410 matches found
CVE-2016-0727
The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to...
CVE-2016-0727
CVE-2016-0727: The ntp package cronjob that cleans the statistics directory lets local users with access to the ntp account write arbitrary files and escalate privileges. Affected: Ubuntu 12.04 LTS, 14.04 LTS, Wily, and 16.04 LTS with the described pre-patch ntp builds. Impact: local privilege es...
GNS3 Mac OS-X 1.5.2 - ubridge Local Privilege Escalation
GNS3 Mac OS-X 1.5.2 - ubridge Local Privilege Escalation !/bin/sh GNS-3 Mac OS-X LPE local root exploit ===================================== GNS-3 on OS-X bundles the "ubridge" binary as a setuid root file. This file can be used to read arbitary files using "-f" arguement but also as it runs as...
Quest Privilege Manager 6.0.0 - Arbitrary File Write Exploit
Exploit for linux platform in category remote exploits !/usr/bin/env python2 """ Exploit Title: Quest Privilege Manager pmmasterd Arbitrary File Write Date: 10/Mar/2017 Exploit Author: m0t Vendor Homepage: https://www.quest.com/products/privilege-manager-for-unix/ Version: 6.0.0-27, 6.0.0-50 Test...
NetBSD mail.local - Privilege Escalation (Metasploit)
Exploit for bsd platform in category local exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require "msf/core" class MetasploitModule 'NetBSD mail.local Privilege Escalation', 'Description' = %q This module...
NetBSD - 'mail.local(8)' Local Privilege Escalation (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require "msf/core" class MetasploitModule 'NetBSD mail.local Privilege Escalation', 'Description' = %q This module attempts to exploit a race condition in mail.local with...
NetBSD mail.local Privilege Escalation
This module attempts to exploit a race condition in mail.local with SUID bit set on: NetBSD 7.0 - 7.0.1 verified on 7.0.1 NetBSD 6.1 - 6.1.5 NetBSD 6.0 - 6.0.6 Successful exploitation relies on a crontab job with root privilege, which may take up to 10min to execute. This module requires...
Metasploit Cron Persistence Module
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cron Persistence', 'Description' = %q This module will create a cron or crontab entry to execute a payload. The module includes the ability to...
ntop 2.5 Cross Site Request Forgery / Command Execution
To make things easier, I created a Vagrantfile with provisioning so you can have your own nbox appliance and test my findings or give it a shot. There is more stuff to be found, trust me : https://github.com/javuto/nbox-pwnage Replace NTOP-BOX with the IP address of your appliance presuming that...
Cron Persistence
This module will create a cron or crontab entry to execute a payload. The module includes the ability to automatically clean up those entries to prevent multiple executions. syslog will get a copy of the cron entry. This module requires Metasploit: https://metasploit.com/download Current source:...
Redis event a comprehensive analysis-vulnerability warning-the black bar safety net
redis unauthorized access has not been valued, until the 1 1 on No. 4, and in this article on being broke: the redis you can write into the SSH Key and then control the server, the security personnel started a lot of attention to this event. 0×0 1 vulnerability profile Exposed in public of redis ...
Mac OS X rsh Environment Variables Privilege Elevation
Added: 10/15/2015 CVE: CVE-2015-5889 Background The remotecmds component of Apple Mac OS X contains an rsh binary program that allows a user to execute commands on another computer across a computer network. Problem The rsh binary in the remotecmds component of Mac OS X versions prior to 10.11...
issetugid() + rsh + libmalloc OS X Local Root Exploit
The default root-suid binary /usr/bin/rsh on Mac OS X uses execv in an insecure manner. /usr/bin/rsh will invoke /usr/bin/rlogin if launched with only a host argument, without dropping privileges or clearing the environment. This exploit will pass "MallocLogFile" to /usr/bin/rsh, which is then...
issetugid() + rsh + libmalloc OS X Local Root
CVE-2015-5889: issetugid + rsh + libmalloc osx local root tested on osx 10.9.5 / 10.10.5 jul/2015 by rebel import os,time,sys env = s = os.stat"/etc/sudoers".stsize env'MallocLogFile' = '/etc/crontab' env'MallocStackLogging' = 'yes' env'MallocStackLoggingDirectory' = 'a\n root echo "ALL ALL=ALL...
Watchguard XCS FixCorruptMail Local Privilege Escalation
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Watchguard XCS FixCorruptMail Local Privilege Escalation', 'Description' = %q This module exploits a vulnerability in the Watchguard...
Watchguard XCS FixCorruptMail Local Privilege Escalation Exploit
This Metasploit module exploits a vulnerability in the Watchguard XCS 'FixCorruptMail' script called by root's crontab which can be exploited to run a command as root within 3 minutes. This module requires Metasploit: http://metasploit.com/download Current source:...
Watchguard XCS FixCorruptMail Local Privilege Escalation
This module exploits a vulnerability in the Watchguard XCS 'FixCorruptMail' script called by root's crontab which can be exploited to run a command as root within 3 minutes. This module requires Metasploit: https://metasploit.com/download Current source:...
Dhclient Bash Environment Variable Injection Exploit
When bash is started with an environment variable that begins with the string " ", that variable is treated as a function definition and parsed as code. If extra commands are added after the function definition, they will be executed immediately. When dhclient receives an ACK that contains a doma...
Dhclient Bash Environment Variable Injection
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/proto/dhcp' class Metasploit3 'Dhclient Bash Environment Variable Injection', 'Description' = %q| When bash is started with an environment...
Dhclient Bash Environment Variable Injection (Shellshock)
This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets dhclient by responding to DHCP requests with a malicious hostname, domainname, and URL which are then passed to the configuration scripts as environment...