17 matches found
EUVD-2015-3282
Malware in sbrugna...
Fennec - Artifact Collection Tool For *Nix Systems
fennec is an artifact collection tool written in Rust to be used during incident response on nix based systems. fennec allows you to write a configuration file that contains how to collect artifacts. Features A single statically compiled binary Execute any osquery SQL query Execute system command...
Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and *nix Systems? | McAfee Blogs
Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and nix Systems? Thibault Seret · JUL 28, 2021 Co-written with Northwave’s Noël Keijzer. Executive Summary For a long time, ransomware gangs were mostly focused on Microsoft Windows operating systems. Yes, we observed the...
Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices
UPDATE Cybercriminals behind a string of high-profile ransomware attacks, including one extorting $11 million from JBS Foods last month, have ported their malware code to the Linux operating system. The unusual move is an attempt to target VMware’s ESXi virtual machine management software and...
Hwacha - Deploy Payloads To *Nix Systems En Masse
Hwacha is a tool to quickly execute payloads on Nix based systems. Easily collect artifacts or execute shellcode on an entire subnet of systems for which credentials are obtained. $python hwacha.py &&&& && && && &&&&&&&&&&&& && && && Created by Esteban Rodriguez /\ &&&&&& && &&&&&&&&&& && Web:...
Code injection
syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root...
CVE-2015-3222
syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root...
CVE-2015-3222
OSSEC CVE-2015-3222 affects OSSEC 2.7–2.8.1 on UNIX: the syscheck/seechanges.c code uses a shell diff command via system(), enabling a local user to escalate to root by exploiting this differential reporting feature. The issue is addressed in OSSEC 2.8.2 (fixes noted in release and FreeBSD VuXML/...
The Artillery Project
Artillery is a combination of a honeypot, monitoring tool, and alerting system. Eventually this will evolve into a hardening monitoring platform as well to detect insecure configurations from nix systems. It’s relatively simple, run ./setup.py and hit yes, this will install Artillery in...
OSSEC 2.7 <= 2.8.1 - Local Root Escalation Vulnerability
Exploit for linux platform in category local exploits Fix for CVE-2015-3222 which allows for root escalation via syscheck - https://github.com/ossec/ossec-hids/releases/tag/2.8.2 Affected versions: 2.7 - 2.8.1 Beginning is OSSEC 2.7 d88cf1c9 a feature was added to syscheck, which is the daemon th...
OSSEC 2.7 < 2.8.1 - 'diff' Local Privilege Escalation
Fix for CVE-2015-3222 which allows for root escalation via syscheck - https://github.com/ossec/ossec-hids/releases/tag/2.8.2 Affected versions: 2.7 - 2.8.1 Beginning is OSSEC 2.7 d88cf1c9 a feature was added to syscheck, which is the daemon that monitors file changes on a system, called...
GoAccess - Real-time Web Log Analyzer and Interactive Viewer
GoAccess is an open source real-time web log analyzer and interactive viewer that runs in a terminal in nix systems. It provides fast and valuable HTTP statistics for system administrators that require a visual server report on the fly. Features GoAccess parses the specified web log file and...
Open Source Log Analysis: GoAccess
GoAccess is an open source real-time web log analyzer and interactive viewer that runs in a terminal in nix systems . It provides fast and valuable HTTP statistics for system administrators that require a visual server report on the fly. Features GoAccess parses the specified web log file and...
NCSA httpd 1.x Buffer Overflow Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/3158/info NCSA HTTPd is a free, open-source web server for nix systems. NCSA HTTPd versions 1.3 and earlier are prone to an exploitable buffer overflowin the username field which will allow malicious remote users to execu...
phpBB2 remote execution command
phpBB2 is vulnerable to remote execution command All nix running phpBB2 versoion 2.0. Bug could be found at "phpBB2 root path" which is allowed remote attacker to execute any command remotely. The vulnerability of this attack start with '/phpBB2/includes/db.php?phpbbrootpath=' but some backdoor...
PerlCal (CGI) show files vulnerability
whizkunde security advisory: PerlCal CGI http://www.whizkunde.org | [email protected] ---------------------------------------------------------- Release date: April 27th 2001 Subject: PerlCal CGI security problem Systems affected: NIX not windows systems running PerlCal CGI script Vendor:...
NCSA HTTPd 1.x - Remote Buffer Overflow (1)
// source: https://www.securityfocus.com/bid/3158/info NCSA HTTPd is a free, open-source web server for nix systems. NCSA HTTPd versions 1.3 and earlier are prone to an exploitable buffer overflowin the username field which will allow malicious remote users to execute arbitrary code with the...