«
Expand/Collapse
141 items tagged "win"
Related tags:
sp3 [+],
exe [+],
denial of service [+],
code execution [+],
calc [+],
truetype font [+],
proof of concept [+],
messagebox [+],
xpsp [+],
starwars [+],
speaking [+],
privilege escalation vulnerability [+],
pointer [+],
poc [+],
pdf [+],
movie [+],
local privilege escalation [+],
layout [+],
keyboard layout [+],
keyboard [+],
guest [+],
force [+],
felix [+],
explorer [+],
eggsearch [+],
black hat [+],
shellcode [+],
windows xp [+],
tracing [+],
service microsoft [+],
perfectxp pc [+],
pc1 [+],
nick harbour [+],
file [+],
egg [+],
dereference [+],
demonstration code [+],
apple safari [+],
administrator [+],
account [+],
zip [+],
winexec [+],
windows version [+],
win32k [+],
walldorf germany [+],
version [+],
vbaexcepthandler [+],
vb6 [+],
usa [+],
ultimate [+],
timer [+],
time comming [+],
talk [+],
sys [+],
slides [+],
shutdown windows [+],
shutdown [+],
seh [+],
process dumper [+],
process [+],
part [+],
os solaris [+],
microsoft speech [+],
messageboxa [+],
memory corruption [+],
magnifier [+],
lindner [+],
library [+],
libdvdread [+],
keylayout [+],
kernel dos [+],
introduction [+],
hunting [+],
hp ux [+],
guest account [+],
grestretchbltinternal [+],
germany [+],
exploits [+],
eng [+],
egg hunting [+],
egg hunt [+],
eaf [+],
dvd [+],
dos windows [+],
contests [+],
chaos communication congress [+],
box [+],
bit [+],
beep beep [+],
beep [+],
arabic [+],
alignment [+],
admin [+],
activate [+],
win32 [+],
windows [+],
microsoft windows [+],
windows systeme [+],
win32 api [+],
win 7 [+],
vulnerabilities [+],
video [+],
user [+],
upgrade kit [+],
unicode [+],
und [+],
ultimate calc [+],
testare [+],
stuff [+],
sicurezza [+],
setnamedsecurityinfo [+],
server [+],
sandboxing [+],
s.k. chong [+],
remote [+],
r00t [+],
ptokax [+],
proxy [+],
pro [+],
privacy [+],
practical [+],
php [+],
opentype font [+],
one [+],
null pointer [+],
null [+],
ntt [+],
new [+],
mspaint [+],
mobile [+],
metasploit [+],
mechanism [+],
marketplace [+],
little imagination [+],
libero [+],
justice announced [+],
jpeg [+],
jesse burns [+],
jeri ellsworth [+],
interprocess [+],
integard [+],
howtos [+],
gsplayer [+],
google [+],
fuzzing [+],
fritzing [+],
firefox [+],
finding [+],
famous personalities [+],
execution [+],
exec [+],
eu court of justice [+],
download [+],
dns [+],
dll [+],
design [+],
dei [+],
dc motor [+],
damit lassen sich [+],
css [+],
court of justice [+],
court [+],
contest [+],
communication mechanisms [+],
command execution [+],
command [+],
chris gammell [+],
character lcd [+],
calculator [+],
burns [+],
bugtraq [+],
buffer overflow vulnerability [+],
blueescreen [+],
blue screen [+],
backconnect [+],
audio [+],
asia [+],
apps [+],
app [+],
api [+],
allwin [+],
Tutorials [+],
Release [+],
Newbie [+],
Angolo [+],
32 one way [+],
txt [+],
microsoft [+],
xp sp3 [+],
vulnerability [+],
cmd [+]
-
-
![Permalink for '[Video] Practical Win32 and UNICODE exploitation'](/themes/lilina/web//media/mark_off.gif.pagespeed.ce.FiDKaoEBZK.gif)
21:56
»
SecDocs
Authors:
Felix 'FX' Lindner Tags:
Windows exploiting Event:
Chaos Communication Congress 20th (20C3) 2003 Abstract: The talk could also be called "Lessons learned when the Cisco guys went to Windows land", because there are a number of things quite different in Windows land compared to other environments. One of these things is the frequent use of wide characters and the annoying difficulties that arise from that, including return addresses of 0x00410041. Technically, the speech covers stack based buffer overflows in Win32 applications and services where the buffer content consists of wide characters. Techniques for finding return addresses as well as practical wide character shellcodes (so-called venetian shell code) will be discussed. There will also be some side notes on ASCII based overflows and format string vulnerabilities. This talk is to provide the intermediate hacker with a few more usefull tricks for her/his sleeve, so don't expect any TESO-like magic. Of course, Phenoelit would not dare to show up without some entertaining examples of software engineering, this time comming from Walldorf/Germany.
-
10:40
»
SecDocs
Authors:
Felix 'FX' Lindner Tags:
Windows exploiting Event:
Chaos Communication Congress 20th (20C3) 2003 Abstract: The talk could also be called "Lessons learned when the Cisco guys went to Windows land", because there are a number of things quite different in Windows land compared to other environments. One of these things is the frequent use of wide characters and the annoying difficulties that arise from that, including return addresses of 0x00410041. Technically, the speech covers stack based buffer overflows in Win32 applications and services where the buffer content consists of wide characters. Techniques for finding return addresses as well as practical wide character shellcodes (so-called venetian shell code) will be discussed. There will also be some side notes on ASCII based overflows and format string vulnerabilities. This talk is to provide the intermediate hacker with a few more usefull tricks for her/his sleeve, so don't expect any TESO-like magic. Of course, Phenoelit would not dare to show up without some entertaining examples of software engineering, this time comming from Walldorf/Germany.
-
-
13:01
»
Hack a Day
Pull out your old Fritzing designs, or churn out a new one, and you might be able to win one of these prizes. Fritzing is looking for the top three designs which will receive these prizes. On the left is a Fritzing super upgrade kit with goodies like a Character LCD, DC motor and driver [...]
-
-
19:57
»
Packet Storm Security Recent Files
libdvdcss is a cross-platform library for transparent DVD device access with on-the-fly CSS decryption. It currently runs under Linux, FreeBSD, NetBSD, OpenBSD, BSD/OS, Solaris, BeOS, Win95/Win98, Win2k/WinXP, MacOS X, HP-UX, QNX, and OS/2. It is used by libdvdread and most DVD players such as VLC because of its portability and because, unlike similar libraries, it does not require your DVD drive to be region locked.
-
19:57
»
Packet Storm Security Misc. Files
libdvdcss is a cross-platform library for transparent DVD device access with on-the-fly CSS decryption. It currently runs under Linux, FreeBSD, NetBSD, OpenBSD, BSD/OS, Solaris, BeOS, Win95/Win98, Win2k/WinXP, MacOS X, HP-UX, QNX, and OS/2. It is used by libdvdread and most DVD players such as VLC because of its portability and because, unlike similar libraries, it does not require your DVD drive to be region locked.
-
-
4:06
»
Hack a Day
Sure, microcontrollers are useful, easy to apply, and ubiquitous, but where is the fun in the easy route? Well, for those of you out there with a little imagination and a 555 timer sitting around, there could be rewards in store. Brought to you by such famous personalities as Jeri Ellsworth and Chris Gammell, the 555 [...]
-
-
8:49
»
Packet Storm Security Recent Files
A null-free shellcode for 32-bit versions of Windows 5.0 - 7.0 all service packs that uses the Microsoft Speech API to say "You got pwned!" over the speakers. Includes optional code that fixes stack alignment (adds 5 bytes) and bypasses EAF (adds 29 bytes).
-
8:49
»
Packet Storm Security Misc. Files
A null-free shellcode for 32-bit versions of Windows 5.0 - 7.0 all service packs that uses the Microsoft Speech API to say "You got pwned!" over the speakers. Includes optional code that fixes stack alignment (adds 5 bytes) and bypasses EAF (adds 29 bytes).
-
-
15:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[local exploits] - GSPlayer 1.83a Win32 Release Buffer Overflow Vulnerability
-
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[win32] - win32/xp sp3 (ru) add local administrator in 74 bytes
-
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[win32] - win32/xp pro sp3 (EN) 32-bit - add new local administrator 113 bytes
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[win32] - win32 generic - add new local administrator 326 bytes
-
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[win32] - win32/xp sp3 (Tr) cmd.exe Shellcode 42 bytes
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[win32] - win32/xp sp3 (Tr) Add Admin Account Shellcode 127 bytes
-
-
16:13
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
Integard Pro 2.2.0.9026 (Win7 ROP-Code Metasploit Module)
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[win32] - win32/xp sp3 (Tr) calc.exe Shellcode 53 bytes
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[win32] - win32/xp sp3 (Tr) Create New File (zrl.txt) 74 bytes
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[win32] - win32/xp sp3 (Tr) cmd.exe Shellcode 52 bytes
-
17:01
»
Packet Storm Security Exploits
The win32k!GreStretchBltInternal() function in Microsoft Windows does not handle src == dest correctly. Proof of concept code included.
-
-
2:15
»
remote-exploit & backtrack
Ciao ragazzi,
sono nuovo del forum, avrei bisogno del vostro aiuto: quale programma posso utilizzare con Win7 per testare la sicurezza della mia password in Libero.it?
Grazie a tutti..
Gundin
-
-
7:25
»
remote-exploit & backtrack
Ich habe mal den aktuellen Priv Escalation Exploit auf folgenden Systemen erfolgreich getestet:
- WinXP SP2 (thx to Fancy for testing)
- WinXP mit SP3
- Win 2k3 Server SP1
- Win 2k3 Server SP2
- Win Vista SP1
- Win 2k8 Server
- Win 2k8 Server SP2
- Windows 7 endet in einem BSoD
... macht Spaß das Ding ;)
r00t for all ... | www.s3cur1ty.de
damit lassen sich alle vorhandenen Windows Systeme auf denen man als Pentester Zugang erlangt vollständig r00ten! :)
hf
m-1-k-3
