Follow @notsoshant notsoshant/sploits

This page is just a collection of exploits I have written while practicing Windows Exploitation.

QuickHeal Buffer Overflow (CVE-2017-5005) Exploit

https://github.com/notsoshant/sploits/tree/master/quickheal-cve-2017-5005

This script can be used to generate malicious Mach-O file which can exploit QuickHeal and execute arbitrary shellcode.

Full writeup is available here: Analysis of CVE-2017-5005: QuickHeal Buffer Overflow


MS07-017 Exploit

https://github.com/notsoshant/sploits/tree/master/ms07-017

Exploit for the Windows Animated Cursor Remote Code Execution Vulnerability (CVE-2007-0038). This involved bypassing the weak ASLR implementation of Windows Vista.

Full writeup is available here: Windows Exploitation: ASLR Bypass (MS07–017)


QuickZip Exploit

https://github.com/notsoshant/sploits/tree/master/quickzip-4.60

My version of the QuickZip exploit discussed in this Offensive Security article.

Full writeup is available here: Windows Exploitation: Dealing with bad characters — QuickZip exploit


PMSoftware Simple Web Server 2.2-rc2 Exploit

https://github.com/notsoshant/sploits/tree/master/simple-web-server-2.2

Exploit for PMSoftware Simple Web Server 2.2-rc2 I created while learning Egghunting technique.

Full writeup is available here: Windows Exploitation: Egg hunting


Practice Vulnserver Exploits

https://github.com/notsoshant/sploits/tree/master/vulnserver

Set of exploits for various Vulnserver commands.