EUVD-2015-1242

Malware in sbrugna...

SUSE CVE-2011-3145

When mount.ecrpytfsprivate before version 87-0ubuntu1.2 calls setreuid it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfsprivate...

Linux/x86 - setreuid(0) + execve(/bin/sh) Shellcode (29 bytes)

/ Author: Artur ajes Szymczak 2021 Function: Linux x86 shellcode, setreuid to 0 and then execute /bin/sh Size: 29 bytes Testing: $ gcc -fno-stack-protector -z execstack shellcodetester.c -o shellcode shellcodetester.c: In function ‘main’: shellcodetester.c:25:2: warning: incompatible implicit...

AIX 5.3L /usr/sbin/lquerypv Local Root Privilege Escalation Exploit

/AIX 5.3L /usr/sbin/lquerypv local root privilege escalation =========================================================== AIX5.3L includes a setuid root binary "lquerypv" which contains a stack-based overflow in the handling of -V command line argument. However, prior to the vulnerability being...

DEBIAN-CVE-2011-3145

When mount.ecrpytfsprivate before version 87-0ubuntu1.2 calls setreuid it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfsprivate...

CVE-2011-3145

When mount.ecrpytfsprivate before version 87-0ubuntu1.2 calls setreuid it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfsprivate...

CVE-2011-3145

When mount.ecrpytfsprivate before version 87-0ubuntu1.2 calls setreuid it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfsprivate...

Linux/x86 - fork() + setreuid(0, 0) + execve(cp /bin/sh /tmp/sh; chmod 4755 /tmp/sh) Shellcode (126

/ linux/x86 shamelessly ripped from one of my unpublished exploits / / fork's, does setreuid0, 0; then execve's: /bin/sh -c "cp /bin/sh /tmp/sh; chmod 4755 /tmp/sh" hence dropping a SUID root shell in /tmp. / char shellc = / Shellcode to drop a SUID root shell in /tmp/sh. Forgive the Intel syntax...

Linux/x86 - Audio (knock knock knock) via /dev/dsp + setreuid(0,0) + execve() Shellcode (566 bytes)

/ Audio knock knock knock via /dev/dsp + setreuid0,0 + execve shellcode. Linux x86 Author: Cody Tubbs loophole of hhp. www.hhp-programming.net / email protected 12/20/2000. F.U. to ph1xry4n. -From me and dxmd... If I ripped this, show me the source... or better yet go barrow a shovel so you can d...

Linux/x86-64 - setreuid(0,0) + execve(/bin/csh, [/bin/csh, NULL]) + XOR Encoded Shellcode (87 bytes)

Title: Linux x86-64 setreuid 0,0 & execve"/bin/csh", "/bin/csh", NULL + XOR encoded - 87 bytes Author: egeektronic Twitter: @egeektronic Tested on: Slackware 13.37 Thanks: Mark Loiseau, entropy at phiral.net and metasm developer unsigned char shellcode =...

Linux/x86-64 - setreuid(0,0) + execve(/bin/ash,NULL,NULL) + XOR Encoded Shellcode (85 bytes)

Title: Linux x86-64 setreuid 0,0 & execve"/bin/ash",NULL,NULL + XOR encoded - 85 bytes Author: egeektronic Twitter: @egeektronic Tested on: Slackware 13.37 Thanks: Mark Loiseau, entropy at phiral.net and metasm developer unsigned char shellcode =...

Linux/x86-64 - setreuid(0,0) + execve(/bin/zsh, [/bin/zsh, NULL]) + XOR Encoded Shellcode (87 bytes)

Title: Linux x86-64 setreuid 0,0 & execve"/bin/zsh", "/bin/zsh", NULL + XOR encoded - 87 bytes Author: egeektronic Twitter: @egeektronic Tested on: Slackware 13.37 Thanks: Mark Loiseau, entropy at phiral.net and metasm developer unsigned char shellcode =...

Linux/x86-64 - setreuid(0,0) + execve(/bin/ksh, [/bin/ksh, NULL]) + XOR Encoded Shellcode (87 bytes)

Title: Linux x86-64 setreuid 0,0 & execve"/bin/ksh", "/bin/ksh", NULL + XOR encoded - 87 bytes Author: egeektronic Twitter: @egeektronic Tested on: Slackware 13.37 Thanks: Mark Loiseau, entropy at phiral.net and metasm developer unsigned char shellcode =...

Linux/SPARC - setreuid(0,0) + execve(/bin/sh) Shellcode (64 bytes)

/ Linux/SPARC setreuid0,0; execve of /bin/sh shellcode. / char c0de = / anathema / / setreuid0,0; / "\x82\x10\x20\x7e" / mov 126, %g1 / "\x92\x22\x40\x09" / sub %o1, %o1, %o1 / "\x90\x0a\x40\x09" / and %o1, %o1, %o0 / "\x91\xd0\x20\x10" / ta 0x10 / / execve of /bin/sh / "\x2d\x0b\xd8\x9a" / sethi...

Linux/SPARC - setreuid(0,0) + standard execve() Shellcode (72 bytes)

/ Linux/SPARC setreuid0, 0; necessary, /bin/sh drops privs, standard execve. / char c0de = / by michel kaempf / / setuid 0 ; / "\x90\x1a\x40\x09\x82\x10\x20\x17\x91\xd0\x20\x10" / setgid 0 ; / "\x90\x1a\x40\x09\x82\x10\x20\x2e\x91\xd0\x20\x10" / Aleph One : /...

BSD/x86 - setreuid(geteuid(), geteuid()) + execve(/bin/sh) Shellcode (36 bytes)

/ bsd/x86 setreuid/exec shellcode setreuidgeteuid, geteuid and execve"/bin/sh", "/bin/sh", 0 shellcode based on hkpco's setreuid/exec shellcode for linux Tested on FreeBSD / include include char shellcode = "\x31\xc0\xb0\x19\x50\xcd\x80\x50" "\x50\x31\xc0\xb0\x7e\x50\xcd\x80" // setreuidgeteuid,...

IBM AIX 5.3/6.1/7.1/7.2 - 'lquerylv' Local Privilege Escalation

!/usr/bin/sh AIX lquerylv 5.3, 6.1, 7.1, 7.2 local root exploit. Tested against latest patchset 7100-04 This exploit takes advantage of known issues with debugging functions within the AIX linker library. We are taking advantage of known functionality, and focusing on badly coded SUID binaries...

linux/x86 setreuid(0, 0) + execve("/sbin/halt") + exit(0) - 49 bytes

/ +======================================================================================== | Exploit Title : linux/x86 setreuid0, 0 + execve"/sbin/halt" + exit0 - 49 bytes | Exploit Author : Febriyanto Nugroho | Tested on : Linux Debian 5.0.5...

linux/x86 setreuid0, 0 + execve"/sbin/halt" + exit0 49 bytes

linux/x86 setreuid0, 0 + execve"/sbin/halt" + exit0 49 bytes. Shellcode exploit for linx86-64 platform / +======================================================================================== | Exploit Title : linux/x86 setreuid0, 0 + execve"/sbin/halt" + exit0 - 49 bytes | Exploit Author :...

Race condition

Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app...