ENG ITA

# Ethical Hacker & ICT Security Specialist

Security Lab

I believe in full disclosure.

CVE / Advisories

Exploit

Exploiting Linux/x86, beating stack randomization on 2.6 kernel PoC

  • exp_call_rand.pl - Exploit sample against stack randomization ("call *%edx" technique)
  • exp_jmp_rand.pl - Exploit sample against stack randomization ("jmp *%esp" technique)

SQL Injection exploit

Cross Site Scripting (XSS) Stored exploit

Cross Site Scripting (XSS) Reflected exploit

Oracle Evil Views exploit

Oracle Evil cursor injection exploit

Oracle Classic SQL injection exploit

Tru64 exploit

IBM AIX exploit

Shellcodes

Solaris/sparc Shellcodes

Linux/x86 Shellcodes

  • bunker_exec.c - Linux/x86 shellcode that executes any command after setreuid.
  • bunker_sc1.c - 32 bytes Linux/x86 shellcode (setreuid + execve).
  • bunker_sc2.c - 30 bytes Linux/x86 shellcode (setuid + execve).
  • bunkercode.c - Linux/x86 bytecode that prints "bunker was here!" on tty.

Tools

Misc Tools

  • braviapy - Play with Sony Bravia TVs - JSON/UPnp/SOAP/DIAL remote controlling (github)

Security Tools

Do you like technical details? Read my BLOG!