exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files from cenobyte

Email addressvincitamorpatriae at gmail.com
First Active2014-03-10
Last Active2020-12-04
Encrypted Linux x86-64 Loadable Kernel Modules (ELKM)
Posted Dec 4, 2020
Authored by cenobyte

Whitepaper called Encrypted Linux x86-64 Loadable Kernel Modules (ELKM). The aim is to protect kernel-based rootkits and implants against observation by EndpointDetection and Response (EDR) software and to neutralize the effects of recovery by disk forensics tooling.

tags | paper, x86, kernel
systems | linux
SHA-256 | 8c1624c7c34043b6adcf6bf8d40dacba0d70f69ac41bf3bb91c707f4c800f332
Machosec 1.0
Posted Nov 16, 2020
Authored by cenobyte

Machosec is a script that checks the security of Mach-O 64-bit executables and application bundles for dyld injection vulnerabilities, LC_RPATH vulnerabilities leading to dyld injection, symlinks pointing to attacker controlled locations, writable by others vulnerabilities, missing stack canaries, disabled PIE (ASLR), and disabled FORTIFY_SOURCE (keeping insecure functions such as strcpy, memcpy etc.).

tags | tool, vulnerability
systems | unix
SHA-256 | 70ca6a3df8488e0268a0db7c2449c2bc9eb3212694506ee5ada98c1deea6a708
Encrypted Linux x86-64 Loadable Kernel Modules (ELKM)
Posted Aug 18, 2020
Authored by cenobyte | Site github.com

In this paper, the author presents ELKM, a Linux tool that provides a mechanism to securely transport and load encrypted Loadable Kernel Modules (LKM). The aim is to protect kernel-based rootkits and implants against observation by Endpoint Detection and Response (EDR) software and to neutralize the effects of recovery by disk forensics tooling. The tool as well as the whitepaper is provided in this archive.

tags | tool, paper, kernel
systems | linux, unix
SHA-256 | 90f8eb13eaf41b5f53ca0215da59d606b3744835abc350e84c035ce5e337aa31
ifwatchd Privilege Escalation
Posted Oct 8, 2018
Authored by Tim Brown, Brendan Coles, cenobyte | Site metasploit.com

This Metasploit module attempts to gain root privileges on QNX 6.4.x and 6.5.x systems by exploiting the ifwatchd suid executable. ifwatchd allows users to specify scripts to execute using the '-A' command line argument; however, it does not drop privileges when executing user-supplied scripts, resulting in execution of arbitrary commands as root. This Metasploit module has been tested successfully on QNX Neutrino 6.5.0 (x86) and 6.5.0 SP1 (x86).

tags | exploit, arbitrary, x86, root
advisories | CVE-2014-2533
SHA-256 | 520b8401fb7375e448a96f4237b4662a5608ef3cf6d4d3323e0c69df08ce3fa4
NEC EXPRESS CLUSTER clpwebmc Remote Root
Posted Sep 5, 2017
Authored by cenobyte

NEC EXPRESS CLUSTER comes with Cluster Manager, a Java applet for cluster configuration and management. The underlying webserver 'clpwebmc' runs as root and accepts connections on TCP port 29003 which can be initiated without authentication in the default installation.

tags | exploit, java, root, tcp
systems | linux
SHA-256 | abde48e9edefd36c2ec573273e99f18d26d4f0dfab188cdf694470a165b164e5
Tails 1.6 Information Disclosure
Posted Nov 13, 2015
Authored by cenobyte

Tails versions 1.6 and below suffers from an information leak vulnerability via a symlink attack.

tags | exploit, info disclosure
SHA-256 | 4bc182b9191120b13aafd944de470614c5ad8a118056b97853287258da456e0f
Dropbox FinderLoadBundle OS X Local Root Exploit
Posted Oct 1, 2015
Authored by cenobyte

The setuid root FinderLoadBundle that was included in older DropboxHelperTools versions for OS X allows loading of dynamically linked shared libraries that are residing in the same directory. The directory in which FinderLoadBundle is located is owned by root and that prevents placing arbitrary files there. But creating a hard link from FinderLoadBundle to somewhere in a directory in /tmp circumvents that protection thus making it possible to load a shared library containing a payload which creates a root shell.

tags | exploit, arbitrary, shell, root
systems | apple, osx
SHA-256 | 2fe41a90799fee4a1fce5da2d6dcba950035afb15b2c3fe6f1dcec5f37e1a3a0
QNX 6.4.x / 6.5.x /etc/shadow Disclosure
Posted Mar 10, 2014
Authored by cenobyte

QNX versions 6.4.x and 6.5.x suffer from a ppoectl vulnerability that allows for disclosure of /etc/shadow.

tags | exploit, info disclosure
SHA-256 | 5c0faf1a0a91819585324e6293f765978634beef1af118930f364899b2d8cd3f
QNX 6.5.0 x86 phfont Buffer Overflow
Posted Mar 10, 2014
Authored by cenobyte

QNX version 6.5.0 local root exploit that leverages a buffer overflow in /usr/photon/bin/phfont.

tags | exploit, overflow, local, root
SHA-256 | 19e870dc4af45f9142802364260c85a97bb855c6dd8f4c546f6dc5f966feffd3
QNX 6.5.0 x86 io-graphics Buffer Overflow
Posted Mar 10, 2014
Authored by cenobyte

QNX version 6.5.0 x86 io-graphics local root exploit that leverages a buffer overflow vulnerability.

tags | exploit, overflow, x86, local, root
SHA-256 | 599feb2a83e57f9097abc6a63e81c1d71632e87f4c7b3b69c52d7312d2d62af9
QNX 6.4.x / 6.5.x ifwatchd Local Root
Posted Mar 10, 2014
Authored by cenobyte

QNX versions 6.4.x and 6.5.x ifwatchd local root exploit.

tags | exploit, local, root
SHA-256 | e5b7e006717ecc66aed13554af23e9c9683aad8e73b91602735a97db51e3be49
QNX 6.x Photon Denial Of Service / File Overwrite
Posted Mar 10, 2014
Authored by cenobyte

QNX version 6.x Photon functionality allows for an arbitrary file overwrite with root level privileges allowing for denial of service and privilege escalation for a local user.

tags | exploit, denial of service, arbitrary, local, root
SHA-256 | 2428c5f0b3b62dae9b037b581daba0764dd42b93c2e8ded7b7b27d6dddee2045
QNX 6.x phfont Enumeration
Posted Mar 10, 2014
Authored by cenobyte

QNX version 6.x suffers from an enumeration vulnerability using the setuid /usr/photon/bin/phfont binary.

tags | exploit
SHA-256 | 6d8c2b3e86406470b2ec78792cebe88b0350304f76f4474ded0115d2baf4ab28
QNX 6.x phgrafx File Enumeration
Posted Mar 10, 2014
Authored by cenobyte

QNX version 6.x suffers from a file enumeration vulnerability that leverages the setuid /usr/photon/bin/phgrafx binary.

tags | exploit
SHA-256 | f9892def99ee2cd533b3bb50760be4d343f5ec3f2e072b5939393723e93753b2
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close