HOME
TOOLS
EXPLOITS
ABOUT US

Proof of concept exploit codes and vulnerabilities


ms08-067 - Multiprotocol NTLM replay attacks (Smbrelay3)
New generation smbrelay exploit tool that allows interaction with several network protocols that support NTLM authentication.


Hauppauge EPG Software directory transversal (SPANISH)
WinTv HVR drivers include a software named EPG (Electronic program guide) vulnerable to directory transversal attacks.


NTLM Spoofing under Windows 2000 (SPANISH)
Windows 2000 is vulnerable to NTLM spoofing, allowing anonymous bruteforce attacks or connections against SMB/CIFS protocols.


MS07-065 - Microsoft Windows 2000 Advanced Server SP4 Message Queue Exploit
Remote code execution for the message Queue service.


MS07-029 - Microsoft Windows DNS RPC Remote Buffer Overflow Exploit
Remote code execution througth DNS RPC interface. This exploit added an new unknown attack vector (port 445)


MS07-027 - Internet explorer mdsauth.dll Arbitrary file rewrite.
mdsauth.dll NMSA Session Description Object SaveAs control, arbitrary file modification


MS06-011 - Microsoft weak service DACL allows remote code execution
Exploiting the default permission for several windows an third part software its possible to remotely compromise a system and execute code with remote service credentials.


MS05-020 - Internet explorer Content Advisor Memory Corruption Vulnerability
By delivering to the user an special crafted .rat file is possible to overflow msrating.dll and execute remote code.


MS04-034 - Vulnerability in Compressed (zipped) Folders
Exploit for the Microsoft zip folder vulnerability. This exploit will execute code when a zip folder is accessed


MS04-011 - Microsoft utility manager local exploit
Sending special crafted messages to the process utilman.exe its possible to execute code as SYSTEM. This is a modified exploit from Cessar Cerrudo to make it work under spanish xp computers.


MS03-027 - Microsoft ShellClassInfo code execution
By placing a malformed desktop.ini file into a local/remote folder its possible to execute code every time an user access that folder.


MS03-026 - KAHT II - Microsoft RPC Dcom exploit
This exploit search the computers of network for this vulnerability and execute code for every vulnerable system found. This is one of the most reliable exploits published.


MS03-007 - KAHT - Microsoft Webdav exploit
Exploit for the webdav IIS vulnerability that allows remote code execution. This exploit bruteforces the return address to get into the system.


MS03-007 - KAHT - Microsoft Webdav exploit
Exploit for the webdav IIS vulnerability that allows remote code execution. This exploit bruteforces the return address to get into the system.


Universal exploit for vulnerable printer providers
Universal local exploit for vulnerable printer providers. This exploit works against cpprov.dll (Citrix Metaframe), and Novell (nwspool.dll - CVE-2006-5854 )


Citrix metaframe WEAK dacl privilege scalation vulnerability
Universal local exploit for vulnerable printer providers. This exploit works against cpprov.dll (Citrix Metaframe), and Novell (nwspool.dll - CVE-2006-5854 )


Tibco Rendezvous daemon, remote code execution
This code exploits a vulnerability in the way that Tibco Rendezvous daemon handles HTTP Request.


Tibco password extractor
Exploit against tibco configuration file. Due to the default weak ACLS, is possible for a local user to extract administration passwords from the configuration file


Pi3Web 2.0.1 Denial of Service - Proof of Concept
By sending a malformed GET request to the remote pi3web webserver its possible to execute remote code.


Serv-U Local privilege Escalation
Serv-u Application contains a hardcoded account that is used for administration. This account can be used to create a new user and grant him code execution permissions. Exploiting this flaw is possible to execute code as SYSTEM.


BadBlue Personal Edition v2.55 remote code execution
Remote code execution against badblue webserver. Versions <= 2.55 are affected.


WheresJames Webcam Publisher Beta 2.0.0014
Remote code execution exploit.


Smallftpd
Multiple vulnerabilities for Smallftpd v.099 and v1.02


more exploits...

More undisclosed stuff... because we rocks!...

Proof of concept exploit codes and vulnerabilities

Tarasco.org - Smashing your networks for fun and profit

© Andres and Miguel Tarasco. All rights reserved.

Valid XHTML 1.0 Transitional