1131 matches found
BSA-2017-358
Security Advisory ID : BSA-2017-358 Component : Offset2lib Patch Protection Bypass Revision : 2.0: Interim The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to beexecve'edwith 1GB of arguments or environmental strings then the stack occupies the...
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - ldso_hwcap Loc
Exploit for linux platform in category local exploits / Linuxldsohwcap.c for CVE-2017-1000366, CVE-2017-1000370 Copyright C 2017 Qualys, Inc. myimportanthwcaps adapted from elf/dl-hwcaps.c, part of the GNU C Library: Copyright C 2012-2017 Free Software Foundation, Inc. This program is free...
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) -
Exploit for linux platform in category local exploits / Linuxldsohwcap64.c for CVE-2017-1000366, CVE-2017-1000379 Copyright C 2017 Qualys, Inc. myimportanthwcaps adapted from elf/dl-hwcaps.c, part of the GNU C Library: Copyright C 2012-2017 Free Software Foundation, Inc. This program is free...
FreeBSD - 'setrlimit' Stack Clash (PoC)
/ FreeBSDCVE-2017-1085.c Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or at your option any later version. This...
Linux Kernel (Debian 78910 Fedora 232425 CentOS 5.35.116.06.87.2.1511) - ldso_hwcap Stack Clash Local Privilege Escalation
Linux Kernel Debian 78910 Fedora 232425 CentOS 5.35.116.06.87.2.1511 - ldsohwcap Stack Clash Local Privilege Escalation / Linuxldsohwcap.c for CVE-2017-1000366, CVE-2017-1000370 Copyright C 2017 Qualys, Inc. myimportanthwcaps adapted from elf/dl-hwcaps.c, part of the GNU C Library: Copyright C...
Linux/x86 - Reverse UDP Shellcode (668 bytes)
; SLAE-X ; thanks to writesup from previou students : ; assignment: 2. create a reverse shell ; originality: using UDP instead TCP ; usage : sudo ncat -lup 53 on the receiving end ; warning, this shellcode might contains null byte if you use certain ip / address %define htonsx x 8 & 0xFF | x & 0x...
CVE-2017-1000370
The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2li...
Design/Logic Flaw
The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2li...
DEBIAN-CVE-2017-1000370
The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2li...
CVE-2017-1000370
The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2li...
CVE-2017-1000370
The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2li...
CVE-2017-1000370
The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2li...
CVE-2017-1000370
CVE-2017-1000370 affects the Linux kernel (4.11.5 and earlier) on i386. The offset2lib patch vulnerability lets a PIE binary be execve’d with an enormous 1 GB argument/environment list, causing the stack to occupy 0x80000000 and the PIE binary to be mapped above 0x40000000, bypassing the patch’s ...
CVE-2017-1000370
The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2li...
UBUNTU-CVE-2017-1000370
The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2li...
Linux/x86_64 - execve("/bin/sh") Shellcode (24 bytes)
Linux/x8664 - execve"/bin/sh" Shellcode 24 bytes. Shellcode exploit for Linx86-64 platform / ;Category: Shellcode ;Title: GNU/Linux x8664 - execve /bin/sh ;Author: m4n3dw0lf ;Github: https://github.com/m4n3dw0lf ;Date: 14/06/2017 ;Architecture: Linux x8664 ;Tested on : 1 SMP Debian 4.9.18-1...
Linux/x86 - XOR encoded execve(/bin/sh) setuid(0) setgid(0) Shellcode (66 bytes)
Linux/x86 - XOR encoded execve/bin/sh setuid0 setgid0 Shellcode 66 bytes. Shellcode exploit for Linx86 platform ;Title: Linux/x86 - 66 byte - execve/bin/sh - setuid0 - setgid0 - XOR encrypted ;Author: nullparasite ;Contact: [email protected] ;Category: Shellcode ;Architecture: Linux x86...
Linux/x86 - execve("/bin/sh") Shellcode (24 bytes)
/ ;Category: Shellcode ;Title: GNU/Linux x8664 - execve /bin/sh ;Author: m4n3dw0lf ;Github: https://github.com/m4n3dw0lf ;Date: 14/06/2017 ;Architecture: Linux x8664 ;Tested on : 1 SMP Debian 4.9.18-1 2017-03-30 x8664 GNU/Linux Source section .text global start start: push rax xor rdx, rdx xor rs...
Linux/x86 - XOR encoded execve(/bin/sh) setuid(0) setgid(0) Shellcode (66 bytes)
;Title: Linux/x86 - 66 byte - execve/bin/sh - setuid0 - setgid0 - XOR encrypted ;Author: nullparasite ;Contact: email protected ;Category: Shellcode ;Architecture: Linux x86 ;Description: This shellcode, first set uid and gid to zero then call shell using execve. Also, /bin/sh defined as a XOR...
Linux/x86-64 - Reverse Shell Shellcode (IPv6) (113 bytes)
BITS 64 ; reverse ip6 tcp shell ; size = 113 bytes depends of ip addr, default is ::1 ; nullbytes free depends only on ip addr, ; you could always and the ip add to remove ; the nulls like i did with the port ; it sleeps and then tries to recconect default 3 seconds ; ;shell =...