EulerOS 2.0 SP3 : zsh (EulerOS-SA-2019-2684)

According to the versions of the zsh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program...

EulerOS 2.0 SP2 : zsh (EulerOS-SA-2019-2459)

According to the versions of the zsh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in zsh before 5.6. The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named...

Linux/x86 - (NOT|ROT+8 Encoded) execve(/bin/sh) null-free Shellcode (47 bytes)

Title: Linux/x86 NOT|ROT+8 Encoded execve/bin/sh null-free Shellcode 47 bytes Author: Daniel Ortiz Date: 2019-10-30 Tested on: Linux 4.18.0-25-generic 26 Ubuntu Size: 47 bytes SLAE ID: PA-9844 ----------------------- execve ------------------------------------------------ global start section .te...

Linux/x86 - execve(/bin/sh) socket reuse Shellcode (42 bytes)

Exploit Name: Linux/x86 - execve/bin/sh socket reuse Shellcode 42 bytes Author : WangYihang Tested on: Linuxx86 Shellcode Length: 42 CVE: N/A ;================================================================================ Shellcode : char shellcode =...

Linux/x86 - execve /bin/sh Shellcode (25 bytes)

Exploit Title: Linux/x86 - execve /bin/sh ShellCode 25 bytes Author: bolonobolo Vendor Homepage: None Software Link: None Tested on: Linux x86 CVE: N/A / global start section .text start: cdq ; xor edx mul edx lea ecx, eax mov esi, 0x68732f2f mov edi, 0x6e69622f push ecx ; push NULL in stack push...

Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)

Exploit Title: Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode 91 bytes Author: bolonobolo Tested on: Linux x86 Software: N/A CVE: N/A / global start section .text start: ;socket xor ecx, ecx ; xoring ECX xor ebx, ebx ; xoring EBX mul ebx ; xoring EAX and EDX inc cl ; ECX should be 1...

NewStart CGSL CORE 5.04 / MAIN 5.04 : zsh Vulnerability (NS-SA-2019-0200)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has zsh packages installed that are affected by a vulnerability: - An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is...

Linux/x86_64 - Reverse Shell (/bin/sh) with Configurable Password Shellcode (120 bytes)

/ ; Title : Linux/x8664 - Reverse Shell /bin/sh with Password configurable 120 bytes ; Date : 2019-08-18 ; Author : Gonçalo Ribeiro @goncalor ; Website : goncalor.com ; SLAE64-ID : 1635 global start %define pass "pass" %define port 0x5c11 ; htons4444 start: jmp realstart password: db pass passlen...

Linux/x86_64 - AVX2 XOR Decoder + execve(/bin/sh) Shellcode (62 bytes)

/ ; Title : Linux/x8664 - AVX2 XOR Decoder + execve"/bin/sh" 62 bytes ; Author : Gonçalo Ribeiro @goncalor ; Website : goncalor.com ; SLAE64-ID : 1635 ; this only works on machines with a CPU that supports AVX2 instructions global start start: jmp calldecoder decoder: pop rsi lea rdi, rsi+1 ;...

Linux - Use-After-Free Reads in show_numa_stats()

/ On NUMA systems, the Linux fair scheduler tracks information related to NUMA faults in taskstruct::numafaults and taskstruct::numagroup. Both of these have broken object lifetimes. Since commit 82727018b0d3 "sched/numa: Call tasknumafree from doexecve", first in v3.13, -numafaults is freed not...

Arbitrary Command Execution

zsh is vulnerable to arbitrary command execution. The truncation of Shebang lines that exceed 64 characters could potentially lead to arbitrary execve call...

Linux/x86 - Force Reboot Shellcode (51 bytes)

---------------------- DESCRIPTION ------------------------------------- ; Title: NOT encoded Linux/x86 Force Reboot shellcode for Linux/x86 - Polymorphic ; Author: Daniel Ortiz ; Tested on: Linux 4.18.0-25-generic 26 Ubuntu ; Size: 51 bytes ; SLAE ID: PA-9844 ---------------------- ASM CODE...

Linux/x86 - NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode (168 bytes)

/ description ; Title : X64 NOT +SHIFT-N+ XOR-N encoded /bin/sh - shellcode ; Author : Pedro Cabral ; Twitter : @CabrallPedro ; LinkedIn : https://www.linkedin.com/in/pedro-cabral1992 ; SLAE ID : SLAE64 - 1603 ; Purpose : spawn /bin/sh shell ; Tested On : Ubuntu 16.04.6 LTS ; Arch : x64 ; Size :...

DEBIAN-CVE-2019-13272

In the Linux kernel before 5.1.17, ptracelink in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a...

CVE-2019-13272

In the Linux kernel before 5.1.17, ptracelink in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a...

CVE-2019-13272

In the Linux kernel before 5.1.17, ptracelink in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a...

CVE-2019-13272

In the Linux kernel before 5.1.17, ptracelink in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a...

UBUNTU-CVE-2019-13272

In the Linux kernel before 5.1.17, ptracelink in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a...

CVE-2019-13272

In the Linux kernel before 5.1.17, ptracelink in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a...

Linux/ARM64 - mmap() + read() stager + execve("/bin/sh", NULL, NULL) Shellcode (60 Bytes

/ Title: Linux/ARM64 - mmap + read stager + execve"/bin/sh", NULL, NULL Shellcode 60 Bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description:...