分类 Windows 下的文章

Windows - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032)

 /* Sources: https://bugs.chromium.org/p/project-zero/issues/detail?id=687 https://googleprojectzero.blogspot.ca/2016/03/exploiting-leaked-thread-handle.html Windows: Secondary Logon St...

没穿底裤 2016 年 03 月 23 日 暂无评论

[MS15-010 / CVE-2015-0057] Exploitation

# MS15-010/CVE-2015-0057 win32k Local Privilege Escalation # Date: 2015-12-17 # Tested on Windows 8.1 x64 ENIntroductionAt the beginning of 2015 Udi Yavo [1] found a Windows kernel vulnerability th...

没穿底裤 2015 年 12 月 19 日 暂无评论

Oracle 9i/10g Oracle越权修改SYS密码

exp地址https://www.exploit-db.com/exploits/4203/ 首先用一个低权限账户比如DBSNMP登录Oracle 然后执行SQLcreate or replace view bunkerview as select x.name,x.password from sys.user$ x left outer join sys.user$ y on x.na...

没穿底裤 2015 年 09 月 17 日 暂无评论

Windows 2k3 SP2 - TCP/IP IOCTL Privilege Escalation (MS14-070)

/* ################################################################ # Exploit Title: Windows 2k3 SP2 TCP/IP IOCTL Privilege Escalation (MS14-070) # Date: 2015-08-10 # Exploit Author: Tomislav P...

没穿底裤 2015 年 08 月 26 日 暂无评论

Microsoft Windows HTA Remote Code Execution

#!/usr/bin/php <?php # Title : Microsoft Windows HTA (HTML Application) - Remote Code Execution # Tested on Windows 7 / Server 2008 # # # Author : Mohammad Reza Espargham # Linkedin : htt...

没穿底裤 2015 年 08 月 26 日 暂无评论

Havij OLE Automation Array Remote Code Execution

#!/usr/bin/php <?php # Title : Havij OLE Automation Array Remote Code Execution # Affected Versions: All Version # Founder : ITSecTeam # Tested on Windows 7 / Server 2008 # # # Author   ...

没穿底裤 2015 年 07 月 05 日 暂无评论