# exploits-1 **Repository Path**: LightInfection/exploits-1 ## Basic Information - **Project Name**: exploits-1 - **Description**: exploits and proof-of-concept vulnerability demonstration files from the team at Hacker House - **Primary Language**: C - **License**: Not specified - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2020-02-25 - **Last Updated**: 2024-10-14 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # Exploits Exploits and proof-of-concept code from the team at Hacker House. | Filename | Description | | :---: | :--- | |*AirWatchMDMJailbreakBypass.txt* | Bypass jailbreak detection on mobile device management AirWatch for IOS | |*AIX-0days.txt* | AIX 4.2 local root vulnerabilities | |*amanda-amstar.txt* | Advanced Maryland Automatic Network Disk Archiver local root privilege escalation exploit | |*amanda-backup.txt* | Advanced Maryland Automatic Network Disk Archiver local root privilege escalation exploit | |*applejack.c* |PonyOS 3.0 & below tty ioctl() kernel local root exploit | |*asus_B1M_projector_root.png* | ASUS B1M projector remote root command injection (unpatchable) | |*BTCPE.txt* | British Telecom Huawei UART root access weakness | |*charybdis.tgz* | Firefox & IE exploits implant dropper for Windows & Linux | |*cisco-asa-sslbypass.py* | Cisco ASA 8.x & below VPN SSL module Clientless URL-list control bypass | |*cisco-XSS-wget-me.txt* | Cisco IOS 11.x web interface XSS vulnerability | |*cmd_gpbypass.exe* | cmd.exe patched to run even when disabled via Group Policy | |*cpg15x-dirtraversal.txt* | Coppermine 1.5.44 & below directory traversal vulnerability | |*cve-2003-0001.py* | CVE-2003-0001.py Etherleak information leak exploit, silently fixed in Cisco ASA PSIRT-0669464365 | |*CVE-2012-4681.tgz* | Oracle Java SE 7 Update 6 & below remote polymorphic exploit (evades PSP) | |*CVE-2014-0160.py* | Heartbleed mass-scanning proof-of-concept tool | |*cve-2016-1531.sh* | Exim 4.84-3 local root exploit | |*d3_decimator.txt* | SedSystems D3 decimator multiple vulnerabilities allow for remote root | |*dllpack.tgz* | MS15-051 / MS15-010 exploits with reflective DLL loading support (hacked from public code) | |*drupal-CVE-2014-3660.py* | Drupal XXE libxml2 Services exploit | |*dtappgather-poc.sh* | dtappgather local root exploit proof-of-concept (EXTREMEPARR) | |*fluttershy.py* | PonyOS 4.0 runtime linker local root exploit | |*FreeBSD-pftp-dirtraversal.txt* | Peters Anonymous FTP on FreeBSD directory traversal vulnerability | |*getlogin.c* | Tru64 V5.1B & below getlogin() kernel information leak | |*gionight.py* | GIO Linux embedded remote root exploit | |*gns3super-osx.sh* | GNS-3 OS-X local root exploit | |*goodnight.c* | Linux kernel 2.6.37 & below denial-of-service exploit CVE-2010-4165 | |*heartbleed-bin* | static bin heartbleed exploit (fun trivia, Large Hadron Collider tested with this code) | |*heartbleed.c* | Heartbleed exploit using OpenSSL to encrypt the exploit for stealth | |*heartbleed-keyscan.py* | RSA prime factorization exploit for use with heartbleed | |*hpwhytry.py* | HP XPe embedded devices remote command execution exploit | |*iis_search.pl* | IIS WebDAV & Indexing service directory traversal attack | |*inetutils-telnet.txt* | Multiple BSD based telnet implementations vulnerable to memory corruption. | |*iPwn.tgz* | IOS default root user "alpine" exploit to harvest data via SSH | |*irix-onyx-syssgi.c* | SGI IRIX <= 6.5.5 syssgi() Onyx IP19/IP21/IP25 kernel information leak exploit | |*irix-rldx.sh* | SGI IRIX <= 6.4.x run-time linker file creation exploit | |*irssi-irc-fuzzer.pl* | irssi plugin IRC client fuzzing tool | |*jackrabbit.tgz* | RedStar OS 3.0 Naenara browser exploit | |*jdwp-exploit.txt* | Java JDWP exploitation for remote code execution | |*Kronos.tgz* | Java Signed Applet exploit and web management tool | |*lbreakout-exploit.c* | lbreakout2 PoC exploit for ARM (drops privileges) | |*leehseinloong.cpp* | Sudoku2 exploit written for Lee Hsien Loong. (.sg PM) | |*linux-ia32.c* | Linux Kernel 2.6.32 ia32entry emulation x86_64 exploit | |*lotus_exp.py* | Lotus Domino IMAP4 Server Release 6.5.4 win2k remote exploit | |*mikrotik-jailbreak.txt* | Mikrotik 6.40 & below "telnet" jailbreak exploit | |*mirc-DoS-Script.ini* | Mirc 6.12 & 6.11 denial-of-service IRC script | |*mobileiron0day.txt* | MobileIron Virtual Smartphone Platform local root exploit | |*MobileIronBypass.tgz* | MobileIron mobile device management jailbreak detection bypass | |*mulftpdos.zip* | Serv-U / G6 / WarFTPD denial-of-service exploit in asm | |*neogeox.txt* | NeoGeo Gold X games console jailbreak via UART root shell | |*NetBSD-sa-2016-003-howto-abuse-cpp.png* | NetBSD 6.1.5 calendar local root exploit PoC | |*openbsd-0day-cve-2018-14665.sh* | OpenBSD 6.4 Xorg local root exploit | |*prdelka-vs-AEP-smartgate.c* | AEP Smartgate V4.3B arbitrary file download exploit | |*prdelka-vs-APPLE-chpass.sh* | OS-X 10.6.3 & below chpass arbitrary file creation exploit | |*prdelka-vs-APPLE-ptracepanic.c* | OS-X 10.6.1 & below ptrace() mutex handling kernel panic | |*prdelka-vs-BSD-ptrace.tar.gz* | NetBSD 2.1 ptrace() local root exploit | |*prdelka-vs-CISCO-httpdos.zip* | Cisco IOS 12.2 & below HTTP denial-of-service exploit | |*prdelka-vs-CISCO-vpnftp.c* | Cisco VPN Concentrator 3000 FTP remote exploit | |*prdelka-vs-GNU-adabas2.txt* | Adabas D 13.01 SQL injection & directory traversal | |*prdelka-vs-GNU-adabas.c* | Adabas D 13.01 local root exploit Linux | |*prdelka-vs-GNU-chpasswd.c* | SquirrelMail 3.1 Change_passwd plugin & below local root exploit | |*prdelka-vs-GNU-citadel.tar.gz* | Citadel SMTP 7.10 & below remote code execution exploit | |*prdelka-vs-GNU-exim.c* | Exim 4.43-r2 & below host_aton() local root exploit (Linux) | |*prdelka-vs-GNU-lpr.c* | Slackware 1.01 stack overflow local root exploit (Linux) | |*prdelka-vs-GNU-mbsebbs.c* | mbse-bbs 0.70.0 & below local root exploit (Linux) | |*prdelka-vs-GNU-peercast.c* | PeerCast v0.1216 remote root exploit (linux) | |*prdelka-vs-GNU-sudo.c* | sudo 1.6.8p9 race condition local root exploit (Linux) | |*prdelka-vs-GNU-tin.c* | Slackware 1.01 local root exploit (Linux) | |*prdelka-vs-HPUX-libc.c* | HP-UX 11.11 & below libc local root exploit (hppa) | |*prdelka-vs-HPUX-swask.c* | HP-UX 11.11 & below swask format string local root exploit (hppa) | |*prdelka-vs-HPUX-swmodify.c* | HP-UX 11.11 & below swmodify local root exploit (hppa) | |*prdelka-vs-HPUX-swpackage.c* | HP-UX 11.11 & below swpackage local root exploit (hppa) | |*prdelka-vs-http-fuzz.tar.gz* | HTTP fuzzing tool & example Savant 3.1 vulnerability | |*prdelka-vs-LINUS-fchown.tar* | Linux kernel 2.4.x/2.6.6 & below fchown() file ownership exploit | |*prdelka-vs-MISC-massftp.tar.gz* | Mass scanning ftp exploiter tool | |*prdelka-vs-MS-hotmail.txt* | Microsoft Hotmail Authentication Bypass vulnerability | |*prdelka-vs-MS-IE-6.0.2800.1106.XPSP1.rar* | Internet Explorer 6.0 IFRAME Windows XP exploit | |*prdelka-vs-MS-rshd.tar.gz* | Windows RSH daemon 1.8 & below remote exploit | |*prdelka-vs-MS-winzip.c* | WinZip 10.0.7245 Win32 & below exploit (the one that angered CERT) | |*prdelka-vs-SCO-enable* | SCO OpenServer 5.0.7 enable local root exploit | |*prdelka-vs-SCO-netwarex.c* | SCO OpenServer 5.0.7 netware printing local "lp" exploit | |*prdelka-vs-SCO-ptrace.c* | SCO Unixware 7.1.3 ptrace() linux kernel emulation local root exploit | |*prdelka-vs-SCO-tcpdos* | SCO OpenServer 5.0.7 TCP RST denial-of-service exploit | |*prdelka-vs-SCO-termshx.c* | SCO OpenServer 5.0.7 termsh local gid "auth" exploit | |*prdelka-vs-SGI-xrunpriv* | SGI IRIX 6.5 runpriv local root exploit | |*prdelka-vs-SUN-sysinfo.c* | Solaris 10 sysinfo() local kernel memory information leak | |*prdelka-vs-SUN-telnetd.c* | Solaris in.telnetd 8.0 & 7.0 remote exploit (sparc) | |*prdelka-vs-SUN-virtualbox.sh* | Sun VirtualBox 3.0.6 local root exploit | |*prdelka-vs-THC-vmap* | THC vmap DoS exploit | |*prdelka-vs-UNIX-permissions.tar.gz* | UNIX file permissions generic directory exploit | |*r00t2.tgz* | Linux kernel 2.6.29 ptrace_attach() ported to ARM for "google phone" | |*rainbowdash.tgz* | PonyOS 3.0 & below kernel ELF loader local root exploit | |*rarity.c* | PonyOS 3.0 VFS file permissions local root exploit | |*raspbian.txt* | Raspbian vulnerabilities for sgid "games" | |*redstar2.0-localroot.png* | RedStar OS 2.0 local root privilege escalation exploit | |*redstar3.0-localroot.png* | RedStar OS 3.0 local root privilege escalation exploit | |*rshx.c* | rsh exploit - inject commands via rsh | |*rsshellshock.py* | RedStar OS server BEAM & RSSMON shellshock exploit | |*s7300cpustart.py* | Siemens S7-300 PLC CPU start command | |*s7300stop.py* | Siemens S7-300 PLC CPU stop command | |*shoryuken.c* | Linux kernel 2.6.29 ptrace_attach() local root race condition exploit | |*skyexp.py* | Sky 1.5 Sagem F@ST 2504 router infoleak & remote command injection | |*smartmaildos.tgz* | Smartmail 10.x pop3 & SMTP denial-of-service exploits (in ASM) | |*sp-email.py* | Sharepoint username enumeration exploit | |*spiltmilk.c* | Linux kernel 2.6.37-rc1 & below serial_core TIOCGICOUNT information leak exploit | |*ssh-dsa1024-rsa2048-keys-CVE-2008-0166.tgz* | Debian SSH insecure 'prng' SSH keys (released during Manchester riots) | |*sun-su-bug.txt* | Solaris 10 'su' local NULL pointer vulnerability CVE-2010-3503 | |*telnet_term_0day.py* | Multiple BSD-based telnet.c IAC malformed options remote crash | |*trendmicro_IWSVA_shellshock.py* | TrendMicro InterScan Web Security Virtul Appliance shellshock exploit | |*UNICOS-cray.txt* | Cray UNICOS 9.0 local root vulnerabilities & shellcode PoC | |*vncscan.py* | RealVNC auth bypass CVE-2006-2369 scanner | |*vxlgiobye.py* | VXL Gio Linux remote command execution exploit | |*w32-fps.txt* | Microsoft Frontpage Personal WebServer ver 3.0.2.926 exploit | |*w32-grpconv.txt* | Windows XP SP1 grpconv.exe buffer overflow | |*w32-netcat.tgz* | "netcat" buffer overflow for Windows 98 exploit | |*w32-netcat.txt* | "netcat" buffer overflow for Windows 98 advisory | |*w32-progman.txt* | Windows XP "progman" buffer overflow | |*winnuke2011.sh* | MS11-083 Win7/Vista/2008 ICMP refCount denial-of-service flaw | |*wysewig.py* | Wyse embedded XP remote SYSTEM command execution exploit | |*xclm-exploit.c* | Microchip XC local root exploit (Linux) (installed by defcon 26 attendees) | These files are available under a Attribution-NonCommercial-NoDerivatives 4.0 International license.