Skip to main content

Questions tagged [exploit]

An exploit is a way of using a vulnerability to do something ordinarily impossible and/or forbidden.

1 vote
1 answer

I think I got the “!want_to_cry.txt” (WannaCry?) virus on my Samba server. Was this inevitable?

Update: I have checked my note app where I opened the ransome note and the recent open files tab shows me the name of the text file I opened originally. I don't have the contents but the file was ...
Something new's user avatar
2 votes
1 answer

Vulnerability / exploit MSDT (CVE-2022-30190) | Is renaming the registry key "ms-msdt" enough for the workaround?

Microsoft publishes a workaround for the msdt exploit (Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability) The suggested way is to delete the key Computer\HKEY_CLASSES_ROOT\ms-...
marsh-wiggle's user avatar
  • 3,004
0 votes
1 answer

What is the process to get a new modules into metasploit framework (msf6)?

Im interested to know how a new module or exploit gets into Metasploit Framework? I can see the new PrintNightmare vulnerability being worked on/ finished, so I ran an update on Kali, but it didn't ...
Chezzers's user avatar
0 votes
1 answer

Possible detection of CVE: 2021-04-23 logged in event viewer (23/04/2021 @15:54:16)

A Possible detection of CVE: 2021-04-23 logged in event viewer (23/04/2021 @15:54:16) I am currently scanning my machine, but will Win Defender be able to remove the infection? Randomly I've been ...
Simple-IT's user avatar
-1 votes
1 answer

Is it safe to use SMBv1 client/server after patching it, on Windows 10?

As you may know, after numerous ransomware attacks, Microsoft decided to disable SMBv1 by default on Windows OS's. However despite releasing a patch (MS17-010) to address those attacks, it seems that ...
red-o-alf's user avatar
  • 219
3 votes
1 answer

attack via executable line after plus sign in email address

I operate my own mail server and from time to time, people send spam or mysterious stuff to the root account. Recently, I got an empty mail, which was addressed to: root+${run{x2Fbinx2Fsht-...
Ilka's user avatar
  • 43
0 votes
1 answer

Exploit Guard blocking Chrome making calls Win32k.sys

I am in the process of implementing Exploit Guard in our W10 corporate image. I configured it using the GPO "Use a common set of exploit protection settings" that makes use of a XML file. ...
YaKs's user avatar
  • 103
2 votes
1 answer

Unwanted & invalid Bluetooth connection request on iMac

I have the same issue as Martin did from Mar 6 '18 at 15:07 on this list. No working answer was provided for him. His link: [Unwanted macOS connection requests Also, adelejjeh asked on Oct 8 '16 at 15:...
bettinaSLC's user avatar
1 vote
2 answers

How dangerous it is to download a file, even for anti-virus scanning

Can anti-virus to run the malware in the file while checking the file (for example, the technology of buffer overflow)? If can, how then to check files for malware that you want to download from the ...
Kamal Khafizov's user avatar
3 votes
1 answer

How to disable NX on Linux

I'm learning stack buffer overflow exploitation, and I later posted question Shellcode segmentation fault. about that executing shellcode from test program, or when injected to vulnerable program, ...
asdfghj's user avatar
  • 39
0 votes
1 answer

How to copy BS character (0x08) to input for buffer overflow in GDB?

I need to overflow a buffer with a specific value that contains 0x08. If I use echo -ne "AA\x08A", the output is AA, as the backspace character and one A are removed. How do I copy this value into ...
Post Self's user avatar
  • 123
3 votes
2 answers

Is the PS/2 connector really safer than USB?

Is it possible to exploit the PS/2 connector like the USB (for example with something like a Rubber Ducky)? In term of security reasons, theoretically, it should be possible to virtualize the PS/2 ...
Hashirama Senju's user avatar
2 votes
2 answers

Escalating from www-data to root

One week ago I follow this procedure Creating SFTP server with isolated directory access ,I edit the sshd_config but then I can't access anymore in ssh mode and consequently I can't change to root by ...
user1099798's user avatar
0 votes
0 answers

How to put specific hex characters in terminal to exploit the script

I try to exploit a simple vulnerability in the following code, but I'm not successful, because I can't put the specific characters in the terminal by hand. For e.g. if the application read a character ...
user avatar
8 votes
1 answer

VPS compromised? Configured wrong?

I've been renting a VPS for half a year now (educational purposes) and I've been trying to learn as much as possible about keeping it secure. Recently, it was compromised and I suspect that it has ...
user avatar
2 votes
1 answer

Perl doesn't print 0x00

I wanted to experiment with the NOP SLED technique. I got the sled and the shellcode into an environment variable and I got its address. So i wanted to execute the vulnerable program and as an ...
java_noob's user avatar
0 votes
1 answer

What keeps ports 32003 and 25419 open on my Ubuntu 14?

I did a netstat on udp ports and found a service on port 32003 and one at 25419. What are they , how can I kill them at startup if they have no use?
user avatar
-2 votes
1 answer

"Web Attack: Exploit Toolkit Website 32"? [closed]

What is "Web Attack: Exploit Toolkit Website 32"? How do I remove it? Where is it coming from? My Norton keeps blocking it. help me fix my problem Please
user391389's user avatar
2 votes
1 answer

Does the shellshock vulnerability leave any traces in log files?

I've patched my servers, but I'd also like to review my logs to see if there have been any compromises on them. Are there any consistent traces of exploits using this bug?
Tom Damon's user avatar
  • 466
2 votes
1 answer

Metasploitable_2 (Cannot issue apt-get to update or install any packages)?

I just setup Metasploitable 2 on VMware Fusion. I downloaded the image from here. I've booted it up and everything and can navigate around but would like to run a apt-get install update and possible ...
Shane Yost's user avatar
0 votes
1 answer

Kali Linux java

I have a Kali linux sandbox set up with a direct connection to a windows VM. I have JAR files / java exploits I want to serve using the Kali box. After I get the jar file into the Kali Box, I know I ...
Joe's user avatar
  • 1
1 vote
1 answer

Is it an actual threat to system if "desktop" is added to path

What kind of threat does adding the desktop path to system path variable present? Is there some well known exploit that really opens my system up if I do this? The thing is that Desktop is my ...
ditoslav's user avatar
  • 133
0 votes
1 answer

Exploit.Win32.CVE-2010-2568.gen malware detected

I am not very good with computers. Actually, I am very bad :( so if you are willing to answer my question, could you please explain your answer in very simple terms, like to a complete dummy? Thanks ...
user avatar
0 votes
2 answers

simple setuid binary exploitation

I have a setuid program which is listing a file this way: #include <stdlib.h> #include <stdio.h> int main(void) { system("ls /challenge/binary/binary1/.passwd"); return 0;...
MedAli's user avatar
  • 119
0 votes
0 answers

How do I run a VM within a VM with separate IPs accessible on a local network?

First off, I know my question sounds confusing. Brief background information: I am an instructor for a network security penetration test course. I help create scenarios with complex networks via ...
Kentgrav's user avatar
  • 1,492
1 vote
1 answer

How many bits of memory address will be randomized by ASLR in 32 and 64 bit linux and windows

How many bits of memory address will be randomized by ASLR in 32 and 64 bit linux and windows? Please give some examples.
user avatar
3 votes
2 answers

Need to figure out a way for RDP to call back to a local listener on a specified Ephemeral port though a Reverse SSH Tunnel

This relates to a previous question that was getting entirely too long and confusing due to my constant updates and edits and I was told to re ask it. So I am cleaning it up and asking a more direct ...
Kentgrav's user avatar
  • 1,492
1 vote
0 answers

Can a mounted encfs provide information enabling future access?

If someone has access to a system with an encfs mounted, can he extract information that enables him to decrypt the encfs content some time later?
dronus's user avatar
  • 1,908
0 votes
1 answer

PHP Zend Hash Vulnerability Exploitation Vector [duplicate]

Possible Duplicate: CVE-2007-5416 PHP Zend Hash Vulnerability Exploitation Vector (Drupal) According to exploit-db,, it says the following: Example: http:...
user41648's user avatar
1 vote
1 answer

Can a java exploit circumvent browser plug in permission?

Since Java 7 is vulnerable i am asking myself if the vulnerability is circumventing the plug in permission of any given browser. For example: here you see ...
Wandang's user avatar
  • 343
1 vote
4 answers

if an outdated, vulnerable but clean Windows machine is connected to network behind router, can it be detected and attacked?

suppose the machine is clean of all malware but not in any sense updated, patched, secured etc. Suppose I connect it to the internet from behind wireless router with the intent of using it only on a ...
EndangeringSpecies's user avatar
2 votes
2 answers

How can I automatically pass the password to 'su'?

I am working on an exploit for a security course. The object is to obtain a root shell in a linux virtual machine. So far, I can write to /etc/passwd and change root's password to an arbitrary string. ...
noobler's user avatar
  • 157
0 votes
0 answers

Metasploit cannot detect language pack on Windows 7

I use Metasploit (I have Backtrack 5 installed on VirtualBox) to attack my Windows 7 64-bit laptop. Every time I use exploit ms08-067-netapi I get this message: [*] Started bind handler [*] ...
Patryk's user avatar
  • 1,259
1 vote
0 answers

Is it possible to by pass auto run restrictions on windows 7?

I'm trying to create a startup on a windows 7 for the machine and current user (its a workstation meaning all user data is saved on a server). What i mean whit a startup is to have a program run at ...
KilledKenny's user avatar
2 votes
1 answer

Is an unpatched Adobe Flash player still a security threat if I don't use a browser?

The Windows XP PC in question has the usual anti-virus and firewall precautions. It has the most recent Windows Updates and anti-virus updates installed. Flash is used only to play videos (located on ...
Umber Ferrule's user avatar
2 votes
2 answers

Is Firefox less vulnerable to exploit when running NoScript?

The article titled "iPhone, IE, Firefox, Safari get stomped at hacker contest" at The Register website discusses that Firefox can be exploited. I wonder if NoScript protects against the kind of ...
4 votes
3 answers

Where can I learn various hacking techniques on the web? [closed]

I would like to try my hand at hacking -- that is, exploiting various website vulnerabilities. Not for any illegal purpose mind you, but so I can have a better understanding and appreciation of these ...
Carson Myers's user avatar
  • 3,121
2 votes
4 answers

What browser feature is this exploiting and how to stop it?

http://raffa991[dot]ra[dot]funpic[dot]de/lol/ Warning: It is some kind of an annoying "you are an idiot" sign combined with a lot of popup message boxes. Open with care! In any case, it crashed my ...
Rook's user avatar
  • 24k
8 votes
8 answers

Why do browsers have so many possible exploits?

When browsing I am ocassionally given warnings about pages that host malware "that could damage my computer". I am seriously perplexed as to why, in 2010, browsers still have possible exploits and can ...
Humphrey Bogart's user avatar
-1 votes
2 answers

Virus on site but can't find where

There appears to be a virus on my site. It's been there for some time and I've had no problems as yet. AVG picks it up, but McAfee does not. I run a website ( Ages ago I got a virus ...
user avatar
4 votes
1 answer

Is vimperator safe?

I recently discovered Vimperator, which is just awesome. However, it concerns me that I can execute shell commands from the browser.. is this exploitable? I'd really hate to get "sudo rm -r /*"'d. I ...
user avatar