Showing 1 - 6 of 6

Files from Blasty

Dirty Pipe SUID Binary Hijack Privilege Escalation: Posted Mar 8, 2022; Authored by Blasty, Max Kellermann; Variant proof of concept exploit for the Dirty Pipe file overwrite vulnerability. This version hijacks a SUID binary to spawn a root shell.; tags | exploit, shell, root, proof of concept; advisories | CVE-2022-0847; SHA-256 | 896e5b87da1c2dcdc6b5bf2a4c03daf9da0145521f3b205c1bcf72db8ff2340f; Download | Favorite | View

Sudo 1.8.31p2 / 1.9.5p1 Buffer Overflow: Posted Feb 5, 2021; Authored by Blasty, Spencer McIntyre, Qualys Security Advisory, bwatters-r7, Alexander Krog | Site metasploit.com; A heap based buffer overflow exists in the sudo command line utility that can be exploited by a local attacker to gain elevated privileges. The vulnerability was introduced in July of 2011 and affects version 1.8.2 through 1.8.31p2 as well as 1.9.0 through 1.9.5p1 in their default configurations. The technique used by this implementation leverages the overflow to overwrite a service_user struct in memory to reference an attacker controlled library which results in it being loaded with the elevated privileges held by sudo.; tags | exploit, overflow, local; advisories | CVE-2021-3156; SHA-256 | cdf458fa2ff6a679afd1037bdb879758b301305b20f223b3aade629bb97b04bc; Download | Favorite | View

Nagios3 history.cgi Host Command Execution: Posted Jan 17, 2013; Authored by Blasty, temp66, Jose Selvi | Site metasploit.com; This Metasploit module abuses a command injection vulnerability in the Nagios3 history.cgi script.; tags | exploit, cgi; advisories | CVE-2012-6096, OSVDB-88322; SHA-256 | 2d998e6af394b654b4e6c4d7e3889f719c9559d52bd93cdc30862fc829af9295; Download | Favorite | View

Nagios 3.x Remote Command Execution: Posted Jan 15, 2013; Authored by Blasty; Nagios version 3.x suffers from a remote command execution vulnerability in history.cgi.; tags | exploit, remote, cgi; advisories | CVE-2012-6096; SHA-256 | e9958b0f049ad1bc4400634ee8177ed434f1a56da56c38cae3879f16f2a207c8; Download | Favorite | View

Samba SetInformationPolicy AuditEventsInfo Heap Overflow: Posted Sep 28, 2012; Authored by unknown, Blasty, sinn3r, juan vazquez | Site metasploit.com; This Metasploit module triggers a vulnerability in the LSA RPC service of the Samba daemon because of an error on the PIDL auto-generated code. Making a specially crafted call to SetInformationPolicy to set a PolicyAuditEventsInformation allows to trigger a heap overflow and finally execute arbitrary code with root privileges. The module uses brute force to guess the system() address and redirect flow there in order to bypass NX. The start and stop addresses for brute forcing have been calculated empirically. On the other hand the module provides the StartBrute and StopBrute which allow the user to configure his own addresses.; tags | exploit, overflow, arbitrary, root; advisories | CVE-2012-1182, OSVDB-81303; SHA-256 | 9949872fc1ebdc3a22c30908a1250ac0f492dd32e5fa7cdf09b5146958389629; Download | Favorite | View

gEEk-fuck-khaled.c: Posted Oct 21, 2003; Authored by Blasty | Site geekz.nl; mIRC v6.1 and below remote exploit which takes advantage of the bug described in mirc61.txt. Creates a HTML file which overflows the irc:// URI handling, spawning a local cmd.exe window. The exploit works even if mIRC is not started - The HTML can be in a HTML email or on a web page. Tested against Windows XP build 2600.xpclient.010817-1148.; tags | exploit, remote, web, overflow, local; systems | windows; SHA-256 | 4cd0bf42beaab24a9681b6932162eb72775c3439db6704c72c2c8e2f9991b043; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days