what you don't know can hurt you
Showing 1 - 14 of 14 RSS Feed

Files from cenobyte

Email addressvincitamorpatriae at gmail.com
First Active2014-03-10
Last Active2020-12-04
Encrypted Linux x86-64 Loadable Kernel Modules (ELKM)
Posted Dec 4, 2020
Authored by cenobyte

Whitepaper called Encrypted Linux x86-64 Loadable Kernel Modules (ELKM). The aim is to protect kernel-based rootkits and implants against observation by EndpointDetection and Response (EDR) software and to neutralize the effects of recovery by disk forensics tooling.

tags | paper, x86, kernel
systems | linux
MD5 | 71edce142a1b2975b9d4d10c1398f3b2
Machosec 1.0
Posted Nov 16, 2020
Authored by cenobyte

Machosec is a script that checks the security of Mach-O 64-bit executables and application bundles for dyld injection vulnerabilities, LC_RPATH vulnerabilities leading to dyld injection, symlinks pointing to attacker controlled locations, writable by others vulnerabilities, missing stack canaries, disabled PIE (ASLR), and disabled FORTIFY_SOURCE (keeping insecure functions such as strcpy, memcpy etc.).

tags | tool, vulnerability
systems | unix
MD5 | 616de38eab130c2b3c305a77384bb705
Encrypted Linux x86-64 Loadable Kernel Modules (ELKM)
Posted Aug 18, 2020
Authored by cenobyte | Site github.com

In this paper, the author presents ELKM, a Linux tool that provides a mechanism to securely transport and load encrypted Loadable Kernel Modules (LKM). The aim is to protect kernel-based rootkits and implants against observation by Endpoint Detection and Response (EDR) software and to neutralize the effects of recovery by disk forensics tooling. The tool as well as the whitepaper is provided in this archive.

tags | tool, paper, kernel
systems | linux, unix
MD5 | eb8470252a6b4d9620877f82a1676c7e
ifwatchd Privilege Escalation
Posted Oct 8, 2018
Authored by Tim Brown, Brendan Coles, cenobyte | Site metasploit.com

This Metasploit module attempts to gain root privileges on QNX 6.4.x and 6.5.x systems by exploiting the ifwatchd suid executable. ifwatchd allows users to specify scripts to execute using the '-A' command line argument; however, it does not drop privileges when executing user-supplied scripts, resulting in execution of arbitrary commands as root. This Metasploit module has been tested successfully on QNX Neutrino 6.5.0 (x86) and 6.5.0 SP1 (x86).

tags | exploit, arbitrary, x86, root
advisories | CVE-2014-2533
MD5 | 7a562f56fafb417de6cf725f6b38c71d
NEC EXPRESS CLUSTER clpwebmc Remote Root
Posted Sep 5, 2017
Authored by cenobyte

NEC EXPRESS CLUSTER comes with Cluster Manager, a Java applet for cluster configuration and management. The underlying webserver 'clpwebmc' runs as root and accepts connections on TCP port 29003 which can be initiated without authentication in the default installation.

tags | exploit, java, root, tcp
systems | linux
MD5 | 26dd4a65030970268243b44404d0f359
Tails 1.6 Information Disclosure
Posted Nov 13, 2015
Authored by cenobyte

Tails versions 1.6 and below suffers from an information leak vulnerability via a symlink attack.

tags | exploit, info disclosure
MD5 | bc48a42fdeccaf9fad9deef2cdc28947
Dropbox FinderLoadBundle OS X Local Root Exploit
Posted Oct 1, 2015
Authored by cenobyte

The setuid root FinderLoadBundle that was included in older DropboxHelperTools versions for OS X allows loading of dynamically linked shared libraries that are residing in the same directory. The directory in which FinderLoadBundle is located is owned by root and that prevents placing arbitrary files there. But creating a hard link from FinderLoadBundle to somewhere in a directory in /tmp circumvents that protection thus making it possible to load a shared library containing a payload which creates a root shell.

tags | exploit, arbitrary, shell, root
systems | apple, osx
MD5 | 04b4586c44bb0dd781367933375dfb86
QNX 6.4.x / 6.5.x /etc/shadow Disclosure
Posted Mar 10, 2014
Authored by cenobyte

QNX versions 6.4.x and 6.5.x suffer from a ppoectl vulnerability that allows for disclosure of /etc/shadow.

tags | exploit, info disclosure
MD5 | 22443ed5c49330d6954b168938571792
QNX 6.5.0 x86 phfont Buffer Overflow
Posted Mar 10, 2014
Authored by cenobyte

QNX version 6.5.0 local root exploit that leverages a buffer overflow in /usr/photon/bin/phfont.

tags | exploit, overflow, local, root
MD5 | c622cb89628b18bd06acac00a54aebd1
QNX 6.5.0 x86 io-graphics Buffer Overflow
Posted Mar 10, 2014
Authored by cenobyte

QNX version 6.5.0 x86 io-graphics local root exploit that leverages a buffer overflow vulnerability.

tags | exploit, overflow, x86, local, root
MD5 | e96f523966a9c8f8ecbc41009ab3027f
QNX 6.4.x / 6.5.x ifwatchd Local Root
Posted Mar 10, 2014
Authored by cenobyte

QNX versions 6.4.x and 6.5.x ifwatchd local root exploit.

tags | exploit, local, root
MD5 | 246ae1fba6336a6e1204bea4db303fe5
QNX 6.x Photon Denial Of Service / File Overwrite
Posted Mar 10, 2014
Authored by cenobyte

QNX version 6.x Photon functionality allows for an arbitrary file overwrite with root level privileges allowing for denial of service and privilege escalation for a local user.

tags | exploit, denial of service, arbitrary, local, root
MD5 | 3e5fa1f9c482c4ed2a0e34d54214ff3c
QNX 6.x phfont Enumeration
Posted Mar 10, 2014
Authored by cenobyte

QNX version 6.x suffers from an enumeration vulnerability using the setuid /usr/photon/bin/phfont binary.

tags | exploit
MD5 | 109a251e480dd502cd7c0d3d808f30e0
QNX 6.x phgrafx File Enumeration
Posted Mar 10, 2014
Authored by cenobyte

QNX version 6.x suffers from a file enumeration vulnerability that leverages the setuid /usr/photon/bin/phgrafx binary.

tags | exploit
MD5 | db62222eb859b41cc83f2d6a55169e45
Page 1 of 1
Back1Next

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    27 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    32 Files
  • 7
    May 7th
    11 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    0 Files
  • 10
    May 10th
    0 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close