Linux Kernel 4.14.0-rc4+ - waitid() Local Privilege Escalation

Linux Kernel 4.14.0-rc4+ - waitid Local Privilege Escalation define GNUSOURCE include include include include include include include struct cred; struct taskstruct; typedef struct cred preparekernelcredt struct taskstruct daemon attributeregparm3; typedef int commitcredst struct cred new...

Apple iOS 10.3.1 - Kernel Exploit

Exploit for iOS platform in category local exploits Sources: https://github.com/doadam/ziVA https://blog.zimperium.com/ziva-video-audio-ios-kernel-exploit/ ziVA An iOS kernel exploit designated to work on all 64-bit iOS devices = 10.3.1 More general information...

Apple iOS 10.3.1 - Kernel

Apple iOS 10.3.1 - Kernel Sources: https://github.com/doadam/ziVA https://blog.zimperium.com/ziva-video-audio-ios-kernel-exploit/ ziVA An iOS kernel exploit designated to work on all 64-bit iOS devices = 10.3.1 More general information...

The researchers published the iOS kernel exploit code-exploit warning-the black bar safety net

From the mobile security company Zimperium researchers Adam Donenfeld published zIVA kernel exploit program PoC code. zIVA affect iOS 10.3.1 and prior versions, an attacker can by zIVA using the code to get any read-write and root access. Apple 5 months to fix the vulnerability Apple to 5 months ...

Apple iOS < 10.3.1 - Kernel

Sources: https://github.com/doadam/ziVA https://blog.zimperium.com/ziva-video-audio-ios-kernel-exploit/ ziVA An iOS kernel exploit designated to work on all 64-bit iOS devices = 10.3.1 More general information https://blog.zimperium.com/zimperium-zlabs-ios-security-advisories/...

Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation

Linux Kernel 4.8.0-41-generic Ubuntu - Packet Socket Local Privilege Escalation // A proof-of-concept local root exploit for CVE-2017-7308. // Includes a SMEP & SMAP bypass. // Tested on 4.8.0-41-generic Ubuntu kernel. // https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-7308 // //...

Panda Free Antivirus - PSKMAD.sys Denial of Service Exploit

Exploit for windows platform in category dos / poc / Exploit Title: Panda Cloud Antivirus Free - 'PSKMAD.sys' - BSoD - denial of service Date: 2017-04-29 Exploit Author: Peter baris Vendor Homepage: http://www.saptech-erp.com.au Software Link:...

PonyOS 4.0 - fluttershy LD_LIBRARY_PATH Local Kernel Exploit

Exploit for linux platform in category local exploits !/usr/bin/python PonyOS 4.0 has added several improvements over previous releases including support for setuid binaries and dynamic libraries. The run-time linker does not sanitize environment variables when running setuid files allowing for...

Sony Playstation 4 (PS4) 3.50 < 4.07 - WebKit Code Execution (PoC)

PS4 4.0x Code Execution ============== This repo is my edit of the 4.0x webkit exploit released by qwertyoruiopz. The edit re-organizes, comments, and adds portability across 3.50 - 4.07 3.50, 3.55, 3.70, 4.00, and of course 4.06/4.07. The commenting and reorganization was mostly for my own...

Android MediaTek hardware sensor driver boost vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, and MediaTek hardware sensor driver is a MediaTek-developed hardware sensor driver component used in it. A power lifting vulnerability exists in the MediaTek hardware sensor drive...

NETGEAR DGN2200v1v2v3v4 - dnslookup.cgi Remote Command Execution

NETGEAR DGN2200v1v2v3v4 - dnslookup.cgi Remote Command Execution !/usr/bin/python Provides access to default user account, privileges can be easily elevated by using either: - a kernel exploit ex. memodipper was tested and it worked - by executing /bin/bd suid backdoor present on SOME but not all...

CVE-2017-6074

The dccprcvstateprocess function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCPPKTREQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service double free via an application that makes an IPV6RECVPKTINF...

Netgear DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution

!/usr/bin/python Provides access to default user account, privileges can be easily elevated by using either: - a kernel exploit ex. memodipper was tested and it worked - by executing /bin/bd suid backdoor present on SOME but not all versions - by manipulating the httpd config files to trick the...

NETGEAR DGN2200v1v2v3v4 - ping.cgi Remote Command Execution

NETGEAR DGN2200v1v2v3v4 - ping.cgi Remote Command Execution !/usr/bin/python Provides access to default user account, privileges can be easily elevated by using either: - a kernel exploit ex. memodipper was tested and it worked - by executing /bin/bd suid backdoor present on SOME but not all...

Google Android TSP sysfs - 'cmd_store' Multiple Overflows

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=967 The TSP touchscreen controller driver exposes several sysfs entries through which the driver may be configured. One such entry, "cmd", allows the user to write commands to be executed by the driver. Specifically, the "cmd" entr...

From MS16-098 see a Windows 8.1 kernel exploit-vulnerability warning-the black bar safety net

When I first started contact core vulnerability when I don't have any about the kernel of the experience, not to mention to take advantage of a kernel vulnerability, but I'm always for reverse engineering and exploit techniques are very interested. Initially, my idea was simple: find one not...

Linux Kernel 2.6.22 < 3.9 - Dirty COW PTRACE_POKEDATA Race Condition PoC (Write Access) Exploit

Exploit for linux platform in category local exploits // $ echo pikachu|sudo tee pokeball;ls -l pokeball;gcc -pthread pokemon.c -o d;./d pokeball miltank;cat pokeball include //// pikachu include //// -rw-r--r-- 1 root root 8 Apr 4 12:34 pokeball include //// pokeball include //// include //// o ...

FreeBSD 8.0, 7.3 and 7.2 nfs_mount() denial of service vulnerability

No description provided by source. Local kernel exploit for FreeBSD 8.0, 7.3 and 7.2 include include include include include include include include include include include include include define BUFSIZE 272 define FSNAME "nfs" define DIRPATH "/tmp/nfs" unsigned char kernelcode =...

CVE-2016-7912

Use-after-free vulnerability in the ffsusercopyworker function in drivers/usb/gadget/function/ffs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call...

Linux Kernel 2.6.22 &lt; 3.9 (x86/x64) - &#039;Dirty COW /proc/self/mem&#039; Race Condition Privilege Escalation (SUID Method)

/ EDB-Note: After getting a shell, doing "echo 0 /proc/sys/vm/dirtywritebackcentisecs" may make the system more stable. uncomment correct payload first x86 or x64! $ gcc cowroot.c -o cowroot -pthread $ ./cowroot DirtyCow root privilege escalation Backing up /usr/bin/passwd.. to /tmp/bak Size of...