Research And Publications

 Home / Research / Research And Publications

Code Releases

ASL HackMe Labs is yet another vulnerabile web application to practice various web based attacks. You can practice many web application attacks with these labs. Can be installed in both XAMPP and WAMPP.
Attacks You Can Practice With ASL HackMe Labs are

1) SQLi login bypass
2) SQLi Error Based
3) SQLi UNION based
4) Bilnd SQLi
5) SQLi filter bypassing
6) SQLi with INSERT_INTO
7) User Agent based SQLi
8) XSS through SQLi
9) Upload webshell through SQLi
10) XSS
11) User Agent based XXS
12) Full Path Disclosure
13) LFI
14) RFI
15) PHP Wrapper injections
16) Cookie based SQLi
17) Image Upload bypasses
18) Javascript Login Bypass
19) Logs Poisoning
20) Remote Command Execution
21) Header Injections

Download here...

Research Papers

Manual analysis of mailcious PDF malware

A paper discussing on how to manually analyze malicious pdf documents, extract javascript from pdf, test shellcode etc.

Read More


Recreating exploits from malware samples found in the Wild..

This is a paper on how to analyze and reverse engineer malware samples found in the wild. And for an offensive approach to security how to recreate these weapons to use against the mailcious hackers.

Read More


Uac a total Joke!

A UAC bypass method discovered by us.

Read More


Defeating Captcha by image reconstruction !

An interesting project to defeat Liberty Reserve captcha. This technique can be used to crack other similar captchs's also.

Read More


Web Vulnerabilities

XSS vulnerability in AOL search. We are trying to contact the AOL team. No reply from them yet.

Read More


There is a Cross Site Scripting Vulnerability in yahoo.com subdomain. Its in upcoming.yahoo.com . This vulnerability allows the attacker to steal cookies and perform session hijacking attacks or use XSS worms. The vendor has been notified regarding the vulnerability details.

Read More


Sql Injection in Facebook applications!

Read More


Pragyan CMS v 3,0 mulltiple vulnerabilities!

Read More


Exploits

MS Office 2007 and 2010 - OLE Arbitrary Command Execution

http://www.exploit-db.com/exploits/35216/


Microsoft Word Record Parsing Buffer Overflow

http://packetstormsecurity.com/files/92937/Microsoft-Word-Record-Parsing-Buffer-Overflow.html


SAP Player 0.9 Buffer Overflow

http://packetstormsecurity.com/files/92937/Microsoft-Word-Record-Parsing-Buffer-Overflow.html


Microsoft Office 2008 SP0 RTF Pfragments exploit for the Mac.

http://packetstormsecurity.com/files/111961/Office-2008-SP0-RTF-Pfragments-MAC-Exploit.html


Digital Music Pad version 8.2.3.4.8 SEH overflow exploit.

http://packetstormsecurity.com/files/97146/Digital-Music-Pad-8.2.3.4.8-SEH-Overflow.html


Quick Player version 1.3 unicode SEH exploit.

http://packetstormsecurity.com/files/94356/Quick-Player-1.3-Unicode-SEH-Exploit.html


This Metasploit module exploits a buffer overflow in Digital Music Pad version 8.2.3.3.4. When opening a malicious pls file with the Digital Music Pad, a remote attacker could overflow a buffer and execute arbitrary code.

http://packetstormsecurity.com/files/94303/Digital-Music-Pad-8.2.3.3.4-SEH-Overflow.html


DJ Studio Pro version 8.1.3.2.1 SEH overwrite exploit.

http://packetstormsecurity.com/files/93983/DJ-Studio-Pro-8.1.3.2.1-SEH-Overwrite.html


Audiotran version 1.4.2.4 SEH overflow exploit that creates a malicious .pls file.

http://packetstormsecurity.com/files/93705/Audiotran-1.4.2.4-SEH-Overflow.html


Virtual DJ Trial version 6.1.2 SEH buffer overflow crash proof of concept exploit.

http://packetstormsecurity.com/files/93502/Virtual-DJ-Trial-6.1.2-Buffer-Overflow.html


Microsoft Office memory corruption code execution exploit that demonstrates a malformed property vulnerability.

http://packetstormsecurity.com/files/93302/Microsoft-Office-Property-Code-Execution.html


Microsoft Excel Featheader buffer overflow exploit that leverages the vulnerability noted in MS09-067.

http://packetstormsecurity.com/files/92977/Microsoft-Excel-Featheader-Buffer-Overflow.html


Mediacoder version 0.7.5.4710 buffer overflow exploit that binds a shell to port 5555.

http://packetstormsecurity.com/files/92457/Mediamonkey-3.2.1.1297-Denial-Of-Service.html


Video Workstation Version 5.3.9.4 dll hijacking (iacenc.dll, ir50_lcs.dll)!!

http://1337day.com/exploits/14314


iworkstation Version 9.3.2.1.4 dll hijacking exploit

http://1337day.com/exploits/14286


Vulnerabilities

Mediamonkey v. 3.2.1.1297 DOS POC

http://1337day.com/exploits/13579


Spider player .m3u playlist DOS POC

http://1337day.com/exploits/13578


Rosoft media player 4.4.4 SEH buffer overflow POC

http://1337day.com/exploits/13643


Quintessential Player 5.0.121 Denial of Service

http://1337day.com/exploits/13629

  •   2369, Shadikhampur West Patel Nagar,
    New Delhi - 110008
  •   +91 9899395593
  •   +91 9899395593
  • info@aslitsecurity.com

About ASL IT Security

Our goal is to provide highest levels of technical excellence, combined with the equally important qualities of trustworthiness, responsiveness and excellent customer service. Nowhere else will you find such a highly targeted combination of resources specifically dedicated to the success of today's IT-security professional.


Read more
Choose Theme Options


Predefined Color Skins