# Ethical Hacker & ICT Security Specialist

Security Lab

I believe in full disclosure.

CVE / Advisories

Exploit

Exploiting Linux/x86, beating stack randomization on 2.6 kernel PoC

exp_call_rand.pl - Exploit sample against stack randomization ("call *%edx" technique)
exp_jmp_rand.pl - Exploit sample against stack randomization ("jmp *%esp" technique)

SQL Injection exploit

ACM_Ariadne_sqlinject_userenum.txt

Cross Site Scripting (XSS) Stored exploit

communigate-pro-5.2.14-xss.txt

Cross Site Scripting (XSS) Reflected exploit

Oracle Evil Views exploit

bunkerview.sql

Oracle Evil cursor injection exploit

ora-exploits-evilcursor repository (github)

Oracle Classic SQL injection exploit

ora-exploits-classic repository (github)

Tru64 exploit

IBM AIX exploit

ibmaixps.sh

Shellcodes

Solaris/sparc Shellcodes

bunker_sparc_exec.c - executes any command after setreuid
bunker_sparc_sc1.c - 56 bytes Solaris/sparc shellcode (setreuid + execve)

Linux/x86 Shellcodes

bunker_exec.c - Linux/x86 shellcode that executes any command after setreuid.
bunker_sc1.c - 32 bytes Linux/x86 shellcode (setreuid + execve).
bunker_sc2.c - 30 bytes Linux/x86 shellcode (setuid + execve).
bunkercode.c - Linux/x86 bytecode that prints "bunker was here!" on tty.

Tools

Misc Tools

braviapy - Play with Sony Bravia TVs - JSON/UPnp/SOAP/DIAL remote controlling (github)

Security Tools

perl-backdoor.pl - Advanced Perl backdoor (github)
ora_exec_cmd.pl - Execute remote operating system commands from Oracle connection (github)
get_oracle_hash.pl - Get Oracle hash in user:hash form. Ready to be cracked. (github)
sshtiming-0.1.pl - Ssh remote timing tool (github)

Do you like technical details? Read my BLOG!