Linux Kernel 2.6 < 2.6.19 (32bit) ip_append_data() ring0 Root Exploit

No description provided by source. / 0x82-CVE-2009-2698 Linux kernel 2.6 2.6.19 32bit ipappenddata local ring0 root exploit Tested White Box 42.6.9-5.ELsmp, CentOS 4.42.6.9-42.ELsmp, CentOS 4.52.6.9-55.ELsmp, Fedora Core 42.6.11-1.1369FC4smp, Fedora Core 52.6.15-1.2054FC5, Fedora Core...

Linux Kernel 2.6 < 2.6.19 (32bit) ip_append_data() ring0 Root Exploit

Exploit for linux platform in category local exploits ===================================================================== Linux Kernel 2.6 include include include include include include unsigned int uid, gid; void getrootuidunsigned task unsigned addr=task;...

FreeBSD <= 6.1 kqueue() NULL pointer Dereference Local Root Exploit

Exploit for freebsd platform in category local exploits =================================================================== FreeBSD include include include include include include include include include include include include int fd, kq; struct kevent kev, ke; struct timespec timeout; volatile...

Linux Kernel 2.4/2.6 sock_sendpage() ring0 Root Exploit (simple ver)

Exploit for linux platform in category local exploits ==================================================================== Linux Kernel 2.4/2.6 socksendpage ring0 Root Exploit simple ver ==================================================================== / 0x82-CVE-2009-2692 Linux kernel 2.4/2.6...

Linux Kernel 2.x sock_sendpage() Local Root Exploit (Android Edition)

No description provided by source. Source for exploiting CVE-2009-2692 on Android; Hole is closed in Android kernels released August 2009 or later. orig: http://zenthought.org/content/file/android-root-2009-08-16-source back: http://milw0rm.com/sploits/android-root-20090816.tar.gz...

Linux Kernel 2.x sock_sendpage() Local Root Exploit (Android Edition)

Exploit for linux platform in category local exploits ===================================================================== Linux Kernel 2.x socksendpage Local Root Exploit Android Edition ===================================================================== Source for exploiting CVE-2009-2692 on...

Linux Kernel 2.x sock_sendpage() Local Root Exploit #2

No description provided by source. Linux NULL pointer dereference due to incorrect protoops initializations ------------------------------------------------------------------------- Quick and dirty exploit for this one: http://www.frasunek.com/protoops.tgz back:...

Openswan &lt;= 2.4.12/2.6.16 Insecure Temp File Creation Root Exploit

No description provided by source. !/bin/bash uglyswan - OpenSwan local root exploit CVE-2008-4190 description: The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the ...

Apple MACOS X xnu <= 1228.9.59 Local Kernel Root Exploit

Exploit for macOS platform in category local exploits ======================================================== Apple MACOS X xnu Apple MACOS X xnu include include include include include include / profil defines / define PROFILITEMSIZE 64 define PROFILBLKSIZE 65536 define PROFILBLKNUM 84 / workq...

Linux Kernel 2.6.29 - &#039;ptrace_attach()&#039; Race Condition Privilege Escalation

/ GNU/Linux kernel 2.6.29 ptraceattach local root race condition exploit. ========================================================================== This is a local root exploit for the 2.6.29 ptraceattach race condition that allows a process to gain elevated privileges under certain conditions...

Linux Kernel 2.6.29 - ptrace_attach() Race Condition Privilege Escalation

Linux Kernel 2.6.29 - ptraceattach Race Condition Privilege Escalation / GNU/Linux kernel 2.6.29 ptraceattach local root race condition exploit. ========================================================================== This is a local root exploit for the 2.6.29 ptraceattach race condition that...

Linux kernel &lt;2.6.29 exit_notify() local root exploit

No description provided by source. !/bin/sh gw-notexit.sh: Linux kernel 2.6.29 exitnotify local root exploit by Milen Rangelov gat3way-at-gat3way-dot-eu Based on 'exitnotify' CAPKILL verification bug found by Oleg Nestorov. Basically it allows us to send arbitrary signals to a privileged suidroot...

Mac OS X xnu Root Exploit

!/bin/bash xnu-hfs-fcntl-v2.sh Copyright c 2008 by Apple MACOS X 792.0 \n" \ "http://www.digit-labs.org/ -- Digit-Labs 2008!@$!\n\n" if ! -f $EXPFILE ; then echo -n " compiling exploit..." gcc -Wall $EXPFILE.c -o $EXPFILE 2 /dev/null if $? != 0 ; then echo " failed" exit $? else echo " done" fi f...

pwned.c - linux 2.4 and 2.6 sys_uselib local root exploit

No description provided by source. / pwned.c - linux 2.4 and 2.6 sysuselib local root exploit. PRIVATE. it's not the best one, the ldt approach is definitively better. discovered may 2004. no longer private because lorian/cliph/ihaquer can lick my balls. c 2004 sd [email protected] requieres cca 1...

Solaris 9 [UltraSPARC] sadmind Remote Root Exploit

No description provided by source. !/usr/bin/perl holygrail2 --------------------------------------------------------------------------------- SunOS 5.9 UltraSPARC sadmind Remote Root Exploit by KingCope in 2008 Most of work was shamelessy ripped from HD-Moore and RISE-Security exploits!!! Bug...

Solaris 9 [UltraSPARC] sadmind Remote Root Exploit

Exploit for solaris platform in category remote exploits ================================================== Solaris 9 UltraSPARC sadmind Remote Root Exploit ================================================== !/usr/bin/perl holygrail2...

Gentoo Security Advisory GLSA 200409-18 (cdrtools)

The remote host is missing updates announced in advisory GLSA 200409-18. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

rsync &lt;= 2.5.7 Local stack overflow Root Exploit

No description provided by source. / rsync = 2.5.7 Local Exploit Saved EIP on stack is overwritten with address of shellcode in memory Generally rsync is not setuid or setgid so just a local shell is of no use So i used a portbinding shellcode as a PoC of a different attack vector. RET is...

Drcat 0.5.0-beta (drcatd) Remote Root Exploit

No description provided by source. / Proof of Concept DRCATD Remote exploit by Taif Test: root@localhost drcat ./drcat -d 127.0.0.1 -u taif -p test Public code by Taif drcat-0.5.0-beta 'remote r00t' proof Bug found by Khan Shirani host: +-+-+-+-+-+-+-+ 127.0.0.1 |C|L|U|P|C|S|R| user:...

Solaris 2.5.1/2.6/7/8 rlogin /bin/login Buffer Overflow Exploit (SPARC)

No description provided by source. / $Id: raptorrlogin.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorrlogin.c - rlogin, Solaris/SPARC 2.5.1/2.6/7/8 Copyright c 2004 Marco Ivaldi [email protected] Buffer overflow in login in various System V based operating systems ...