鬼仔's Blog

#!/usr/bin/perl
#
#
# mIRC 6.34 Remote Buffer Overflow Exploit
# Exploit by SkD (skdrat <at> hotmail <.> com)
# —————————————-
# A day’s work of debugging and looking at mIRC.
#
# Tested on Windows XP SP3 English and Windows Vista SP0.
#
# Credits to securfrog for publishing the PoC.
#
# Author has no responsibility over the damage you do with this!
#
# Note: You might change the addresses for Vista ;)
#
# —————————————-
阅读全文 »

来源：T00LS

MySQL 利用工具.
连接对方的MySQL后,可以上传文件,执行dos命令.以及下载文件并运行.

软件需要 Microsoft .NET Framework 2.0 支持
无法打开软件请安装 Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 下载地址:
http://www.microsoft.com/downloads/details.aspx?FamilyID=0856eacb-4362-4b0d-8edd-aab15c5e04f5&displaylang=zh-cn
阅读全文 »

来源：T00LS

下载地址：lanker3.0.rar
阅读全文 »

Serv-U 7.2.0.1 Remote FTP File Replacement Vulnerability (auth)
#Serv-U 7.2.0.1 ftp file replacement
#user must have upload permissions
#
#(x) dmnt 2008-10-01
阅读全文 »

Serv-U 7.2.0.1 (stou con:1) Denial of Service Vulnerability (auth)
#Serv-U 7.2.0.1 ftp server DoS
#user must have upload permissions
#
#(x) dmnt 2008-10-01
阅读全文 »

########################################################
# Mirc 6.34 Remote Buffer Overflow
#
# This poc allow you to own the 2 first EDI & EDX bytes.
#
# To become remote, add a simple document.location.href=irc://server.com/… in some html page
#
use IO::Socket;
阅读全文 »

EMR_COLORMATCHTOTARGETW stack buffer overflow exploit
By Ac!dDrop

This is one of the 2 Vulnerabilities of MS08-021

Tested on Windows xp professional SP1
GDi32.dll 5.1.2600.1106
kernel32.dll 5.1.2600.1106
ws2_32.dll 5.1.2600.0
阅读全文 »

作者：MJ0011

EQ魔法盾的驱动程序员对用户态参数检查有一定概念，可惜没有正确理解ProbeForRead的用法，导致几乎所有的SSDT HOOK函数都存在用户态检查不正确的问题,漏洞多达数十处。

此漏洞可导致任意用户权限的程序可以在安装了EQ魔法盾的系统上引发蓝屏

出问题的组件：EQSysSecure.sys ,版本:2008.9.1.26 CheckSum = 0x0001EFD3 TimeStamp = 0x48BAC155

EQ魔法盾的驱动中有这样一个函数 :偏移608d处 sub_16c8d
阅读全文 »