Exploit
Exploit的英文意思就是利用,它在黑客眼里就是漏洞利用,有漏洞不一定就有Exploit(利用),有Exploit就肯定有漏洞。
我们几乎每隔几天就能听到最近有一个新发现的可以被利用(exploit)的漏洞(vulnerability),然后给这个漏洞打上补丁。而事实上,这里面的内容比你想象的要多,因为你不可能知道所有软件的漏洞,而且那些可利用的漏洞也只是被少数人所了解。
漏洞是存在于一个程序、算法或者协议中的错误,可能带来一定的安全问题。但不是所有的漏洞都是能够被利用来攻击(exploitable)的,理论上存在的漏洞,并不代表这个漏洞足以让攻击者去威胁你的系统。一个漏洞不能攻击一个系统,并不代表两个或多个漏洞组合就不能攻击一个系统。例如:空指针对象引用(null-pointerdereferencing)漏洞可以导致系统崩溃(如果想做拒绝服务攻击就足够了),但是如果组合另外一个漏洞,将空指针指向一个你存放数据的地址并执行,那么你可能就利用此来控制这个系统了。
一个利用程序(Anexploit)就是一段通过触发一个漏洞(或者几个漏洞)进而控制目标系统的代码。攻击代码通常会释放攻击载荷(payload),里面包含了攻击者想要执行的代码。exploits利用代码可以在本地也可在远程进行。一个远程攻击利用允许攻击者远程操纵计算机,理想状态下能够执行任意代码。远程攻击对攻击者非常重要,因为攻击者可以远程控制他/她的主机,不需要通过其它手段(让受害者访问网站,点击一个可执行文件,打开一个邮件附件等等),而本地攻击一般都是用来提升权限。
- #!/usr/bin/perl use LWP::UserAgent; use Getopt::Long; # # [!] Discovered.: DNX # [!] Vendor.....: http://www.shooter-szene.de | http://www.ultrastats.o... 2008-10-08
- -[*] ================================================================================ [*]- -[*] Real Estate Script <= 1.1 Remote SQL Injection Vulnerability ... 2008-10-08
trixbox (langChoice) Local File Inclusion Exploit (connect-back)
#!/usr/bin/perl -w # Jean-Michel BESNARD - LEXSI Audit # 2008-07-08 # perl trixbox_fi.pl 192.168.1.212 # Please listen carefully as our menu option has chan... 2008-10-08Boonex Dolphin 6.1.2 Multiple Remote File Inclusion Vulnerabilities
# Name Of Script : Dolphin PHP # Version : 6.1.2 # Download From : http://heanet.dl.sourceforge.net/sourceforge/boonex-dolphin/Dolphin-v.6.1.2-Free.zip # F... 2008-10-08BrewBlogger 2.1.0.1 Arbitrary Add Admin Exploit
#!/usr/bin/perl #================================================= # BrewBlogger 2.1.0.1 Arbitrary Add Admin Exploit #==============================================... 2008-10-08- -[*] ================================================================================ [*]- -[*] Last Minute Script <= 4.0 Remote SQL Injection Vulnerability... 2008-10-08
Joomla Component com_content 1.0.0 (ItemID) SQL Injection Vuln
------------------------------------------------------------------------------------------- Joomla Component com_content SQL I... 2008-10-08- #!/usr/bin/perl # k1tk4t Public Security Advisory # //////////////////////////////////////////////////////////// # AuraCMS <= 2.2.2 (pages_data.php) Arbitrary... 2008-10-08
BoonEx Ray 3.5 (sIncPath) Remote File Inclusion Vulnerability
# Name Of Script : Ray # Version : 3.5 # Download From : http://get.boonex.com/Ray-v.3.5-Suite-Free # Found By : RoMaNcYxHaCkEr [ RoMaNTiC-TeaM ] ... 2008-10-08Dreampics Builder (page) Remote SQL Injection Vulnerability
######################################################### # # PICS BUILDER (page) SQL Injection Vulnerability #==============================================... 2008-10-08Download Accelerator Plus - DAP 8.x (m3u) Local BOF Exploit 0day
#!/usr/bin/python # Download Accelerator Plus - DAP 8.x (m3u) 0day Local Buffer Overflow Exploit # Bug discovered by Krystian Kloskowski (h07) <h07@interia.pl>... 2008-10-08OllyDBG v1.10 and ImpREC v1.7f (export name) BOF PoC
;-------------------------------------------------------------------------; ; OllyDBG v1.10 and ImpREC v1.7f export name buffer overflow vulnerability ; PoC (probab... 2008-10-08Download Accelerator Plus - DAP 8.x m3u File Buffer Overflow Exploit (c)
#include <stdio.h> #include <stdlib.h> /* DAP 8.x (.m3u) File BOF C Exploit for XP SP2,SP3 English SecurityFocus Advisory: Download Acceler... 2008-10-08- ########################################################################## #### Felipe Andres Manzano * fmanzano@fceia.unr.edu.ar #### #### updates... 2008-10-08
Wordpress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit
#!/usr/bin/php <?php # ------------------------------------------------------------ # quick'n'dirty wordpress admin-take0ver poc # by iso^kpsbr in august 2... 2008-10-08Adobe Acrobat 9 ActiveX Remote Denial of Service Exploit
<!-- Jeremy Brown (0xjbrown41@gmail.com/jbrownsec.blogspot.com) Adobe Acrobat 9 Remote DoS (--) Tested on AA9/IE7/Vista I can't seem to reproduce this ... 2008-10-08minb 0.1.0 Remote Code Execution Exploit
#!/usr/bin/python ##################################################################################### #### minb Remote Code Execution Exploit ... 2008-10-08Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC
<!-- Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC Summary: Maxthon Browser is a powerful tabbed browser built for all users. Besides basi... 2008-10-08Easy Photo Gallery 2.1 XSS/FD/Bypass/SQL Injection Exploit
#!/usr/bin/perl #---------------------------------------------------------------- # #Script : Ezphotogallery 2.1 # #Type : Multiple Vulnerabilities ( Xss/L... 2008-10-08phsBlog 0.2 Bypass SQL Injection Filtering Exploit
#!/usr/bin/perl #---------------------------------------------------------------- # #Script : PhsBlog v0.2 # #Type : Bypass Sql injection Filtering Exploit... 2008-10-08