what you don't know can hurt you
Showing 1 - 8 of 8 RSS Feed

Files from Chris Moberly

Email addresschris at mailchris.com
First Active2018-04-26
Last Active2019-02-13
snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation
Posted Feb 13, 2019
Authored by Chris Moberly

This exploit bypasses access control checks to use a restricted API function (POST /v2/snaps) of the local snapd service. This allows the installation of arbitrary snaps. Snaps in "devmode" bypass the sandbox and may include an "install hook" that is run in the context of root at install time. dirty_sockv2 leverages the vulnerability to install an empty "devmode" snap including a hook that adds a new user to the local system. This user will have permissions to execute sudo commands. As opposed to version one, this does not require the SSH service to be running. It will also work on newer versions of Ubuntu with no Internet connection at all, making it resilient to changes and effective in restricted environments. This exploit should also be effective on non-Ubuntu systems that have installed snapd but that do not support the "create-user" API due to incompatible Linux shell syntax. Some older Ubuntu systems (like 16.04) may not have the snapd components installed that are required for sideloading. If this is the case, this version of the exploit may trigger it to install those dependencies. During that installation, snapd may upgrade itself to a non-vulnerable version. Testing shows that the exploit is still successful in this scenario. This is the second of two proof of concepts related to this issue. Versions below 2.37.1 are affected.

tags | exploit, arbitrary, shell, local, root, proof of concept
systems | linux, ubuntu
advisories | CVE-2019-7304
MD5 | e9db49ddfa940a474a61af831e403fe3
snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation
Posted Feb 13, 2019
Authored by Chris Moberly

This exploit bypasses access control checks to use a restricted API function (POST /v2/create-user) of the local snapd service. This queries the Ubuntu SSO for a username and public SSH key of a provided email address, and then creates a local user based on these value. Successful exploitation for this version requires an outbound Internet connection and an SSH service accessible via localhost. This is one of two proof of concepts related to this issue. Versions below 2.37.1 are affected.

tags | exploit, local, proof of concept
systems | linux, ubuntu
advisories | CVE-2019-7304
MD5 | 0dcbfdab6f37dbe3458ba63c7f68ffc7
SolarWinds Serv-U FTP 15.1.6.25 Cross Site Scripting
Posted Feb 2, 2019
Authored by Chris Moberly

SolarWinds Serv-U FTP version 15.1.6.25 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-19934
MD5 | 90ba3ac0b16b79537267117ba5f4ddda
SolarWinds Serv-U FTP 15.1.6 Privilege Escalation
Posted Feb 2, 2019
Authored by Chris Moberly

SolarWinds Serv-U FTP Server version 15.1.6 is vulnerable to privilege escalation from remote authenticated users by leveraging the CSV user import function. This leads to obtaining remote code execution under the context of the Windows SYSTEM account in a default installation.

tags | exploit, remote, code execution
systems | windows
advisories | CVE-2018-15906
MD5 | 2d9d1dea8fb44a6520cc80fea10a1f40
Plex Media Server 1.13.2.5154 SSDP Processing XML Injection
Posted Aug 3, 2018
Authored by Chris Moberly

Plex Media Server version 1.13.2.5154 suffers from an XML external entity injection vulnerability in SSDP processing.

tags | exploit
advisories | CVE-2018-13415
MD5 | c18b998e1a1850dfdadeaba4a9126720
Vuze Bittorrent Client 5.7.6.0 SSDP Processing XML Injection
Posted Aug 3, 2018
Authored by Chris Moberly

Vuze Bittorrent Client version 5.7.6.0 suffers from an XML external entity injection vulnerability in SSDP processing.

tags | exploit
advisories | CVE-2018-13417
MD5 | e4c3c8436b4e3971339e0df9048434ba
Universal Media Server 7.1.0 XML Injection
Posted Aug 1, 2018
Authored by Chris Moberly

Universal Media Server version 7.1.0 suffers from an XML external entity injection vulnerability in SSDP processing.

tags | exploit
advisories | CVE-2018-13416
MD5 | 6c87c4b2234fc8f3c5490719c560239f
Sitecore.NET 8.1 Directory Traversal
Posted Apr 26, 2018
Authored by Chris Moberly

Sitecore.NET version 8.1 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2018-7669
MD5 | 198b808f312fadbed9f8a2a7c4f5becc
Page 1 of 1
Back1Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    12 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    16 Files
  • 22
    May 22nd
    13 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close