鬼仔's Blog

作者：Inking

因为一些字符问题，所以英文版的exp没法直接用到中文操作系统上，花了些时间修改了milw0rm上的exp，在自己的中、英文 Win2k sp4 虚拟机中测试都通过。
阅读全文 »

#!/usr/bin/perl
# IIS 5.0 FTP Server / Remote SYSTEM exploit
# Win2k SP4 targets
# bug found & exploited by Kingcope, kcope2<at>googlemail.com
# Affects IIS6 with stack cookie protection
# Modded by muts, additional egghunter added for secondary larger payload
# Might take a minute or two for the egg to be found.
# Opens bind shell on port 4444

# http://www.offensive-security.com/0day/msftp.pl.txt
阅读全文 »

/*
**
** 0x82-CVE-2009-2698
** Linux kernel 2.6 < 2.6.19 (32bit) ip_append_data() local ring0 root exploit
**
** Tested White Box 4(2.6.9-5.ELsmp),
** CentOS 4.4(2.6.9-42.ELsmp), CentOS 4.5(2.6.9-55.ELsmp),
** Fedora Core 4(2.6.11-1.1369_FC4smp), Fedora Core 5(2.6.15-1.2054_FC5),
** Fedora Core 6(2.6.18-1.2798.fc6).
阅读全文 »

# IIS 5.0 FTPd / Remote r00t exploit
# Win2k SP4 targets
# bug found & exploited by Kingcope, kcope2<at>googlemail.com
# Affects IIS6 with stack cookie protection
# August 2009 – KEEP THIS 0DAY PRIV8
阅读全文 »

> Linux NULL pointer dereference due to incorrect proto_ops initializations
> > ————————————————————————-

Quick and dirty exploit for this one:

http://www.frasunek.com/proto_ops.tgz
back: http://milw0rm.com/sploits/2009-proto_ops.tgz

# milw0rm.com [2009-08-14]

/* dedicated to my best friend in the whole world, Robin Price
the joke is in your hands

just too easy — some nice library functions for reuse here though

credits to julien tinnes/tavis ormandy for the bug

may want to remove the __attribute__((regparm(3))) for 2.4 kernels, I have no time to test
阅读全文 »

# milw0rm.com [2009-07-30]

Microsoft Corporation – http:www.microsoft.com/

Affected Software:
Windows XP Service Pack 2
Windows XP Service Pack 3
阅读全文 »

# 鬼仔：再推荐下NoScript

# milw0rm.com [2009-07-13]
阅读全文 »