what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 2,374 RSS Feed

Proof of Concept Files

GhostRace: Exploiting And Mitigating Speculative Race Conditions
Posted May 16, 2024
Site github.com

This archive is a GhostRace proof of concept exploit exemplifying the concept of a speculative race condition in a step-by-step single-threaded fashion. Coccinelle scripts are used to scan the Linux kernel version 5.15.83 for Speculative Concurrent Use-After-Free (SCUAF) gadgets.

tags | exploit, kernel, proof of concept
systems | linux
advisories | CVE-2024-2193
SHA-256 | 37e02a934f238521d1f775356b1e8c43d4c6a81948b9dad1162cc1387ca9c199
Microsoft PlayReady Complete Client Identity Compromise
Posted May 9, 2024
Authored by Adam Gowdiak | Site security-explorations.com

The Security Explorations team has come up with two attack scenarios that make it possible to extract private ECC keys used by a PlayReady client (Windows SW DRM scenario) for the communication with a license server and identity purposes. Proof of concept included.

tags | exploit, proof of concept, info disclosure
systems | windows
SHA-256 | c2dc2010ee36581d568d891c24ac2a0dfd8b8a87de8de3d72f1072bb1e38964a
Microsoft PlayReady Toolkit
Posted May 6, 2024
Authored by Adam Gowdiak | Site security-explorations.com

The Microsoft PlayReady toolkit assists with fake client device identity generation, acquisition of license and content keys for encrypted content, and much more. It demonstrates weak content protection in the environment of CANAL+. The proof of concept exploit 3 year old vulnerabilities in CANAL+ STB devices, which make it possible to gain code execution access to target STB devices over an IP network.

tags | exploit, vulnerability, code execution, proof of concept
SHA-256 | 79dab3a7323f19a26d78f497deb3ea0052f2376b984ec830648a755230a60801
htmlLawed 1.2.5 Remote Command Execution
Posted May 2, 2024
Authored by d4t4s3c

htmlLawed versions 1.2.5 and below proof of concept remote command execution exploit.

tags | exploit, remote, proof of concept
advisories | CVE-2022-35914
SHA-256 | f7c13b91b7562803551ff2c81af4d91f8007cf734173bc191c1002abafa0fa8f
Windows PspBuildCreateProcessContext Double-Fetch / Buffer Overflow
Posted Apr 30, 2024
Authored by gabe_k

Proof of concept code that demonstrates how the Windows kernel suffers from a privilege escalation vulnerability due to a double-fetch in PspBuildCreateProcessContext that leads to a stack buffer overflow.

tags | exploit, overflow, kernel, proof of concept
systems | windows
advisories | CVE-2024-26218
SHA-256 | 0d419f34140c82908299252d3794e80651aedada14ee132d75462cbcf8700e96
Windows NtQueryInformationThread Double-Fetch / Arbitrary Write
Posted Apr 30, 2024
Authored by gabe_k

Proof of concept code that demonstrates how the Windows kernel suffers from a privilege escalation vulnerability due to a double-fetch in NtQueryInformationThread that leads to an arbitrary write.

tags | exploit, arbitrary, kernel, proof of concept
systems | windows
advisories | CVE-2024-21345
SHA-256 | 17303e9dc06042a7d7b761657e3f97ac797834b1b9703bc726107b814b22b014
ZenML Remote Privilege Escalation
Posted Apr 8, 2024
Authored by David Botelho Mariano | Site github.com

ZenML allows for remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. This is the proof of concept exploit. All ZenML versions below 0.46.7 are vulnerable, with the exception being patched versions 0.44.4, 0.43.1, and 0.42.2.

tags | exploit, remote, proof of concept
advisories | CVE-2024-25723
SHA-256 | 3c2c8e3882d5e4c0257dbb5b27f3d5dfe82d1a0ce0a5f485af9c54a883d48594
Linux nf_tables Local Privilege Escalation
Posted Apr 1, 2024
Authored by Notselwyn | Site github.com

A use-after-free vulnerability exists in the Linux kernel netfilter: nf_tables component. This is a universal local privilege escalation proof of concept exploit working on Linux kernels between 5.14 and 6.6, including Debian, Ubuntu, and KernelCTF.

tags | exploit, kernel, local, proof of concept
systems | linux, debian, ubuntu
advisories | CVE-2024-1086
SHA-256 | e98b20acc52d06c63e173b3fafc4a334699f028d1db4b0de3512cf556c197cd9
Xbox GamingService Arbitrary Folder Move
Posted Mar 21, 2024
Authored by Filip Dragovic

Proof of concept exploit for an arbitrary folder move issue in the GamingService component of Xbox.

tags | exploit, arbitrary, proof of concept
advisories | CVE-2024-2891
SHA-256 | 960b90e5dd57b045b10aa005fae3c30c8da6ba69285fea3ec4273f6b126c64fc
Fortra FileCatalyst Workflow 5.x Remote Code Execution
Posted Mar 19, 2024
Authored by nettitude | Site labs.nettitude.com

This is a proof of concept exploit for CVE-2024-25153, a remote code execution vulnerability in Fortra FileCatalyst Workflow versions 5.x, before 5.1.6 Build 114.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2024-25153
SHA-256 | 2a8afe7aeb8387754a5e1093b278c99cf0daa3ee2f0907df1d3ea9383e5f2a54
Microsoft Windows Defender / Backdoor_JS.Relvelshe.A Detection / Mitigation Bypass
Posted Feb 19, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Back in 2022, the researcher released a proof of concept to bypass the Backdoor:JS/Relvelshe.A detection in Windows Defender but it no longer works as it was mitigated. However, adding a simple javascript try catch error statement and eval'ing the hex string, it executes as of the time of this post.

tags | exploit, javascript, proof of concept
systems | windows
SHA-256 | 7ab1d57cbbb29f8168521971a747af06eab9ef184d9f61ee316413db3f71e0c9
DS Wireless Communication Code Execution
Posted Feb 15, 2024
Authored by MikeIsAStar | Site github.com

Proof of concept code for a flaw in DS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11 that allows remote attackers to execute arbitrary code on a game-playing client's machine via a modified GPCM message.

tags | exploit, remote, arbitrary, proof of concept
advisories | CVE-2023-45887
SHA-256 | 1e92f7059d41e8a56d3136af0c61aed8923d09536167ec279c2c6f0c765af5a1
Zyxel zysh Format String Proof Of Concept
Posted Feb 9, 2024
Authored by Marco Ivaldi

Proof of concept format string exploit for Zyxel zysh. Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.

tags | exploit, overflow, local, proof of concept
advisories | CVE-2022-26531
SHA-256 | 274400da6832cf3ae8c1a6277041c603d352c6bf51a08f409168fc36a69f146c
KiTTY 0.76.1.13 Buffer Overflows
Posted Feb 8, 2024
Authored by DEFCESCO

KiTTY versions 0.76.1.13 and below suffer from buffer overflows related to ANSI escape sequences. Two exploits are included as proof of concepts as well as a full documented breakdown of the issues.

tags | exploit, overflow, proof of concept
advisories | CVE-2024-25003, CVE-2024-25004
SHA-256 | 1f71c297de8e15269afccee5fe50775bb9e2e1ea8407831ab9883313d3078f04
Juniper SRX Firewall / EX Switch Remote Code Execution
Posted Feb 2, 2024
Authored by whiteOwl | Site whiteowl-pub.github.io

This code serves as both a vulnerability detector and a proof of concept for CVE-2023-36845. It executes the phpinfo() function on the login page of the target device, allowing to inspect the PHP configuration. This script also has the option to save the phpinfo() output to a file for further analysis.

tags | exploit, php, proof of concept
advisories | CVE-2023-36845
SHA-256 | 56c0a0ad9dba5be91bcf88dbed7e2234e764bf5d6166e8250dfe5f1920543e02
Jenkins 2.441 / LTS 2.426.3 Arbitrary File Read
Posted Jan 29, 2024
Authored by binganao | Site github.com

Jenkins versions 2.441 and below and LTS 2.426.3 and below remote arbitrary file read proof of concept exploit written in Python.

tags | exploit, remote, arbitrary, proof of concept, python
advisories | CVE-2024-23897
SHA-256 | 4fdefdc8a91925284359a1beec765f58e6f6a5a76aa3e27c5a5a2fb4ba6cd562
GoAnywhere MFT Authentication Bypass
Posted Jan 24, 2024
Authored by James Horseman, Zach Hanley, Horizon3 Attack Team | Site github.com

GoAnywhere MFT authentication bypass proof of concept exploit.

tags | exploit, proof of concept
advisories | CVE-2024-0204
SHA-256 | cc18afe3ce13ec7ab1ac673b6370a4830af2b4f40a635675ad5b2e4d8c6adfca
PixieFail Proof Of Concepts
Posted Jan 17, 2024
Authored by QuarksLab | Site blog.quarkslab.com

This archive contains proof of concepts to trigger the 7 vulnerabilities in Tianocore's EDK II open source implementation of the UEFI specification. Issues include an integer underflow, buffer overflows, infinite loops, and an out of bounds read.

tags | exploit, overflow, vulnerability, proof of concept
advisories | CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235
SHA-256 | b2881adefb7e3e5f3ce5ab7e7f947977fc25d63f9ffa4210fe9c5586ffc11a4d
Android DeviceVersionFragment.java Privilege Escalation
Posted Jan 10, 2024
Authored by Amirhossein Bahramizadeh

Proof of concept exploit for a privilege escalation issue in Android. In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

tags | exploit, java, local, proof of concept
advisories | CVE-2023-48418
SHA-256 | db6bf38c923aa8b48f087c92b0b649720e01af632d0cbebfd3cb67803d0a4bf9
Terrapin SSH Connection Weakening
Posted Dec 20, 2023
Authored by Jorg Schwenk, Marcus Brinkmann, Fabian Baumer | Site terrapin-attack.com

In this paper, the authors show that as new encryption algorithms and mitigations were added to SSH, the SSH Binary Packet Protocol is no longer a secure channel: SSH channel integrity (INT-PST) is broken for three widely used encryption modes. This allows prefix truncation attacks where some encrypted packets at the beginning of the SSH channel can be deleted without the client or server noticing it. They demonstrate several real-world applications of this attack. They show that they can fully break SSH extension negotiation (RFC 8308), such that an attacker can downgrade the public key algorithms for user authentication or turn off a new countermeasure against keystroke timing attacks introduced in OpenSSH 9.5. They also identified an implementation flaw in AsyncSSH that, together with prefix truncation, allows an attacker to redirect the victim's login into a shell controlled by the attacker. Related proof of concept code from their github has been added to this archive.

tags | exploit, paper, shell, protocol, proof of concept
advisories | CVE-2023-46445, CVE-2023-46446, CVE-2023-48795
SHA-256 | 3d6be8cc2a9c624a06990226485956c5d92675a632da2182c2546e4af814ff93
Chrome V8 Sandbox Escape
Posted Dec 14, 2023
Authored by R3tro74 | Site retr0.zip

Proof of concept exploit for a new technique to escape from the Chrome V8 sandbox.

tags | exploit, proof of concept
SHA-256 | b533a0e53256fe5313af052c54741bea5b40ff4a27c155aca589938f876681db
Chrome V8 Type Confusion / New Sandbox Escape
Posted Dec 14, 2023
Authored by R3tro74 | Site github.com

Proof of concept exploit for CVE-2023-3079 that leverages a type confusion in V8 in Google Chrome versions prior to 114.0.5735.110. This issue allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This variant of the exploit applies a new technique to escape the sandbox.

tags | exploit, remote, proof of concept
advisories | CVE-2023-3079
SHA-256 | 07a757d77758a5b7ba1152485d4c44678d2993d2b1ba08c1da2c0301b12a31d5
Chrome V8 JIT XOR Arbitrary Code Execution
Posted Dec 14, 2023
Authored by R3tro74 | Site github.com

Chrome V8 proof of concept exploit for CVE-2021-21220. The specific flaw exists within the implementation of XOR operation when executed within JIT compiled code.

tags | exploit, proof of concept
advisories | CVE-2021-21220
SHA-256 | 4a0c5ace29bab9077fd3cb6f30e1b337ebb1207166906d4dc66f459257476092
Chrome V8 Type Confusion
Posted Dec 14, 2023
Authored by mistymntncop | Site github.com

Proof of concept exploit for CVE-2023-3079 that leverages a type confusion in V8 in Google Chrome versions prior to 114.0.5735.110. This issue allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

tags | exploit, remote, proof of concept
advisories | CVE-2023-3079
SHA-256 | c7ac9c003e88739db826c7b7f01e6f701dd02bd677b93702334ae6f89f6455d0
libcue 2.2.1 Out-Of-Bounds Access
Posted Dec 9, 2023
Authored by Kevin Backhouse, GitHub Security Lab

libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to ~/Downloads, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0. This particular archive holds three proof of concept exploits.

tags | exploit, code execution, proof of concept
advisories | CVE-2023-43641
SHA-256 | 642dbf93a2ac7ad97ec0e5940fb62ec821a66ce449bbde84890a9695362e981a
Page 1 of 95
Back12345Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close