Leaderboard

Hello Rst: How to write a (Linux x86) shellcode 1- Introduction to Linux shellcode writing (Part 1) 2- Introduction to Linux shellcode writing (Part 2) 3- How to write a (Linux x86) port-biding shellcode 4- How to write a (Linux x86) reverse connection shellcode 5- How to write a (Linux x86) egg hunter shellcode This is very brief and basic list of steps to follow if you want to write a shellcode under Linux operating system. Introduction to Linux shellcode writing (Part 1) | Adventures in the programming jungle In the previous ticket we created a dummy shellcode firstly in C language and then in the assembler language; we tested the dummy shellcode but we’ve seen that the execution was failing. In this ticket we will try to fix the dummy shellcode problems and hopefully we will be able to execute it successfully. Introduction to Linux shellcode writing (Part 2) | Adventures in the programming jungle The goal of this ticket is to write a shellcode that will open a socket on a specific port and executes a shell when someone connects to the specific port. How to write a (Linux x86) port-biding shellcode | Adventures in the programming jungle The goal of this ticket is to write a shellcode that makes a connection from the hacked system to a different system where it can be cached by different network tools like net cat How to write a (Linux x86) reverse connection shellcode | Adventures in the programming jungle The goal of this ticket is to write an egg hunter shellcode. An egg hunter is a piece of code that when is executed is looking for another piece of code (usually bigger) called the egg and it passes the execution to the egg. This technique is usually used when the space of executing shellcode is limited (the available space is less than the egg size) and it is possible to inject the egg in another memory location. Because the egg is injected in a non static memory location the egg must start with an egg tag in order to be recognized by the egg hunter. How to write a (Linux x86) egg hunter shellcode | Adventures in the programming jungle Regards NO-MERCY Source: http://itblog.adrian.citu.name/category/it-security/shellcode/

RW::Download version 4.0.8 suffers from remote and local file inclusion and remote SQL injection vulnerabilities. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : http://0day.today 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 #################################### 1 0 I'm indoushka member from Inj3ct0r Team 1 1 #################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 | # Title : RWDownload v4.0.8 Multi Vulnerability | # Author : indoushka | # email : indoushka4ever@gmail.com | # Tested on: windows 8.1 Français V.(Pro) | # Vendor : http://www.rwscripts.com/ ======================================================================== Poc : L/R file inclusion: Line : 134 Function : require_once variables : $langpref Path : C:\www\UPLOAD\index.php http://3dcars.crystaldemon.com/index.php?langpref=her yours SQl injection : http://3dcars.crystaldemon.com/index.php?url=&cid= inject her Greetz : jericho http://attrition.org & http://www.osvdb.org/ * http://packetstormsecurity.com Hussin-X *D4NB4R* KnocKout * https://www.corelan.be --------------------------------------------------------------------------------------- https://packetstormsecurity.com/files/135077/RW-Download-4.0.8-File-Inclusion-SQL-Injection.html