Remove Comments from Configuration

Sometimes when you want to config something, it contains the comments from the developer which will help us to figured out which options of arguments will be used. But if you are already familiar with the configuration, comments are so annoying, so here is how to eliminate them (using apache2.conf as example): or write it…More

QuickShare File Server 1.2.1 FTP Directory Traversal Vulnerability

QuickShare File Server is prone to a FTP directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to modify files outside the destination directory and possibly gain access to the system. Software Description QuickShare File Server is a easy to use file sharing software helps you build…More

FTPGetter v3.58.0.21 Buffer Overflow (PASV) Exploit

A vulnerability has been discovered in FTPGetter, which can be exploited by malicious people to compromise a user’s system. The issue is likely due to insufficient bounds checking and presents itself when the affected FTP client makes a connection to a malicious server that is running PASV mode. The PASV command is issued to tell…More

SolarFTP 2.0 Multiple Commands Denial of Service Vulnerability

SolarFTP Server 2.0 is prone to a denial of service condition. It fails to properly sanitize user-supplied input resulting in a denial of service. With a specially crafted ‘USER’, ‘APPE’, ‘GET’, ‘PUT’, and ‘NLST’ command, a remote attacker can potentially disable the FTP service. Software Description Solar FTP Server is a handy and easy to…More

0day Linux Escalation Privilege Exploit Collection (Oct-Nov 2010)

I have created a script that contains of local privilege escalation exploits that was published by Tavis Ormandy via between October – November 2010. Take a look at here 201011-0day-linux-exploit *Update 1: I rename the file and make the script more comfort. *Update 2: Moved to Github Please note that I am not responsible…More

Very Simple FTP Fuzzer

Written in Python, i try to make a simple fuzzer for FTP server. This script will try to fuzz the commands like APPE, USER, LIST, CWD, can find all commands here This script is simply a modified version from muts simple ftp fuzzer during offsec training Hope you like it More

How to: SQLMap (dump and destroy)

SQLMap is the tool to automate SQL Injection vulnerability exploitation. This tool is very popular to exploit the SQL Injection vulnerability. While most of web hacker enthusiast knew about this tool to gather information and retrieves the tables information, i try to share this information about the powerful of SQLMap rather than just as “a…More