Common Reverse Shells

If you’re lucky enough to find a remote command execution vulnerability, you’ll more often than not want to connect back to your attacking machine to leverage an interactive shell. Below are a collection of reverse shells that use commonly installed programming languages, or commonly installed...

Mandriva Linux Security Advisory : bash (MDVSA-2015:164)

Updated bash packages fix security vulnerability : A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote...

QNAP Web Server Remote Code Execution

Exploit Title: QNAP Web server remote code execution via Bash Environment Variable Code Injection Date: 7 February 2015 Exploit Author: Patrick Pellegrino | [email protected] work / [email protected] other Employer homepage:...

QNAP admin shell via Bash Environment Variable Code Injection Exploit

Exploit for hardware platform in category remote exploits Exploit Title: QNAP admin shell via Bash Environment Variable Code Injection Date: 7 February 2015 Exploit Author: Patrick Pellegrino | email protected work / email protected other Employer homepage: http://www.securegroup.it Vendor...

QNAP Web Server Remote Code Execution via Bash Environment Variable Code Injection Exploit

This Metasploit module allows you to inject unix command with the same user who runs the http service - admin - directly on the QNAP system. Affected products: All Turbo NAS models except TS-100, TS-101, TS-200 Exploit Title: QNAP Web server remote code execution via Bash Environment Variable Cod...

QNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection (Metasploit)

QNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection Metasploit Exploit Title: QNAP Web server remote code execution via Bash Environment Variable Code Injection Date: 7 February 2015 Exploit Author: Patrick Pellegrino |...

QNAP - Admin Shell via Bash Environment Variable Code Injection (Metasploit)

QNAP - Admin Shell via Bash Environment Variable Code Injection Metasploit Exploit Title: QNAP admin shell via Bash Environment Variable Code Injection Date: 7 February 2015 Exploit Author: Patrick Pellegrino | [email protected] work /...

QNAP - Admin Shell via Bash Environment Variable Code Injection (Metasploit)

Exploit Title: QNAP admin shell via Bash Environment Variable Code Injection Date: 7 February 2015 Exploit Author: Patrick Pellegrino | [email protected] work / [email protected] other Employer homepage: http://www.securegroup.it Vendor...

QNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection (Metasploit)

Exploit Title: QNAP Web server remote code execution via Bash Environment Variable Code Injection Date: 7 February 2015 Exploit Author: Patrick Pellegrino | [email protected] work / [email protected] other Employer homepage:...

ElasticSearch Groovy 脚本 远程代码执行漏洞

漏洞相关文件：com.elasticsearch.script.groovy.GroovySandboxExpression-Checker 产生漏洞代码在实现沙盒的类是 com.elasticsearch.script.groovy.GroovySandboxExpression-Checker ,它订制了 Groovy 的沙盒,对表达式进行了安全检测,但是这个沙盒与Java 的 SecurityManager那种沙盒是不同的,从代码中可以看到这个沙盒,只是根据黑白名单,在表达 式语义上判断表达式是否合法的,可以说是一个“浅”沙盒。 具体的代码流程如下图:...

Security Bulletin: Vulnerabilities in Bash affect NVIDIA Tegra Linux L4T CVE 2014-6271, CVE 2014-7169, CVE 2014-7186, CVE 2014-7187, CVE 2014-6277, CVE 2014-6278

Vulnerability Details CVE-2014-6271 GNU Bash processes trailing strings after function definitions in the values of environment variables. This processing allows remote attackers to execute arbitrary code through a crafted environment. CVSS Base Score: 10 CVSS Temporal Score: 8.3 CVSS 2 Vector:...

Exploit for OS Command Injection in Gnu Bash

shellshocker-python ==========...

APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001 OS X 10.10.2 and Security Update 2015-001 are now available and address the following: AFP Server Available for: OS X Mavericks v10.9.5 Impact: A remote attacker may be able to determine...

Mac OS X 10.10.x < 10.10.2 Multiple Vulnerabilities (POODLE)

The remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.2. This update contains several security-related fixes for the following components : - bash - Bluetooth - CFNetwork Cache - CommerceKit Framework - CoreGraphics - CoreSymbolication - CPU Software - FontParser...

Oracle Solaris Third-Party Patch Update : bash (cve_2012_3410_stack_based)

The remote Solaris system is missing necessary patches to address security updates : - Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled...

Oracle Solaris Third-Party Patch Update : bash (multiple_vulnerabilities_in_bash) (Shellshock)

The remote Solaris system is missing necessary patches to address security updates : - GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as...

Red Star 3.0 Desktop Local Root

!/bin/bash Another local 0day in Red Star 3.0 Desktop by TheGreatLeader Run exploit in a X11 terminal and enjoy a root shell... Create temp dir for our payload mkdir /tmp/DPRK msfpayload linux/x86/exec PrependSetuid=true CMD=/bin/bash X echo -e -n...

RedStar 3.0 Desktop - Enable sudo Privilege Escalation

!/bin/bash -e Alternative steps: https://pbs.twimg.com/media/B68inqBIQAA5sK6.png Proof: https://github.com/HackerFantastic/Public/blob/master/exploits/redstar3.0-localroot.png cp /etc/udev/rules.d/85-hplj10xx.rules /tmp/udevhp.bak echo 'RUN+="/bin/bash /tmp/r00t.sh"'...

RedStar 3.0 Desktop - Enable sudo Privilege Escalation

RedStar 3.0 Desktop - Enable sudo Privilege Escalation !/bin/bash -e Alternative steps: https://pbs.twimg.com/media/B68inqBIQAA5sK6.png Proof: https://github.com/HackerFantastic/Public/blob/master/exploits/redstar3.0-localroot.png cp /etc/udev/rules.d/85-hplj10xx.rules /tmp/udevhp.bak echo...

McAfee Email Gateway - Bash Shellshock Code Injection Exploit

A number of security vulnerabilities have been identified in the bash SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...