Wordpress Plugin: 'Five Star Rating' <=v1.3.1 SQL Injection

Link: http://www.1337day.com/exploits/19489

backfuzz v0.3 released

Hey guys, just announcing that v0.3 came out, new changes are:

(*) Added the ability to use different type of patterns while fuzzing (Cyclic | CyclicExtended | Single | Format-String).
(*) Removed a lot of un-useful parameters and use global variables instead.
(*) Minor Help Screen improvements.

Help Screen:



Example with CyclicExtended:



Download:

https://github.com/localh0t/backfuzz

Wordpress Plugin: Email Before Download <=3.16 Remote Blind SQL Injection

Link: http://www.1337day.com/exploits/18049

backfuzz v0.2

New update of backfuzz: TFTP plugin added. Enjoy.

GitHub: https://github.com/localh0t/backfuzz

Bypassing tolower() filters in buffer overflows

This whitepaper goes into detail on how to bypass tolower() filters in buffer overflows. It uses a stack-based buffer overflow as an example but the technique can also be applied to heap overflows as well.

Hope you guys enjoy it :).

Link:  http://packetstormsecurity.org/files/download/111411/bypassing-tolower.pdf

Website Pro <= 3.1.13.0 "Referer:" Remote Buffer Overflow PoC

The crash occurs when the application tries to write ECX (0x00000000) into the address that 
contains EAX (we control EAX) (0xBAADBEEF) .
Possible explotable, not tested yet.

SHODAN Dork: "Server: Website/3.1" 

Link: http://www.1337day.com/exploits/17806

backfuzz - protocol fuzzing toolkit

Well, after a while I am releasing this simple fuzzer.

You can use this basically to fuzz different protocols (FTP, HTTP, IMAP, etc) but also has no-protocol plug-ins (Example: File Fuzzer).

The general idea is that this script has several functions already predefined in the file "functions.py", so whoever wanna write his own plugin's (for another protocol) in a few lines and add it to the script can do so.

I know the code is still in beta and requires a lot of work to get better, so any questions / suggestions / criticism / comment is welcome.

Screenshots:

    Help Menu:

    Crash reached (FTP):

    Crash reached (HTTP):

    File Fuzzing:

    File Fuzzing (Files):

GitHub page:

https://github.com/localh0t/backfuzz

Installation:

git clone https://github.com/localh0t/backfuzz

Happy fuzzing,

Matías. 

Tiny HTTP Server <=v1.1.9 Remote Crash PoC

Link: http://www.exploit-db.com/exploits/18524/

Port Tester v0.1, firewall port testing tool

Let us suppose that during a pentest we got command execution on a remote server, but when we want to do a reverse connection to our server the connection is not established for some reason (Firewall / IPS / etc); or maybe you just want to test which ports you can access remotely from that particular server.
In that case comes into play this simple script, which allows us to know, given a range of ports, which ports can be accessed from inside the server. We use a server that has the 65k open ports (open.zorinaq.com), and determine what ports we can access and what ports we cannot.

Screenshot:

Download:

Pastebin: http://pastebin.com/C2kkKk9J
Mediafire: http://www.mediafire.com/?s33tuy08tto8vps

Challenges & Binaries [ekoparty 2011 CTF]

On this day I'm uploading the binaries & challenges presented in the ekoparty 2011 CTF. Some solutions and tips were raised in the following posts:

http://localh0t.blogspot.com/2011/09/ekoparty-2011-ctf-bin-writeup.html

http://localh0t.blogspot.com/2011/09/ekoparty-2011-ctf-httpd-daemon-buffer.html


Download (mediafire, new link 03/02/12):
http://www.mediafire.com/?akdou1o1ac5f0z4

Download (multiple mirrors):

http://www.multiupload.com/BG36N6BKY8

Password: localh0t.com.ar



Enjoy.