exploit the possibilities
Showing 1 - 21 of 21 RSS Feed

Files from Sebastian Krahmer

Email addresskrahmer at suse.de
First Active2000-08-09
Last Active2019-02-07
Evince CBT File Command Injection
Posted Feb 7, 2019
Authored by Sebastian Krahmer, Brendan Coles, Matlink, Felix Wilhelm | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in Evince before version 3.24.1 when opening comic book `.cbt` files. Some file manager software, such as Nautilus and Atril, may allow automatic exploitation without user interaction due to thumbnailer preview functionality. Note that limited space is available for the payload.

tags | exploit
advisories | CVE-2017-1000083
MD5 | 518ed0c670d289725a426edf1b4243c3
Systemd 228 Privilege Escalation
Posted Jan 27, 2017
Authored by Sebastian Krahmer

Systemd 228 privilege escalation proof of concept exploit.

tags | exploit, proof of concept
advisories | CVE-2016-10156
MD5 | 456f8298b5491aa165da8bc7d93c25f0
Fedora 12 setroubleshootd Local Root Proof Of Concept
Posted Mar 30, 2015
Authored by Sebastian Krahmer

Fedora 21 setroubleshootd local root proof of concept exploit.

tags | exploit, local, root, proof of concept
systems | linux, fedora
MD5 | c01050fd0c33898ccd770a2b60b154e4
Docket 0.11 VMM-Container Breakout
Posted Jun 18, 2014
Authored by Sebastian Krahmer

This code demonstrates that any given docker image someone is asking you to run in your docker setup can access ANY file on your host, e.g. dumping hosts /etc/shadow or other sensitive info, compromising security of the host and any other docker VM's on it.

tags | exploit
MD5 | 2eeb22174d4bed0e8f899bc5169d37b4
Darklena fprintd/pam_fprintd Local Root
Posted May 30, 2014
Authored by Sebastian Krahmer

pam_fprintd local root proof of concept exploit that spawns a shell. pam_fprintd uses net.reactivated.Fprint service to trigger finger swiping and registers DBUS signal inside the PAM authentication function. Then, when the DBUS signal arrives, the signal argument is basically just checked to be the "verify-match" string; which however is expected to come from the legit net.reactivated.Fprint service. Since there is no message filter registered in either pam_fprintd, nor inside dbus-glib which it is using, such signals can be spoofed by anyone.

tags | exploit, shell, local, root, spoof, proof of concept
advisories | CVE-2013-0292
MD5 | 1786d9b3cee692d8370585417bc01109
dhclient 4.2.x Remote Code Execution
Posted Apr 7, 2011
Authored by Sebastian Krahmer, Marius Tomaschewski | Site isc.org

ISC dhclient does not strip or escape certain shell meta-characters in dhcpd responses, allowing a rogue server or party with with escalated privileges on the server to cause remote code execution on the client. Versions 3.0.x through 4.2.x are affected.

tags | advisory, remote, shell, code execution
advisories | CVE-2011-0997
MD5 | d72d8ec7a6e3379df290f80d3b1b37cd
Posted Jun 27, 2006
Authored by Sebastian Krahmer

Whitepaper describing how ptrace() might be used to build a Control Flow Integrity system.

tags | paper
MD5 | b4fc325a07b02849e37e300fd38f2b7f
Posted Jun 27, 2006
Authored by Sebastian Krahmer

Whitepaper discussing how to generate runtime call graphs using certain GCC features.

tags | paper
MD5 | 4406692f431765df98c31d321f8c9fcc
Posted Oct 6, 2005
Authored by Sebastian Krahmer

x86-64 buffer overflow exploits and the borrowed code chunk exploitation technique. Whitepaper describing NX technology and its limitations. It contains in depth discussion and sample code for the Hammer/Linux platform, analyzes the weaknesses and discusses countermeasures.

tags | paper, overflow, x86
systems | linux
MD5 | 8df650e08759b301398f03475970e1b2
SUSE Security Announcement 2004.25
Posted Aug 13, 2004
Authored by Sebastian Krahmer, Novell | Site suse.com

SUSE Security Announcement - The SuSE Security Team has discovered various remotely exploitable buffer overflows in the MSN-protocol parsing functions during a code review of the MSN protocol handling code of gaim. Remote attackers can execute arbitrary code as the user running the gaim client.

tags | advisory, remote, overflow, arbitrary, protocol
systems | linux, suse
advisories | CVE-2004-0500
MD5 | bbe94b5a9984bcb0a5b0bbe005022c95
Posted Apr 15, 2004
Authored by Sebastian Krahmer | Site suse.com

SuSE Security Advisory SuSE-SA:2004:008 - Two vulnerabilities have been discovered in CVS that can be exploited by malicious servers to compromise clients and by malicious users to retrieve arbitrary files from servers. Versions below 1.11.15 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, suse
MD5 | 3fda183c35ae1584b65b22e3b4df2147
Posted May 28, 2003
Authored by teso, Sebastian Krahmer | Site team-teso.net

loaded version 0.21 is an IPv4 load balancer for Linux. It requires netfilter and the QUEUE target enabled in the kernel.

tags | kernel
systems | linux
MD5 | d467ee59815b3f7befd3c46911940c80
Posted May 28, 2003
Authored by teso, Sebastian Krahmer | Site team-teso.net

guess-who version 0.44 is a password brute force utility for SSH2.

MD5 | a40161347c970fe627631a1354f7d35d
Posted Mar 17, 2003
Authored by Sebastian Krahmer | Site samba.org

A flaw has been detected in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User privileges on a server running a Samba server. This flaw exists in previous versions of Samba from 2.0.x to 2.2.7a inclusive.

tags | advisory
MD5 | 49274bb71b8cb19def5a90acc39ac026
Posted Dec 3, 2002
Authored by teso, Sebastian Krahmer | Site team-teso.net

Execution Path Timing Analysis of Unix Daemons - White paper on how to determine if a username is valid remotely by timing remote responses of login programs. OpenSSH diff against v2.99p2 which determines if a username exists even on the newest versions of OpenSSH included.

tags | remote
systems | unix
MD5 | 3652eb952d213483c1e22f10b941883d
Posted Nov 30, 2002
Authored by teso, Sebastian Krahmer | Site team-teso.net

Suidperl v5.00503 and others tmp race local root exploit.

tags | local, root
MD5 | 8041a1da62bd891ae9e65c3a2871a6c2
Posted Nov 30, 2002
Authored by Sebastian Krahmer | Site team-teso.net

Modprobe shell metacharacter expansion local root exploit for Red Hat 7.x and SuSE 7.x.

tags | exploit, shell, local, root
systems | linux, redhat, suse
MD5 | 28b219ae719f042d7c7ce6eac9ef28bd
Posted Nov 30, 2002
Authored by Sebastian Krahmer | Site team-teso.net

Local apache/PHP root exploit via libmm (apache-user -> root) temp race exploit. Spawns a root shell from the apache user.

tags | exploit, shell, local, root, php
MD5 | dcffeb448888592287ff24ca6be0c617
Posted Feb 26, 2002
Authored by teso, Sebastian Krahmer | Site team-teso.net

Weaknesses in the CHAP protocol as used within PPP and PPTP. Allows authentication in PPTP networks without knowing valid login/password combinations. This authentication scheme is widely used at universities (WLAN networks). A link to a special pppd which is able to authenticate without valid /etc/ppp/chap-secrets is included.

tags | protocol
MD5 | 6b4b918f410d855855fdaab340232b39
Posted Oct 3, 2000
Authored by teso, Sebastian Krahmer | Site team-teso.net

Openssh-Reverse is a patched OpenSSH which goes in reverse, allowing outside users to connect to machines behind NAT firewalls. In reverse mode, sshd acts as a client and brings the connection to a modified ssh server.

MD5 | 942f35d203b1fa524f6a92c140e9c23f
Posted Aug 9, 2000
Authored by Sebastian Krahmer | Site cs.uni-potsdam.de

suidperlhack.pl is a Suidperl v5.00503 and below local root exploit which hsa been ported to perl to increase portability. Tested against BSD.

tags | exploit, local, root, perl
systems | bsd
MD5 | 4eef04b3e90290cfa212f5c1bc13906b
Page 1 of 1

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    19 Files
  • 28
    Oct 28th
    29 Files
  • 29
    Oct 29th
    13 Files
  • 30
    Oct 30th
    8 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By