鬼仔's Blog

#!/usr/bin/perl
# IIS 5.0 FTP Server / Remote SYSTEM exploit
# Win2k SP4 targets
# bug found & exploited by Kingcope, kcope2<at>googlemail.com
# Affects IIS6 with stack cookie protection
# Modded by muts, additional egghunter added for secondary larger payload
# Might take a minute or two for the egg to be found.
# Opens bind shell on port 4444

# http://www.offensive-security.com/0day/msftp.pl.txt
阅读全文 »

/*
**
** 0x82-CVE-2009-2698
** Linux kernel 2.6 < 2.6.19 (32bit) ip_append_data() local ring0 root exploit
**
** Tested White Box 4(2.6.9-5.ELsmp),
** CentOS 4.4(2.6.9-42.ELsmp), CentOS 4.5(2.6.9-55.ELsmp),
** Fedora Core 4(2.6.11-1.1369_FC4smp), Fedora Core 5(2.6.15-1.2054_FC5),
** Fedora Core 6(2.6.18-1.2798.fc6).
阅读全文 »

# IIS 5.0 FTPd / Remote r00t exploit
# Win2k SP4 targets
# bug found & exploited by Kingcope, kcope2<at>googlemail.com
# Affects IIS6 with stack cookie protection
# August 2009 – KEEP THIS 0DAY PRIV8
阅读全文 »

fly_flash — Jump/XSS/CSRF in Flash

Author: [email protected]
Site: http://www.80sec.com
Date: 2009-8-26
From: http://www.80sec.com/release/fly_flash.txt
80SEC — know it then hack it !
阅读全文 »

========================[Author]============================

[+] Founded : ZhaoHuAn
[+] Contact : ZhengXing[at]shandagames[dot]com
[+] Blog : http://www.patching.net/zhaohuan/
[+] Date : August, 26th 2009 [Double Seventh Festival]

========================[Soft Info]=========================

Software: Discuz! Plugin Crazy Star(family)
Version : 2.0
Vendor : http://www.discuz.com
阅读全文 »

作者：cnqing

这个周末如果不能发布，估计又要等到猴年马月了，多谢各位网友测试。

更新内容：

1.减缓蓝屏

2.增加手动设置MAC功能
阅读全文 »

# 鬼仔：打包了下那个swf和js，xiaonei_flash_xss_worm.7z 。

分析来源：知道安全（http://www.scanw.com/blog/）

威胁本质：
校内网的 JS函数playswf可以动态地创建一个flash player容器（<embed type=”application/x-shockwave-flash”></embed>），而创建的flash player容器错误地使用了allowScriptAccess属性，代码片段如下：
阅读全文 »

作者：linshifei

去年的时候整理了下业界的fuzz,做了个梳理,现在准备整理下,共享出来.不然,年纪大了就忘了:)
阅读全文 »