what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files from Hacker Fantastic

Email addresshackerfantastic at hackerfraternity.org
First Active2014-05-01
Last Active2020-12-17
Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow
Posted Dec 17, 2020
Authored by wvu, Hacker Fantastic, Jeffrey Martin, Aaron Carreras, Jacob Thompson | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in the Solaris PAM library's username parsing code, as used by the SunSSH daemon when the keyboard-interactive authentication method is specified. Tested against SunSSH 1.1.5 on Solaris 10u11 1/13 (x86) in VirtualBox, VMware Fusion, and VMware Player. Bare metal untested. Your addresses may vary.

tags | exploit, overflow, x86
systems | solaris
advisories | CVE-2020-14871
SHA-256 | 255a53ba4764640c38d52b8d61674d66f25d7a11c08ebc0d8b26cc5cdb1d4ace
Solaris SunSSH 11.0 x86 libpam Remote Root
Posted Dec 15, 2020
Authored by Hacker Fantastic

Solaris SunSSH versions 10 through 11.0 on x86 libpam remote root exploit.

tags | exploit, remote, x86, root
systems | solaris
advisories | CVE-2020-14871
SHA-256 | 93c50138db56dcc96e612d0fa56cca01459695d4f656345667a2e4fdec807e5d
ZTE Blade Vantage Z839 Emode.APK android.uid.system Privilege Escalation
Posted Nov 27, 2020
Authored by Hacker Fantastic

ZTE Blade Vantage Z839 Emode.APK android.uid.system local privilege escalation exploit.

tags | exploit, local
SHA-256 | 5707c5e52a89bad056708a3134f79220ebdb442a447b95cba37c95cdb026d117
AIX 5.3L libc Buffer Overflow
Posted Nov 17, 2020
Authored by Hacker Fantastic

AIX version 5.3L libc local environment handling local root exploit. The AIX 5.3L (and possibly others) libc is vulnerable to multiple buffer overflow issues in the handling of locale environment variables. This allows for exploitation of any setuid root binary that makes use of functions such as setlocale() which do not perform bounds checking when handling LC_* environment variables. An attacker can leverage this issue to obtain root privileges on an impacted AIX system. This exploit makes use of the "/usr/bin/su" binary to trigger the overflow through LC_ALL and obtain root.

tags | exploit, overflow, local, root
systems | aix
SHA-256 | 417e782bbe7c2cf1c638ceb5b8df48574778d0daeec6b31fde12bdc697f1dde1
AIX 5.3L /usr/sbin/lquerypv Local Root Privilege Escalation
Posted Nov 16, 2020
Authored by Hacker Fantastic

AIX version 5.3L /usr/sbin/lquerypv local root privilege escalation exploit.

tags | exploit, local, root
systems | aix
SHA-256 | 0897775bf394074a0899890bf9b6b3c6e0a4fdb790821736714ba4384b53bd9c
SunSSH Solaris 10.0 / 11.0 x86 Remote Root
Posted Nov 9, 2020
Authored by Hacker Fantastic

A trivial to reach stack-based buffer overflow is present in libpam on Solaris. The vulnerable code exists in pam_framework.c parse_user_name() which allocates a fixed size buffer of 512 bytes on the stack and parses a username supplied to PAM modules (such as authtok_get used by SunSSH). This issue can be reached remotely pre-authentication via SunSSH when "keyboard-interactive" is enabled to use PAM based authentication. The vulnerability was discovered being actively exploited by FireEye in the wild and is part of an APT toolkit called "EVILSUN". The vulnerability is present in both SPARC/x86 versions of Solaris and others (eg. illumos). This exploit uses ROP gadgets to disable nxstack through mprotect on x86 and a helper shellcode stub. Tested against latest Solaris 10 without patch applied and the configuration is vulnerable in a default vanilla install. This exploit requires libssh2, the vulnerability has been identified and confirmed reachable on Solaris 10 through 11.0.

tags | exploit, overflow, x86, shellcode
systems | solaris
advisories | CVE-2020-14871
SHA-256 | 4efe811f974352dcef13923a4c23660cd48238ef8eed2fdf0c41f3fb02116a22
SGI IRIX 6.4.x Run-Time Linker Arbitrary File Creation
Posted Apr 28, 2019
Authored by Hacker Fantastic

SGI IRIX versions 6.4.x and below run-time linker (rld) arbitrary file creation exploit.

tags | exploit, arbitrary
systems | irix
SHA-256 | 6f90ee10780f9ce1e84434cd416d1bb52ce40db82cd9f3b32770f230eec3040c
GNU inetutils 1.9.4 telnet.c Overflows
Posted Dec 14, 2018
Authored by Hacker Fantastic

GNU inetutils versions 1.9.4 and below are vulnerable to a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escape restricted shells on embedded devices. Most modern browsers no longer support telnet:// handlers, but in instances where URI handlers are enabled to the inetutils telnet client this issue maybe remotely triggerable. A stack-based overflow is present in the handling of environment variables when connecting telnet.c to remote telnet servers through oversized DISPLAY arguments. A heap-overflow is also present which can be triggered in a different code path due to supplying oversized environment variables during client connection code.

tags | exploit, remote, overflow, shell
SHA-256 | 67091428f5e24ce1f6e0eb140516487b2dad8b7e0affe5d248d2734e0ec4626f
Mikrotik RouterOS Telnet Arbitrary Root File Creation
Posted Dec 14, 2018
Authored by Hacker Fantastic

An exploitable arbitrary file creation weakness has been identified in Mikrotik RouterOS that can be leveraged by a malicious attacker to exploit all known versions of Mikrotik RouterOS. The RouterOS contains a telnet client based on GNU inetutils with modifications to remove shell subsystem. However an attacker can leverage the "set tracefile" option to write an arbitrary file into any "rw" area of the filesystem, escaping the restricted shell to gain access to a "ash" busybox shell on some versions. The file is created with root privileges regardless of the RouterOS defined group.

tags | exploit, arbitrary, shell, root
SHA-256 | a939b73387c51054bd5c4c1fabbeade0aabd8445df951b5f0caf507ff0713454
xorg-x11-server Local Privilege Escalation
Posted Oct 25, 2018
Authored by Hacker Fantastic

xorg-x11-server versions prior to 1.20.3 local privilege escalation exploit.

tags | exploit, local
advisories | CVE-2018-14665
SHA-256 | f3cd2959f68332bfa2c323ef0adaf0aa7a1128133e424075a042a879dc030265
Solaris EXTREMEPARR dtappgather Privilege Escalation
Posted Sep 25, 2018
Authored by Brendan Coles, Hacker Fantastic, Shadow Brokers | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in the dtappgather executable included with Common Desktop Environment (CDE) on unpatched Solaris systems prior to Solaris 10u11 which allows users to gain root privileges. dtappgather allows users to create a user-owned directory at any location on the filesystem using the DTUSERSESSION environment variable. This Metasploit module creates a directory in /usr/lib/locale, writes a shared object to the directory, and runs the specified SUID binary with the shared object loaded using the LC_TIME environment variable. This Metasploit module has been tested successfully on: Solaris 9u7 (09/04) (x86); Solaris 10u1 (01/06) (x86); Solaris 10u2 (06/06) (x86); Solaris 10u4 (08/07) (x86); Solaris 10u8 (10/09) (x86); Solaris 10u9 (09/10) (x86).

tags | exploit, x86, root
systems | solaris
advisories | CVE-2017-3622
SHA-256 | 6f75827f24c9c71623ec21ea18e8644185262819fb0757d5169bc8b6020326ac
GNS3 Mac OS-X 1.5.2 ubridge Privilege Escalation
Posted Apr 14, 2017
Authored by Hacker Fantastic

GNS3 Mac OS-X version 1.5.2 ubridge privilege escalation exploit.

tags | exploit
systems | apple, osx
SHA-256 | a5e76f57b9fe4ca0325f3a4fbe2fcec453b432eccb24a18d312f44c6c0d6947d
PonyOS 4.0 fluttershy LD_LIBRARY_PATH Privilege Escalation
Posted Apr 14, 2017
Authored by Hacker Fantastic

PonyOS version 4.0 fluttershy LD_LIBRARY_PATH local kernel exploit.

tags | exploit, kernel, local
SHA-256 | 6867351b25180ee9a58f9f9c9a924f9ce0d77cf00cf72948ef60b4c78af6b5b6
Coppermine Gallery 1.5.44 Directory Traversal
Posted Apr 14, 2017
Authored by Hacker Fantastic

Coppermine Gallery versions 1.5.44 and below suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 29f200ffcc0c01af4c8bb99c41ae0a82b17a73070333106e21afc34990b382ce
Solaris x86 / SPARC EXTREMEPARR dtappgather Privilege Escalation
Posted Apr 13, 2017
Authored by Hacker Fantastic

Solaris versions 7 through 11 on both x86 and SPARC suffer from an EXTREMEPARR dtappgather local privilege escalation vulnerability.

tags | exploit, x86, local
systems | solaris
SHA-256 | 1d0a7fc97f6c11277cffbbde3faa1e5dcaa3c351527a2b971ea140cbd1503bbb
Coppermine Gallery 1.5.44 Directory Traversal
Posted Feb 15, 2017
Authored by Hacker Fantastic

Coppermine Gallery versions 1.5.44 and below suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 43fda03afc24d1a05660bc4321ec19661ba3c068b6c93e616a51d887d736f241
RSSMON / BEAM (Red Star OS 3.0) Shellshock
Posted Dec 19, 2016
Authored by Hacker Fantastic

This is a shellshock exploit for RSSMON and BEAM, network services for Red Star OS version 3.0 SERVER edition.

tags | exploit
SHA-256 | bbdf7dd5e3730d17196110e9505289469c26b6f29655125d1177485822c140de
Naenara Browser 3.5 (Red Star OS 3.0) Code Execution
Posted Dec 19, 2016
Authored by Hacker Fantastic

Naenara Browser version 3.5 exploit (JACKRABBIT) that uses a known Firefox bug to obtain code execution on Red Star OS 3.0 desktop.

tags | exploit, code execution
SHA-256 | c4b4b34b00cd3c056e46e8970c599fc698341f1def3f5d9c4ca35d64efaf0e59
TrendMicro InterScan Web Security Virtual Appliance Shellshock
Posted Oct 22, 2016
Authored by Hacker Fantastic

TrendMicro InterScan Web Security Virtual Appliance remote code execution exploit that leverages the shellshock vulnerability to spawn a connect-back shell. TrendMicro has contacted Packet Storm and provided the following link with patch information: <a href="https://success.trendmicro.com/solution/1105233">https://success.trendmicro.com/solution/1105233</a>

tags | exploit, remote, web, shell, code execution
advisories | CVE-2014-6271
SHA-256 | 7eefbb330b7be36adf17cb7725410f679d2aeac775a9e31cf85234029e4b66cc
Exim 4.84-3 Local Root / Privilege Escalation
Posted Mar 8, 2016
Authored by Hacker Fantastic

Exim versions 4.84-3 and below suffer from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2016-1531
SHA-256 | 338e278d54bff0fcb3160902a0f4e6e04e509da47b831229d06ee56563a1ce5c
Amanda 3.3.1 amstar Command Injection
Posted Jan 16, 2016
Authored by Hacker Fantastic

Amanda versions 3.3.1 and below amstar command injection local root exploit #2.

tags | exploit, local, root
SHA-256 | 284d84c47aaefe6f00825e9e93cb31647859b1a25d24d166cb7d556306f2a2b5
Amanda 3.3.1 Local Root Privilege Escalation
Posted Jan 11, 2016
Authored by Hacker Fantastic

Amanda version 3.3.1 suffers from a local root privilege escalation vulnerability via the setuid runtar binary.

tags | exploit, local, root
SHA-256 | 2ab1cf9f4f7d96fe3a9f2cf09a358645b047b9ef18ef2daf06d8e51bc6c2b48c
PonyOS 3.0 tty ioctl() Privilege Escalation
Posted Jun 2, 2015
Authored by Hacker Fantastic

PonyOS versions 3.0 and below tty ioctl() local privilege escalation exploit.

tags | exploit, local
SHA-256 | 309b43bdeb7461640755b45f94ada24175a9225ce852978a6cf15ccd49b2e228
PonyOS 3.0 ELF Loader Privilege Escalation
Posted May 30, 2015
Authored by Hacker Fantastic

PonyOS versions 3.0 and below ELF loader privilege escalation exploit.

tags | exploit
systems | linux
SHA-256 | 5c60cb1d2f49bf795a8889604606129d0372cc6882e3aade50ddafda87ca714c
PonyOS 3.0 VFS Privilege Escalation
Posted May 30, 2015
Authored by Hacker Fantastic

PonyOS versions 3.0 and below VFS privilege escalation exploit.

tags | exploit
SHA-256 | ef480619bfd3cba06fec4e08ff8068c41ddf33aebf80b9fb5a1574099b479586
Page 1 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close