IE7漏洞

2008/12/09 16:08 | 鬼仔 | 工具收集 | 8 条评论了已经

# 鬼仔观望明天微软的补丁情况,是否会补上这个0DAY漏洞,如果没有补丁的话。。。八成不会补。360论坛还有一个

作者:greysign

好吧。被人发出来了。上周末还有人5000一小马。甚至一开始有12W出售的。

湛江那边更新了发出来了。我也发给吧。。。不分析。上代码。

360补完还是中的~
阅读全文 »

Tags: , , ,

利用wsc 来做一个asp后门

2008/12/05 19:21 | 鬼仔 | 工具收集 | 3 条评论了已经

作者:lcx

ScriptCodingInfo.wsc代码如下,该文件可以改成任意后缀

<?xml version="1.0" encoding="gb2312" standalone="yes"?>

<?component error="true" debug="true"?>

<package>

<component id="haiyangtop">
 阅读全文 »
Tags:

Discuz! 1_modcp_editpost.tpl.php xss bug

2008/12/05 0:04 | 鬼仔 | 技术文章 | 5 条评论了已经

author: ring04h
team:http://www.80vul.com

[该漏洞由ring04h发现并且投递,thx]
由于Discuz!的1_modcp_editpost.tpl.php里$orig[‘message’]未过滤,导致一个xss漏洞.

一 分析
阅读全文 »

Tags: , , ,

serv-u7 local exploit (php)

2008/12/02 18:26 | 鬼仔 | 工具收集 | 消灭0留言

# 鬼仔:前几天浪子发我测试过,今天放出来了。

by 空虚浪子心 http://www.inbreak.net

注:由于作者懒,没有提供日志清理功能,会留下日志:

一,su7是提权有几种方式?
 有两种形式去干掉su7。
1>,登陆管理员控制台的页面
==>获取OrganizationId,用于添加用户
==>获取全局用户的“下一个新用户ID”
==>添加用户
==>添加用户的权限 or 添加全局用户权限
==>用户登陆
==>执行系统命令添加系统账户。
阅读全文 »

Tags: ,

Browser Rider – a testing tool for browser exploitation

2008/12/02 16:23 | 鬼仔 | 工具收集 | 消灭0留言

What is this about?
“Browser Rider” is a hacking framework to build payloads that exploit the browser. The project aims to provide a powerful, simple and flexible interface to any client side exploit.

Browser Rider is not a new concept. Similar tools such as BeEF or Backframe exploited the same concept. However most of the other existing tools out there are unmainted, not updated and not documented. Browser Rider wants to fill those gaps by providing a better alternative.
阅读全文 »

Tags:

Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)

2008/12/02 16:03 | 鬼仔 | 工具收集 | 消灭0留言 
<%@ page import="java.util.*,java.io.*"%>
<%
%>

<%--
abysssec inc public material

just upload this file with abysssec.jsp and execute your command
your command will run as administrator . you can download sam file
add user or do anything you want .
note : please be gentle and don't obstructionism .
vulnerability discovered by : abysssec.com
 阅读全文 »
Tags: ,

Cain & Abel < = v4.9.24 .RDP Stack Overflow Exploit

2008/12/02 16:02 | 鬼仔 | 工具收集 | 才 1 条评论 
#!/usr/bin/perl
#
# Cain & Abel <= v4.9.24 .RDP Stack Overflow Exploit
# Exploit by SkD ([email protected])
# -----------------------------------------------
#
# Nothing much to say about this one. This works on
# an updated Windows XP SP3. On Vista this exploit is way easier
# the more challenging one was on XP, and here it is.
# Enjoy :). Also remember if you want to put your own shellcode
# there are a few character restrictions and using Alpha2 or
# Alpha Numerical won't work at all.
# To open the .RDP file in Cain & Abel, click the
# "Remote Password Decoder Dialog" icon.
# Credits to Encrypt3d.M!nd.
# {Author has no responsibility over the damage you do with this!}
 阅读全文 »
Tags: ,

Cain & Abel v4.9.23 (rdp file) Buffer Overflow PoC

2008/12/02 16:01 | 鬼仔 | 工具收集 | 消灭0留言 
# exploit.py
##########################################################
# Cain & Abel v4.9.23 (rdp file) Buffer Overflow PoC
# (other versions may also affected)
# By:Encrypt3d.M!nd
#    encrypt3d.blogspot.com
#
# Greetz:-=Mizo=-,L!0N,El Mariachi,MiNi SpIder
##########################################################
#
 阅读全文 »
Tags: ,