h1-ctf: Grinch Networks compromised!

Grinch Networks compromised! For fast triage/validation and inspired by @manoelt in other CTF, I made a bash script to find and print all the 12 flags of this CTF. The script uses curl, wget, google-chrome headless for flag 2, unzip, grep and sed. If any of these commands is missing, the script...

Exploit for Improper Privilege Management in Freedesktop Accountsservice

Ubuntu-Gnome-privilege-escalation A bash script exploit of CV...

Taken - Takeover AWS Ips And Have A Working POC For Subdomain Takeover

Takeover AWS ips and have a working POC for Subdomain Takeover. Idea is simple Get subdomains. Do reverse lookups to only save AWS ips. Restart EC2 instance every min. and public ip gets rotated on each restart. Match it with your existing list of subdomain ips and you have a working subdomain...

AdvPhishing - This Is Advance Phishing Tool! OTP PHISHING

This Is Advance Phishing Tool! OTP PHISHING SPECIAL OTP BYPASS VIDEO WORKED Social Media Hack | Link ---|--- Installation Termux | https://www.youtube.com/watch?v=LO3hX1lLBjI Whatsapp OTP | https://www.youtube.com/watch?v=pyB63ym3QYs Google OTP | https://www.youtube.com/watch?v=MhSb4My1lZo Paytm...

Malicious Package in destroyer-of-worlds

The package destroyer-of-worlds contained malicious code. The package contained a bash script that was run as a postinstall script. The script deleted system files and attempted to exhaust resources by creating a large file, a fork bomb and an endless loop. The script targeted UNIX systems...

GHSA-W3F3-4J22-2V3P Malicious Package in destroyer-of-worlds

The package destroyer-of-worlds contained malicious code. The package contained a bash script that was run as a postinstall script. The script deleted system files and attempted to exhaust resources by creating a large file, a fork bomb and an endless loop. The script targeted UNIX systems...

Wing FTP Server 6.2.5 Privilege Escalation

Exploit Title: Wing FTP Server 6.2.5 - Privilege Escalation Google Dork: intitle:"Wing FTP Server - Web" Date: 2020-03-03 Exploit Author: Cary Hooper Vendor Homepage: https://www.wftpserver.com Software Link: https://www.wftpserver.com/download/wftpserver-linux-64bit.tar.gz Version: v6.2.5 and...

openSUSE Security Update : libsolv / libzypp / zypper (openSUSE-2020-255)

This update for libsolv, libzypp, zypper fixes the following issues : Security issue fixed : - CVE-2019-18900: Fixed assert cookie file that was world readable bsc1158763. Bug fixes - Fixed removing orphaned packages dropped by to-be-installed products bsc1155819. - Adds libzypp API to mark all...

Security update for libsolv, libzypp, zypper (moderate)

openSUSE Security Update: Security update for libsolv, libzypp, zypper Announcement ID: openSUSE-SU-2020:0255-1 Rating: moderate References: 1135114 1154804 1154805 1155198 1155205 1155298 1155678 1155819 1156158 1157377 1158763 Cross-References: CVE-2019-18900 Affected Products: openSUSE Leap 15...

SEcraper - Search Engine Scraper Tool With BASH Script.

Search engine scraper tool with BASH script. Dependency curl cli Available search engine Ask.com Search.yahoo.com Bing.com Installation git clone https://github.com/zerobyte-id/SEcraper.git cd SEcraper/ Run bash secraper.bash "QUERY" Download SEcraper...

Code injection

A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface WUI...

CVE-2014-5287

A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface WUI...

CVE-2014-5287

CVE-2014-5287 affects Kemp Load Master 7.1-16 and earlier; a Bash script injection vulnerability arises from failure to sanitize input in the Web UI. Connected sources document multiple vulnerabilities (RCE, CSRF, XSS, DoS) in Kemp Load Master 7.1-16 and earlier, with exploit references (Exploit-...

WEMS BEMS 21.3.1 Undocumented Backdoor Account

WEMS BEMS 21.3.1 Undocumented Backdoor Account Vendor: WEMS Limited Product web page: https://www.wems.co.uk Affected version: Web: 21.3.1 Web: 20.0beta Web: 19.5 Web: 18.4 Firmware: 1.26.6 OS: 5.3 Firmware: 1.23.7 OS: 5.0 Firmware: 1.21.4 OS: 4.1a-usb Firmware: 1.18.0.3 OS: i686-1.1 Platform:...

CVE-2019-19041

An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by...

CVE-2019-19041

CVE-2019-19041 affects Xorux Lpar2RRD 6.11 and Stor2RRD 2.61 (distributed in Xorux 2.41). The underlying issue is improper verification of upgrade packages, allowing an attacker to modify the files.SUM integrity controls and inject a malicious Bash script via upgrade.sh, enabling arbitrary code e...

Fenrir - Simple Bash IOC Scanner

Fenrir is a simple IOC scanner bash script. It allows scanning Linux/Unix/OSX systems for the following Indicators of Compromise IOCs: Hashes MD5, SHA1 and SHA256 using md5sum, sha1sum, sha -a 256 File Names string - checked for substring of the full path, e.g. "temp/p.exe" in "/var/temp/p.exe"...

Sub.Sh - Online Subdomain Detect Script

OnlineSubdomain Detect Script. USAGE Script bash sub.sh webscantest.com ./sub.sh webscantest.com Curl curl -s -L https://raw.githubusercontent.com/cihanmehmet/sub.sh/master/sub.sh | bash -s webscantest.com Subdomain Alive Check bash subalive.sh bing.com curl -s -L...

Sudomy - Subdomain Enumeration & Analysis

Sudomy is a subdomain enumeration tool, created using a bash script, to analyze domains and collect subdomains in fast and comprehensive way. Features For recent time,Sudomy has these 9 features: Easy, light, fast and powerful. Bash script is available by default in almost all Linux distributions...

Webmin 1.920 - Remote Code Execution

!/bin/sh CVE-2019-15107 Webmin Unauhenticated Remote Command Execution based on Metasploit module https://www.exploit-db.com/exploits/47230 Original advisory: https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html Alternative advisory spanish:...