281 matches found
meg+ - Automated Reconnaissance Wrapper
This wrapper will automate numerous tasks and help you during your reconnaissance process. The script finds common issues, low hanging fruit, and assists you when approaching a target. meg+ also allows you to scan all your in-scope targets on HackerOne in one go — it simply retrieves them using a...
Numbers game: Exploring IntegerOverflow vulnerability in a popular nginx web server.
By @aLLy , Wallarm Research There was a very interesting vulnerability discovered in nginx, one of the most popular web/proxy/load balancing servers. This vulnerability leaks information about the application behind the nginx proxy. For example, a specially formed request can retrieve information...
RHEL 6 / 7 : Red Hat Satellite 6 (RHSA-2018:0273)
An update is now available for Red Hat Satellite 6.2 for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...
DVWA - Damn Vulnerable Web Application
Damn Vulnerable Web Application DVWA is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid...
MHA - Mail Header Analyzer
Mail header analyzer is a tool written in flask for parsing email headers and converting them to a human readable format and it also can: Identify hop delays. Identify the source of the email. Identify hop country. MHA is an alternative for the following: Name | Dev | Issues ---|---|---...
changeme - A Default Credential Scanner
A default credential scanner. About Getting default credentials added to commercial scanners is often difficult and slow. changeme is designed to be simple to add new credentials without having to write any code or modules. changeme keeps credential data separate from code. All credentials are...
Rancher Server - Docker Daemon Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rancher Server - Docker Exploit', 'Description' = %q Utilizing Rancher Server, an attacker can create a docker container with the '/' path mounte...
Rancher Server - Docker Daemon Code Execution Exploit
Utilizing Rancher Server, an attacker can create a docker container with the '/' path mounted with read/write permissions on the host server that is running the docker container. As the docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to...
kernel: Memory leaks in xfs_attr_list.c error paths
A flaw was found in the Linux kernel's implementation of XFS file attributes. Two memory leaks were detected in xfsattrshortformlist and xfsattr3leaflistint when running a docker container backed by xfs/overlay2. A dedicated attacker could possible exhaust all memory and create a denial of servic...
LinEnum v0.6 - Scripted Local Linux Enumeration and Privilege Escalation Checks
LinEnum will automate many of the checks that I’ve documented in the Local Linux Enumeration & Privilege Escalation Cheatsheet. It’s a very basic shell script that performs over 65 checks, getting anything from kernel information to locating possible escalation points such as potentially useful...
kernel: Memory leaks in xfs_attr_list.c error paths
A flaw was found in the Linux kernel's implementation of XFS file attributes. Two memory leaks were detected in xfsattrshortformlist and xfsattr3leaflistint when running a docker container backed by xfs/overlay2. A dedicated attacker could possible exhaust all memory and create a denial of servic...
Docker Daemon - Unprotected TCP Socket
Docker Daemon - Unprotected TCP Socket Exploit Title: Docker Daemon - Unprotected TCP Socket Date: 20-07-2017 Exploit Author: Martin Pizala Vendor Homepage: https://www.docker.com Software Link: https://www.docker.com/get-docker Version: Since 0.4.7 2013-06-28 feature: mount host directories Test...
Docker Daemon - Unprotected TCP Socket
Exploit Title: Docker Daemon - Unprotected TCP Socket Date: 20-07-2017 Exploit Author: Martin Pizala Vendor Homepage: https://www.docker.com Software Link: https://www.docker.com/get-docker Version: Since 0.4.7 2013-06-28 feature: mount host directories Tested on: Docker CE 17.06.0-ce and Docker...
The AWS metadata service SSRF vulnerability analysis-vulnerability warning-the black bar safety net
One, Foreword Recently I was busy with a small project, to study how the Docker container executing untrusted Python code. According to the project requirements, I need to test more online code execution engine, research them on the various attacks of the reaction. In the research process, I foun...
CVE-2016-8954
IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database...
Hardcoded credentials
IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database...
CVE-2016-8954
IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database...
CVE-2016-9685
A flaw was found in the Linux kernel's implementation of XFS file attributes. Two memory leaks were detected in xfsattrshortformlist and xfsattr3leaflistint when running a docker container backed by xfs/overlay2. A dedicated attacker could possible exhaust all memory and create a denial of servic...
Exploit for Race Condition in Canonical Ubuntu_Linux
dirtycow-docker-vdso This repository is the necessary bits to...
Docker Daemon - Local Privilege Escalation (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Docker Daemon Privilege Escalation', 'Description' = %q This module obtains root privileges from any host account with access to the Docker daemon...