Archive for November, 2010

Bypassing UAC with User Privilege under Windows Vista/7 – Mirror

muts

Introduction I would like to present an exploit of an ambiguous parameter in Windows kernel API that leads to buffer overflows under nearly every version of Microsoft Windows, especially one that can be used as a backdoor to Windows user…

Read More

Fuzzing vs Reversing – Round #2 (Reversing)

muts

After a few days of fuzzing, I noticed that I covered a large part of the format (at least the part I found interesting) so I then began reverse engineering the format more thoroughly. I started by mapping out the…

Read More

Fuzzing vs Reversing – Round #1 (Fuzzing)

muts

I have recently been doing some fuzzing on the Adobe Flash Player. I started by implementing a simple format fuzzer for Flash based on a homegrown framework that I have been developing for awhile. I implemented and executed tests and progressively…

Read More

vBulletin – A Journey Into 0day Exploitation

muts

The popular vBulletin software is generally a quite secure forum application if you exclude the minimal amount of vulnerable addons. However, when new features are occasionally included, such as Profile Customization, a new vulnerability might be born.

Read More

Foxit Reader Stack Overflow Exploit – Egghunter Edition

dookie2000ca

Some time ago, when Adobe Reader 0days were dropping left, right, and centre, Foxit Reader was frequently mentioned as a safer alternative to using Adobe. While it may be true that there are not as many exploits available for Foxit,…

Read More

Google Hacking Database Reborn

muts

The incredible amount of information continuously leaked onto the Internet, and therefore accessible by Google, is of great use to penetration testers around the world.  Johnny Long of Hackers for Charity started the Google Hacking Database (GHDB) to serve as…

Read More

Finding 0days in Web Applications

muts

Most zero-day exploits in web applications are usually easier to find, study, and attack than actual services like a webserver due to the fact that a hacker does not need to create shellcode, debug the service over and over or…

Read More

Exploit Database, New Features!

muts

We are constantly improving the Exploit Databse and adding more functionality to it. Our latest upgrade brings some exciting features, such as searching security articles by language, and a new “Free Text Exploit Search” feature.

Read More

Winamp 5.58 from Denial of Service to Code Execution Part 2

muts

Understanding the Winamp Memory Layout This post is a continuation of part 1 of Winamp 5.58 from Denial of Service to Code Execution. The solution we used on the first Winamp in_mod_plugin exploit was not as elegant as we would…

Read More