Exploit the possiblities
Showing 1 - 20 of 20 RSS Feed

Files from Sebastian Krahmer

Email addresskrahmer at suse.de
First Active2000-08-09
Last Active2017-01-27
Systemd 228 Privilege Escalation
Posted Jan 27, 2017
Authored by Sebastian Krahmer

Systemd 228 privilege escalation proof of concept exploit.

tags | exploit, proof of concept
advisories | CVE-2016-10156
MD5 | 456f8298b5491aa165da8bc7d93c25f0
Fedora 12 setroubleshootd Local Root Proof Of Concept
Posted Mar 30, 2015
Authored by Sebastian Krahmer

Fedora 21 setroubleshootd local root proof of concept exploit.

tags | exploit, local, root, proof of concept
systems | linux, fedora
MD5 | c01050fd0c33898ccd770a2b60b154e4
Docket 0.11 VMM-Container Breakout
Posted Jun 18, 2014
Authored by Sebastian Krahmer

This code demonstrates that any given docker image someone is asking you to run in your docker setup can access ANY file on your host, e.g. dumping hosts /etc/shadow or other sensitive info, compromising security of the host and any other docker VM's on it.

tags | exploit
MD5 | 2eeb22174d4bed0e8f899bc5169d37b4
Darklena fprintd/pam_fprintd Local Root
Posted May 30, 2014
Authored by Sebastian Krahmer

pam_fprintd local root proof of concept exploit that spawns a shell. pam_fprintd uses net.reactivated.Fprint service to trigger finger swiping and registers DBUS signal inside the PAM authentication function. Then, when the DBUS signal arrives, the signal argument is basically just checked to be the "verify-match" string; which however is expected to come from the legit net.reactivated.Fprint service. Since there is no message filter registered in either pam_fprintd, nor inside dbus-glib which it is using, such signals can be spoofed by anyone.

tags | exploit, shell, local, root, spoof, proof of concept
advisories | CVE-2013-0292
MD5 | 1786d9b3cee692d8370585417bc01109
dhclient 4.2.x Remote Code Execution
Posted Apr 7, 2011
Authored by Sebastian Krahmer, Marius Tomaschewski | Site isc.org

ISC dhclient does not strip or escape certain shell meta-characters in dhcpd responses, allowing a rogue server or party with with escalated privileges on the server to cause remote code execution on the client. Versions 3.0.x through 4.2.x are affected.

tags | advisory, remote, shell, code execution
advisories | CVE-2011-0997
MD5 | d72d8ec7a6e3379df290f80d3b1b37cd
bbpaint.pdf
Posted Jun 27, 2006
Authored by Sebastian Krahmer

Whitepaper describing how ptrace() might be used to build a Control Flow Integrity system.

tags | paper
MD5 | b4fc325a07b02849e37e300fd38f2b7f
instrumental.pdf
Posted Jun 27, 2006
Authored by Sebastian Krahmer

Whitepaper discussing how to generate runtime call graphs using certain GCC features.

tags | paper
MD5 | 4406692f431765df98c31d321f8c9fcc
no-nx.pdf
Posted Oct 6, 2005
Authored by Sebastian Krahmer

x86-64 buffer overflow exploits and the borrowed code chunk exploitation technique. Whitepaper describing NX technology and its limitations. It contains in depth discussion and sample code for the Hammer/Linux platform, analyzes the weaknesses and discusses countermeasures.

tags | paper, overflow, x86
systems | linux
MD5 | 8df650e08759b301398f03475970e1b2
SUSE Security Announcement 2004.25
Posted Aug 13, 2004
Authored by Sebastian Krahmer, Novell | Site suse.com

SUSE Security Announcement - The SuSE Security Team has discovered various remotely exploitable buffer overflows in the MSN-protocol parsing functions during a code review of the MSN protocol handling code of gaim. Remote attackers can execute arbitrary code as the user running the gaim client.

tags | advisory, remote, overflow, arbitrary, protocol
systems | linux, suse
advisories | CVE-2004-0500
MD5 | bbe94b5a9984bcb0a5b0bbe005022c95
SuSE-SA:2004:008.txt
Posted Apr 15, 2004
Authored by Sebastian Krahmer | Site suse.com

SuSE Security Advisory SuSE-SA:2004:008 - Two vulnerabilities have been discovered in CVS that can be exploited by malicious servers to compromise clients and by malicious users to retrieve arbitrary files from servers. Versions below 1.11.15 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, suse
MD5 | 3fda183c35ae1584b65b22e3b4df2147
loaded-0.21.tgz
Posted May 28, 2003
Authored by teso, Sebastian Krahmer | Site team-teso.net

loaded version 0.21 is an IPv4 load balancer for Linux. It requires netfilter and the QUEUE target enabled in the kernel.

tags | kernel
systems | linux
MD5 | d467ee59815b3f7befd3c46911940c80
guess-who-0.44.tgz
Posted May 28, 2003
Authored by teso, Sebastian Krahmer | Site team-teso.net

guess-who version 0.44 is a password brute force utility for SSH2.

MD5 | a40161347c970fe627631a1354f7d35d
samba-2.2.8.txt
Posted Mar 17, 2003
Authored by Sebastian Krahmer | Site samba.org

A flaw has been detected in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User privileges on a server running a Samba server. This flaw exists in previous versions of Samba from 2.0.x to 2.2.7a inclusive.

tags | advisory
MD5 | 49274bb71b8cb19def5a90acc39ac026
epta.tgz
Posted Dec 3, 2002
Authored by teso, Sebastian Krahmer | Site team-teso.net

Execution Path Timing Analysis of Unix Daemons - White paper on how to determine if a username is valid remotely by timing remote responses of login programs. OpenSSH diff against v2.99p2 which determines if a username exists even on the newest versions of OpenSSH included.

tags | remote
systems | unix
MD5 | 3652eb952d213483c1e22f10b941883d
hack.pl
Posted Nov 30, 2002
Authored by teso, Sebastian Krahmer | Site team-teso.net

Suidperl v5.00503 and others tmp race local root exploit.

tags | local, root
MD5 | 8041a1da62bd891ae9e65c3a2871a6c2
rootprobe.sh
Posted Nov 30, 2002
Authored by Sebastian Krahmer | Site team-teso.net

Modprobe shell metacharacter expansion local root exploit for Red Hat 7.x and SuSE 7.x.

tags | exploit, shell, local, root
systems | linux, redhat, suse
MD5 | 28b219ae719f042d7c7ce6eac9ef28bd
scalpel.c
Posted Nov 30, 2002
Authored by Sebastian Krahmer | Site team-teso.net

Local apache/PHP root exploit via libmm (apache-user -> root) temp race exploit. Spawns a root shell from the apache user.

tags | exploit, shell, local, root, php
MD5 | dcffeb448888592287ff24ca6be0c617
chap.pdf
Posted Feb 26, 2002
Authored by teso, Sebastian Krahmer | Site team-teso.net

Weaknesses in the CHAP protocol as used within PPP and PPTP. Allows authentication in PPTP networks without knowing valid login/password combinations. This authentication scheme is widely used at universities (WLAN networks). A link to a special pppd which is able to authenticate without valid /etc/ppp/chap-secrets is included.

tags | protocol
MD5 | 6b4b918f410d855855fdaab340232b39
openssh.reverse.tgz
Posted Oct 3, 2000
Authored by teso, Sebastian Krahmer | Site team-teso.net

Openssh-Reverse is a patched OpenSSH which goes in reverse, allowing outside users to connect to machines behind NAT firewalls. In reverse mode, sshd acts as a client and brings the connection to a modified ssh server.

MD5 | 942f35d203b1fa524f6a92c140e9c23f
suidperlhack.pl
Posted Aug 9, 2000
Authored by Sebastian Krahmer | Site cs.uni-potsdam.de

suidperlhack.pl is a Suidperl v5.00503 and below local root exploit which hsa been ported to perl to increase portability. Tested against BSD.

tags | exploit, local, root, perl
systems | bsd
MD5 | 4eef04b3e90290cfa212f5c1bc13906b
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    14 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close