Linux/x86 - XOR encoded execve(/bin/sh) setuid(0) setgid(0) Shellcode (66 bytes)

Linux/x86 - XOR encoded execve/bin/sh setuid0 setgid0 Shellcode 66 bytes. Shellcode exploit for Linx86 platform ;Title: Linux/x86 - 66 byte - execve/bin/sh - setuid0 - setgid0 - XOR encrypted ;Author: nullparasite ;Contact: [email protected] ;Category: Shellcode ;Architecture: Linux x86...

Linux/x86 - XOR encoded execve(/bin/sh) setuid(0) setgid(0) Shellcode (66 bytes)

;Title: Linux/x86 - 66 byte - execve/bin/sh - setuid0 - setgid0 - XOR encrypted ;Author: nullparasite ;Contact: email protected ;Category: Shellcode ;Architecture: Linux x86 ;Description: This shellcode, first set uid and gid to zero then call shell using execve. Also, /bin/sh defined as a XOR...

Linux/x86 - Disable ASLR Shellcode (80 bytes)

/ Linux/x86 setuid-disable-aslr.c by @abatchy17 - abatchy.com Shellcode size: 80 bytes SLAE-885 section .text global start start: ; ; setruid0,0 ; xor ecx,ecx mov ebx,ecx push 0x46 pop eax int 0x80 ; ; open"/proc/sys/kernel/randomizevaspaceX", ORDWR ; xor eax,eax ; EAX = 0 jmp aslrfile shellcode:...

Linux/x86 - Disable ASLR Shellcode (80 bytes)

Linux/x86 - Disable ASLR Shellcode 80 bytes. Shellcode exploit for Linx86 platform / Linux/x86 setuid-disable-aslr.c by @abatchy17 - abatchy.com Shellcode size: 80 bytes SLAE-885 section .text global start start: ; ; setruid0,0 ; xor ecx,ecx mov ebx,ecx push 0x46 pop eax int 0x80 ; ;...

QEMU Code Injection Vulnerability

QEMU aka Quick Emulator is a suite of analog processor software developed by French programmer Fabrice Bellard. A code injection vulnerability exists in QEMU versions prior to 2.9.0. Since the disasinsn function in target/i386/translate.c does not limit the size of instructions, an attacker could...

UBUNTU-CVE-2017-8284

The disasinsn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated...

DEBIAN-CVE-2017-8284

The disasinsn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated...

CVE-2017-8284

The disasinsn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated...

CVE-2017-8284

The disasinsn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated...

Oracle VM VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation

Oracle VM VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1091 This bug report describes two separate issues that, when combined, allow any user on a Linux host system on which VirtualB...

CVE-2017-7643

Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program...

Code injection

Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program...

CVE-2017-7643

CVE-2017-7643 affects Proxifier for Mac (pre-2.19). The vulnerability arises in the KLoader setuid root mechanism: on first run, if KLoader isn’t already root, Proxifier can cause it to run as root and then KLoader elevates to root privileges, enabling local privilege escalation. Exploitation vec...

PonyOS 4.0 fluttershy LD_LIBRARY_PATH Privilege Escalation

!/usr/bin/python PonyOS 4.0 has added several improvements over previous releases including support for setuid binaries and dynamic libraries. The run-time linker does not sanitize environment variables when running setuid files allowing for local root exploitation through manipulated...

PonyOS 4.0 - fluttershy LD_LIBRARY_PATH Local Kernel Exploit

Exploit for linux platform in category local exploits !/usr/bin/python PonyOS 4.0 has added several improvements over previous releases including support for setuid binaries and dynamic libraries. The run-time linker does not sanitize environment variables when running setuid files allowing for...

Solaris x86 / SPARC EXTREMEPARR dtappgather Privilege Escalation

!/bin/ksh Exploit PoC reverse engineered from EXTREMEPARR which provides local root on Solaris 7 - 11 x86 & SPARC. Uses a environment variable of setuid binary dtappgather to manipulate file permissions and create a user owned directory anywhere on the system as root. Can then add a shared object...

Solaris 7 < 11 (SPARC/x86) - 'EXTREMEPARR' dtappgather Privilege Escalation

!/bin/ksh Exploit PoC reverse engineered from EXTREMEPARR which provides local root on Solaris 7 - 11 x86 & SPARC. Uses a environment variable of setuid binary dtappgather to manipulate file permissions and create a user owned directory anywhere on the system as root. Can then add a shared object...

Command injection

Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophotodsmuser --copy-no-ea" command...

CVE-2016-10323

Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophotodsmuser --copy-no-ea" command...

CVE-2016-10323

Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophotodsmuser --copy-no-ea" command...