[/index.php] Rawlab - Andrea Purificato - bunker - ICT security, hacking, exploit, audit, penetration test - Oracle, Linux, HP-UX, Tru64, Solaris, AIX security resources

0xbfff - About me

アンドレア「ブンケル」プリフィカト
Welcome to Rawlab, my personal page.
I don't know why you are here, but I'm sure you have your reasons for it.

I'm a Computer Security Enthusiast, born exactly 900415145 seconds ago in a banana republic called Italy.

I don't like to write thousand lines of code: programming, networking, cryptology and ham-radio technology skills are simply corrateral effects of my computer security interest. I'm a big fan of Ockham's razor.

I'm currently collaborating with INPS as Senior Security Specialist. In the past, I was full time employed for Unidata S.p.A. and TelecomItalia S.p.A. as Ethical Hacker. My main activities include Penetration Testing, Information Security Auditing and a little bit of vulnerability researching when I have free time.

During my working experiences I have discovered and published some vulnerabilities ( Ariadne Content Manager SQL Injection and User Enumeration, CVE-2007-2791, CVE-2007-0805, CVE-2007-0876, CVE-2008-0589, Oracle Portal XSS, Communigate Pro stored XSS), and developed many exploit codes.

There are upcoming alerts scheduled for a future disclosure: OracleAS IDs 10846253 and 10903225

If you want to write me a super secret email, please use my gpg key:
- andrea.purificato@gmail.com
- a.purificato@uni.net, bunker@uni.net
I'm linked in!
If you want, you can leave a comment on my guestbook

[brainfuck]

+++++++++++[>++++++>+++++++++++++++++++++++++++++++++>++++
++++++<<<-]>.>++++++++++.>.<----------.>---------.<+++++++.

0xbffe - Exploit

SQL Injection exploit

ACM_Ariadne_sqlinject_userenum.txt - Unauthorized SQL injection on Ariadne Content Manager <=4.4 (CVE-unknown) (new)

Cross Site Scripting (XSS) Stored exploit

communigate-pro-5.2.14-xss.txt - Stored XSS on Communigate Pro webmail (CVE-unknown)

Cross Site Scripting (XSS) Reflected exploit

xss_popup_name.txt - XSS on PORTAL.WWPOB_HOME_PAGE of Qracle Portal (CVE-unknown)
qdig-1.2.9.3-dev.txt - XSS on Qdig Version 1.2.9.3 and -devel-20060624 (CVE-2007-0876)

Oracle Evil Views exploit

bunkerview.sql - Evil Views exploit for Oracle 9i/10g (CVE-2007-3855)

Oracle Evil cursor injection exploit

sys-lt-compressworkspacetreeV2.sql - perl version - SQL Inj in COMPRESSWORKSPACETREE V2 (11g/10g/9i) - Become DBA (CVE-unknown)
sys-lt-removeworkspaceV2.sql - perl version - SQL Inj in REMOVEWORKSPACE V2 (11g/10g/9i) - Become DBA (CVE-unknown)
sys-lt-mergeworkspaceV2.sql - perl version - SQL Inj in MERGEWORKSPACE (11g/10g/9i) - Become DBA (CVE-unknown)
sys-lt-findricsetV2.sql - perl version - SQL Inj in FINDRICSET V2 (11g/10g) - Become DBA (CVE-2007-5511, Oracle CPUOct2007)
kupm-mcpmainV2.sql - perl version - SQL Inj in KUPM$MCP.MAIN V2 (10g) - Become DBA (CVE-unknown)
dbms_cdc_subscribeV2.sql - perl version - SQL Inj in DBMS_CDC_SUBSCRIBE V2 (9i/10g) - Become DBA (CVE-2007-0269)
dbms_meta_get_ddlV2.sql - perl version - SQL Inj in DBMS_METADATA V2 (9i/10g) - Become DBA (CVE-2006-0260)
kupw-workerV2.sql - perl version - SQL Inj in KUPW$WORKER.MAIN V2 (10g) - Become DBA (CVE-2006-3698)
kupv-ft_attach_jobV2.sql - perl version - SQL Inj in KUPV$FT.ATTACH_JOB V2 (10g) - Become DBA (CVE-2006-0586)

Oracle Classic SQL injection exploit

sys-lt-compressworkspacetree.sql - perl version - SQL Inj in COMPRESSWORKSPACETREE (11g/10g/9i) - Become DBA (CVE-unknown)
sys-lt-removeworkspace.sql - perl version - SQL Inj in REMOVEWORKSPACE (11g/10g/9i) - Become DBA (CVE-unknown)
sys-lt-mergeworkspace.sql - perl version - SQL Inj in MERGEWORKSPACE (11g/10g/9i) - Become DBA (CVE-unknown)
sys-lt-findricset.sql - perl version - SQL Inj in FINDRICSET (11g/10g) - Become DBA (CVE-2007-5511)
kupm-mcpmain.sql - perl version - SQL Inj in KUPM$MCP.MAIN.pl (10g) - Become DBA (CVE-unknown)
dbms_cdc_subscribe.sql - perl version - SQL Inj in DBMS_CDC_SUBSCRIBE (9i/10g) - Become DBA (CVE-2007-0269)
dbms_meta_get_ddl.sql - perl version - SQL Inj in DBMS_METADATA (9i/10g) - Become DBA (CVE-2006-0260)
kupw-worker.sql - perl version - SQL Inj in KUPW$WORKER.MAIN (10g) - Become DBA (CVE-2006-3698)
kupv-ft_attach_job.sql - perl version - SQL Inj in KUPV$FT.ATTACH_JOB (10g) - Become DBA (CVE-2006-0586)
dbms_exp_ext.sql - perl version - SQL Inj in DBMS_EXPORT_EXTENSION (9i/10g) - Become DBA (CVE-2006-2081)

Tru64 exploit

tru64-sshenum.pl - HP Tru64 UNIX v5.1B-3/4 Secure Shell user enumeration (CVE-2007-2791)
osf1tru64ps.ksh - HP Tru64 Alpha OSF1 v5.1 "ps" information leak (CVE-2007-0805)

IBM AIX exploit

ibmaixps.sh - IBM AIX 5.2, 5.3, 6.1 "ps" information leak (CVE-2008-0589)

0xbffd - PoC

Exploiting Linux/x86, beating stack randomization on 2.6

exp_call_rand.pl - Exploit sample against stack randomization ("call *%edx" technique)
exp_jmp_rand.pl - Exploit sample against stack randomization ("jmp *%esp" technique)

Advanced Buffer Overflow (abo) solutions

exp_rand_abo4.pl - Linux/x86 exploit against stack randomization for abo4 (Perl language)
exp_rand_abo3.pl - Linux/x86 exploit against stack randomization for abo3 (Perl language)
exp_rand_abo1.pl - Linux/x86 exploit against stack randomization for abo1 (Perl language)
exp-abo5.txt - Linux/x86 exploit n.1 for abo5 (cli + Perl).
exp-abo4.txt - Linux/x86 exploit n.1 for abo4 (cli + Perl).
exp-abo3.txt - Linux/x86 exploit n.1 for abo3 (cli + Perl).
exp-abo1.txt - Linux/x86 exploit n.2 for abo1 (cli + Perl).
exp-abo1.c - Linux/x86 exploit n.1 for abo1 (C language).

0xbffc - Shellcodes

Solaris/sparc Shellcodes

bunker_sparc_exec.c - Solaris/sparc shellcode that executes any command after setreuid.
bunker_sparc_sc1.c - 56 bytes Solaris/sparc shellcode (setreuid + execve).

Linux/x86 Shellcodes

bunker_exec.c - Linux/x86 shellcode that executes any command after setreuid.
bunker_sc1.c - 32 bytes Linux/x86 shellcode (setreuid + execve).
bunker_sc2.c - 30 bytes Linux/x86 shellcode (setuid + execve).
bunkercode.c - Linux/x86 bytecode that prints "bunker was here!" on tty.

0xbffb - Tools

Blackhat Security tools

perl-backdoor.pl - Advanced Perl backdoor.
ora_exec_cmd.pl - Execute remote operating system commands from Oracle connection.
get_oracle_hash.pl - Get Oracle hash in user:hash form. Ready to be cracked.
proxytest.pl - Perl proxy tester. Report anonymous state and time response.
nmapper.pl - Nmap wrapper for port-related host screening.
ptcheck-0.2.tar.gz - Automagically Pentest Utility. It performs a lot of tasks on multiple target hosts.
sshtiming-0.1.pl - Ssh remote timing tool.

Whitehat Security tools

rc.cryptoswap - Encrypted swap partition (random key) - init script.
rc.cryptospace - Encrypted data partition - init script.

Miscellaneous

pancrazio.tar.gz - Funny modular irc perl bot.
mand_julia-0.4.tar.gz - Fractal generator (julia1, julia2, mandelbrot samples)
lsdevmod.sh - Displays required modules from a list of PCI-ids.
wifi-up.sh - Startup wifi script (Prism54g and Orinoco cards).
ajenda.sh - Bash script for managing notes.
backuphome.sh - Automagically backup script.
encrypt-backup.sh - Encrypts entire directory with gnupg and sends it via openssh.
decrypt-backup.sh - Decrypts encrypted backup.
bunker-one-xpm.tar.gz - My fluxbox style (xpm version).
bunker-one-png.tar.gz - My fluxbox style (png version) - sshot.

0xbffb - Configuration files

adblock.txt - Adblock filters.
vimrc - Vimrc file.
rc.firewall - Little script with netfilter rules.
muttrc - Muttrc file.
Xdefaults - Aterm configuration
local.cf - Spamassassin rules.
keys - Fluxbox key-bindings.

0xbffb - Papers

subnb3350.php - Installing slackware on a Gateway Solo 3350 (also on tuxmobil)
cantenna.php - Building cheaper self-made wireless cantenna - IT (also on repair4laptop)

0xb33f - Search in Rawlab