Showing posts with label b0f. Show all posts
Showing posts with label b0f. Show all posts
Aug 29, 2011

0
Free MP3 CD Ripper 1.1 Buffer Overflow (SEH)

Hello .. My friend x-h4ck today have write an another b0f SEH exploit on "Free MP3  CD Ripper 1.1" ..


# #############################################################################
# Exploit Title : Free MP3 CD Ripper 1.1 Buffer Overflow (SEH)          
# Software	    : http://www.brothersoft.com/free-mp3-cd-ripper-84543.html
# Version	    : 1.1
# Tested on	    : Windows XP sp3 (en)
# Date		    : 28/08/2011
# Author		: X-h4ck
# Website	    : http://www.pirate.al , http://theflashcrew.blogspot.com 
# PirateAL Crew (2011)
# Email		    : mem001@live.com
# Greetz		: Wulns~ - Danzel - IllyrianWarrior- Ace - M4yh3m - Saldeath  
#                 mywisdom - bi0 - Slimshaddy - d3trimentaL - Lekosta - Rigon
#                 H-Down - H3ll - Pretorian
# #############################################################################
 
 
Exploit Link: inj3ct0r 
Enjoy ...
Keep it up x-h4ck :p 










Posted by
FlashcRew


at
21:49


























Labels:
,
,
,
,
















          

        

        

      

Aug 27, 2011


        

      










0


Free MP3 CD Ripper 1.1 Local Buffer Overflow











# ############################################################################
# Exploit Title : Free MP3 CD Ripper 1.1 Local Buffer Overflow 
# Software	    : http://www.brothersoft.com/free-mp3-cd-ripper-84543.html
# Version	    : 1.1
# Tested on	    : Windows xp sp3 (en)
# Date		    : 27/08/2011
# Author		: X-h4ck
# Website	    : http://www.pirate.al , http://theflashcrew.blogspot.com
# Email		    : mem001@live.com
# Greetz		: Wulns~ - Danzel - IllyrianWarrior- Ace - M4yh3m - Saldeath  
#                 mywisdom - bi0 - Slimshaddy - d3trimentaL - Lekosta - Rigon
#                 H-Down - H3ll - Pretorian
# ############################################################################
 
Link Exploit 










Posted by
FlashcRew


at
17:48


























Labels:
,
,

























0


ProFTPD with mod_sql pre-authentication, remote root













Volume 0x0e, Issue 0x43, Phile #0x07 of 0x10

|=-----------------------------------------------------------------------=|
|=------=[ ProFTPD with mod_sql pre-authentication, remote root  ]=------=|
|=-------------------------=[ heap overflow ]=---------------------------=|
|=-----------------------------------------------------------------------=|
|=-------------------=[ max_packetz@felinemenace.org ]=------------------=|
|=-----------------------------------------------------------------------=|

--[ Contents

  1 - Introduction 

  2 - The vulnerability
   2.1 - Tags explained
   2.2 - Generating overflow strings

  3 - Exploring what we can control
   3.1 - Automating tasks
   3.2 - ProFTPD Pool allocator
   3.3 - Examining backtraces
    3.3.1 - 11380f2c8ce44d29b93b9bc6308692ae backtrace
    3.3.2 - 2813d637d735be610a460a75db061f6b backtrace
    3.3.3 - 3d10e2a054d8124ab4de5b588c592830 backtrace
    3.3.4 - 844319188798d7742af43d10f6541a61 backtrace 
    3.3.5 - 914b175392625fe75c2b16dc18bfb250 backtrace
    3.3.6 - b975726b4537662f3f5ddf377ea26c20 backtrace
    3.3.7 - ccbbd918ad0dbc7a869184dc2eb9cc50 backtrace
    3.3.8 - f1bfd5428c97b9d68a4beb6fb8286b70 backtrace
    3.3.9 - Summary
   3.4 - Exploitation avenues
    3.4.1 - Shellcode approach
    3.4.2 - Data manipulation

  4 - Writing an exploit
   4.1 - Exploitation via arbitrary pointer return
   4.2 - Cleanup structure crash
   4.3 - Potential enhancements
   4.4 - Last thoughts

  5 - Discussion of hardening techniques against exploitation
   5.1 - Address Space Layout Randomisation
   5.2 - Non-executable Memory
   5.3 - Position Independent Binaries
   5.4 - Stack Protector
   5.5 - RelRO

  6 - References

--[ 1 - Introduction 

This paper describes and explores a pre-authentication remote root heap
overflow in the ProFTPD [1] FTP server. It's not quite a standard overflow,
due to the how the ProFTPD heap works, and how the bug is exploited via 
variable substition.

The vulnerability was inadvertently mitigated (from remote root, at least 
:( ) when the ProFTPD developers fixed a separate vulnerability in mod_sql 
where you could inject SQL and bypass authentication. That vulnerability 
that mitigated it is documented in CVE-2009-0542. 

The specific vulnerability we are exploring is an unbounded copy operation 
in sql_prepare_where(), which has not been fixed yet.

Also, I'd like to preemptively apologise for the attached code. It evolved 
over time in piecemeal fashion, and isn't overly pretty/readable by now :p


 


Read Full Article 












Posted by
FlashcRew


at
01:59


























Labels:
,
,
,
,
,
,
,
















          

        

        

      

Jul 5, 2011


        

      










0


CoolPlayer 219 Buffer Overflow Exploit











# #########################################################################
#~ Title         : CoolPlayer 219 Buffer Overflow Exploit   
#~ Software      : http://coolplayer.en.softonic.com/
#~ Tested on     : Windows XP SP3 English
#~ Date          : 04/07/2011
#~ Author        : X-h4ck
#~ Site          : http://www.pirate.al/ #PirateAL Crew , http://theflashcrew.blogspot.com/ 
#~ Email         : mem001@live.com 
#~ Greetz        : Wulns~ - IllyrianWarrior - Danzel - Ace - M4yh3m - Saldeath - bi0 - Slimshaddy - d3trimentaL - Lekosta - Pretorian - CroSs(r00tworm) - Rigon
# #########################################################################
1337Day Link 










Posted by
FlashcRew


at
09:43


























Labels:
,
,
















      

    










Subscribe to:
Posts (Atom)












 












FlashcRew Blog