQL Server Resolution Overflow
Posted Oct 30, 2009
Authored by H D Moore | Site metasploit.com

This is an exploit for the SQL Server 2000 resolution service buffer overflow. This overflow is triggered by sending a udp packet to port 1434 which starts with 0x04 and is followed by long string terminating with a colon and a number. This Metasploit module should work against any vulnerable SQL Server 2000 or MSDE install (pre-SP3).

tags | exploit, overflow, udp
advisories | CVE-2002-0649
SHA-256 | 7711b3551f65de8b3c1a470acec58e0e4ae8a9851dc880cfc289ef0ef106db00
Squid NTLM Authenticate Overflow
Posted Oct 27, 2009
Authored by skape

This is an exploit for Squid's NTLM authenticate overflow (libntlmssp.c). Due to improper bounds checking in ntlm_check_auth, it is possible to overflow the 'pass' variable on the stack with user controlled data of a user defined length.

tags | exploit, overflow
advisories | CVE-2004-0541
SHA-256 | c43f943216a1703933afd0ce0708c0542f099b2ad7ed5a159c445291d16c2bc5
Poptop Negative Read Overflow
Posted Oct 27, 2009
Authored by spoonm

This is an exploit for the Poptop negative read overflow. This will work against versions prior to 1.1.3-b3 and 1.1.3-20030409.

tags | exploit, overflow
advisories | CVE-2003-0213
SHA-256 | 2ac91eabba3f6978d3496332fe3a3b556afc0dd62339633aa241ff0f48843290
Unreal Tournament 2004 Overflow
Posted Oct 27, 2009
Authored by onetwo

This is an exploit for the GameSpy secure query in the Unreal Engine. This exploit only requires one UDP packet, which can be both spoofed and sent to a broadcast address. Usually, the GameSpy query server listens on port 7787, but you can manually specify the port as well. The RunServer.sh script will automatically restart the server upon a crash, giving us the ability to bruteforce the service and exploit it multiple times.

tags | exploit, udp, spoof
advisories | CVE-2004-0608
SHA-256 | f450b169feb194e0e65157d07815ac70dd9253a75e0d229c069ff6dce045c81d
Mercantec Softcart CGI Overflow
Posted Oct 27, 2009
Authored by trew, skape

This is an exploit for an undisclosed buffer overflow in the SoftCart.exe CGI as shipped with Mercantec's shopping cart software. It is possible to execute arbitrary code by passing a malformed CGI parameter in an HTTP GET request. This issue is known to affect SoftCart version 4.00b.

tags | exploit, web, overflow, arbitrary, cgi
advisories | CVE-2004-2221
SHA-256 | c9dccfe5b7419f70e2a30a4c2e34c682780607f4dc1a5b5945ab9f5f4cef63b9
ms04-030_spl.pl
Posted Oct 19, 2004
Authored by incognito_ergo

DoS exploit for Microsoft XML parsing flaw. This is an exploit for the issues described in MS04-30.

tags | exploit
advisories | CVE-2003-0718
SHA-256 | 49f0eb123878934f7889442e08ac0c6c046b42629c4beeaff944127a2e4d492c
analogx-socks4a.sballo.pl
Posted Oct 14, 2002
Authored by Kanatoko, J0zLame

This is an exploit for AnalogX Proxy 4.10 configurations running on Windows 2000 Pro (SP2). The exploit binds a shell to port 8008 TCP.

tags | exploit, shell, tcp
systems | windows
SHA-256 | 582fa891ee5a370435743a3a0e5deb03ce954647910647760adaee22d12feaf3
FtpdXploit2000.tar
Posted Aug 30, 2000
Site geocities.com

This is an exploit that explores the vulnerability of the versions 2.4.4, 2.5.0 and 2.6.0 of Wu-ftpd. Written in Portugese.

tags | exploit
SHA-256 | c26bee1cd2d462edde38575ca8ae2a80b30398e106409a54ccc6ef6a98fdf6e8
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close