Results 1 to 3 of 3

Thread: exploit usage question

  1. #1
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    15

    Default exploit usage question

    would it be against the rules for me to ask how to use this exploit that i found on milw0rm? hxxp://milw0rm.com/exploits/5049 my understanding is that only safe exploits make it onto milw0rm. i have seen similar posts about people asking how to compile exploits in c and python, so i am assuming this is similar.

    if not, can i ask a general question on how to use exploits written in html?

    thank you in advance and i am sorry if this broke any of the rules

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by gangstazar View Post
    would it be against the rules for me to ask how to use this exploit that i found on milw0rm? hxxp://milw0rm.com/exploits/5049 my understanding is that only safe exploits make it onto milw0rm. i have seen similar posts about people asking how to compile exploits in c and python, so i am assuming this is similar.

    if not, can i ask a general question on how to use exploits written in html?

    thank you in advance and i am sorry if this broke any of the rules
    Your understanding is incorrect. There have been some exploits on Milw0rm that have known to do bad things to the person running them.

    If you don't understand what you're doing, then you probably shouldn't be doing it.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    Member elazar's Avatar
    Join Date
    Sep 2007
    Posts
    217

    Default

    Its safe. The shellcode is from the MetaSploit framework, shellcode1 executes the calculator and the shellcode2 will give you a bindshell on 4444, you can verify that by generating the shellcode yourself and comparing it. You will need to convert it to unicode, this nasty little regex should help you with that:

    Code:
    shellcode.replace(/(%|\\x)([A-Fa-f0-9]{2})(%|\\x)([A-Fa-f0-9]{2})/g,"%u$4$2");
    Elazar
    dd if=/dev/urandom of=/mybrain

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •