exploit the possibilities
Showing 1 - 25 of 26 RSS Feed

Files from Hacker Fantastic

Email addresshackerfantastic at hackerfraternity.org
First Active2014-05-01
Last Active2020-12-17
Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow
Posted Dec 17, 2020
Authored by wvu, Hacker Fantastic, Jeffrey Martin, Aaron Carreras, Jacob Thompson | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in the Solaris PAM library's username parsing code, as used by the SunSSH daemon when the keyboard-interactive authentication method is specified. Tested against SunSSH 1.1.5 on Solaris 10u11 1/13 (x86) in VirtualBox, VMware Fusion, and VMware Player. Bare metal untested. Your addresses may vary.

tags | exploit, overflow, x86
systems | solaris
advisories | CVE-2020-14871
MD5 | 10f67723ac23f05d8cba2e16ff2e467a
Solaris SunSSH 11.0 x86 libpam Remote Root
Posted Dec 15, 2020
Authored by Hacker Fantastic

Solaris SunSSH versions 10 through 11.0 on x86 libpam remote root exploit.

tags | exploit, remote, x86, root
systems | solaris
advisories | CVE-2020-14871
MD5 | 8fbea7fde1a23252954cc85134e98724
ZTE Blade Vantage Z839 Emode.APK android.uid.system Privilege Escalation
Posted Nov 27, 2020
Authored by Hacker Fantastic

ZTE Blade Vantage Z839 Emode.APK android.uid.system local privilege escalation exploit.

tags | exploit, local
MD5 | 2ad453e5e030521747ac204455b0066d
AIX 5.3L libc Buffer Overflow
Posted Nov 17, 2020
Authored by Hacker Fantastic

AIX version 5.3L libc local environment handling local root exploit. The AIX 5.3L (and possibly others) libc is vulnerable to multiple buffer overflow issues in the handling of locale environment variables. This allows for exploitation of any setuid root binary that makes use of functions such as setlocale() which do not perform bounds checking when handling LC_* environment variables. An attacker can leverage this issue to obtain root privileges on an impacted AIX system. This exploit makes use of the "/usr/bin/su" binary to trigger the overflow through LC_ALL and obtain root.

tags | exploit, overflow, local, root
systems | aix
MD5 | 5a8e7e11f2da1598bdca5bdbbf71d224
AIX 5.3L /usr/sbin/lquerypv Local Root Privilege Escalation
Posted Nov 16, 2020
Authored by Hacker Fantastic

AIX version 5.3L /usr/sbin/lquerypv local root privilege escalation exploit.

tags | exploit, local, root
systems | aix
MD5 | 404c3fced5ca1174299093282bd7c407
SunSSH Solaris 10.0 / 11.0 x86 Remote Root
Posted Nov 9, 2020
Authored by Hacker Fantastic

A trivial to reach stack-based buffer overflow is present in libpam on Solaris. The vulnerable code exists in pam_framework.c parse_user_name() which allocates a fixed size buffer of 512 bytes on the stack and parses a username supplied to PAM modules (such as authtok_get used by SunSSH). This issue can be reached remotely pre-authentication via SunSSH when "keyboard-interactive" is enabled to use PAM based authentication. The vulnerability was discovered being actively exploited by FireEye in the wild and is part of an APT toolkit called "EVILSUN". The vulnerability is present in both SPARC/x86 versions of Solaris and others (eg. illumos). This exploit uses ROP gadgets to disable nxstack through mprotect on x86 and a helper shellcode stub. Tested against latest Solaris 10 without patch applied and the configuration is vulnerable in a default vanilla install. This exploit requires libssh2, the vulnerability has been identified and confirmed reachable on Solaris 10 through 11.0.

tags | exploit, overflow, x86, shellcode
systems | solaris
advisories | CVE-2020-14871
MD5 | 3fbcd0fdda16b92f50dc244f60276db1
SGI IRIX 6.4.x Run-Time Linker Arbitrary File Creation
Posted Apr 28, 2019
Authored by Hacker Fantastic

SGI IRIX versions 6.4.x and below run-time linker (rld) arbitrary file creation exploit.

tags | exploit, arbitrary
systems | irix
MD5 | 22c4dd3bf38e8b2ac6db4f303c2664fb
GNU inetutils 1.9.4 telnet.c Overflows
Posted Dec 14, 2018
Authored by Hacker Fantastic

GNU inetutils versions 1.9.4 and below are vulnerable to a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escape restricted shells on embedded devices. Most modern browsers no longer support telnet:// handlers, but in instances where URI handlers are enabled to the inetutils telnet client this issue maybe remotely triggerable. A stack-based overflow is present in the handling of environment variables when connecting telnet.c to remote telnet servers through oversized DISPLAY arguments. A heap-overflow is also present which can be triggered in a different code path due to supplying oversized environment variables during client connection code.

tags | exploit, remote, overflow, shell
MD5 | 17d3bfcc3f5ceb86b75256a45640ade5
Mikrotik RouterOS Telnet Arbitrary Root File Creation
Posted Dec 14, 2018
Authored by Hacker Fantastic

An exploitable arbitrary file creation weakness has been identified in Mikrotik RouterOS that can be leveraged by a malicious attacker to exploit all known versions of Mikrotik RouterOS. The RouterOS contains a telnet client based on GNU inetutils with modifications to remove shell subsystem. However an attacker can leverage the "set tracefile" option to write an arbitrary file into any "rw" area of the filesystem, escaping the restricted shell to gain access to a "ash" busybox shell on some versions. The file is created with root privileges regardless of the RouterOS defined group.

tags | exploit, arbitrary, shell, root
MD5 | 3572fecc2d0fb3043e6bd86755fb6b8a
xorg-x11-server Local Privilege Escalation
Posted Oct 25, 2018
Authored by Hacker Fantastic

xorg-x11-server versions prior to 1.20.3 local privilege escalation exploit.

tags | exploit, local
advisories | CVE-2018-14665
MD5 | a9661d06bec66a11b19ad5eeed19cc2e
Solaris EXTREMEPARR dtappgather Privilege Escalation
Posted Sep 25, 2018
Authored by Brendan Coles, Hacker Fantastic, Shadow Brokers | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in the dtappgather executable included with Common Desktop Environment (CDE) on unpatched Solaris systems prior to Solaris 10u11 which allows users to gain root privileges. dtappgather allows users to create a user-owned directory at any location on the filesystem using the DTUSERSESSION environment variable. This Metasploit module creates a directory in /usr/lib/locale, writes a shared object to the directory, and runs the specified SUID binary with the shared object loaded using the LC_TIME environment variable. This Metasploit module has been tested successfully on: Solaris 9u7 (09/04) (x86); Solaris 10u1 (01/06) (x86); Solaris 10u2 (06/06) (x86); Solaris 10u4 (08/07) (x86); Solaris 10u8 (10/09) (x86); Solaris 10u9 (09/10) (x86).

tags | exploit, x86, root
systems | solaris
advisories | CVE-2017-3622
MD5 | f10a9baa72d2639e9298d5dc6fb5e7c2
GNS3 Mac OS-X 1.5.2 ubridge Privilege Escalation
Posted Apr 14, 2017
Authored by Hacker Fantastic

GNS3 Mac OS-X version 1.5.2 ubridge privilege escalation exploit.

tags | exploit
systems | apple, osx
MD5 | dec70585733d3d532b738a209e7812a3
PonyOS 4.0 fluttershy LD_LIBRARY_PATH Privilege Escalation
Posted Apr 14, 2017
Authored by Hacker Fantastic

PonyOS version 4.0 fluttershy LD_LIBRARY_PATH local kernel exploit.

tags | exploit, kernel, local
MD5 | 5f50468a1ff00b83a849ccc54c1fd162
Coppermine Gallery 1.5.44 Directory Traversal
Posted Apr 14, 2017
Authored by Hacker Fantastic

Coppermine Gallery versions 1.5.44 and below suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | dda5a509b6541344f2cf734ab2ab3028
Solaris x86 / SPARC EXTREMEPARR dtappgather Privilege Escalation
Posted Apr 13, 2017
Authored by Hacker Fantastic

Solaris versions 7 through 11 on both x86 and SPARC suffer from an EXTREMEPARR dtappgather local privilege escalation vulnerability.

tags | exploit, x86, local
systems | solaris
MD5 | 595fcc194d20c3822c1f5175c0a7f718
Coppermine Gallery 1.5.44 Directory Traversal
Posted Feb 15, 2017
Authored by Hacker Fantastic

Coppermine Gallery versions 1.5.44 and below suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | ea866f35dc4615d7d9332fbdb8551ec7
RSSMON / BEAM (Red Star OS 3.0) Shellshock
Posted Dec 19, 2016
Authored by Hacker Fantastic

This is a shellshock exploit for RSSMON and BEAM, network services for Red Star OS version 3.0 SERVER edition.

tags | exploit
MD5 | 68d1ad9c812e9367897504e9ea2dc799
Naenara Browser 3.5 (Red Star OS 3.0) Code Execution
Posted Dec 19, 2016
Authored by Hacker Fantastic

Naenara Browser version 3.5 exploit (JACKRABBIT) that uses a known Firefox bug to obtain code execution on Red Star OS 3.0 desktop.

tags | exploit, code execution
MD5 | 8969aa3f4aaee897311aed61b1e1bf01
TrendMicro InterScan Web Security Virtual Appliance Shellshock
Posted Oct 22, 2016
Authored by Hacker Fantastic

TrendMicro InterScan Web Security Virtual Appliance remote code execution exploit that leverages the shellshock vulnerability to spawn a connect-back shell. TrendMicro has contacted Packet Storm and provided the following link with patch information: <a href="https://success.trendmicro.com/solution/1105233">https://success.trendmicro.com/solution/1105233</a>

tags | exploit, remote, web, shell, code execution
advisories | CVE-2014-6271
MD5 | 024456ad9c32bbf192f9b2a8604a853e
Exim 4.84-3 Local Root / Privilege Escalation
Posted Mar 8, 2016
Authored by Hacker Fantastic

Exim versions 4.84-3 and below suffer from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2016-1531
MD5 | c7eca99dab3294f44bfc299476cc4bef
Amanda 3.3.1 amstar Command Injection
Posted Jan 16, 2016
Authored by Hacker Fantastic

Amanda versions 3.3.1 and below amstar command injection local root exploit #2.

tags | exploit, local, root
MD5 | 801d91dd56fe8f1b48c8e0467a67b112
Amanda 3.3.1 Local Root Privilege Escalation
Posted Jan 11, 2016
Authored by Hacker Fantastic

Amanda version 3.3.1 suffers from a local root privilege escalation vulnerability via the setuid runtar binary.

tags | exploit, local, root
MD5 | daba55a5ef8673dfac8b757e463a496d
PonyOS 3.0 tty ioctl() Privilege Escalation
Posted Jun 2, 2015
Authored by Hacker Fantastic

PonyOS versions 3.0 and below tty ioctl() local privilege escalation exploit.

tags | exploit, local
MD5 | 6af1109d495fb1a4ca97cac5f029c652
PonyOS 3.0 ELF Loader Privilege Escalation
Posted May 30, 2015
Authored by Hacker Fantastic

PonyOS versions 3.0 and below ELF loader privilege escalation exploit.

tags | exploit
systems | linux
MD5 | a91393a17d0b0be780043e13a8e5bc2a
PonyOS 3.0 VFS Privilege Escalation
Posted May 30, 2015
Authored by Hacker Fantastic

PonyOS versions 3.0 and below VFS privilege escalation exploit.

tags | exploit
MD5 | 2ba0e89bd2b09e240d23ec4d69a1fa7b
Page 1 of 2
Back12Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close