Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      1337day-Exploits

      Easy File Sharing Web Server 6.9 Buffer Overflow

      Recommended Posts

      Easy File Sharing Web Server version 6.9 POST msg.ghp UserID remote buffer overflow SEH exploit with DEP bypass and ROP.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.
      Sign in to follow this  

      • Similar Content

        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. VFM is a simple and flexible plug-and-play file manager, easy to use and plenty of options. Send files to your customers, create new users with dedicated folders, or simply use it as your personal file cloud. Access from any device, manage users and general settings from an intuitive administration panel, customize it to your brand.
          Hidden Content
          Give reaction to this post to see the hidden content.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Scanning APK file for URIs, endpoints & secrets.
          Changelog v2.5
          Added patterns:
              Facebook Secret Key
              Facebook ClientID
              Twitter ClientID
              Twitter Secret Key
              Artifactory API Token
              Artifactory Password
              Authorization Basic
              Authorization Bearer
              Basic Auth Credentials
              Cloudinary Basic Auth
              Mailto
              Vault Token

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. FuzzingTool
          FuzzingTool is a web penetration testing tool, that handles with fuzzing. After the test is completed, all possible vulnerable entries (and the response data) are saved on a report file.
          Changelog v3.11
          New features
              Allow to insert multiple wordlists (globally or per target)
                  Assign a wordlist to each target with numerous -w, or a global wordlist using only one -w;
                  Use multiple wordlists to same target -w 'wordlist1;wordlist2';
              Allow to wordlist plugins automatically detects and build their parameters based on target;
              Now both the exception and the used payload are written in the logfile;
              Added robots.txt plugin to the wordlists;
              Updated CLI output options
                  Added an option to disable the terminal colors --no-colors;
                  Added an option to simplify the output mode, removing the time label and reducing the other labels -S, --simple-output;
          CLI output changes
              Updated the program’s progress status: the format is more clean and shows the current payload that are being used;
              Updated the PathScanner status codes coloring;
          Bugfixes
              Fixed the proxy setup on Request;
              Fixed the Logger that wasn’t writting in the logfile;
              Fixed a bug then more than one method is specified to same target, and the application stops to run;
              Fixed an exception when the same target is setted more than one time. Now a target can appear more than one time if all of them do the same type of fuzzing, or by selecting a global scanner plugin;
          Exception handling
              At now, none of the RequestExceptions will stop the application, instead of it the program will ask for the user if he wants to continue with that target.
              The objectCreator method from PluginFactory no longer raises a PluginNotFound exception. This exception was transfered to the classCreator in the same factory.
          Code refatored
              All the program arguments parsing are now handled by ArgumentParser that extends the argparse.ArgumentParser;
              Separate the Dictionary class from the wordlists;
              Removed unused anonimous functions on CliOutput;
              The blacklist status codes, and actions, was moved to a separated class called BlacklistStatus;
              Removed the Response class. Now the Request object will return a tuple of items: the raw response from the requests library, and the RTT. The SubdomainRequest appends the target’s ip to this tuple;
              Moved the FuzzingTool results from the python dictionary to a separated class Result
                  The results are no longer created by the scanners;
                  Changed the getResult method from the scanners to inspectResult;
              Separated the Matcher from the scanners;
              Updated base classes to abstract classes;

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Detect It Easy, or abbreviated "DIE" is a program for determining types of files.
          "DIE" is a cross-platform application, apart from Windows version there are also available versions for Linux and Mac OS.
          Many programs of the kind (PEID, PE tools) allow to use third-party signatures. Unfortunately, those signatures scan only bytes by the pre-set mask, and it is not possible to specify additional parameters. As the result, false triggering often occur. More complicated algorithms are usually strictly set in the program itself. Hence, to add a new complex detect one needs to recompile the entire project. No one, except the authors themselves, can change the algorithm of a detect. As time passes, such programs lose relevance without the constant support.
          Detect It Easy has totally open architecture of signatures. You can easily add your own algorithms of detects or modify those that already exist. This is achieved by using scripts. The script language is very similar to JavaScript and any person, who understands the basics of programming, will understand easily how it works. Possibly, someone may decide the scripts are working very slow. Indeed, scripts run slower than compiled code, but, thanks to the good optimization of Script Engine, this doesn't cause any special inconvenience. The possibilities of open architecture compensate these limitations.
          DIE exists in three versions. Basic version ("DIE"), Lite version ("DIEL") and console version ("DIEC"). All the three use the same signatures, which are located in the folder "db". If you open this folder, nested sub-folders will be found ("Binary", "PE" and others). The names of sub-folders correspond to the types of files. First, DIE determines the type of file, and then sequentially loads all the signatures, which lie in the corresponding folder. Currently the program defines the following types:
              MSDOS executable files MS-DOS
              PE executable files Windows
              ELF executable files Linux
              MACH executable files Mac OS
              Binary all other files

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. What?
          Arkhota is a web (HTTP/S) brute forcer for Android.
          Why?
          A web brute forcer is always in a hacker's computer, for obvious reasons. Sometimes attacks require to be quick or/and with minimal device preparation. Also a phone takes less attention rather than a laptop/computer. For this situations here's Arkhota.

          Hidden Content
          Give reaction to this post to see the hidden content.