En una auditoría de seguridad, uno de los objetivos puede ser vulnerar cuantas máquinas sean posibles. Para ello, nos valdremos de distintas herramientas escaneadores de red y puertos como nmap, visualizador y capturador de tráfico como Wireshark, alguna tool para hacer ataques MITM, como Cain y Abel y Evil FOCA etc..

Y para la parte de explotación, lo mas probable es que acabemos escogiendo Metasploit como Framework, pero no nos olvidemos que TODO no está en Metasploit.

Cuando detectamos una vulnerabilidad y queremos saber si hay un Exploit disponible, lo mas seguro es que vayamos a páginas como Exploit-DB para buscar la versión vulnerable.

exploitdb

La gente de Exploit-DB ha colgado todos los exploits en Github por lo que ahora has de actualizar el repositorio y con un script hacer la búsqueda necesaria.

Para bajar el repositorio hacemos:

git clone https://github.com/offensive-security/exploit-database.git

Antes de buscar nada, voy a ver si hay cambios.

[email protected]:~/tools/pentest/exploit-database$ git pull
remote: Counting objects: 18, done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 8 (delta 4), reused 8 (delta 4)
Unpacking objects: 100% (8/8), done.
From https://github.com/offensive-security/exploit-database
 9819ace..06a2c0f master -> origin/master
 * [new tag] 01132014 -> 01132014
Updating 9819ace..06a2c0f
Fast-forward
 files.csv | 1 +
 platforms/php/webapps/30357.txt | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 67 insertions(+)
 create mode 100755 platforms/php/webapps/30357.txt

Y ahora lo que haremos ver como funciona el script de búsqueda:

#!/bin/bash
 # exploitdb CLI search tool

 csvpath=/usr/share/exploitdb/files.csv

 USAGE="Usage: `basename $0` [term1] [term2] [term3]\nExample: `basename $0` oracle windows local\n\nUse lower case in the search terms; second and third terms are optional.
 \n`basename $0` will search each line of the csv file left to right so order your search terms accordingly.\n(ie: 'oracle local' will yield better results than 'local oracle')"

 if [ $# -eq 0 ]; then
 echo -e $USAGE >&2
 exit 1
 fi

 echo " Description Path"
 echo --------------------------------------------------------------------------- -------------------------

 awk -F "\"*,\"*" '{printf "%-75s %s\n", $3, $2}' $csvpath | awk 'tolower($0) ~ /'$1'/ && /'$2'/ && /'$3'/' | sed s/platforms//

 # You can change the identation on the path by changing the "75" above to something that suits your fancy
 # (ie: screen columns) 75 columns seemed a good compromise, a few lines will get truncated, but hey...
 # ideas and threats: [email protected], backtrack forums or find me at freenode (sygo).

<span style="line-height: 1.5em;">

 

Como veis, el script de búsqueda, busca en un path, por lo que tendremos que modificarlo para adaptarlo a nuestras necesidades.

Una vez que lo hemos modificado solo tendremos que hacer las búsquedas correctas :

Como ejemplo:

[email protected]:~/tools/pentest/exploit-database$ sh searchsploit windows local
 Description Path
--------------------------------------------------------------------------- -------------------------
MS Windows XP (explorer.exe) Buffer Overflow Exploit /windows/local/32.c
ICQ Pro 2003a Password Bypass exploit (ca1-icq.asm) /windows/local/52.asm
DameWare Mini Remote Control Server SYSTEM Exploit /windows/local/79.c
MS Windows (ListBox/ComboBox Control) Local Exploit (MS03-045) /windows/local/122.c
FirstClass Desktop 7.1 (latest) Buffer Overflow Exploit /windows/local/172.c
MS Windows Utility Manager Local SYSTEM Exploit (MS04-011) /windows/local/271.c
WinZIP MIME Parsing Overflow Proof of Concept Exploit /windows/local/272.c
MS Windows 2000 Utility Manager Privilege Elevation Exploit (MS04-019) /windows/local/350.c
MS Windows 2K POSIX Subsystem Privilege Escalation Exploit (MS04-020) /windows/local/351.c
MS Windows 2000 Universal Language Utility Manager Exploit (MS04-019) /windows/local/352.c
MS Windows 2K/XP Task Scheduler .job Exploit (MS04-022) /windows/local/353.c
MS Windows 2k Utility Manager (All-In-One) Exploit (MS04-019) /windows/local/355.c
MS Windows XP Task Scheduler (.job) Universal Exploit (MS04-022) /windows/local/368.c
Serv-U 3x - 5.x Local Privilege Escalation Exploit /windows/local/381.c
Ollydbg <= 1.10 Format String Bug /windows/local/388.c
AOL Instant Messenger AIM ""Away"" Message Local Exploit /windows/local/395.c
IPSwitch IMail Server <= 8.1 - Local Password Decryption Utility /windows/local/401.c
IPD (Integrity Protection Driver) Local Exploit /windows/local/403.c
WinRAR 1.0 - Local Buffer Overflow Exploit /windows/local/558.c
Zinf 2.2.1 - Local Buffer Overflow Exploit /windows/local/559.c
GlobalSCAPE - CuteFTP macros (.mcr) - Local Vulnerability /windows/local/560.txt
WinRAR <= 3.4.1 Corrupt ZIP File Vulnerability PoC /windows/local/694.c
MS Windows Improper Token Validation Local Exploit (working) /windows/local/749.cpp
Peer2Mail <= 1.4 Encrypted Password Dumper Exploit /windows/local/760.cpp
Funduc Search and Replace Compressed File Local BoF Exploit /windows/local/769.c
DelphiTurk CodeBank 3.1 - Local Username and Password Disclosure /windows/local/798.c
DelphiTurk FTP 1.0 - Passwords to Local Users Exploit /windows/local/803.c
DelphiTurk e-Posta 1.0 - Local Exploit /windows/local/811.c
PeerFTP 5 Local Password Disclosure Exploit /windows/local/833.cpp
eXeem 0.21 Local Password Disclosure Exploit /windows/local/834.c
SendLink 1.5 - Local Password Disclosure Exploit /windows/local/835.c
WWW File Share Pro 2.72 Local Password Disclosure Exploit /windows/local/836.c
Chat Anywhere 2.72a Local Password Disclosure Exploit /windows/local/837.c
Avaya IP Office Phone Manager Local Password Disclosure Exploit /windows/local/839.cpp
eXeem 0.21 Local Password Disclosure Exploit (asm) /windows/local/844.asm
Einstein <= 1.01 Local Password Disclosure Exploit /windows/local/846.cpp
Einstein <= 1.01 Local Password Disclosure Exploit (asm) /windows/local/848.asm
RealPlayer 10 "".smil"" File Local Buffer Overflow Exploit /windows/local/863.cpp
iSnooker <= 1.6.8 - Local Password Disclosure Exploit /windows/local/884.cpp
iPool <= 1.6.81 Local Password Disclosure Exploit /windows/local/885.cpp
BakBone NetVault 6.x/7.x Local Stack Buffer Overflow Exploit /windows/local/905.c
GetDataBack Data Recovery 2.31 - Local Exploit /windows/local/912.c
FTP Now <= 2.6.14 Local Password Disclosure Exploit /windows/local/918.c
FireFly 1.0 - Local Proxy Password Disclosure Exploit /windows/local/919.c
P2P Share Spy 2.2 - Local Password Disclosure Exploit /windows/local/920.c
MS Jet Database (msjet40.dll) DB File Buffer Overflow Exploit /windows/local/927.c
MS Jet Database (msjet40.dll) Reverse Shell Exploit /windows/local/929.py
Oracle Database Server <= 10.1.0.2 - Buffer Overflow Exploit /windows/local/932.sql
Oracle Database PL/SQL Statement Multiple SQL Injection Exploits /windows/local/933.sql
Morpheus <= 4.8 - Local Chat Passwords Disclosure Exploit /windows/local/935.c
DeluxeFtp 6.x Local Password Disclosure Exploit /windows/local/936.c
BitComet 0.57 Local Proxy Password Disclosure Exploit /windows/local/937.c
MS Windows (HTA) Script Execution Exploit (MS05-016) /windows/local/938.cpp
MS Jet Database (msjet40.dll) Reverse Shell Exploit /windows/local/951.py
GoText 1.01 Local User Informations Disclosure Exploit /windows/local/963.c
FilePocket 1.2 - Local Proxy Password Disclosure Exploit /windows/local/964.c
ICUII 7.0 - Local Password Disclosure Exploit /windows/local/965.c
NotJustBrowsing 1.0.3 - Local Password Disclosure Exploit /windows/local/966.c
BulletProof FTP Server 2.4.0.31 Local Privilege Escalation Exploit /windows/local/971.cpp
MS Windows COM Structured Storage Local Exploit (MS05-012) /windows/local/1019.c
Kaspersky AntiVirus ""klif.sys"" Privilege Escalation Vulnerability /windows/local/1032.cpp
WinZIP <= 8.1 Command Line Local Buffer Overflow Exploit /windows/local/1034.cpp
Willing Webcam 2.8 Licence Info Disclosure Local Exploit /windows/local/1085.c
Access Remote PC 4.5.1 - Local Password Disclosure Exploit /windows/local/1086.c
Internet Download Manager <= 4.05 Input URL Stack Overflow Exploit /windows/local/1091.c
MS Windows (LegitCheckControl.dll) Genuine Advantage Validation Patch /windows/local/1128.c
BakBone NetVault 7.1 - Local Privilege Escalation Exploit /windows/local/1161.c
WinAce 2.6.0.5 Temporary File Parsing Buffer Overflow Vulnerability /windows/local/1168.c
Mercora IMRadio <= 4.0.0.0 - Local Password Disclosure Exploit /windows/local/1173.c
ZipTorrent <= 1.3.7.3 - Local Proxy Password Disclosure Exploit /windows/local/1174.c
MS Windows (keybd_event) Local Privilege Elevation Exploit /windows/local/1197.c
MS Windows CSRSS Local Privilege Escalation Exploit (MS05-018) /windows/local/1198.c
WinRAR 3.30 Long Filename Buffer Overflow Exploit /windows/local/1403.c
WinRAR 3.30 Long Filename Buffer Overflow Exploit (more targets) (2) /windows/local/1404.c
PHP <= 4.4.0 (mysql_connect function) Local Buffer Overflow Exploit /windows/local/1406.php
MS Windows 2k Kernel APC Data-Free Local Escalation Exploit (MS05-055) /windows/local/1407.c
Oracle Database Server 9i/10g (XML) Buffer Overflow Exploit /windows/local/1455.txt
MS Windows Services ACLs Local Privilege Escalation Exploit (updated) /windows/local/1465.c
Microsoft HTML Help Workshop (.hhp file) Buffer Overflow Exploit /windows/local/1470.c
Microsoft HTML Help Workshop (.hhp file) Buffer Overflow Exploit (new) /windows/local/1490.c
Microsoft HTML Help Workshop (.hhp file) Buffer Overflow Exploit (3) /windows/local/1495.cpp
MS Visual Studio 6.0 sp6 (Malformed .dbp File) Buffer Overflow Exploit /windows/local/1555.c
MS Windows Telephony Service Command Execution Exploit (MS05-040) /windows/local/1584.cpp
Intel Wireless Service (s24evmon.exe) Shared Memory Exploit /windows/local/1772.c
IntelliTamper 2.07 - (.map file) Local Arbitrary Code Execution Exploit /windows/local/1806.c
MS Windows (NtClose DeadLock) Vulnerability PoC (MS06-030) /windows/local/1910.c
MS Windows XP/2K (Mrxsmb.sys) Privilege Escalation PoC (MS06-030) /windows/local/1911.c
Pico Zip 4.01 (Long Filename) Buffer Overflow Exploit /windows/local/1917.pl
Microsoft Excel Unspecified Remote Code Execution Exploit /windows/local/1944.c
Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit /windows/local/1958.pl
Microsoft Excel Universal Hlink Local Buffer Overflow Exploit /windows/local/1978.pl
WinRAR <= 3.60 beta 6 (SFX Path) Local Stack Overflow Exploit /windows/local/1985.py
Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french) /windows/local/1986.cpp
Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian) /windows/local/1988.pl
WinRAR <= 3.60 beta 6 (SFX Path) Local Stack Overflow Exploit (french) /windows/local/1992.py
Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC /windows/local/1999.pl
Microsoft IIS ASP Stack Overflow Exploit (MS06-034) /windows/local/2056.c
Cheese Tracker <= 0.9.9 - Local Buffer Overflow Exploit PoC /windows/local/2065.c
Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french) /windows/local/2091.cpp
Open Cubic Player <= 2.6.0pre6 / 0.1.10_rc5 Multiple BOF Exploit /windows/local/2094.c
VMware 5.5.1 (ActiveX) Local Buffer Overflow Exploit /windows/local/2264.htm
ZipCentral 4.01 ZIP File Handling Local Buffer Overflow Exploit /windows/local/2278.cpp
TIBCO Rendezvous <= 7.4.11 Password Extractor Local Exploit /windows/local/2284.c
PowerZip <= 7.06.3895 Long Filename Handling Buffer Overflow Exploit /windows/local/2286.cpp
MS Windows (Windows Kernel) Privilege Escalation Exploit (MS06-049) /windows/local/2412.c
Kaspersky Internet Security 6.0.0.303 IOCTL KLICK Local Exploit /windows/local/2676.cpp
XMPlay 3.3.0.4 (M3U Filename) Local Buffer Overflow Exploit /windows/local/2815.c
XMPlay 3.3.0.4 (ASX Filename) Local Buffer Overflow Exploit /windows/local/2824.c
VUPlayer <= 2.44 - (.M3U UNC Name) Buffer Overflow Exploit (c) /windows/local/2872.c
AtomixMP3 <= 2.3 - (.M3U) Buffer Overflow Exploit /windows/local/2873.c
BlazeVideo HDTV Player <= 2.1 Malformed PLF Buffer Overflow PoC /windows/local/2880.c
DeepBurner 1.8.0 .dbr File Parsing Buffer Overflow Exploit /windows/local/2950.c
MS Windows NtRaiseHardError Csrss.exe Memory Disclosure Exploit /windows/local/3024.c
Microsoft Vista (NtRaiseHardError) Privilege Escalation Exploit /windows/local/3071.c
Kaspersky Antivirus 6.0 - Local Privilege Escalation Exploit /windows/local/3131.c
Microsoft Help Workshop 4.03.0002 (.CNT) Buffer Overflow Exploit /windows/local/3149.cpp
Microsoft Help Workshop 4.03.0002 (.HPJ) Buffer Overflow Exploit /windows/local/3159.cpp
Microsoft Visual C++ (.RC Resource Files) Local Buffer Overflow Exploit /windows/local/3176.cpp
Multiple Printer Providers (spooler service) - Privilege Escalation Exploit /windows/local/3220.c
Microsoft Word 2000 Unspecified Code Execution Exploit (0day) /windows/local/3260.txt
News Rover 12.1 Rev 1 Remote Stack Overflow Exploit /windows/local/3342.c
News Bin Pro 5.33 (.NBI File) Local Buffer Overflow Exploit /windows/local/3349.c
News Rover 12.1 Rev 1 Remote Stack Overflow Exploit (perl) /windows/local/3369.pl
PHP <= 4.4.6 mssql_[p]connect() Local Buffer Overflow Exploit /windows/local/3417.php
PHP COM extensions (inconsistent Win32) safe_mode Bypass Exploit /windows/local/3429.php
PHP 4.4.6 crack_opendict() Local Buffer Overflow Exploit PoC /windows/local/3431.php
PHP 4.4.6 snmpget() object id Local Buffer Overflow Exploit PoC /windows/local/3439.php
Oracle 10g (PROCESS_DUP_HANDLE) Local Privilege Elevation (win32) /windows/local/3451.c
PHP <= 4.4.6 ibase_connect() Local Buffer Overflow Exploit /windows/local/3488.php
PHP 5.2.1 with PECL phpDOC Local Buffer Overflow Exploit /windows/local/3576.php
Corel Wordperfect X3 13.0.0.565 (.PRS) Local Buffer Overflow Exploit /windows/local/3593.c
MS Windows Animated Cursor (.ANI) Stack Overflow Exploit /windows/local/3617.cpp
MS Windows Animated Cursor (.ANI) Local Buffer Overflow Exploit /windows/local/3647.c
IrfanView 3.99 (.ANI File) Local Buffer Overflow Exploit /windows/local/3648.c
Ipswitch WS_FTP 5.05 Server Manager Local Site Buffer Overflow Exploit /windows/local/3649.c
MS Windows Animated Cursor (.ANI) Overflow Exploit (Hardware DEP) /windows/local/3652.c
TrueCrypt 4.3 - Privilege Escalation Exploit /windows/local/3664.txt
MS Windows GDI Local Privilege Escalation Exploit (MS07-017) /windows/local/3688.c
IrfanView 3.99 .ANI File Local Buffer Overflow Exploit (multiple targets) /windows/local/3692.c
MS Windows Animated Cursor (.ANI) Local Overflow Exploit /windows/local/3695.c
VCDGear <= 3.56 Build 050213 (FILE) Local Code Execution Exploit /windows/local/3727.c
MS Windows GDI Local Privilege Escalation Exploit (MS07-017) 2 /windows/local/3755.c
OllyDbg 1.10 Local Format String Exploit /windows/local/3757.txt
Photofiltre Studio 8.1.1 - (.TIF File) Local Buffer Overflow Exploit /windows/local/3772.c
ACDSee 9.0 (.XPM File) Local Buffer Overflow Exploit /windows/local/3776.c
XnView 1.90.3 (.XPM File) Local Buffer Overflow Exploit /windows/local/3777.c
Corel Paint Shop Pro Photo 11.20 (.CLP File) Buffer Overflow Exploit /windows/local/3779.c
Adobe Photoshop CS2 / CS3 Unspecified .BMP File Buffer Overflow Exploit /windows/local/3793.c
ABC-View Manager 1.42 (.PSP File) Buffer Overflow Exploit /windows/local/3797.c
FreshView 7.15 (.PSP File) Buffer Overflow Exploit /windows/local/3798.c
Gimp 2.2.14 .RAS File SUNRAS Plugin Buffer Overflow Exploit /windows/local/3801.c
IrfanView <= 4.00 .IFF File Buffer Overflow Exploit /windows/local/3811.c
Photoshop CS2/CS3 / Paint Shop Pro 11.20 .PNG File BoF Exploit /windows/local/3812.c
Winamp <= 5.34 .MP4 File Code Execution Exploit /windows/local/3823.c
East Wind Software (advdaudio.ocx 1.5.1.1) Local BoF Exploit /windows/local/3856.htm
Gimp 2.2.14 .RAS File Download/Execute Buffer Overflow Exploit (win32) /windows/local/3888.c
eTrust Antivirus Agent r8 Local Privilege Elevation Exploit /windows/local/3897.c
notepad++ 4.1 ruby file processing Buffer Overflow Exploit (win32) /windows/local/3912.c
MagicISO <= 5.4 (build239) .cue File Local Buffer Overflow Exploit /windows/local/3975.c
UltraISO <= 8.6.2.2011 (Cue/Bin Files) Local Buffer Overflow Exploit /windows/local/4001.cpp
UltraISO <= 8.6.2.2011 (Cue/Bin Files) Local Buffer Overflow Exploit 2 /windows/local/4002.py
DVD X Player 4.1 Professional .PLF file Buffer Overflow Exploit /windows/local/4024.rb
MoviePlay 4.76 .lst File Local Buffer Overflow Exploit /windows/local/4051.rb
PHP 5.2.3 Tidy extension Local Buffer Overflow Exploit /windows/local/4080.php
WinPcap 4.0 NPF.SYS Privilege Elevation Vulnerability PoC Exploit /windows/local/4165.c
Symantec AntiVirus symtdi.sys Local Privilege Escalation Exploit /windows/local/4178.txt
PHP <= 5.2.3 snmpget() object id Local Buffer Overflow Exploit /windows/local/4204.php
PHP 5.2.3 win32std ext. safe_mode/disable_functions Protections Bypass /windows/local/4218.php
CrystalPlayer 1.98 - (.mls) Local Buffer Overflow Exploit /windows/local/4229.pl
PHP 5.x (win32service) Local Safe Mode Bypass Exploit /windows/local/4236.php
Live for Speed S1/S2/Demo (.mpr replay file) Buffer Overflow Exploit /windows/local/4252.c
Panda Antivirus 2008 Local Privilege Escalation Exploit /windows/local/4257.c
Live for Speed S1/S2/Demo (.ply file) Buffer Overflow Exploit /windows/local/4262.cpp
Live for Speed S1/S2/Demo (.spr file) Buffer Overflow Exploit /windows/local/4263.cpp
PHP mSQL (msql_connect) Local Buffer Overflow Exploit /windows/local/4270.php
PHP <= 5.2.3 snmpget() object id Local Buffer Overflow Exploit (EDI) /windows/local/4274.php
PHP <= 5.2.3 (php_win32sti) Local Buffer Overflow Exploit /windows/local/4302.php
PHP <= 5.2.3 (php_win32sti) Local Buffer Overflow Exploit (2) /windows/local/4303.php
PHP FFI Extension 5.0.5 - Local Safe_mode Bypass Exploit /windows/local/4311.php
PHP Perl Extension Safe_mode BypassExploit /windows/local/4314.php
XAMPP for Windows 1.6.3a Local Privilege Escalation Exploit /windows/local/4325.php
Norman Virus Control nvcoaft51.sys ioctl BF672028 Exploit /windows/local/4345.c
Virtual DJ 5.0 (m3u File) Local Buffer OverFlow Exploit /windows/local/4354.py
OTSTurntables 1.00 (m3u File) Local Buffer Overflow Exploit /windows/local/4355.php
Microsoft Visual Basic 6.0 VBP_Open OLE Local CodeExec Exploit /windows/local/4361.pl
AtomixMP3 2.3 (pls File) Local Buffer OverFlow Exploit /windows/local/4364.php
Microsoft Visual Basic Enterprise Edition 6.0 SP6 Code Execution Exploit /windows/local/4431.py
PHP 5.2.4 ionCube extension safe_mode / disable_functions Bypass /windows/local/4517.php
jetAudio 7.x (m3u File) Local SEH Overwrite Exploit /windows/local/4531.py
PHP 5.x COM functions safe_mode and disable_function bypass /windows/local/4553.php
Sony CONNECT Player 4.x (m3u File) Local Stack Overflow Exploit /windows/local/4583.py
Kodak Image Viewer TIF/TIFF Code Execution Exploit PoC (MS07-055) /windows/local/4584.c
Microsoft Jet Engine MDB File Parsing Stack Overflow PoC /windows/local/4625.txt
Media Player Classic 6.4.9 MP4 File Stack Overflow Exploit /windows/local/4701.pl
Windows Media Player 6.4 MP4 File Stack Overflow PoC /windows/local/4702.pl
Nullsoft Winamp 5.32 MP4 tags Stack Overflow Exploit /windows/local/4703.pl
Rosoft Media Player <= 4.1.7 .M3U Stack Overflow Exploit /windows/local/4749.c
jetAudio 7.0.5 COWON Media Center MP4 Stack Overflow Exploit /windows/local/4751.pl
CoolPlayer 2.17 .m3u Playlist Stack Overflow Exploit /windows/local/4839.pl
Microsoft Visual InterDev 6.0 (SP6) .sln File Local Buffer Overflow Exploit /windows/local/4892.py
MS Visual Basic Enterprise Ed. 6 SP6 .dsr File Handling BOF Exploit /windows/local/4938.py
IrfanView 4.10 .FPX File Memory Corruption Exploit /windows/local/4998.c
Safenet IPSecDrv.sys <= 10.4.0.12 Local kernel ring0 SYSTEM Exploit /windows/local/5004.c
Total Video Player 1.03 M3U File Local Buffer Overflow Exploit /windows/local/5032.c
Total Video Player 1.20 M3U File Local Stack Buffer Overflow Exploit /windows/local/5077.cpp
Microsoft Office .WPS File Stack Overflow Exploit (MS08-011) /windows/local/5107.c
DESlock+ <= 3.2.6 (list) Local Kernel Memory Leak PoC /windows/local/5141.c
DESlock+ <= 3.2.6 - Local Kernel ring0 link list zero SYSTEM Exploit /windows/local/5143.c
DESlock+ <= 3.2.6 DLMFDISK.sys local kernel ring0 SYSTEM Exploit /windows/local/5144.c
VLC <= 0.8.6e Subtitle Parsing Local Buffer Overflow Exploit /windows/local/5250.cpp
Microsoft Office Excel Code Execution Exploit (MS08-014) /windows/local/5287.txt
Microsoft Office XP SP3 PPT File Buffer Overflow Exploit (ms08-016) /windows/local/5320.txt
XnView 1.92.1 Slideshow (FontName) Buffer Overflow Exploit /windows/local/5346.pl
MS Visual Basic Enterprise Ed. 6 SP6 DSR File Local BOF Exploit /windows/local/5361.py
MS Windows GDI Image Parsing Stack Overflow Exploit (MS08-021) /windows/local/5442.cpp
DivX Player 6.6.0 SRT File SEH Buffer Overflow Exploit /windows/local/5462.py
Adobe Album Starter 3.2 Unchecked Local Buffer Overflow Exploit /windows/local/5479.txt
DivX Player 6.7 SRT File Subtitle Parsing Buffer Overflow Exploit /windows/local/5492.cpp
Kantaris 0.3.4 SSA Subtitle Local Buffer Overflow Exploit /windows/local/5498.py
MS Windows XP SP2 (win32k.sys) Privilege Escalation Exploit (MS08-025) /windows/local/5518.txt
Open Office.org 2.31 swriter Local Code Execution Exploit /windows/local/5584.c
Symantec Altiris Client Service 6.8.378 Local Privilege Escalation Exploit /windows/local/5625.c
VLC 0.8.6d SSA Parsing Double Sh311 Universal Exploit /windows/local/5667.py
Deterministic Network Enhancer dne2000.sys kernel ring0 SYSTEM exploit /windows/local/5837.c
XnView 1.93.6 for Windows .taac Local Buffer Overflow Exploit PoC /windows/local/5951.c
Download Accelerator Plus - DAP 8.x (m3u) Local BOF Exploit 0day /windows/local/6030.py
OllyDBG 1.10 and ImpREC 1.7f - (export name) BOF PoC /windows/local/6031.asm
Download Accelerator Plus - DAP 8.x m3u File Buffer Overflow Exploit (c) /windows/local/6039.c
IntelliTamper 2.07 (map file) Local Arbitrary Code Execution Exploit (pl) /windows/local/6106.pl
CoolPlayer m3u File Local Buffer Overflow Exploit /windows/local/6157.pl
IrfanView <= 3.99 IFF File Local Stack Buffer Overflow Exploit /windows/local/6188.c
Acoustica Mixcraft <= 4.2 Build 98 (mx4 file) Local BOF Exploit /windows/local/6322.pl
Acoustica MP3 CD Burner 4.51 Build 147 (asx file) Local BOF Exploit /windows/local/6329.pl
Acoustica Beatcraft 1.02 Build 19 (bcproj file) Local BOF Exploit /windows/local/6333.pl
Numark Cue 5.0 rev 2 Local .M3U File Stack Buffer Overflow Exploit /windows/local/6389.cpp
MS Windows 2003 Token Kidnapping Local Exploit PoC /windows/local/6705.txt
MS Windows XP/2003 AFD.sys Privilege Escalation Exploit (K-plugin) /windows/local/6757.txt
BitTorrent 6.0.3 .torrent File Stack Buffer Overflow Exploit /windows/local/6787.pl
VLC Media Player TY File Stack Based Buffer Overflow Exploit /windows/local/6798.pl
VLC 0.9.4 .TY File Buffer Overflow Exploit (SEH) /windows/local/6825.pl
TUGzip 3.00 archiver .ZIP File Local Buffer Overflow Exploit /windows/local/6831.cpp
Adobe Reader util.printf() JavaScript Function Stack Overflow Exploit /windows/local/6994.txt
Adobe Reader util.printf() JavaScript Function Stack Overflow Exploit #2 /windows/local/7006.txt
VLC Media Player < 0.9.6 .RT Stack Buffer Overflow Exploit /windows/local/7051.pl
Anti-Keylogger Elite 3.3.0 (AKEProtect.sys) Privilege Escalation Exploit /windows/local/7054.txt
Opera 9.62 file:// Local Heap Overflow Exploit /windows/local/7135.htm
Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win) /windows/local/7264.txt
Cain & Abel <= 4.9.24 - .RDP Stack Overflow Exploit /windows/local/7309.pl
Cain & Abel 4.9.23 (rdp file) Buffer overflow Exploit /windows/local/7329.py
RadAsm <= 2.2.1.5 (.RAP File) WindowCallProcA Pointer Hijack Exploit /windows/local/7334.pl
PEiD <= 0.92 Malformed PE File Universal Buffer Overflow Exploit /windows/local/7347.pl
Realtek Sound Manager (rtlrack.exe 1.15.0.0) - PlayList BOF Exploit /windows/local/7492.py
Microsoft SQL Server sp_replwritetovarbin() Heap Overflow Exploit /windows/local/7501.asp
ESET Smart Security <= 3.0.672 (epfw.sys) Privilege Escalation Exploit /windows/local/7516.txt
PowerStrip < = 3.84 (pstrip.sys) Privilege Escalation Exploit /windows/local/7533.txt
CoolPlayer 2.19 (Skin File) Local Buffer Overflow Exploit /windows/local/7536.cpp
CoolPlayer 2.19 (Skin File) Local Buffer Overflow Exploit (py) /windows/local/7547.py
Acoustica Mixcraft <= 4.2 Universal Stack Overflow Exploit (SEH) /windows/local/7577.pl
IntelliTamper 2.07/2.08 (MAP File) Local SEH Overwrite Exploit /windows/local/7582.py
IntelliTamper 2.07/2.08 (ProxyLogin) Local Stack Overflow Exploit /windows/local/7608.py
Destiny Media Player 1.61 (.m3u File) Local Stack Overflow Exploit /windows/local/7651.py
Destiny Media Player 1.61 (lst File) Local Buffer Overflow Exploit /windows/local/7654.pl
Destiny Media Player 1.61 (lst File) Local Buffer Overflow Exploit #2 /windows/local/7655.pl
Destiny Media Player 1.61 (lst File) Local Buffer Overflow Exploit #3 /windows/local/7656.pl
Destiny Media Player 1.61 (lst File) Local Buffer Overflow Exploit #4 /windows/local/7661.pl
Destiny Media Player 1.61 (lst File) Local Buffer Overflow Exploit #5 /windows/local/7662.py
VUPlayer 2.49 - (.wax File) Local Buffer Overflow Exploit /windows/local/7671.pl
Rosoft Media Player 4.2.1 - Local Buffer Overflow Exploit /windows/local/7684.pl
Cain & Abel 4.9.25 (Cisco IOS-MD5) Local Buffer Overflow Exploit /windows/local/7688.pl
CoolPlayer BUILD 219 (PlaylistSkin) Buffer Overflow Exploit /windows/local/7692.pl
VUPlayer <= 2.49 - (.PLS) Universal Buffer Overflow Exploit /windows/local/7695.pl
GOM Player 2.0.12.3375 (.ASX File) Stack Overflow Exploit /windows/local/7702.c
IntelliTamper (2.07/2.08) Language Catalog SEH Overflow Exploit /windows/local/7707.py
VUPlayer 2.49 - .ASX File (HREF) Local Buffer Overflow Exploit (2) /windows/local/7713.pl
VUPlayer 2.49 - .ASX File (HREF) Local Buffer Overflow Exploit (1) /windows/local/7714.pl
VUPlayer 2.49 - .ASX File (HREF) Universal Buffer Overflow Exploit /windows/local/7715.py
Microsoft HTML Workshop <= 4.74 Universal Buffer Overflow Exploit /windows/local/7727.pl
VUPlayer 2.49 - .ASX File (Universal) Local Buffer Overflow Exploit /windows/local/7745.py
OTSTurntables 1.00.027 (.ofl) Local Stack Overflow Exploit /windows/local/7765.py
Total Video Player 1.31 (DefaultSkin.ini) Local Stack Overflow Exploit /windows/local/7839.py
Browser3D 3.5 (.sfs File) Local Stack Overflow Exploit (c) /windows/local/7843.c
Browser3D 3.5 (.sfs File) Local Stack Overflow Exploit /windows/local/7848.pl
EleCard MPEG PLAYER (.m3u file) Local Stack Overflow Exploit /windows/local/7853.pl
Zinf Audio Player 2.2.1 (PLS File) Local Buffer Overflow Exploit (univ) /windows/local/7888.pl
Total Video Player 1.3.7 (.m3u) Local Buffer Overflow Exploit /windows/local/7923.c
GOM Player 2.0.12 (.PLS) Universal Buffer Overflow Exploit /windows/local/7929.c
Free Download Manager <= 3.0 Build 844 .torrent BOF Exploit /windows/local/7957.pl
Euphonics Audio Player 1.0 - (.pls) Local Buffer Overflow Exploit /windows/local/7958.pl
Euphonics Audio Player 1.0 (.pls) Universal Local Buffer Overflow Exploit /windows/local/7973.pl
Euphonics Audio Player 1.0 (.pls) Local Buffer Overflow Exploit (xp/sp3) /windows/local/7974.c
BlazeVideo HDTV Player <= 3.5 PLF Playlist File Remote Overflow Exploit /windows/local/7975.py
dBpowerAMP Audio Player 2 .PLS File Local Buffer Overflow Exploit /windows/local/7994.c
FeedDemon <= 2.7 OPML Outline Tag Buffer Overflow Exploit /windows/local/8010.pl
Hex Workshop 6.0 - (.HEX File) Local Code Execution Exploit /windows/local/8121.pl
Merak Media PLayer 3.2 m3u File Local Buffer Overflow Exploit (SEH) /windows/local/8126.py
Media Commands (m3u File) Local SEH Overwrite Exploit /windows/local/8137.py
VUplayer 2.49 - .CUE File Local Buffer Overflow Exploit /windows/local/8138.c
Winamp <= 5.541 Skin Universal Buffer Overflow Exploit /windows/local/8158.pl
Media Commands .m3l File Local Buffer Overflow Exploit /windows/local/8159.rb
Media Commands (m3u File) Universal SEH Overwrite Exploit /windows/local/8162.py
Nokia Multimedia Player 1.0 (playlist) Universal SEH Overwrite Exploit /windows/local/8171.py
Realtek Sound Manager 1.15.0.0 PlayList SEH Overwrite Exploit /windows/local/8174.py
mks_vir 9b < 1.2.0.0b297 (mksmonen.sys) Privilege Escalation Exploit /windows/local/8175.txt
EO Video 1.36 - PlayList SEH Overwrite Exploit /windows/local/8176.py
RadASM 2.2.1.5 (.RAP File) Local Stack Overflow Exploit /windows/local/8177.py
MediaCoder 0.6.2.4275 (m3u File) Universal Stack Overflow Exploit /windows/local/8178.pl
MediaCoder 0.6.2.4275 Universal Buffer Overflow Exploit (SEH) /windows/local/8179.rb
VUPlayer <= 2.49 - (.cue) Universal Buffer Overflow Exploit /windows/local/8189.txt
RainbowPlayer 0.91 (playlist) Universal SEH Overwrite Exploit /windows/local/8193.py
Foxit Reader 3.0 (<= Build 1301) PDF Buffer Overflow Exploit (Univ.) /windows/local/8201.pl
Rosoft Media Player 4.2.1 - Local Buffer Overflow Exploit (multi target) /windows/local/8214.c
CDex 1.70b2 (.ogg) Local Buffer Overflow Exploit (xp/ sp3) /windows/local/8231.php
Chasys Media Player 1.1 (.pls) Local Stack overflow Exploit /windows/local/8233.py
Chasys Media Player 1.1 (.pls) Stack Overflow Exploit #2 /windows/local/8234.py
Chasys Media Player 1.1 (.m3u) Stack Overflow Exploit /windows/local/8235.py
Icarus 2.0 (.PGN File) Local Stack Overflow Exploit (SEH) /windows/local/8236.py
Chasys Media Player 1.1 .cue File Stack Overflow Exploit /windows/local/8242.rb
Chasys Media Player (.lst playlist) Local Buffer Overflow Exploit /windows/local/8246.pl
BS.Player <= 2.34 Build 980 (.bsl) Local Buffer Overflow Exploit (SEH) /windows/local/8249.php
CloneCD/DVD (ElbyCDIO.sys < 6.0.3.2) Local Privilege Escalation Exploit /windows/local/8250.txt
BS.Player 2.34 (.bsl) Universal SEH Overwrite Exploit /windows/local/8251.py
Zinf Audio Player 2.2.1 (.pls) Universal Seh Overwrite Exploit /windows/local/8267.py
eXeScope 6.50 Local Buffer Overflow Exploit /windows/local/8270.pl
POP Peeper 3.4.0.0 .eml file Universal SEH Overwrite Exploit /windows/local/8274.pl
POP Peeper 3.4.0.0 .html file Universal SEH Overwrite Exploit /windows/local/8275.pl
Adobe Acrobat Reader JBIG2 Universal Exploit Bind Shell port 5500 /windows/local/8280.txt
Abee Chm Maker 1.9.5 (CMP File) Stack overflow Exploit /windows/local/8299.py
PowerCHM 5.7 (hhp) Local Buffer Overflow Exploit /windows/local/8301.pl
Abee Chm eBook Creator 2.11 (FileName) Local Stack Overflow Exploit /windows/local/8311.py
AtomixMP3 <= 2.3 - (playlist) Universal SEH Overwrite Exploit /windows/local/8312.py
Trend Micro Internet Security Pro 2009 Priviliege Escalation PoC /windows/local/8322.txt
UltraISO <= 9.3.3.2685 CCD/IMG Universal Buffer Overflow Exploit /windows/local/8343.pl
OTSTurntables 1.00.027 (.m3u/.ofl file) Universal BOF Exploit /windows/local/8371.pl
HTML Email Creator <= 2.1b668 (html) Local SEH Overwrite Exploit /windows/local/8401.cpp
RM Downloader 3.0.0.9 .m3u Universal Stack Overflow Exploit /windows/local/8410.pl
WM Downloader 3.0.0.9 .m3u Universal Stack Overflow Exploit /windows/local/8411.c
ASX to MP3 Converter 3.0.0.7 .m3u Universal Stack Overflow Exploit /windows/local/8412.pl
Mini-stream RM-MP3 Converter 3.0.0.7 .m3u Stack Overflow Exploit /windows/local/8413.pl
Mini-stream Ripper 3.0.1.1 .m3u Universal Stack Overflow Exploit /windows/local/8416.pl
BulletProof FTP Client 2009 (.bps) Buffer Overflow Exploit (SEH) /windows/local/8420.py
Shadow Stream Recorder (.m3u file) Universal Stack Overflow Exploit /windows/local/8426.pl
Easy RM to MP3 Converter Universal Stack Overflow Exploit /windows/local/8427.py
Star Downloader Free <= 1.45 (.dat) Universal SEH Overwrite Exploit /windows/local/8444.cpp
CoolPlayer Portable 2.19.1 (m3u) Buffer Overflow Exploit /windows/local/8519.pl
CoolPlayer Portable 2.19.1 (m3u) Buffer Overflow Exploit #2 /windows/local/8520.py
CoolPlayer Portable 2.19.1 (Skin) Buffer Overflow Exploit /windows/local/8527.py
Destiny Media Player 1.61 (.rdl) Local Buffer Overflow Exploit /windows/local/8535.pl
SDP Downloader 2.3.0 (.ASX) Local Buffer Overflow Exploit (SEH) /windows/local/8536.py
SDP Downloader 2.3.0 (.ASX) Local Buffer Overflow Exploit (SEH) #2 /windows/local/8540.c
Zoom Player Pro 3.30 (.m3u) - File Buffer Overflow Exploit (seh) /windows/local/8541.php
Mercury Audio Player 1.21 (.b4s) Local Stack Overflow Exploit /windows/local/8580.py
Mercury Audio Player 1.21 (.pls) SEH Overwrite Exploit /windows/local/8582.py
Mercury Audio Player 1.21 (.m3u) Local Stack Overflow Exploit /windows/local/8583.py
RM Downloader (.smi File) Local Stack Overflow Exploit /windows/local/8589.py
Beatport Player 1.0.0.283 (.m3u) Local SEH Overwrite Exploit /windows/local/8590.py
Beatport Player 1.0.0.283 (.M3U File) Local Stack Overflow Exploit #2 /windows/local/8591.py
Beatport Player 1.0.0.283 (.M3U File) Local Stack Overflow Exploit #3 /windows/local/8592.pl
RM Downloader (.smi File) Universal Local Buffer Overflow Exploit /windows/local/8594.pl

Como veis, solo tendríamos que ir al path que toque y escoger el exploit. Se pueden afinar mas las búsquedas esta claro.

×

! Contacta con DragonJAR ¡

Haga clic en uno de nuestros representantes para chatear en WhatsApp, tambien puedes llamarnos al +57 3046768721 o envíenos un correo a [email protected]

× ¿Como puedo ayudarte?