exploit usage question

[gangstazar]

would it be against the rules for me to ask how to use this exploit that i found on milw0rm? hxxp://milw0rm.com/exploits/5049 my understanding is that only safe exploits make it onto milw0rm. i have seen similar posts about people asking how to compile exploits in c and python, so i am assuming this is similar.

if not, can i ask a general question on how to use exploits written in html?

thank you in advance and i am sorry if this broke any of the rules

[streaker69]

would it be against the rules for me to ask how to use this exploit that i found on milw0rm? hxxp://milw0rm.com/exploits/5049 my understanding is that only safe exploits make it onto milw0rm. i have seen similar posts about people asking how to compile exploits in c and python, so i am assuming this is similar.

if not, can i ask a general question on how to use exploits written in html?

thank you in advance and i am sorry if this broke any of the rules

Your understanding is incorrect. There have been some exploits on Milw0rm that have known to do bad things to the person running them.

If you don't understand what you're doing, then you probably shouldn't be doing it.

[elazar]

Its safe. The shellcode is from the MetaSploit framework, shellcode1 executes the calculator and the shellcode2 will give you a bindshell on 4444, you can verify that by generating the shellcode yourself and comparing it. You will need to convert it to unicode, this nasty little regex should help you with that:

Code:

shellcode.replace(/(%|\\x)([A-Fa-f0-9]{2})(%|\\x)([A-Fa-f0-9]{2})/g,"%u$4$2");

Elazar