Exploit the possiblities
Showing 1 - 14 of 14 RSS Feed

Files from Hector Marco

Email addresshmarco at hmarco.org
First Active2013-07-16
Last Active2016-11-16
Cryptsetup 2:1.7.3-2 Root Initramfs Shell
Posted Nov 16, 2016
Authored by Hector Marco, Ismael Ripoll

A vulnerability in Cryptsetup, concretely in the scripts that unlock the system partition when the partition is ciphered using LUKS (Linux Unified Key Setup). This vulnerability allows to obtain a root initramfs shell on affected systems. The vulnerability is very reliable because it doesn't depend on specific systems or configurations. Attackers can copy, modify or destroy the hard disc as well as set up the network to data. In cloud environments it is also possible to remotely exploit this vulnerability without having "physical access". Cryptsetup versions 2:1.7.3-2 and below are affected.

tags | advisory, shell, root
systems | linux
advisories | CVE-2016-4484
MD5 | 7c810b6c29e27d96a80e6a4b8a3f8d03
Linux ASLR Weakness Addressed
Posted Apr 7, 2016
Authored by Hector Marco

A weakness in the Linux ASLR implementation has been addressed.

tags | advisory
systems | linux
advisories | CVE-2016-3672
MD5 | df8e77ca181afbaa1b9f9d2e85cdf208
Grub2 Authentication Bypass
Posted Dec 15, 2015
Authored by Hector Marco, Ismael Ripoll

Grub2 versions 1.98 through 2.02 suffer from an authentication bypass vulnerability.

tags | advisory, bypass
advisories | CVE-2015-8370
MD5 | 4a7220946b6587ecac77303f9f1f7496
Glibc Pointer Guarding Weakness
Posted Sep 7, 2015
Authored by Hector Marco, Ismael Ripoll | Site hmarco.org

Glibc pointer guarding weakness proof of concept code.

tags | exploit, proof of concept
MD5 | 026beab7e15d3f98f6f01d932849fa41
AMD Bulldozer Linux ASLR Weakness
Posted Apr 22, 2015
Authored by Hector Marco

A security issue in Linux ASLR implementation which affects some AMD processors has been found. The issue affects to all Linux process even if they are not using shared libraries (statically compiled). The problem appears because some mmapped objects (VDSO, libraries, etc.) are poorly randomized in an attempt to avoid cache aliasing penalties for AMD Bulldozer (Family 15h) processors. Affected systems have reduced the mmapped files entropy by eight. Grsecurity/PaX is also affected. The total entropy for the VVAR/VDSO, mmapped files and libraries of a processes are reduced by eight. The number of possible locations where the mapped areas can be placed are reduced by 87.5%.

tags | advisory
systems | linux
MD5 | 59a2b2b92e6a061e5065eb20dab68922
Linux ASLR Improper Randomness
Posted Apr 22, 2015
Authored by Hector Marco

A bug in Linux ASLR implementation has been found. The issue is that the mmap base address for processes is not properly randomized on some architectures due to an improper bit-mask manipulation. Affected systems have reduced the mmap area entropy of the processes by half.

tags | advisory
systems | linux
MD5 | c0b38aaf65c5764fa1878d8ddabb5693
Linux ASLR Improper Randomization
Posted Feb 16, 2015
Authored by Hector Marco

A bug in Linux ASLR implementation for versions prior to 3.19-rc3 has been found. The issue is that the stack for processes is not properly randomized on some 64 bit architectures due to an integer overflow.

tags | advisory, overflow
systems | linux
advisories | CVE-2015-1593
MD5 | 12b3a07a13e4c31336b220877d20fd9e
Google Email 4.4.2.0200 Denial Of Service
Posted Feb 13, 2015
Authored by Hector Marco

A bug in the stock Google email application version 4.4.2.0200 has been found. An attacker can remotely perform an denial of service attack by sending a specially crafted email. No interaction from the user is needed to produce the crash just receive the malicious email.

tags | exploit, denial of service
advisories | CVE-2015-1574
MD5 | 321dfb9fa477501961eace501c91ed8e
Packet Storm Advisory 2014-1204-1 - Offset2lib: Bypassing Full ASLR On 64bit Linux
Posted Dec 5, 2014
Authored by Hector Marco, Ismael Ripoll | Site packetstormsecurity.com

The release of this advisory provides exploitation details in relation a weakness in the Linux ASLR implementation. The problem appears when the executable is PIE compiled and it has an address leak belonging to the executable. These details were obtained through the Packet Storm Bug Bounty program and are being released to the community.

tags | advisory, bug bounty, packet storm
systems | linux
MD5 | a5d4f2cb712163a7ebbd72e95f1856ec
Packet Storm Exploit 2014-1204-1 - Offset2lib: Bypassing Full ASLR On 64bit Linux
Posted Dec 5, 2014
Authored by Hector Marco, Ismael Ripoll | Site packetstormsecurity.com

Proof of concept code that demonstrates an ASLR bypass of PIE compiled 64bit Linux.

tags | exploit, proof of concept, bug bounty, packet storm
systems | linux
MD5 | 9b3003328fe6cdd2b86f5a1bb5b63531
Sniffit Root Shell
Posted Nov 27, 2014
Authored by Hector Marco, Ismael Ripoll

A specially-crafted sniffit configuration file can be leveraged to execute code as root.

tags | exploit, root
advisories | CVE-2014-5439
MD5 | 39dc90168b607b2a256340489f35bf4f
s3dvt Privilege Escalation
Posted Jun 2, 2014
Authored by Hector Marco, Ismael Ripoll

s3dvt suffers from a local privilege escalation vulnerability due to a lack of checking the setuid() return code.

tags | advisory, local
advisories | CVE-2013-6876
MD5 | 5223f59a5afab714e8ed88beb17f8a7a
DCMTK Privilege Escalation
Posted Jun 2, 2014
Authored by Hector Marco

DCMTK versions prior to 3.6.1 suffer from a privilege escalation vulnerability.

tags | advisory
advisories | CVE-2013-6825
MD5 | c5712934f300e2170048abfcfe2b15e9
Eglibc PTR MANGLE Bug
Posted Jul 16, 2013
Authored by Hector Marco, Ismael Ripoll

Eglibc suffers from a PTR MANGLE bug. All statically linked applications compiled with glibc and eglibc are affected, independent of the operating system distribution. Note that this problem is not solved by only patching the eglibc, but it is also necessary to recompile all static executables. Proof of concept exploit included.

tags | exploit, proof of concept
systems | linux
advisories | CVE-2013-4788
MD5 | 950ed842b41474f594ac66691fbda019
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close