Section: .. / 0911-exploits /

Page 8 of 18
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 >> Files 175 - 200 of 449

Currently sorted by: Last Modified Sort By: File Name, File Size

/// File Name:	microsoft_ftpd_nlst.rb.txt
Description:	This Metasploit module exploits a stack overflow flaw in the Microsoft IIS FTP service. The flaw is triggered when a special NLST argument is passed while the session has changed into a long directory path. For this exploit to work, the FTP server must be configured to allow write access to the file system (either anonymously or in conjunction with a real account).
Author:	H D Moore,Kingcope
Homepage:	http://www.metasploit.com
File Size:	4937
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	b566a46c73d7525de3e054c23aeee675

/// File Name:	minishare_get_overflow.rb.txt
Description:	This is a simple buffer overflow for the minishare web server. This flaw affects all versions prior to 1.4.2. This is a plain stack overflow that requires a "jmp esp" to reach the payload, making this difficult to target many platforms at once. This Metasploit module has been successfully tested against 1.4.1. Version 1.3.4 and below do not seem to be vulnerable.
Author:	acaro
Homepage:	http://www.metasploit.com
File Size:	2622
Related OSVDB(s):	11530
Related CVE(s):	CVE-2004-2271
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	0a585e008afc05253dafa670d80fa4b2

/// File Name:	mirc_irc_url.rb.txt
Description:	This Metasploit module exploits a stack overflow in mIRC 6.1. By submitting an overly long and specially crafted URL to the 'irc' protocol, an attacker can overwrite the buffer and control program execution.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	2114
Related OSVDB(s):	2665
Related CVE(s):	CVE-2003-1336
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	c76f69b90bd7a20ae67be7001a6dca48

/// File Name:	mirc_privmsg_server.rb.txt
Description:	This Metasploit module exploits a buffer overflow in the mIRC IRC Client v6.34 and earlier. By enticing a mIRC user to connect to this server module, an excessively long PRIVMSG command can be sent, overwriting the stack. Due to size restrictions, ordinal payloads may be necessary. This Metasploit module is based on the code by SkD.
Author:	patrick
Homepage:	http://www.metasploit.com
File Size:	2883
Related OSVDB(s):	48752
Related CVE(s):	CVE-2008-4449
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	1fa2d5200e77bdabfce3997f80846de0

/// File Name:	mohaa_getinfo.rb.txt
Description:	This Metasploit module exploits a stack based buffer overflow in the getinfo command of Medal Of Honor Allied Assault.
Author:	Jacopo Cervini
Homepage:	http://www.metasploit.com
File Size:	2669
Related OSVDB(s):	8061
Related CVE(s):	CVE-2004-0735
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	f7cabe5295747588e5f6653262b511da

/// File Name:	ms00_094_pbserver.rb.txt
Description:	This is an exploit for the Phone Book Service /pbserver/pbserver.dll described in MS00-094. By sending an overly long URL argument for phone book updates, it is possible to overwrite the stack. This Metasploit module has only been tested against Windows 2000 SP1.
Author:	patrick
Homepage:	http://www.metasploit.com
File Size:	2287
Related OSVDB(s):	463
Related CVE(s):	CVE-2000-1089
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	8f98e0a8f552e8c9d40ce6979594e098

/// File Name:	ms01_033_idq.rb.txt
Description:	This Metasploit module exploits a stack overflow in the IDQ ISAPI handler for Microsoft Index Server.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	1993
Related OSVDB(s):	568
Related CVE(s):	CVE-2001-0500
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	e2fc9abea937d8ab7004cff1acb46057

/// File Name:	ms02_018_htr.rb.txt
Description:	This exploits a buffer overflow in the ISAPI ISM.DLL used to process HTR scripting in IIS 4.0. This Metasploit module works against Windows NT 4 Service Packs 3, 4, and 5. The server will continue to process requests until the payload being executed has exited. If you've set EXITFUNC to 'seh', the server will continue processing requests, but you will have trouble terminating a bind shell. If you set EXITFUNC to thread, the server will crash upon exit of the bind shell. The payload is alpha-numerically encoded without a NOP sled because otherwise the data gets mangled by the filters.
Author:	stinko
Homepage:	http://www.metasploit.com
File Size:	2436
Related OSVDB(s):	3325
Related CVE(s):	CVE-1999-0874
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	3b9914f3c7ce3d94567daaf53f52f817

/// File Name:	ms02_056_hello.rb.txt
Description:	By sending malformed data to TCP port 1433, an unauthenticated remote attacker could overflow a buffer and possibly execute code on the server with SYSTEM level privileges. This Metasploit module should work against any vulnerable SQL Server 2000 or MSDE install (< SP3).
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	2415
Related OSVDB(s):	10132
Related CVE(s):	CVE-2002-1123
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	b978975bb39bf702fd179843c0ed10c2

/// File Name:	ms03_007_ntdll_webdav.rb.txt
Description:	This exploits a buffer overflow in NTDLL.dll on Windows 2000 through the SEARCH WebDAV method in IIS. This particular module only works against Windows 2000. It should have a reasonable chance of success against any service pack.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	4615
Related OSVDB(s):	4467
Related CVE(s):	CVE-2003-0109
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	fac9caf7a3035465d5d3c93b68184afc

/// File Name:	ms03_020_ie_objecttype.rb.txt
Description:	This Metasploit module exploits a vulnerability in Internet Explorer's handling of the OBJECT type attribute.
Author:	skape
Homepage:	http://www.metasploit.com
File Size:	3142
Related OSVDB(s):	2967
Related CVE(s):	CVE-2003-0344
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	d53d57fe5e180d621413bb31c7b3f342

/// File Name:	ms03_026_dcom.rb.txt
Description:	This Metasploit module exploits a stack overflow in the RPCSS service, this vulnerability was originally found by the Last Stage of Delirium research group and has bee widely exploited ever since. This Metasploit module can exploit the English versions of Windows NT 4.0 SP3-6a, Windows 2000, Windows XP, and Windows 2003 all in one request :)
Author:	H D Moore,cazz,spoonm
Homepage:	http://www.metasploit.com
File Size:	6662
Related OSVDB(s):	2100
Related CVE(s):	CVE-2003-0352
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	0e8c891f65d0c275b901a86b6cebc95d

/// File Name:	ms03_049_netapi.rb.txt
Description:	This Metasploit module exploits a stack overflow in the NetApi32 NetAddAlternateComputerName function using the Workstation service in Windows XP.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	2803
Related OSVDB(s):	11461
Related CVE(s):	CVE-2003-0812
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	ea4f686fb538ac66a66f102c872d636a

/// File Name:	ms04_007_killbill.rb.txt
Description:	This is an exploit for a previously undisclosed vulnerability in the bit string decoding code in the Microsoft ASN.1 library. This vulnerability is not related to the bit string vulnerability described in eEye advisory AD20040210-2. Both vulnerabilities were fixed in the MS04-007 patch. You are only allowed one attempt with this vulnerability. If the payload fails to execute, the LSASS system service will crash and the target system will automatically reboot itself in 60 seconds. If the payload succeeeds, the system will no longer be able to process authentication requests, denying all attempts to login through SMB or at the console. A reboot is required to restore proper functioning of an exploited system. This exploit has been successfully tested with the win32/*/reverse_tcp payloads, however a few problems were encounted when using the equivalent bind payloads. Your mileage may vary.
Author:	Solar Eclipse
Homepage:	http://www.metasploit.com
File Size:	7825
Related OSVDB(s):	3902
Related CVE(s):	CVE-2003-0818
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	4e417beb7a5d0d2ab86d8e944de79bf6

/// File Name:	ms04_011_lsass.rb.txt
Description:	This Metasploit module exploits a stack overflow in the LSASS service, this vulnerability was originally found by eEye. When re-exploiting a Windows XP system, you will need need to run this module twice. DCERPC request fragmentation can be performed by setting 'FragSize' parameter.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	4548
Related OSVDB(s):	5248
Related CVE(s):	CVE-2003-0533
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	70709884db691b00a5f83e02c46451e1

/// File Name:	ms04_011_pct.rb.txt
Description:	This Metasploit module exploits a buffer overflow in the Microsoft Windows SSL PCT protocol stack. This code is based on Johnny Cyberpunk's THC release and has been tested against Windows 2000 and Windows XP. To use this module, specify the remote port of any SSL service, or the port and protocol of an application that uses SSL. The only application protocol supported at this time is SMTP. You only have one chance to select the correct target, if you are attacking IIS, you may want to try one of the other exploits first (WebDAV). If WebDAV does not work, this more than likely means that this is either Windows 2000 SP4+ or Windows XP (IIS 5.0 vs IIS 5.1). Using the wrong target may not result in an immediate crash of the remote system.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	4224
Related OSVDB(s):	5250
Related CVE(s):	CVE-2003-0719
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	eb7d6cb9c2d3c0098ad3e22f55fe4c52

/// File Name:	ms04_031_netdde.rb.txt
Description:	This Metasploit module exploits a stack overflow in the NetDDE service, which is the precursor to the DCOM interface. This exploit effects only operating systems released prior to Windows XP SP1 (2000 SP4, XP SP0). Despite Microsoft's claim that this vulnerability can be exploited without authentication, the NDDEAPI pipe is only accessible after successful authentication.
Author:	Pusscat
Homepage:	http://www.metasploit.com
File Size:	2561
Related OSVDB(s):	10689
Related CVE(s):	CVE-2004-0206
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	9b025b23453841c969d4b4cbc72b769c

/// File Name:	ms04_045_wins.rb.txt
Description:	This Metasploit module exploits a arbitrary memory write flaw in the WINS service. This exploit has been tested against Windows 2000 only.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	5114
Related OSVDB(s):	12378
Related CVE(s):	CVE-2004-1080
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	79e4ef46355d20b3f60db428e6bbcefe

/// File Name:	ms05_017_msmq.rb.txt
Description:	This Metasploit module exploits a stack overflow in the RPC interface to the Microsoft Message Queueing service. The offset to the return address changes based on the length of the system hostname, so this must be provided via the 'HNAME' option. Much thanks to snort.org and Jean-Baptiste Marchand's excellent MSRPC website.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	4434
Related OSVDB(s):	15458
Related CVE(s):	CVE-2005-0059
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	17069e45c5e565921dbd828c75bdb9d0

/// File Name:	ms05_030_nntp.rb.txt
Description:	This Metasploit module exploits a stack overflow in the news reader of Microsoft Outlook Express.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	2165
Related OSVDB(s):	17306
Related CVE(s):	CVE-2005-1213
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	d78648a4b2fd5ee831fe64a092f3c34f

/// File Name:	ms05_039_pnp.rb.txt
Description:	This Metasploit module exploits a stack overflow in the Windows Plug and Play service. This vulnerability can be exploited on Windows 2000 without a valid user account. Since the PnP service runs inside the service.exe process, a failed exploit attempt will cause the system to automatically reboot.
Author:	H D Moore,cazz
Homepage:	http://www.metasploit.com
File Size:	5494
Related OSVDB(s):	18605
Related CVE(s):	CVE-2005-1983
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	f770e4061d7f00b95aae877d9361d78d

/// File Name:	ms06_001_wmf_setabortproc.rb.txt
Description:	This Metasploit module exploits a vulnerability in the GDI library included with Windows XP and 2003. This vulnerability uses the 'Escape' metafile function to execute arbitrary code through the SetAbortProc procedure. This Metasploit module generates a random WMF record stream for each request.
Author:	H D Moore,O600KO78RUS,san
Homepage:	http://www.metasploit.com
File Size:	4759
Related OSVDB(s):	21987
Related CVE(s):	CVE-2005-4560
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	003e9bbed43629f932698d7a8fd4ac62

/// File Name:	ms06_013_createtextrange.rb.txt
Description:	This Metasploit module exploits a code execution vulnerability in Microsoft Internet Explorer. Both IE6 and IE7 (Beta 2) are vulnerable. It will corrupt memory in a way, which, under certain circumstances, can lead to an invalid/corrupt table pointer dereference. EIP will point to a very remote, non-existent memory location. This Metasploit module is the result of merging three different exploit submissions and has only been reliably tested against Windows XP SP2. This vulnerability was independently discovered by multiple parties. The heap spray method used by this exploit was pioneered by Skylined.
Author:	Darkeagle,Faithless,H D Moore,justfriends4n0w
Homepage:	http://www.metasploit.com
File Size:	5413
Related OSVDB(s):	24050
Related CVE(s):	CVE-2006-1359
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	220be404cd291d992369fff0dad37322

/// File Name:	ms06_025_rasmans_reg.rb.txt
Description:	This Metasploit module exploits a registry-based stack overflow in the Windows Routing and Remote Access Service. Since the service is hosted inside svchost.exe, a failed exploit attempt can cause other system services to fail as well. A valid username and password is required to exploit this flaw on Windows 2000. When attacking XP SP1, the SMBPIPE option needs to be set to 'SRVSVC'. Exploiting this flaw involves two distinct steps - creating the registry key and then triggering an overwrite based on a read of this key. Once the key is created, it cannot be recreated. This means that for any given system, you only get one chance to exploit this flaw. Picking the wrong target will require a manual removal of the following registry key before you can try again: HKEY_USERS\\\\.DEFAULT\\\\Software\\\\Microsoft\\\\RAS Phonebook
Author:	H D Moore,Pusscat
Homepage:	http://www.metasploit.com
File Size:	5884
Related OSVDB(s):	26437
Related CVE(s):	CVE-2006-2370
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	e3878c4e99491b1e90737445afd1a5bd

/// File Name:	ms06_025_rras.rb.txt
Description:	This Metasploit module exploits a stack overflow in the Windows Routing and Remote Access Service. Since the service is hosted inside svchost.exe, a failed exploit attempt can cause other system services to fail as well. A valid username and password is required to exploit this flaw on Windows 2000.
Author:	H D Moore,Nicolas Pouvesle
Homepage:	http://www.metasploit.com
File Size:	3181
Related OSVDB(s):	26437
Related CVE(s):	CVE-2006-2370
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	3f6a2755ca9f5a1b98bfc7d24b10a14f