正在加载...

分类 ‘工具收集’ 下的日志

serv-u7 local exploit (php)

2008/12/02 18:26 | 鬼仔 | 工具收集 | 消灭0回复

# 鬼仔:前几天浪子发我测试过,今天放出来了。

by 空虚浪子心 http://www.inbreak.net

注:由于作者懒,没有提供日志清理功能,会留下日志:

一,su7是提权有几种方式?
 有两种形式去干掉su7。
1>,登陆管理员控制台的页面
==>获取OrganizationId,用于添加用户
==>获取全局用户的“下一个新用户ID”
==>添加用户
==>添加用户的权限 or 添加全局用户权限
==>用户登陆
==>执行系统命令添加系统账户。
阅读全文 »

Tags: ,

Browser Rider - a testing tool for browser exploitation

2008/12/02 16:23 | 鬼仔 | 工具收集 | 消灭0回复

What is this about?
“Browser Rider” is a hacking framework to build payloads that exploit the browser. The project aims to provide a powerful, simple and flexible interface to any client side exploit.

Browser Rider is not a new concept. Similar tools such as BeEF or Backframe exploited the same concept. However most of the other existing tools out there are unmainted, not updated and not documented. Browser Rider wants to fill those gaps by providing a better alternative.
阅读全文 »

Tags:

Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)

2008/12/02 16:03 | 鬼仔 | 工具收集 | 消灭0回复 
<%@ page import="java.util.*,java.io.*"%>
<%
%>

<%--
abysssec inc public material

just upload this file with abysssec.jsp and execute your command
your command will run as administrator . you can download sam file
add user or do anything you want .
note : please be gentle and don't obstructionism .
vulnerability discovered by : abysssec.com

阅读全文 »

Tags: ,

Cain & Abel < = v4.9.24 .RDP Stack Overflow Exploit

2008/12/02 16:02 | 鬼仔 | 工具收集 | 消灭0回复 
#!/usr/bin/perl
#
# Cain & Abel <= v4.9.24 .RDP Stack Overflow Exploit
# Exploit by SkD (skdrat@hotmail.com)
# -----------------------------------------------
#
# Nothing much to say about this one. This works on
# an updated Windows XP SP3. On Vista this exploit is way easier
# the more challenging one was on XP, and here it is.
# Enjoy :). Also remember if you want to put your own shellcode
# there are a few character restrictions and using Alpha2 or
# Alpha Numerical won't work at all.
# To open the .RDP file in Cain & Abel, click the
# "Remote Password Decoder Dialog" icon.
# Credits to Encrypt3d.M!nd.
# {Author has no responsibility over the damage you do with this!}

阅读全文 »

Tags: , ,

Cain & Abel v4.9.23 (rdp file) Buffer Overflow PoC

2008/12/02 16:01 | 鬼仔 | 工具收集 | 消灭0回复 
# exploit.py
##########################################################
# Cain & Abel v4.9.23 (rdp file) Buffer Overflow PoC
# (other versions may also affected)
# By:Encrypt3d.M!nd
#    encrypt3d.blogspot.com
#
# Greetz:-=Mizo=-,L!0N,El Mariachi,MiNi SpIder
##########################################################
#

阅读全文 »

Tags: , ,

国外gui版phpshell

2008/12/02 15:58 | 鬼仔 | 工具收集 | 消灭0回复

来源:鱼化石's blog

phpshell

下载地址:webshellphpgui.rar

Tags: