黑帽漏洞数据库

# Exploit Title: a-Mac Address Change v5.4 - Denial of Service (PoC) # Discovery by: Rafael Pedrero # Discovery Date: 2019-01-30 # Vendor Homepage: http://amac.paqtool.com/ # Software Link : http://amac.paqtool.com/ # Tested Version: 5.4 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run amac.exe # 2.- copy content amac_Crash.txt or 212 "A" to clipboard (result from this python script) # 3.- Go to Register - Amac Register Form and paste the result in all fields: "Your Name", "Your Company", "Register Code" # 4.- Click in Register button and you will see a crash. #!/usr/bin/env python c…

# Exploit Title: FlexHEX v2.46 - Denial of Service (PoC) and SEH overwritten Crash PoC # Discovery by: Rafael Pedrero # Discovery Date: 2018-12-20 # Vendor Homepage: http://www.flexhex.com/order/?r1=iNetShortcut&r2=fhx1 # Software Link : http://www.flexhex.com/order/?r1=iNetShortcut&r2=fhx1 # Tested Version: 2.46 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run FlexHEX.exe # 2.- Go to Menu "Stream" - "New Stream" and copy content of FlexHEX_SEH_Crash.txt to clipboard # 3.- Paste the content into the field: 'Stream Name:' # 4.- Click 'OK' button and you will see a crash. ''' L…

# Exploit Title: ASPRunner Professional v6.0.766 - Denial of Service (PoC) # Discovery by: Rafael Pedrero # Discovery Date: 2019-01-30 # Vendor Homepage: http://www.xlinesoft.com/asprunnerpro # Software Link : http://www.xlinesoft.com/asprunnerpro # Tested Version: v6.0.766 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run AspRunnerPro.exe # 2.- copy content AspRunnerPro_Crash.txt or 180 "A" to clipboard (result from this python script) # 3.- Go to Wizard "Create a new project" - in "Project name:" field paste the result (180 "A" or more) # 4.- Click in Next button and you will see a cr…

#!/usr/bin/python # Exploit Title: R i386 3.5.0 - Local Buffer Overflow (SEH) # Date: 30/01/2019 # Exploit Author: Dino Covotsos - Telspace Systems # Vendor Homepage: https://www.r-project.org/ # Version: 3.5.0 # Software Link: https://cran.r-project.org/bin/windows/base/old/3.5.0/R-3.5.0-win.exe # Contact: services[@]telspace.co.za # Twitter: @telspacesystems (Greets to the Telspace Crew) # Version: 3.5.0 # Tested on: Windows XP Prof SP3 ENG x86 # Note: SEH exploitation method (SEH + DEP Bypass exploit for Windows 7 x86 by Bzyo available on exploit-db) # CVE: TBC from Mitre # Created in preparation for OSCE - DC - Telspace Systems # PoC: # 1.) Generate exploit.txt, copy …

#!/usr/bin/python # Exploit Title: UltraISO 9.7.1.3519 - Local Buffer Overflow (SEH) # Date: 30/01/2019 # Exploit Author: Dino Covotsos - Telspace Systems # Vendor Homepage: https://www.ultraiso.com/ # Version: 9.7.1.3519 # Software Link: https://www.ultraiso.com/download.html # Contact: services[@]telspace.co.za # Twitter: @telspacesystems (Greets to the Telspace Crew) # Tested on: Windows XP Prof SP3 ENG x86 # CVE: TBC from Mitre # Thanks to Francisco Ramirez for the original Windows 10 x64 DOS. # Created in preparation for OSCE - DC - Telspace Systems # PoC: # 1.) Generate exploit.txt, copy the content to clipboard # 2.) In the application, click "Make CD/DVD Image" #…

# Exploit Title: Advanced Host Monitor 11.90 Beta - 'Registration number' Denial of Service (PoC) # Discovery by: Luis Martinez # Discovery Date: 2019-01-30 # Vendor Homepage: https://www.ks-soft.net # Software Link : https://www.ks-soft.net/download/hm1190.exe # Tested Version: 11.90 Beta # Vulnerability Type: Denial of Service (DoS) Local # Tested on OS: Windows 10 Pro x64 es # Steps to Produce the Crash: # 1.- Run python code : python Advanced_Host_Monitor_11.90_Beta.py # 2.- Open Advanced_Host_Monitor_11.90_Beta.txt and copy content to clipboard # 3.- Open HostMonitor # 4.- Help -> License... # 5.- Register Now # 6.- Name (Organization): -> l4m5 # 7.- Paste Cl…

# Exploit Title: Necrosoft DIG v0.4 - Denial of Service (PoC) SEH overwritten Crash PoC # Discovery by: Rafael Pedrero # Discovery Date: 2005-01-10 # Vendor Homepage: http://www.nscan.org/?index=dns # Software Link : http://www.nscan.org/?index=dns # Tested Version: 0.4 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run Necrosoft DIG v0.4 (dig.exe) # 2.- copy content DIG_Crash.txt to clipboard (result from this python script) # 3.- Paste the content into the field: 'Target' # 4.- Click 'TCP lookup' button and you will see a crash. ''' SEH chain of thread 000003CC Address SE handler …

#!/usr/bin/python # Exploit Title: AnyBurn x86 - Denial of Service (DoS) # Date: 30-01-2019 # Exploit Author: Dino Covotsos - Telspace Systems # Vendor Homepage: http://www.anyburn.com/ # Version: 4.3 (32-bit) # Software Link : http://www.anyburn.com/anyburn_setup.exe # Contact: services[@]telspace.co.za # Twitter: @telspacesystems (Greets to the Telspace Crew) # Tested Version: 4.3 (32-bit) # Tested on: Windows XP SP3 ENG x86 # Note: The other exploitation field in Anyburn was discovered by Achilles # CVE: TBC from Mitre # Created in preparation for OSCE - DC - Telspace Systems # DOS PoC: # 1.) Generate exploit.txt, copy the contents to clipboard # 2.) In the application…

# Exploit Title: a-Mac Address Change v5.4 - Denial of Service (PoC) # Discovery by: Rafael Pedrero # Discovery Date: 2019-01-30 # Vendor Homepage: http://amac.paqtool.com/ # Software Link : http://amac.paqtool.com/ # Tested Version: 5.4 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run amac.exe # 2.- copy content amac_Crash.txt or 212 "A" to clipboard (result from this python script) # 3.- Go to Register - Amac Register Form and paste the result in all fields: "Your Name", "Your Company", "Register Code" # 4.- Click in Register button and you will see a crash. #!/usr/bin/env python c…

# Exploit Title: LanHelper v1.74 - Denial of Service (PoC) # Discovery by: Rafael Pedrero # Discovery Date: 2019-01-31 # Vendor Homepage: http://www.hainsoft.com/ # Software Link : http://www.hainsoft.com/ # Tested Version: 1.74 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run LanHelper.exe # 2.- copy content LanHelper_Crash.txt or 6000 "A" to clipboard (result from this python script) # 3.- Go to "NT-Utilities" - "Form Send Message" - Tab "Message" - "Add" - "Add target" and paste the result from this python script # 4.- Paste the result from this python script in "Message text:", sam…

# Exploit Title: FlexHEX v2.46 - Denial of Service (PoC) and SEH overwritten Crash PoC # Discovery by: Rafael Pedrero # Discovery Date: 2018-12-20 # Vendor Homepage: http://www.flexhex.com/order/?r1=iNetShortcut&r2=fhx1 # Software Link : http://www.flexhex.com/order/?r1=iNetShortcut&r2=fhx1 # Tested Version: 2.46 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run FlexHEX.exe # 2.- Go to Menu "Stream" - "New Stream" and copy content of FlexHEX_SEH_Crash.txt to clipboard # 3.- Paste the content into the field: 'Stream Name:' # 4.- Click 'OK' button and you will see a crash. ''' L…

# Exploit Title: ASPRunner Professional v6.0.766 - Denial of Service (PoC) # Discovery by: Rafael Pedrero # Discovery Date: 2019-01-30 # Vendor Homepage: http://www.xlinesoft.com/asprunnerpro # Software Link : http://www.xlinesoft.com/asprunnerpro # Tested Version: v6.0.766 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run AspRunnerPro.exe # 2.- copy content AspRunnerPro_Crash.txt or 180 "A" to clipboard (result from this python script) # 3.- Go to Wizard "Create a new project" - in "Project name:" field paste the result (180 "A" or more) # 4.- Click in Next button and you will see a cr…

#!/usr/bin/python # Exploit Title: R i386 3.5.0 - Local Buffer Overflow (SEH) # Date: 30/01/2019 # Exploit Author: Dino Covotsos - Telspace Systems # Vendor Homepage: https://www.r-project.org/ # Version: 3.5.0 # Software Link: https://cran.r-project.org/bin/windows/base/old/3.5.0/R-3.5.0-win.exe # Contact: services[@]telspace.co.za # Twitter: @telspacesystems (Greets to the Telspace Crew) # Version: 3.5.0 # Tested on: Windows XP Prof SP3 ENG x86 # Note: SEH exploitation method (SEH + DEP Bypass exploit for Windows 7 x86 by Bzyo available on exploit-db) # CVE: TBC from Mitre # Created in preparation for OSCE - DC - Telspace Systems # PoC: # 1.) Generate exploit.txt, copy …

#!/usr/bin/python # Exploit Title: UltraISO 9.7.1.3519 - Local Buffer Overflow (SEH) # Date: 30/01/2019 # Exploit Author: Dino Covotsos - Telspace Systems # Vendor Homepage: https://www.ultraiso.com/ # Version: 9.7.1.3519 # Software Link: https://www.ultraiso.com/download.html # Contact: services[@]telspace.co.za # Twitter: @telspacesystems (Greets to the Telspace Crew) # Tested on: Windows XP Prof SP3 ENG x86 # CVE: TBC from Mitre # Thanks to Francisco Ramirez for the original Windows 10 x64 DOS. # Created in preparation for OSCE - DC - Telspace Systems # PoC: # 1.) Generate exploit.txt, copy the content to clipboard # 2.) In the application, click "Make CD/DVD Image" #…

# Exploit Title: Advanced Host Monitor 11.90 Beta - 'Registration number' Denial of Service (PoC) # Discovery by: Luis Martinez # Discovery Date: 2019-01-30 # Vendor Homepage: https://www.ks-soft.net # Software Link : https://www.ks-soft.net/download/hm1190.exe # Tested Version: 11.90 Beta # Vulnerability Type: Denial of Service (DoS) Local # Tested on OS: Windows 10 Pro x64 es # Steps to Produce the Crash: # 1.- Run python code : python Advanced_Host_Monitor_11.90_Beta.py # 2.- Open Advanced_Host_Monitor_11.90_Beta.txt and copy content to clipboard # 3.- Open HostMonitor # 4.- Help -> License... # 5.- Register Now # 6.- Name (Organization): -> l4m5 # 7.- Paste Cl…

# Exploit Title: Necrosoft DIG v0.4 - Denial of Service (PoC) SEH overwritten Crash PoC # Discovery by: Rafael Pedrero # Discovery Date: 2005-01-10 # Vendor Homepage: http://www.nscan.org/?index=dns # Software Link : http://www.nscan.org/?index=dns # Tested Version: 0.4 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run Necrosoft DIG v0.4 (dig.exe) # 2.- copy content DIG_Crash.txt to clipboard (result from this python script) # 3.- Paste the content into the field: 'Target' # 4.- Click 'TCP lookup' button and you will see a crash. ''' SEH chain of thread 000003CC Address SE handler …

# Exploit Title: a-Mac Address Change v5.4 - Denial of Service (PoC) # Discovery by: Rafael Pedrero # Discovery Date: 2019-01-30 # Vendor Homepage: http://amac.paqtool.com/ # Software Link : http://amac.paqtool.com/ # Tested Version: 5.4 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run amac.exe # 2.- copy content amac_Crash.txt or 212 "A" to clipboard (result from this python script) # 3.- Go to Register - Amac Register Form and paste the result in all fields: "Your Name", "Your Company", "Register Code" # 4.- Click in Register button and you will see a crash. #!/usr/bin/env python c…

# Exploit Title: LanHelper v1.74 - Denial of Service (PoC) # Discovery by: Rafael Pedrero # Discovery Date: 2019-01-31 # Vendor Homepage: http://www.hainsoft.com/ # Software Link : http://www.hainsoft.com/ # Tested Version: 1.74 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run LanHelper.exe # 2.- copy content LanHelper_Crash.txt or 6000 "A" to clipboard (result from this python script) # 3.- Go to "NT-Utilities" - "Form Send Message" - Tab "Message" - "Add" - "Add target" and paste the result from this python script # 4.- Paste the result from this python script in "Message text:", sam…

#!/usr/bin/python # Exploit Title: AnyBurn x86 - Denial of Service (DoS) # Date: 30-01-2019 # Exploit Author: Dino Covotsos - Telspace Systems # Vendor Homepage: http://www.anyburn.com/ # Version: 4.3 (32-bit) # Software Link : http://www.anyburn.com/anyburn_setup.exe # Contact: services[@]telspace.co.za # Twitter: @telspacesystems (Greets to the Telspace Crew) # Tested Version: 4.3 (32-bit) # Tested on: Windows XP SP3 ENG x86 # Note: The other exploitation field in Anyburn was discovered by Achilles # CVE: TBC from Mitre # Created in preparation for OSCE - DC - Telspace Systems # DOS PoC: # 1.) Generate exploit.txt, copy the contents to clipboard # 2.) In the application…

/* XNU has various interfaces that permit creating copy-on-write copies of data between processes, including out-of-line message descriptors in mach messages. It is important that the copied memory is protected against later modifications by the source process; otherwise, the source process might be able to exploit double-reads in the destination process. This copy-on-write behavior works not only with anonymous memory, but also with file mappings. This means that, if the filesystem mutates the file contents (e.g. because the ftruncate() syscall was used), the filesystem must inform the memory management subsystem so that affected pages can be deduplicated. If this doesn…