This exploit is capable of bruteforcing the RET address to find the buffer in the stack. Upon a successful run, it brings up a reverse shell with privileges of the pptpd daemon (typically root) on the victim server.
An attacker can execute arbitrary code remotely by sending a GET request with 1021 x A followed by the address of the shellcode and the shellcode itself. This spawns a bindshell on the victim at port 28876.
This proof-of-concept exploit code is for do_mremap() #2 vulnerability. It is not to be confused with CVE-2003-0985. This code will just test the vulnerability. A exploit version can be found here ~ https://www.exploit-db.com/exploits/160/
This exploit is used to cause a denial-of-service attack on Windows 2000 Professional systems by sending a specially crafted NetBIOS Session Request packet to the target system. If the exploit works, LSASS gets killed, and after 1mn the server reboots.
This exploit is used to gain a local shell on the system by overwriting the saved EIP on the stack with the address of the shellcode in memory. The exploit uses a portbinding shellcode as a PoC of a different attack vector. RET is calculated dynamically so payload can be changed just by changing shellcode.
This exploit allows an attacker to inject arbitrary JavaScript code into the history list of a web browser. When the user hits the back button, the code is executed. This demo simply creates a harmless textfile on the desktop.
This exploit allows a local user to gain root privileges on OS X 10.2.4 and earlier. DirectoryService must be crashed prior to execution. The exploit compiles a code as 'touch' and executes it. If the euid is root, it will execute a bash shell. If not, it will set the PATH environment variable to '.', execute DirectoryService with the false PATH, pause for 3 seconds, restore the PATH environment variable, and execute the 'touch' code.
This exploit is a shell script which creates 1000 directories and then takes turns deleting and re-creating them. After having created (and deleted) 3.5 millions directories the server denies access to the share.
This exploit is for Need for Speed Hot Pursuit 2 versions 240 and 242. It sends a malicious packet to the client which contains a buffer of 2048 bytes with 90 bytes of NOP instructions followed by a return address of 0xdeadc0de. This causes the client to crash.
This exploit is used to bypass the bound checking of the mremap() system call in the Linux kernel. It uses a combination of mmap(), mremap(), and clone() system calls to gain root privileges. The exploit works by creating a large number of virtual memory areas (VMAs) and then using mremap() to move them to a specific address. The exploit then uses clone() to create a child process that will execute the kernel_code() function. This function will search the stack for the user's UID and GID and replace them with 0, thus granting root privileges.
Services By CQR