作者:cnqing
来源于EMM’s Exp,以socket方式重放攻击。
本机可为任意平台,从这个角度讲成功率稍高于EMM’S exp。
原版不成功时,可以试试这个。
阅读全文 »
Tags: Exploit,
MS08-067
鬼仔注:发过MS Windows 2003 Token Kidnapping Local Exploit PoC,这次是2008.
Now it’s time for Windows 2008 exploit (it should work on Windows 2003 too)
You will see that the super secure IIS 7 can be owned, too weak by default :)
You can find the PoC exploit here http://www.argeniss.com/research/Churrasco2.zip
Enjoy.
Tags: Exploit,
PoC,
Token Kidnapping,
Windows 2008
Vulnerable:
Tru-Zone NukeET 3.4
FCKeditor FCKeditor 2.4.3
FCKeditor FCKeditor 2.0 rc3
FCKeditor FCKeditor 2.0 RC2
FCKeditor FCKeditor 2.3 beta
FCKeditor FCKeditor 2.2
阅读全文 »
Tags: Exploit,
FCKeditor
作者:SoBeIt
#include <stdio.h>
#include <winsock2.h>
#include <windows.h>
#pragma comment(lib, "ws2_32.lib")
#define NTSTATUS int
阅读全文 »
Tags: AFD.sys,
Exploit,
MS08-066,
提权
文章作者:Eros412
信息来源:邪恶八进制信息安全团队(www.eviloctal.com)
MS Bulletin : http://www.microsoft.com/technet/security/Bulletin/MS08-066.mspx
**********计算IoControlCode过程**********
阅读全文 »
Tags: AFD.sys,
Exploit,
MS08-066,
PoC,
提权
Hi,
I have just uploaded a k-plugin for Kartoffel, which exploits a flaw
patched in the recent MS08-066 bulletin.
http://kartoffel.reversemode.com/downloads.php
backup: http://milw0rm.com/sploits/2008-afd_plugin.zip
阅读全文 »
Tags: AFD.sys,
Exploit,
MS08-066,
提权
鬼仔:提权很好用,直接system。文章末尾贴个TR那里的测试图。
编译好的:http://www.blogjava.net/Files/baicker/Churrasco.rar (via 009)
From:http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html
It has been a long time since Token Kidnapping presentation (http://www.argeniss.com/research/TokenKidnapping.pdf)
was published so I decided to release a PoC exploit for Win2k3 that alows to execute code under SYSTEM account.
阅读全文 »
Tags: Exploit,
PoC,
Token Kidnapping,
Windows 2003,
提权
