Microsoft Azure Sphere Linux namespace ptrace unsigned code execution vulnerability

Summary An unsigned code execution vulnerability exists in the Linux namespace ptrace functionality of Microsoft Azure Sphere 21.01. Specially crafted shellcode could allow an adversary to execute unsigned code. An attacker can change the namespace and use ptrace to modify the code of a running...

AndroidSecNotes

原文 by 瘦蛟舞 0x00 序 随着移动安全越来越火,各种调试工具也都层出不穷,但因为环境和需求的不同,并没有工具是万能的。另外工具是死的,人是活的,如果能搞懂工具的原理再结合上自身的经验,你也可以创造出属于自己的调试武器。因此,笔者将会在这一系列文章中分享一些自己经常用或原创的调试工具以及手段,希望能对国内移动安全的研究起到一些催化剂的作用。 文章中所有提到的代码和工具都可以在我的github下载到,地址是: https://github.com/zhengmin1989/TheSevenWeapons 0x01 利用函数挂钩实现native层的hook...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A use-after-free flaw in the mprotect system call could allow a local, unprivileged user to cause a local denial of service...

Linux/ARM64 - Egghunter (PWN!PWN!) + execve("/bin/sh", NULL, NULL) + mprotect() Shellcod

/ Title: Linux/ARM64 - Egghunter PWN!PWN! + execve"/bin/sh", NULL, NULL + mprotect Shellcode 88 Bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu...

Netperf 2.6.0 - Stack-Based Buffer Overflow Exploit

Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: Netperf 2.6.0 s a benchmark tool than developed by Helett Packard that can be used to measure the performance of many different types of networking. It provides tests for both unidirectional troughput...

Netperf 2.6.0 - Stack-Based Buffer Overflow

Netperf 2.6.0 - Stack-Based Buffer Overflow Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: Netperf 2.6.0 s a benchmark tool than developed by Helett Packard that can be used to measure the performance of many different types of networking. It...

Netperf 2.6.0 Buffer Overflow

Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: Netperf 2.6.0 s a benchmark tool than developed by Hewlett Packard that can be used to measure the performance of many different types of networking. It provides tests for both unidirectional troughput...

Netperf 2.6.0 - Stack-Based Buffer Overflow

Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: Netperf 2.6.0 s a benchmark tool than developed by Helett Packard that can be used to measure the performance of many different types of networking. It provides tests for both unidirectional troughput...

XNU POSIX Shared Memory Mapping Issue Exploit

Exploit for multiple platform in category local exploits XNU: POSIX shared memory mappings have incorrect maximum protection CVE-2018-4435 When the mmap syscall is invoked on a POSIX shared memory segment DTYPEPSXSHM, pshmmmap maps the shared memory segment's pages into the address space of the...

Cisco ASA - Authentication Bypass 'EXTRABACON' (Improved Shellcode) (69 bytes)

; ; Cisco ASA Authentication Bypass EXTRABACON Better Shellcode 69 bytes ; ; Copyright: c 2016 RiskSense, Inc. https://risksense.com ; License: http://opensource.org/licenses/MIT ; Release Date: September 15, 2016 ; ; Author: Sean Dillon 2E3C8D72353C9B8C9FF797E753EC4C9876D5727B ; ; Description: ;...

Fedora 23 : webkitgtk4-2.10.7-1.fc23 (2016-ec05afb364)

This update together with previous releases addresses the following vulnerabilities: - CVE-2015-7096 - CVE-2015-7098 Additional fixes: - Disable DNS prefetch when a proxy is configured. - Reduce the maximum simultaneous network connections to match other browsers. - Make WebKitWebView always...

MiniUPnP igd_desc_parse. c buffer overflow

No description provided by source. TALOS-CAN-0035 CVE 2015-6031 exploit by Aleksandar Nikolic illustrating the SSP bypass with a stack buffer overflow in an application that uses pthreads. import socket import struct SSDP reply to MSEARCH request, specifies the location URL reply = """HTTP/1.1 20...

linux/x86 Downloand & Execute shellcode

Linux/x86 Downloand&Execute ------WE ARE BOMBERMANS---- Greetz : BombermanLeader Author : B3mB4m Just the two of us LOL. Info! This shellcode has two part.Because when using fork in asm, ocurrs problems in shellcode. So you can use multiprocessing to do this. If you dont want problem while runnin...

Linux/x86 - Download & Execute

Linux/x86 - Download & Execute. Shellcode exploit for linx86 platform Linux/x86 Download&Execute ------WE ARE BOMBERMANS---- Greetz : BombermanLeader Author : B3mB4m Just the two of us LOL. Info! This shellcode has two part.Because when using fork in asm, ocurrs problems in shellcode. So you can...

Apple Mac OS X v10.4.11 2007-008 i386_set_ldt System Call Local Arbitrary Code Execution

No description provided by source. source: http://www.securityfocus.com/bid/26444/info Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including AppleRAID, CFFTP, CFNetwork, CoreFoundation, CoreText, kernel, remotecmds,...

Linux Kernel 2.4/2.6 - sock_sendpage() ring0 Root Exploit (Simple Version)

No description provided by source. / 0x82-CVE-2009-2692 Linux kernel 2.4/2.6 32bit socksendpage local ring0 root exploit simple ver Tested RedHat Linux 9.0, Fedora core 411, Whitebox 4, CentOS 4.x. -- Discovered by Tavis Ormandy and Julien Tinnes of the Google Security Team. spender and venglin's...

openSUSE Security Update : kernel (openSUSE-SU-2011:0004-1)

The openSUSE 11.3 kernel was updated to fix various bugs and security issues. Following security issues have been fixed: CVE-2010-4347: A local user could inject ACPI code into the kernel via the world-writable 'customdebug' file, allowing local privilege escalation. CVE-2010-4258: A local attack...

Wireshark 1.4.4 DECT Dissector Buffer Overflow

!/usr/bin/env python -- coding: iso-8859-15 -- a = """ \n\t-- CVE: 2011-1591 : Wireshark = 2.5 For any comments, remarks, news, please mail me : ipv at team . net \n""" import sys, struct if sys.versioninfo = 2, 5: from scapy.all import else: from scapy import align def xv: return struct.pack"I",...

Ubuntu Security Notice USN-1202-1

========================================================================== Ubuntu Security Notice USN-1202-1 September 13, 2011 linux-ti-omap4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

Ubuntu Update for linux USN-1167-1

Ubuntu Update for Linux kernel vulnerabilities USN-1167-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN11671.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for linux USN-1167-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...