Share
## https://sploitus.com/exploit?id=A6807947-0A17-59A1-9E52-AE323E109FE2
# Exploits

Exploits and proof-of-concept code from the team at Hacker House.

|                   Filename                   | Description                                                                                       |
| :------------------------------------------: | :------------------------------------------------------------------------------------------------ |
|       _AirWatchMDMJailbreakBypass.txt_       | Bypass jailbreak detection on mobile device management AirWatch for IOS                           |
|               _adobe-psp.tgz_                | Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow PSP bypass (metasploit)              |
|               _aix53l-libc.c_                | AIX 5.3L libc locale environment handling local root exploit                                      |
|             _aix53l-lquerypv.c_              | AIX 5.3L /usr/sbin/lquerypv local root privilege escalation                                       |
|             _amanda-amstar.txt_              | Advanced Maryland Automatic Network Disk Archiver local root privilege escalation exploit         |
|             _amanda-backup.txt_              | Advanced Maryland Automatic Network Disk Archiver local root privilege escalation exploit         |
|                _applejack.c_                 | PonyOS 3.0 & below tty ioctl() kernel local root exploit                                          |
|        _asus_B1M_projector_root.png_         | ASUS B1M projector remote root command injection (unpatchable)                                    |
|                 _BTCPE.txt_                  | British Telecom Huawei UART root access weakness                                                  |
|               _charybdis.tgz_                | Firefox & IE exploits implant dropper for Windows & Linux                                         |
|           _cisco-asa-sslbypass.py_           | Cisco ASA 8.x & below VPN SSL module Clientless URL-list control bypass                           |
|           _cisco-XSS-wget-me.txt_            | Cisco IOS 11.x web interface XSS vulnerability                                                    |
|              _cmd_gpbypass.exe_              | cmd.exe patched to run even when disabled via Group Policy                                        |
|          _cpg15x-dirtraversal.txt_           | Coppermine 1.5.44 & below directory traversal vulnerability                                       |
|              _cve-2003-0001.py_              | CVE-2003-0001.py Etherleak information leak exploit, silently fixed in Cisco ASA PSIRT-0669464365 |
|             _CVE-2012-4681.tgz_              | Oracle Java SE 7 Update 6 & below remote polymorphic exploit (evades PSP)                         |
|              _CVE-2014-0160.py_              | Heartbleed mass-scanning proof-of-concept tool                                                    |
|              _cve-2016-1531.sh_              | Exim 4.84-3 local root exploit                                                                    |
|             _cve-2019-10149.py_              | Exim between 4.87 & 4.91 local root exploit                                                       |
|             _CVE-2020-0601.xdb_              | XCA database of private keys for trusted CA exploit CVE-2020-0601                                 |
|             _CVE-2020-3950.tgz_              | EvilOSX trojan exploit plugin for CVE-2020-3950 VMware Fusion 11.5.2 & below local root           |
|             _cve-2025-21204.zip_             | IIS exploit files PoC for insecure "inetpub" configuration cve-2025-21204                         |
|              _d3_decimator.txt_              | SedSystems D3 decimator multiple vulnerabilities allow for remote root                            |
|                _dllpack.tgz_                 | MS15-051 / MS15-010 exploits with reflective DLL loading support (hacked from public code)        |
|          _drupal-CVE-2014-3660.py_           | Drupal XXE libxml2 Services exploit                                                               |
|             _dtappgather-poc.sh_             | dtappgather local root exploit proof-of-concept (EXTREMEPARR)                                     |
|               _fluttershy.py_                | PonyOS 4.0 runtime linker local root exploit                                                      |
|       _FreeBSD-pftp-dirtraversal.txt_        | Peters Anonymous FTP on FreeBSD directory traversal vulnerability                                 |
|                 _getlogin.c_                 | Tru64 V5.1B & below getlogin() kernel information leak                                            |
|                _gionight.py_                 | GIO Linux embedded remote root exploit                                                            |
|              _gns3super-osx.sh_              | GNS-3 OS-X local root exploit                                                                     |
|                _goodnight.c_                 | Linux kernel 2.6.37 & below denial-of-service exploit CVE-2010-4165                               |
|               _heartbleed-bin_               | static bin heartbleed exploit (fun trivia, Large Hadron Collider tested with this code)           |
|                _heartbleed.c_                | Heartbleed exploit using OpenSSL to encrypt the exploit for stealth                               |
|           _heartbleed-keyscan.py_            | RSA prime factorization exploit for use with heartbleed                                           |
|               _hfirixwfcmd.sh_               | SGI IRIX <= 6.5.22 WebForce post-auth Remote Command Injection                                    |
|               _hfsunsshdx.tgz_               | SunSSH Solaris 10-11.0 x86 libpam remote root exploit CVE-2020-14871                              |
|                _hpwhytry.py_                 | HP XPe embedded devices remote command execution exploit                                          |
|               _iis_search.pl_                | IIS WebDAV & Indexing service directory traversal attack                                          |
|            _inetutils-telnet.txt_            | Multiple BSD based telnet implementations vulnerable to memory corruption.                        |
|                  _iPwn.tgz_                  | IOS default root user "alpine" exploit to harvest data via SSH                                    |
|               _irix-captest.c_               | SGI IRIX <= 6.5.22 capability hijacking "eip" proof-of-concept (SGI XFS)                          |
|              _irix-ftpd-ls.txt_              | SGI IRIX <= 6.5.22 ftpd "/bin/ls" root privilege escalation                                       |
|           _irix-mediarecorder.txt_           | SGI IRIX <= 6.5.22 CAP_SCHED_MGT "mediarecorder" privilege escalation                             |
|             _irix-onyx-syssgi.c_             | SGI IRIX <= 6.5.5 syssgi() Onyx IP19/IP21/IP25 kernel information leak exploit                    |
|                _irix-rldx.sh_                | SGI IRIX <= 6.4.x run-time linker file creation exploit                                           |
|            _irix-runpriv-cap.png_            | SGI IRIX <= 6.5.x screenshot showing "capabilities" exploit via runpriv                           |
|             _irix-setsockopt.c_              | SGI IRIX <= 6.5.22 kernel mbuf corruption due to integer signedness comparison                    |
|            _irix-syssgi-panic.c_             | SGI IRIX <= 6.5.22 syssgi() SGI_ENUMASHS null ptr kernel panic                                    |
|                _irix-tapex.c_                | SGI IRIX <= 6.5.22 "tsdaemon" root arbitrary file creation exploit                                |
|            _irssi-irc-fuzzer.pl_             | irssi plugin IRC client fuzzing tool                                                              |
|               _jackrabbit.tgz_               | RedStar OS 3.0 Naenara browser exploit                                                            |
|              _jdwp-exploit.txt_              | Java JDWP exploitation for remote code execution                                                  |
|                 _Kronos.tgz_                 | Java Signed Applet exploit and web management tool                                                |
|            _lbreakout-exploit.c_             | lbreakout2 PoC exploit for ARM (drops privileges)                                                 |
|             _leehseinloong.cpp_              | Sudoku2 exploit written for Lee Hsien Loong. (.sg PM)                                             |
|                _linux-ia32.c_                | Linux Kernel 2.6.32 ia32entry emulation x86_64 exploit                                            |
|                _lotus_exp.py_                | Lotus Domino IMAP4 Server Release 6.5.4 win2k remote exploit                                      |
|           _mikrotik-jailbreak.txt_           | Mikrotik 6.40 & below "telnet" jailbreak exploit                                                  |
|            _mirc-DoS-Script.ini_             | Mirc 6.12 & 6.11 denial-of-service IRC script                                                     |
|             _mobileiron0day.txt_             | MobileIron Virtual Smartphone Platform local root exploit                                         |
|            _MobileIronBypass.tgz_            | MobileIron mobile device management jailbreak detection bypass                                    |
|       _MsTelnetServer_NTLM_Guest.txt_        | Microsoft Telnet Server MS-TNAP Guest Access Restriction Bypass Exploit                           |
| _MsTelnetServer_NTLM_MutualAuth_ConfigIssue_ | Microsoft Telnet Server NTLM Mutual Authentication Configuration Issue                            |
|               _mulftpdos.zip_                | Serv-U / G6 / WarFTPD denial-of-service exploit in asm                                            |
|                _neogeox.txt_                 | NeoGeo Gold X games console jailbreak via UART root shell                                         |
|   _NetBSD-sa-2016-003-howto-abuse-cpp.png_   | NetBSD 6.1.5 calendar local root exploit PoC                                                      |
|       _openbsd-0day-cve-2018-14665.sh_       | OpenBSD 6.4 Xorg local root exploit                                                               |
|         _prdelka-vs-AEP-smartgate.c_         | AEP Smartgate V4.3B arbitrary file download exploit                                               |
|         _prdelka-vs-APPLE-chpass.sh_         | OS-X 10.6.3 & below chpass arbitrary file creation exploit                                        |
|       _prdelka-vs-APPLE-ptracepanic.c_       | OS-X 10.6.1 & below ptrace() mutex handling kernel panic                                          |
|        _prdelka-vs-BSD-ptrace.tar.gz_        | NetBSD 2.1 ptrace() local root exploit                                                            |
|        _prdelka-vs-CISCO-httpdos.zip_        | Cisco IOS 12.2 & below HTTP denial-of-service exploit                                             |
|         _prdelka-vs-CISCO-vpnftp.c_          | Cisco VPN Concentrator 3000 FTP remote exploit                                                    |
|         _prdelka-vs-GNU-adabas2.txt_         | Adabas D 13.01 SQL injection & directory traversal                                                |
|          _prdelka-vs-GNU-adabas.c_           | Adabas D 13.01 local root exploit Linux                                                           |
|         _prdelka-vs-GNU-chpasswd.c_          | SquirrelMail 3.1 Change_passwd plugin & below local root exploit                                  |
|       _prdelka-vs-GNU-citadel.tar.gz_        | Citadel SMTP 7.10 & below remote code execution exploit                                           |
|           _prdelka-vs-GNU-exim.c_            | Exim 4.43-r2 & below host_aton() local root exploit (Linux)                                       |
|            _prdelka-vs-GNU-lpr.c_            | Slackware 1.01 stack overflow local root exploit (Linux)                                          |
|          _prdelka-vs-GNU-mbsebbs.c_          | mbse-bbs 0.70.0 & below local root exploit (Linux)                                                |
|         _prdelka-vs-GNU-peercast.c_          | PeerCast v0.1216 remote root exploit (linux)                                                      |
|           _prdelka-vs-GNU-sudo.c_            | sudo 1.6.8p9 race condition local root exploit (Linux)                                            |
|            _prdelka-vs-GNU-tin.c_            | Slackware 1.01 local root exploit (Linux)                                                         |
|           _prdelka-vs-HPUX-libc.c_           | HP-UX 11.11 & below libc local root exploit (hppa)                                                |
|          _prdelka-vs-HPUX-swask.c_           | HP-UX 11.11 & below swask format string local root exploit (hppa)                                 |
|         _prdelka-vs-HPUX-swmodify.c_         | HP-UX 11.11 & below swmodify local root exploit (hppa)                                            |
|        _prdelka-vs-HPUX-swpackage.c_         | HP-UX 11.11 & below swpackage local root exploit (hppa)                                           |
|        _prdelka-vs-http-fuzz.tar.gz_         | HTTP fuzzing tool & example Savant 3.1 vulnerability                                              |
|        _prdelka-vs-LINUS-fchown.tar_         | Linux kernel 2.4.x/2.6.6 & below fchown() file ownership exploit                                  |
|       _prdelka-vs-MISC-massftp.tar.gz_       | Mass scanning ftp exploiter tool                                                                  |
|         _prdelka-vs-MS-hotmail.txt_          | Microsoft Hotmail Authentication Bypass vulnerability                                             |
|  _prdelka-vs-MS-IE-6.0.2800.1106.XPSP1.rar_  | Internet Explorer 6.0 IFRAME Windows XP exploit                                                   |
|         _prdelka-vs-MS-rshd.tar.gz_          | Windows RSH daemon 1.8 & below remote exploit                                                     |
|           _prdelka-vs-MS-winzip.c_           | WinZip 10.0.7245 Win32 & below exploit (the one that angered CERT)                                |
|           _prdelka-vs-SCO-enable_            | SCO OpenServer 5.0.7 enable local root exploit                                                    |
|         _prdelka-vs-SCO-netwarex.c_          | SCO OpenServer 5.0.7 netware printing local "lp" exploit                                          |
|          _prdelka-vs-SCO-ptrace.c_           | SCO Unixware 7.1.3 ptrace() linux kernel emulation local root exploit                             |
|           _prdelka-vs-SCO-tcpdos_            | SCO OpenServer 5.0.7 TCP RST denial-of-service exploit                                            |
|          _prdelka-vs-SCO-termshx.c_          | SCO OpenServer 5.0.7 termsh local gid "auth" exploit                                              |
|          _prdelka-vs-SGI-xrunpriv_           | SGI IRIX 6.5 runpriv local root exploit                                                           |
|          _prdelka-vs-SUN-sysinfo.c_          | Solaris 10 sysinfo() local kernel memory information leak                                         |
|          _prdelka-vs-SUN-telnetd.c_          | Solaris in.telnetd 8.0 & 7.0 remote exploit (sparc)                                               |
|        _prdelka-vs-SUN-virtualbox.sh_        | Sun VirtualBox 3.0.6 local root exploit                                                           |
|            _prdelka-vs-THC-vmap_             | THC vmap DoS exploit                                                                              |
|     _prdelka-vs-UNIX-permissions.tar.gz_     | UNIX file permissions generic directory exploit                                                   |
|                 _r00t2.tgz_                  | Linux kernel 2.6.29 ptrace_attach() ported to ARM for "google phone"                              |
|              _rainbowdash.tgz_               | PonyOS 3.0 & below kernel ELF loader local root exploit                                           |
|                  _rarity.c_                  | PonyOS 3.0 VFS file permissions local root exploit                                                |
|                _raspbian.txt_                | Raspbian vulnerabilities for sgid "games"                                                         |
|          _redstar2.0-localroot.png_          | RedStar OS 2.0 local root privilege escalation exploit                                            |
|          _redstar3.0-localroot.png_          | RedStar OS 3.0 local root privilege escalation exploit                                            |
|                   _rshx.c_                   | rsh exploit - inject commands via rsh                                                             |
|              _rsshellshock.py_               | RedStar OS server BEAM & RSSMON shellshock exploit                                                |
|              _s7300cpustart.py_              | Siemens S7-300 PLC CPU start command                                                              |
|                _s7300stop.py_                | Siemens S7-300 PLC CPU stop command                                                               |
|                _shoryuken.c_                 | Linux kernel 2.6.29 ptrace_attach() local root race condition exploit                             |
|                 _skyexp.py_                  | Sky 1.5 Sagem F@ST 2504 router infoleak & remote command injection                                |
|              _smartmaildos.tgz_              | Smartmail 10.x pop3 & SMTP denial-of-service exploits (in ASM)                                    |
|                _sp-email.py_                 | Sharepoint username enumeration exploit                                                           |
|                _spiltmilk.c_                 | Linux kernel 2.6.37-rc1 & below serial_core TIOCGICOUNT information leak exploit                  |
| _ssh-dsa1024-rsa2048-keys-CVE-2008-0166.tgz_ | Debian SSH insecure 'prng' SSH keys (released during Manchester riots)                            |
|               _sun-su-bug.txt_               | Solaris 10 'su' local NULL pointer vulnerability CVE-2010-3503                                    |
|            _systemd-run-tty.txt_             | Systemd insecure pty allocation vulnerability                                                     |
|            _telnet_term_0day.py_             | Multiple BSD-based telnet.c IAC malformed options remote crash                                    |
|                _timecrime.c_                 | TCP timestamp extensions, information leak exploit (timecrime) from RFC1323/RFC7323               |
|       _trendmicro_IWSVA_shellshock.py_       | TrendMicro InterScan Web Security Virtul Appliance shellshock exploit                             |
|              _UNICOS-cray.txt_               | Cray UNICOS 9.0 local root vulnerabilities & shellcode PoC                                        |
|                 _vncscan.py_                 | RealVNC auth bypass CVE-2006-2369 scanner                                                         |
|                _vxlgiobye.py_                | VXL Gio Linux remote command execution exploit                                                    |
|                _w32-fps.txt_                 | Microsoft Frontpage Personal WebServer ver 3.0.2.926 exploit                                      |
|              _w32-grpconv.txt_               | Windows XP SP1 grpconv.exe buffer overflow                                                        |
|               _w32-netcat.tgz_               | "netcat" buffer overflow for Windows 98 exploit                                                   |
|               _w32-netcat.txt_               | "netcat" buffer overflow for Windows 98 advisory                                                  |
|              _w32-progman.txt_               | Windows XP "progman" buffer overflow                                                              |
|               _winnuke2011.sh_               | MS11-083 Win7/Vista/2008 ICMP refCount denial-of-service flaw                                     |
|                 _wysewig.py_                 | Wyse embedded XP remote SYSTEM command execution exploit                                          |
|               _xclm-exploit.c_               | Microchip XC local root exploit (Linux) (installed by defcon 26 attendees)                        |
|               _zte-emode.txt_                | ZTE Blade Vantage Z839 Emode.APK android.uid.system LPE exploit                                   |

These files are available under the 3-clause BSD license.