Extreme Hacking Blog | Cyber Suraksha Abhiyan|sadik.shaikh@extremehacking.org

Exploits

/Exploits

Here’s a top tip: Don’t trust the new guy – block web domains less than a month old. They are bound to be dodgy

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India

Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: The Regsiter

IT admins could go a long way towards protecting their users from malware and other dodgy stuff on the internet if they ban access to any web domain less than a month old.

This advice comes from Unit 42, the […]

By |August 22nd, 2019|Exploits|
Read More

How Your PIN And Password Can Be Stolen Using Your Phone’s Movement

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Your high-end smartphone has tons of new features and sensors. Any new application that you install on your smartphone ask for the camera, microphone, and GPS permission, but what about the other sensors? It’s possible that […]

By |April 11th, 2017|Exploits|
Read More

US ISPs do not care about User Privacy and collects Personal Data

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

US legislation is about to pass a law that will allow the Internet service providers to share user’s personal information to advertising agencies.

As per reports, House of Representatives voted for a bill which will allow the […]

By |March 31st, 2017|Exploits|
Read More

Avira Antivirus 15.0.21.86 – ‘.zip’ Directory Traversal / Command Execution Exploit

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credit: R-73eN

# Title :  Avira Antivirus >= 15.0.21.86 Command Execution (SYSTEM)

# Tested on: Avira Antivirus 15.0.21.86 in Windows 7
# Vendor : https://www.avira.com/
# Disclosure Timeline:
# 2016-06-28 – Reported to Vendor through Bugcrowd.
# 2016-06-29 – Vendor Replied.
# 2016-07-05 – Vendor Replicated the vulnerability.
# 2016-09-02 – Vendor released updated […]

By |November 13th, 2016|Exploits|
Read More

Droid4X Privilege Escalation Vulnerability

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: CT-Zer0 Team
# Exploit Title: Droid4X Unquoted Service Path Privilege Escalation

# Category: local
# Vendor Homepage: http://www.droid4x.com/
# Software Link: http://dl.haima.me/download/DXDown/win/Z001/Droid4XInstaller.exe
# Tested on: Windows 7 x86/x64

1. Description

Droid4XService (Droid4XService.exe) installs as a service with
an unquoted service path running with SYSTEM privileges.
This could potentially allow an authorized but non-privileged […]

By |November 13th, 2016|Exploits|
Read More

DLink ADSL Router DSL-2750E SEA_1.07 Remote File Disclosure Vulnerability

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: Todor Donev
#!/bin/sh
#
#  D-Link ADSL ROUTER DSL-2750E SEA_1.07
#  Remote File Disclosure
#
#  Modem Name:               DSL-2750E
#  Firmware Version:         SEA_1.07

#
#  Disclaimer:
#  This or previous programs is for Educational
#  purpose ONLY. Do not use it without permission.
#  The usual disclaimer applies, especially the
#  fact that Todor […]

By |November 13th, 2016|Exploits|
Read More

Linux Kernel – TCP Related Read Use-After-Free Exploit

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: Marco Grassi

#include <unistd.h>
#include <sys/syscall.h>
#include <string.h>
#include <stdint.h>
#include <pthread.h>
#include <stdio.h>
 
#ifndef SYS_mmap
#define SYS_mmap 9
#endif
#ifndef SYS_socket
#define SYS_socket 41
#endif
#ifndef SYS_bind
#define SYS_bind 49
#endif
#ifndef SYS_sendto
#define SYS_sendto 44
#endif
#ifndef SYS_setsockopt
#define SYS_setsockopt 54
#endif
#ifndef SYS_dup
#define SYS_dup 32
#endif
#ifndef SYS_sendmsg
#define SYS_sendmsg 46
#endif
#ifndef SYS_recvfrom
#define SYS_recvfrom 45
#endif
#ifndef SYS_write
#define SYS_write 1
#endif
 
long r;
 
 
int main(int argc, char **argv)
{
    while (1) {
        pid_t pid = fork();
 
        if […]

By |November 13th, 2016|Exploits|
Read More

Microsoft Windows Server 2008 / 2012 – LDAP RootDSE Netlogon Denial Of Service (PoC)

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credit: Todor Donev
#!/usr/bin/perl
#
#  MS Windows Server 2008/2008 R2/ 2012/2012 R2/ AD LDAP RootDSE Netlogon
#  (CLDAP “AD Ping”) query reflection DoS PoC
#

#
#  MS Windows Server 2016      
#
#  Description:
#  The attacker  sends a simple query to a vulnerable reflector
#  supporting the Connectionless LDAP […]

By |November 13th, 2016|Exploits|
Read More

Android Proxy Auto Config (PAC) Crash Vulnerability

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: Yakov Shafranovich
Summary

Android devices can be crashed forcing a halt and then a soft reboot
by downloading a large proxy auto config (PAC) file when adjusting the
Android networking settings. This can also be exploited by an MITM
attacker that can intercept and replace the PAC file. However, the […]

By |November 13th, 2016|Exploits|
Read More

Microsoft Internet Explorer WININET.dll

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: SkyLined
Synopsis
 
A specially crafted HTTP response can cause the CHttp­Header­Parser::Parse­Status­Line method in WININET to read data beyond the end of a buffer. The size of the read can be controlled through the HTTP response. An attacker that is able to get any application that uses WININET […]

By |November 13th, 2016|Exploits|
Read More

Our Belief…

"One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man."
Copyright 2015 Extreme Hacking | All Rights Reserved | Cyber Suraksha Abhiyan | Site Protected by Sadik Shaikh |