/exploits-hackerhouse-opensource

exploits and proof-of-concept vulnerability demonstration files from the team at Hacker House

Primary LanguageCOtherNOASSERTION

Exploits

Exploits and proof-of-concept code from the team at Hacker House.

Filename Description
AirWatchMDMJailbreakBypass.txt Bypass jailbreak detection on mobile device management AirWatch for IOS
adobe-psp.tgz Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow PSP bypass (metasploit)
aix53l-libc.c AIX 5.3L libc locale environment handling local root exploit
aix53l-lquerypv.c AIX 5.3L /usr/sbin/lquerypv local root privilege escalation
amanda-amstar.txt Advanced Maryland Automatic Network Disk Archiver local root privilege escalation exploit
amanda-backup.txt Advanced Maryland Automatic Network Disk Archiver local root privilege escalation exploit
applejack.c PonyOS 3.0 & below tty ioctl() kernel local root exploit
asus_B1M_projector_root.png ASUS B1M projector remote root command injection (unpatchable)
BTCPE.txt British Telecom Huawei UART root access weakness
charybdis.tgz Firefox & IE exploits implant dropper for Windows & Linux
cisco-asa-sslbypass.py Cisco ASA 8.x & below VPN SSL module Clientless URL-list control bypass
cisco-XSS-wget-me.txt Cisco IOS 11.x web interface XSS vulnerability
cmd_gpbypass.exe cmd.exe patched to run even when disabled via Group Policy
cpg15x-dirtraversal.txt Coppermine 1.5.44 & below directory traversal vulnerability
cve-2003-0001.py CVE-2003-0001.py Etherleak information leak exploit, silently fixed in Cisco ASA PSIRT-0669464365
CVE-2012-4681.tgz Oracle Java SE 7 Update 6 & below remote polymorphic exploit (evades PSP)
CVE-2014-0160.py Heartbleed mass-scanning proof-of-concept tool
cve-2016-1531.sh Exim 4.84-3 local root exploit
cve-2019-10149.py Exim between 4.87 & 4.91 local root exploit
CVE-2020-0601.xdb XCA database of private keys for trusted CA exploit CVE-2020-0601
CVE-2020-3950.tgz EvilOSX trojan exploit plugin for CVE-2020-3950 VMware Fusion 11.5.2 & below local root
d3_decimator.txt SedSystems D3 decimator multiple vulnerabilities allow for remote root
dllpack.tgz MS15-051 / MS15-010 exploits with reflective DLL loading support (hacked from public code)
drupal-CVE-2014-3660.py Drupal XXE libxml2 Services exploit
dtappgather-poc.sh dtappgather local root exploit proof-of-concept (EXTREMEPARR)
fluttershy.py PonyOS 4.0 runtime linker local root exploit
FreeBSD-pftp-dirtraversal.txt Peters Anonymous FTP on FreeBSD directory traversal vulnerability
getlogin.c Tru64 V5.1B & below getlogin() kernel information leak
gionight.py GIO Linux embedded remote root exploit
gns3super-osx.sh GNS-3 OS-X local root exploit
goodnight.c Linux kernel 2.6.37 & below denial-of-service exploit CVE-2010-4165
heartbleed-bin static bin heartbleed exploit (fun trivia, Large Hadron Collider tested with this code)
heartbleed.c Heartbleed exploit using OpenSSL to encrypt the exploit for stealth
heartbleed-keyscan.py RSA prime factorization exploit for use with heartbleed
hfirixwfcmd.sh SGI IRIX <= 6.5.22 WebForce post-auth Remote Command Injection
hfsunsshdx.tgz SunSSH Solaris 10-11.0 x86 libpam remote root exploit CVE-2020-14871
hpwhytry.py HP XPe embedded devices remote command execution exploit
iis_search.pl IIS WebDAV & Indexing service directory traversal attack
inetutils-telnet.txt Multiple BSD based telnet implementations vulnerable to memory corruption.
iPwn.tgz IOS default root user "alpine" exploit to harvest data via SSH
irix-captest.c SGI IRIX <= 6.5.22 capability hijacking "eip" proof-of-concept (SGI XFS)
irix-ftpd-ls.txt SGI IRIX <= 6.5.22 ftpd "/bin/ls" root privilege escalation
irix-mediarecorder.txt SGI IRIX <= 6.5.22 CAP_SCHED_MGT "mediarecorder" privilege escalation
irix-onyx-syssgi.c SGI IRIX <= 6.5.5 syssgi() Onyx IP19/IP21/IP25 kernel information leak exploit
irix-rldx.sh SGI IRIX <= 6.4.x run-time linker file creation exploit
irix-runpriv-cap.png SGI IRIX <= 6.5.x screenshot showing "capabilities" exploit via runpriv
irix-setsockopt.c SGI IRIX <= 6.5.22 kernel mbuf corruption due to integer signedness comparison
irix-syssgi-panic.c SGI IRIX <= 6.5.22 syssgi() SGI_ENUMASHS null ptr kernel panic
irix-tapex.c SGI IRIX <= 6.5.22 "tsdaemon" root arbitrary file creation exploit
irssi-irc-fuzzer.pl irssi plugin IRC client fuzzing tool
jackrabbit.tgz RedStar OS 3.0 Naenara browser exploit
jdwp-exploit.txt Java JDWP exploitation for remote code execution
Kronos.tgz Java Signed Applet exploit and web management tool
lbreakout-exploit.c lbreakout2 PoC exploit for ARM (drops privileges)
leehseinloong.cpp Sudoku2 exploit written for Lee Hsien Loong. (.sg PM)
linux-ia32.c Linux Kernel 2.6.32 ia32entry emulation x86_64 exploit
lotus_exp.py Lotus Domino IMAP4 Server Release 6.5.4 win2k remote exploit
mikrotik-jailbreak.txt Mikrotik 6.40 & below "telnet" jailbreak exploit
mirc-DoS-Script.ini Mirc 6.12 & 6.11 denial-of-service IRC script
mobileiron0day.txt MobileIron Virtual Smartphone Platform local root exploit
MobileIronBypass.tgz MobileIron mobile device management jailbreak detection bypass
mulftpdos.zip Serv-U / G6 / WarFTPD denial-of-service exploit in asm
neogeox.txt NeoGeo Gold X games console jailbreak via UART root shell
NetBSD-sa-2016-003-howto-abuse-cpp.png NetBSD 6.1.5 calendar local root exploit PoC
openbsd-0day-cve-2018-14665.sh OpenBSD 6.4 Xorg local root exploit
prdelka-vs-AEP-smartgate.c AEP Smartgate V4.3B arbitrary file download exploit
prdelka-vs-APPLE-chpass.sh OS-X 10.6.3 & below chpass arbitrary file creation exploit
prdelka-vs-APPLE-ptracepanic.c OS-X 10.6.1 & below ptrace() mutex handling kernel panic
prdelka-vs-BSD-ptrace.tar.gz NetBSD 2.1 ptrace() local root exploit
prdelka-vs-CISCO-httpdos.zip Cisco IOS 12.2 & below HTTP denial-of-service exploit
prdelka-vs-CISCO-vpnftp.c Cisco VPN Concentrator 3000 FTP remote exploit
prdelka-vs-GNU-adabas2.txt Adabas D 13.01 SQL injection & directory traversal
prdelka-vs-GNU-adabas.c Adabas D 13.01 local root exploit Linux
prdelka-vs-GNU-chpasswd.c SquirrelMail 3.1 Change_passwd plugin & below local root exploit
prdelka-vs-GNU-citadel.tar.gz Citadel SMTP 7.10 & below remote code execution exploit
prdelka-vs-GNU-exim.c Exim 4.43-r2 & below host_aton() local root exploit (Linux)
prdelka-vs-GNU-lpr.c Slackware 1.01 stack overflow local root exploit (Linux)
prdelka-vs-GNU-mbsebbs.c mbse-bbs 0.70.0 & below local root exploit (Linux)
prdelka-vs-GNU-peercast.c PeerCast v0.1216 remote root exploit (linux)
prdelka-vs-GNU-sudo.c sudo 1.6.8p9 race condition local root exploit (Linux)
prdelka-vs-GNU-tin.c Slackware 1.01 local root exploit (Linux)
prdelka-vs-HPUX-libc.c HP-UX 11.11 & below libc local root exploit (hppa)
prdelka-vs-HPUX-swask.c HP-UX 11.11 & below swask format string local root exploit (hppa)
prdelka-vs-HPUX-swmodify.c HP-UX 11.11 & below swmodify local root exploit (hppa)
prdelka-vs-HPUX-swpackage.c HP-UX 11.11 & below swpackage local root exploit (hppa)
prdelka-vs-http-fuzz.tar.gz HTTP fuzzing tool & example Savant 3.1 vulnerability
prdelka-vs-LINUS-fchown.tar Linux kernel 2.4.x/2.6.6 & below fchown() file ownership exploit
prdelka-vs-MISC-massftp.tar.gz Mass scanning ftp exploiter tool
prdelka-vs-MS-hotmail.txt Microsoft Hotmail Authentication Bypass vulnerability
prdelka-vs-MS-IE-6.0.2800.1106.XPSP1.rar Internet Explorer 6.0 IFRAME Windows XP exploit
prdelka-vs-MS-rshd.tar.gz Windows RSH daemon 1.8 & below remote exploit
prdelka-vs-MS-winzip.c WinZip 10.0.7245 Win32 & below exploit (the one that angered CERT)
prdelka-vs-SCO-enable SCO OpenServer 5.0.7 enable local root exploit
prdelka-vs-SCO-netwarex.c SCO OpenServer 5.0.7 netware printing local "lp" exploit
prdelka-vs-SCO-ptrace.c SCO Unixware 7.1.3 ptrace() linux kernel emulation local root exploit
prdelka-vs-SCO-tcpdos SCO OpenServer 5.0.7 TCP RST denial-of-service exploit
prdelka-vs-SCO-termshx.c SCO OpenServer 5.0.7 termsh local gid "auth" exploit
prdelka-vs-SGI-xrunpriv SGI IRIX 6.5 runpriv local root exploit
prdelka-vs-SUN-sysinfo.c Solaris 10 sysinfo() local kernel memory information leak
prdelka-vs-SUN-telnetd.c Solaris in.telnetd 8.0 & 7.0 remote exploit (sparc)
prdelka-vs-SUN-virtualbox.sh Sun VirtualBox 3.0.6 local root exploit
prdelka-vs-THC-vmap THC vmap DoS exploit
prdelka-vs-UNIX-permissions.tar.gz UNIX file permissions generic directory exploit
r00t2.tgz Linux kernel 2.6.29 ptrace_attach() ported to ARM for "google phone"
rainbowdash.tgz PonyOS 3.0 & below kernel ELF loader local root exploit
rarity.c PonyOS 3.0 VFS file permissions local root exploit
raspbian.txt Raspbian vulnerabilities for sgid "games"
redstar2.0-localroot.png RedStar OS 2.0 local root privilege escalation exploit
redstar3.0-localroot.png RedStar OS 3.0 local root privilege escalation exploit
rshx.c rsh exploit - inject commands via rsh
rsshellshock.py RedStar OS server BEAM & RSSMON shellshock exploit
s7300cpustart.py Siemens S7-300 PLC CPU start command
s7300stop.py Siemens S7-300 PLC CPU stop command
shoryuken.c Linux kernel 2.6.29 ptrace_attach() local root race condition exploit
skyexp.py Sky 1.5 Sagem F@ST 2504 router infoleak & remote command injection
smartmaildos.tgz Smartmail 10.x pop3 & SMTP denial-of-service exploits (in ASM)
sp-email.py Sharepoint username enumeration exploit
spiltmilk.c Linux kernel 2.6.37-rc1 & below serial_core TIOCGICOUNT information leak exploit
ssh-dsa1024-rsa2048-keys-CVE-2008-0166.tgz Debian SSH insecure 'prng' SSH keys (released during Manchester riots)
sun-su-bug.txt Solaris 10 'su' local NULL pointer vulnerability CVE-2010-3503
telnet_term_0day.py Multiple BSD-based telnet.c IAC malformed options remote crash
trendmicro_IWSVA_shellshock.py TrendMicro InterScan Web Security Virtul Appliance shellshock exploit
UNICOS-cray.txt Cray UNICOS 9.0 local root vulnerabilities & shellcode PoC
vncscan.py RealVNC auth bypass CVE-2006-2369 scanner
vxlgiobye.py VXL Gio Linux remote command execution exploit
w32-fps.txt Microsoft Frontpage Personal WebServer ver 3.0.2.926 exploit
w32-grpconv.txt Windows XP SP1 grpconv.exe buffer overflow
w32-netcat.tgz "netcat" buffer overflow for Windows 98 exploit
w32-netcat.txt "netcat" buffer overflow for Windows 98 advisory
w32-progman.txt Windows XP "progman" buffer overflow
winnuke2011.sh MS11-083 Win7/Vista/2008 ICMP refCount denial-of-service flaw
wysewig.py Wyse embedded XP remote SYSTEM command execution exploit
xclm-exploit.c Microchip XC local root exploit (Linux) (installed by defcon 26 attendees)
zte-emode.txt ZTE Blade Vantage Z839 Emode.APK android.uid.system LPE exploit

These files are available under a Attribution-NonCommercial-NoDerivatives 4.0 International license.