exploit the possibilities
Showing 1 - 19 of 19 RSS Feed

Files from Brad Spengler

Email addressspender at grsecurity.net
First Active2000-03-27
Last Active2014-03-12
Linux perf_swevent_init Privilege Escalation
Posted Mar 12, 2014
Authored by Brad Spengler, Sorbo

This is a ROP exploit variant of the perf_swevent_init local root exploit for the Linux kernel versions prior to 3.8.9 for x86_64.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2013-2094
SHA-256 | f2e2d43cd1b1f6062d1700da019b5cc1e08dbf07427dcb52fc47281b57ddf45f
Linux Kernel MSR Driver Privilege Escalation
Posted Aug 4, 2013
Authored by Brad Spengler

Proof of concept exploit for the /dev/cpu/*/msr race condition that allows for privilege escalation in Linux kernels prior to 3.7.6.

tags | exploit, kernel, proof of concept
systems | linux
advisories | CVE-2013-0268
SHA-256 | 075699cacf6fd8174ad13898d21ffc0c7e1e382610e22fa688c31581b8a0b54d
Linux Kernel Sendpage Local Privilege Escalation
Posted Jul 19, 2012
Authored by Brad Spengler, Ramon de C Valle, Tavis Ormandy, Julien Tinnes, egypt | Site metasploit.com

The Linux kernel failed to properly initialize some entries the proto_ops struct for several protocols, leading to NULL being derefenced and used as a function pointer. By using mmap(2) to map page 0, an attacker can execute arbitrary code in the context of the kernel. Several public exploits exist for this vulnerability, including spender's wunderbar_emporium and rcvalle's ppc port, sock_sendpage.c. All Linux 2.4/2.6 versions since May 2001 are believed to be affected: 2.4.4 up to and including 2.4.37.4; 2.6.0 up to and including 2.6.30.4

tags | exploit, arbitrary, kernel, protocol, ppc
systems | linux
advisories | CVE-2009-2692
SHA-256 | 9bd69f05ada8cee6b76af8cc4636ab3a3a49a49bfad809f7b97fefaea4e48bb0
Enlightenment Linux NULL Pointer Dereference Exploit Framework
Posted Sep 10, 2009
Authored by Brad Spengler

Enlightenment is an exploit framework that takes advantage of the Linux NULL pointer dereference vulnerability.

tags | exploit
systems | linux
SHA-256 | 01512be9cd19822dc23240f53803669649f1d74bc67fea49fbe96ccadf722f5f
Linux Kernel udp_sendmsg Local Root Exploit
Posted Sep 3, 2009
Authored by Brad Spengler

Linux 2.6 kernels prior to version 2.6.19 udp_sendmsg local root exploit for x86/x64.

tags | exploit, x86, kernel, local, root
systems | linux
advisories | CVE-2009-2698
SHA-256 | a039b84bc6d7b35d7045a671af3a7c9b7dc5259fb92f77f406facac05217f4df
Linux 2.x Kernel Local Root
Posted Aug 15, 2009
Authored by Brad Spengler

Linux 2.x kernel sock_sendpage() local root exploit. It works on 2.4, 2.6, x86, x64, 4k stacks, 8k stacks, with/without cred framework, bypasses mmap_min_addr in any public way possible (auto-detecting which method to use).

tags | exploit, x86, kernel, local, root
systems | linux
SHA-256 | 085bb4412db15ce9acadc2e1a2519153ebf77890ac9c1ffc08873eb10d337f04
Linux 2.6.30+/SELinux/RHEL5 Local Root Exploit
Posted Jul 17, 2009
Authored by Brad Spengler

Linux 2.6.30+/SELinux/RHEL5 local root exploit. Works on both 32bit and 64bit kernels.

tags | exploit, kernel, local, root
systems | linux
SHA-256 | 3709a659201e1e4914bcbd137c9f08224a39b712f0e57cf22a9cbec5957de619
grsecurity-2.1.9-2.4.33.2-200608231938.patch.gz
Posted Aug 27, 2006
Authored by Brad Spengler | Site grsecurity.net

A new grsecurity patch has been released. It implements a detection/prevention/containment strategy. It prevents most forms of address space modification, confines programs via its Role-Based Access Control system, hardens syscalls, provides full-featured auditing, and implements many of the OpenBSD randomness features. It was written for performance, ease-of-use, and security. The RBAC system has an intelligent learning mode that can generate least privilege policies for the entire system with no configuration. All of grsecurity supports a feature that logs the IP of the attacker that causes an alert or audit.

systems | linux, openbsd
SHA-256 | d80c1d589b8a6fe3b0dea9563ee2453231d8f4854c17e5ed4f2d970790a7f67d
grsecurity-2.1.8-2.6.14.6-200601211647.patch.gz
Posted Jan 27, 2006
Authored by Brad Spengler | Site grsecurity.net

A new grsecurity patch has been released for the 2.6.14.6 Linux kernel series. It implements a detection/prevention/containment strategy. It prevents most forms of address space modification, confines programs via its Role-Based Access Control system, hardens syscalls, provides full-featured auditing, and implements many of the OpenBSD randomness features. It was written for performance, ease-of-use, and security. The RBAC system has an intelligent learning mode that can generate least privilege policies for the entire system with no configuration. All of grsecurity supports a feature that logs the IP of the attacker that causes an alert or audit.

tags | kernel
systems | linux, openbsd
SHA-256 | eaa8d0841c436461c0a8176a81ccbfc192d61cc0a8137702536776b170a512d3
grsecurity-2.1.8-2.4.32-200601211647.patch.gz
Posted Jan 27, 2006
Authored by Brad Spengler | Site grsecurity.net

A new grsecurity patch has been released for the 2.4.32 Linux kernel series. It implements a detection/prevention/containment strategy. It prevents most forms of address space modification, confines programs via its Role-Based Access Control system, hardens syscalls, provides full-featured auditing, and implements many of the OpenBSD randomness features. It was written for performance, ease-of-use, and security. The RBAC system has an intelligent learning mode that can generate least privilege policies for the entire system with no configuration. All of grsecurity supports a feature that logs the IP of the attacker that causes an alert or audit.

tags | kernel
systems | linux, openbsd
SHA-256 | 1af16f854a638f22bea48ff17e65d41cf97929628d2f1efb3730faf0a5ed0be0
systrace.txt
Posted Apr 7, 2004
Authored by Brad Spengler | Site grsecurity.net

Full detailed analysis and explanation of a systrace vulnerability that exists in various kernels. This problem was silently fixed in the Linux 2.4.24 kernel release without any real acknowledgment to the security community. Full exploit included.

tags | exploit, kernel
systems | linux
SHA-256 | d775badadce007939d2e0dba2995c99fc100ea67e86a786f9873d0a75de4ecca
iptables.txt
Posted Feb 6, 2001
Authored by Brad Spengler

How to use Iptables - Explains the new features, how to use them, how to write rulesets, and includes a sample firewall script.

tags | paper
SHA-256 | 4466b2b5cdbeb6765ffa0cab3810925ead1ec435fdc75b1f44b3f4c9267bad2d
cisco.txt
Posted Jun 21, 2000
Authored by Brad Spengler

Enhancing network security through the use of inexpensive cisco routers. Describes local router security, turning off the routers services, access-lists, dos protection, and more.

tags | local
systems | cisco
SHA-256 | d03ff45dc98d26a5101627907163535a5bc7387cf4d3281a0eb76a95e6ecb9ad
Sysctl.sh
Posted Jun 19, 2000
Authored by Brad Spengler

Using the sysctl support in linux to enhance a system security against outside attacks. Includes a script to optimize these settings by echoing values to /proc/sys/net/ipv4/*, turning on kernel security features which lessen the effect of SYN floods, smurf attacks, and turn on source validation by reversed path to add more protection against spoofed packets. Tested on linux 2.2.x.

tags | kernel, spoof
systems | linux
SHA-256 | ecb153fa9297b6558f676c779fca71d43e72cda281fcdba5c8b5c5d910578a74
ipchains.txt
Posted Jun 15, 2000
Authored by Brad Spengler

Linux Firewalling - Insights and Explainations. Covers basic IPchains firewall building, advanced IPchains firewalling, and linux firewall related insights and recommendations on which traffic to allow.

tags | paper
systems | linux
SHA-256 | 3c23ede6fcac5322c286ef9c78317b9d2dc6080d3c8bd5f2c70e41c164ec7673
datapool3.3.tar.gz
Posted May 13, 2000
Authored by Brad Spengler

Datapool v3.3 combines 106 dos attacks into one script. This version actually learns by keeping a database of which attacks are successful against each host, so the next time it uses the most successful attack first. Features logging, port rance specification, continous attack option, multiple IP addresses, and looping attack of multiple IPs. Includes sources of almost all attacks used, many of which are edited for speed and greater effect.

Changes: A icmp/udp/syn flooder scripted by the author, many new options, documentation updates. Simultaneous attacks were added, along with several line speed options.
tags | denial of service
SHA-256 | 47a3c50a3b88eaeada444af09ecbab1af543f24d6ae989f462777459e4708ab0
datapool2.1.tar.gz
Posted Apr 11, 2000
Authored by Brad Spengler

Datapool v2.1 combines 82 dos attacks into one script. Features logging, port rance specification, continous attack option, miltiple IP addresses, and looping attack of multiple IPs. Includes sources of almost all attacks used.

Changes: Added portless attacks, updated old school ascii, bug fixes.
tags | denial of service
SHA-256 | bb70eb01c7c05bf69a77ac32527662ac4f02cad77ee8253d0db74cf093f2dabf
datapool2.0.tar.gz
Posted Mar 31, 2000
Authored by Brad Spengler

Datapool v2.0 combines 81 dos attacks into one script. Features logging, port rance specification, continous attack option, miltiple IP addresses, and looping attack of multiple IPs. Includes sources of almost all attacks used.

tags | denial of service
SHA-256 | 0927b2ef88ea1f83f8a4327d05231b79489730a59bfdd1304ce70f7ee269216f
datapool1.0.tar.gz
Posted Mar 27, 2000
Authored by Brad Spengler

Datapool combines several DoS attacks in one shell script.

tags | denial of service, shell
SHA-256 | 82a9fd102d9f83e8cab3a9c233ba6b05cfac212487c7079a2220aafde3066311
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close