exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files

Test Dialup Exploit
Posted Dec 31, 2009
Authored by I)ruid | Site metasploit.com

This exploit connects to a system's modem over dialup and provides the user with a readout of the login banner.

tags | exploit
SHA-256 | 6e01f6b1ed3484659805eb43e03eb97a23a6273485669abbe6a07c7362a7a728

Related Files

Win32k ConsoleControl Offset Confusion / Privilege Escalation
Posted Feb 28, 2022
Authored by Spencer McIntyre, BITTER APT, LiHao, KaLendsi, MaDongZe, TuXiaoYi, JinQuan, L4ys | Site metasploit.com

A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being treated as an offset despite being populated by an attacker-controlled value. This can be leveraged to achieve an out of bounds write operation, eventually leading to privilege escalation. This flaw was originally identified as CVE-2021-1732 and was patched by Microsoft on February 9th, 2021. In early 2022, a technique to bypass the patch was identified and assigned CVE-2022-21882. The root cause is is the same for both vulnerabilities. This exploit combines the patch bypass with the original exploit to function on a wider range of Windows 10 targets.

tags | exploit, root, vulnerability
systems | windows
advisories | CVE-2021-1732, CVE-2022-21882
SHA-256 | 9902434a58e36c7838c71ee860592d8624368fc1b380cf4c9ccf530f09895fd2
Packet Storm Exploit 2013-1022-1 - Microsoft Silverlight Invalid Typecast / Memory Disclosure
Posted Oct 23, 2013
Authored by Vitaliy Toropov | Site packetstormsecurity.com

This exploit leverages both invalid typecast and memory disclosure vulnerabilities in Microsoft Silverlight 5 in order to achieve code execution. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program. Google flags this as malware so only use this if you know what you are doing. The password to unarchive this zip is the word "infected".

tags | exploit, remote, vulnerability, code execution, bug bounty, packet storm
systems | windows
advisories | CVE-2013-0074, CVE-2013-3896
SHA-256 | 52cb4ddd1cdf46517f03dc3f821a50041e929ed003d1d7575ad883ef43571280
Packet Storm Exploit 2013-0917-1 - Oracle Java ShortComponentRaster.verify() Memory Corruption
Posted Sep 17, 2013
Site packetstormsecurity.com

The ShortComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks when the "numDataElements" field is 0. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, code execution, bug bounty, packet storm
systems | windows
SHA-256 | b69d9577ff19470b3048d950dd9549dc3b2aa75f7581440fc3a967b43221d8d6
Packet Storm Exploit 2013-0827-1 - Oracle Java ByteComponentRaster.verify() Memory Corruption
Posted Aug 27, 2013
Site packetstormsecurity.com

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, code execution, bug bounty, packet storm
systems | linux, windows, apple
SHA-256 | b839d5970482f3cd66e3ee8e41489d0f6ff55dcbb61c65d376fe88669b834be3
Packet Storm Exploit 2013-0819-1 - Oracle Java BytePackedRaster.verify() Signed Integer Overflow
Posted Aug 19, 2013
Site packetstormsecurity.com

The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataBitOffset" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, overflow, code execution, bug bounty, packet storm
systems | linux, windows, apple
SHA-256 | 5646d8519790eceedb69ee095dc2f1fc17b73ac3ec0fd514b7fa68ad513dd937
Packet Storm Exploit 2013-0813-1 - Oracle Java IntegerInterleavedRaster.verify() Signed Integer Overflow
Posted Aug 14, 2013
Site packetstormsecurity.com

The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataOffsets[0]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, overflow, code execution, bug bounty, packet storm
systems | linux, windows, apple
SHA-256 | f02354c5057ad3ef8f665611f60e6520a4278402c6472e75be9045ca31f8566e
Packet Storm Exploit 2013-0811-1 - Oracle Java storeImageArray() Invalid Array Indexing Code Execution
Posted Aug 12, 2013
Site packetstormsecurity.com

Oracle Java versions prior to 7u25 suffer from an invalid array indexing vulnerability that exists within the native storeImageArray() function inside jre/bin/awt.dll. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, code execution, bug bounty, packet storm
systems | linux, windows, apple
advisories | CVE-2013-2465, OSVDB-96269
SHA-256 | 4bf1140afc7eb451ce1428add296d72b7d28232fc859db141fba065ebfc18d26
.NET Runtime Optimization Service Privilege Escalation
Posted Mar 8, 2011
Authored by XenoMuta

.NET runtime optimization service privilege escalation exploit that leverages the fact that the service's EXE file can be overwritten by any non-admin domain user and local power users. This exploit compiles to a service that uses the original service's id.

tags | exploit, local
SHA-256 | 744f7672e14b5f0fc0764ea74c1519e7a0ebfe6e8883fc42b8bab17499280a19
System V Derived /bin/login Extraneous Arguments Buffer Overflow
Posted Oct 27, 2009
Authored by I)ruid

This exploit connects to a system's modem over dialup and exploits a buffer overflow vulnerability in it's System V derived /bin/login. The vulnerability is triggered by providing a large number of arguments.

tags | exploit, overflow
advisories | CVE-2001-0797
SHA-256 | 879fb76e40bddd82af476396294fcefd3b2cf5ce2ed0dcf7a06b1239ed4be912
ex_almail.c
Posted Nov 5, 1999
Authored by shadowpenguin

We found the overflow bug of AL-Mail32 Ver1.10. It overflows when that receives the long message of From: or Reply-To:. If the POP3 server send the long reply message that contains the exploit code, client executes any code. This exploit code execute any command on the target windows.

tags | exploit, overflow
systems | windows
SHA-256 | 707e8900f91b20b7c4ce906c63a00e36b79aa06a48654a492b594792e64b7447
ex_chocoa.c
Posted Nov 5, 1999
Authored by shadowpenguin

We found the overflow bug of CHOCOA 1.0beta7R. It overflows when that receives the long TOPIC. If the server send the long TOPIC that contains the exploit code, client executes any code. This exploit code execute any command on the target windows.

tags | exploit, overflow
systems | windows
SHA-256 | 1d808b55df808f181f7c029bf9268dfc7cd5c39061fb3906cefe50db633b1825
ex_nextftp.c
Posted Nov 5, 1999
Authored by shadowpenguin

We found the overflow bug of NextFTP Ver1.82. It overflows when that receives the long message of CWD reply. This exploit code execute any command on the target windows, but, if you modify the exploit code, you can send any codes such as the format or remove program, virus, trojan, and so on.

tags | exploit, overflow, trojan, virus
systems | windows
SHA-256 | 47d7736f87fb1530ec150962846999918098ac81ec6b671d35f46b6d4f89c748
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close