would it be against the rules for me to ask how to use this exploit that i found on milw0rm? hxxp://milw0rm.com/exploits/5049 my understanding is that only safe exploits make it onto milw0rm. i have seen similar posts about people asking how to compile exploits in c and python, so i am assuming this is similar.
if not, can i ask a general question on how to use exploits written in html?
thank you in advance and i am sorry if this broke any of the rules
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Its safe. The shellcode is from the MetaSploit framework, shellcode1 executes the calculator and the shellcode2 will give you a bindshell on 4444, you can verify that by generating the shellcode yourself and comparing it. You will need to convert it to unicode, this nasty little regex should help you with that:
dd if=/dev/urandom of=/mybrain