what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files from zx2c4

First Active2011-03-10
Last Active2018-03-30
glibc LD_AUDIT libmemusage.so RHEL-Based Arbitrary DSO Load Privilege Escalation
Posted Mar 30, 2018
Authored by Marco Ivaldi, Tavis Ormandy, Todor Donev, zx2c4, Brendan Coles | Site metasploit.com

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker with libmemusage.so library.

tags | exploit, root
systems | linux
advisories | CVE-2010-3847, CVE-2010-3856
SHA-256 | 866ac744c655ede9c376e4a47945a3a0e64a8cdb089b30ec2822adfef9bb9512
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
Posted Feb 10, 2018
Authored by Marco Ivaldi, Tavis Ormandy, Todor Donev, zx2c4, Brendan Coles | Site metasploit.com

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LD_AUDIT environment variable when loading setuid executables. This allows loading arbitrary shared objects from the trusted library search path with the privileges of the suid user. This Metasploit module uses LD_AUDIT to load the libpcprofile.so shared object, distributed with some versions of glibc, and leverages arbitrary file creation functionality in the library constructor to write a root-owned world-writable file to a system trusted search path (usually /lib). The file is then overwritten with a shared object then loaded with LD_AUDIT resulting in arbitrary code execution. This Metasploit module has been tested successfully on glibc version 2.11.1 on Ubuntu 10.04 x86_64 and version 2.7 on Debian 5.0.4 i386. RHEL 5 is reportedly affected, but untested. Some glibc distributions do not contain the libpcprofile.so library required for successful exploitation.

tags | exploit, arbitrary, root, code execution
systems | linux, debian, ubuntu
advisories | CVE-2010-3847, CVE-2010-3856
SHA-256 | 79d3dcb40544179ef2c545514e54b7352e225d51c57c720672f33d1b717c00e5
Gentoo QEMU Local Privilege Escalation
Posted Dec 17, 2015
Authored by zx2c4

Some distributions make virtfs-proxy-helper from QEMU either SUID or give it CAP_CHOWN fs capabilities. This is a terrible idea. While virtfs-proxy-helper makes some sort of flimsy check to make sure its socket path doesn't already exist, it is vulnerable to TOCTOU. This exploit should spawn a root shell, eventually, on vulnerable systems.

tags | exploit, shell, root
advisories | CVE-2015-8556
SHA-256 | 1e19e91a7c1729b5f293f8ceb076d4d844b703cbb48b10bd6f16f7fb62c5f677
WordPress W3 Total Cache Data Disclosure
Posted Dec 24, 2012
Authored by zx2c4

This is an exploit for W3 Total Cache called W3 Total Fail that works by attempting to guess SQL queries that might contain important password hashes.

tags | exploit
SHA-256 | 2e978aeab0aad073084fa3c762212c6feb62f882be9a85f79fe5a5effb151596
Viscosity OpenVPN OS X Local Root
Posted Aug 13, 2012
Authored by zx2c4

Viscosity OpenVPN client for Mac OS X suffers from a local root command execution vulnerability due to a suid binary executing site.py.

tags | exploit, local, root
systems | apple, osx
SHA-256 | bbed2f8bef6e98f9f906db21866f9556901fd2af1233ad2af5fa7f69e3f8af21
Tunnel Blick Race Condition Local Root
Posted Aug 12, 2012
Authored by zx2c4

Tunnel Blick suffers from a race condition that allows for local root execution.

tags | exploit, local, root
SHA-256 | c1a060ee41fd2155da5b10c23e65df5727224db3293427daaed6fb1e2ec03027
Tunnel Blick Local Root Exploit Version 2
Posted Aug 11, 2012
Authored by zx2c4

Pwnnel-Blicker is a second local root exploit for Tunnel Blick OS X OpenVPN manager.

tags | exploit, local, root
systems | apple, osx
SHA-256 | 469187a05e24af6ff54301dc1ce224c0d812f436efa24c7f9245c5385e416fb9
Linux Local Root Via SUID /prod/pid/mem Write
Posted Jan 23, 2012
Authored by zx2c4

This is the Mempodipper local root exploit for Linux. /proc/pid/mem is an interface for reading and writing, directly, process memory by seeking around with the same addresses as the process's virtual memory space. In 2.6.39, the protections against unauthorized access to /proc/pid/mem were deemed sufficient, and so the prior #ifdef that prevented write support for writing to arbitrary process memory was removed. Anyone with the correct permissions could write to process memory. It turns out, of course, that the permissions checking was done poorly. This means that all Linux kernels greater than and equal to 2.6.39 are vulnerable.

tags | exploit, arbitrary, kernel, local, root
systems | linux
advisories | CVE-2012-0056
SHA-256 | 3a525daa17c897f966b003f33e20bb846db1a8e769624736feaf876a139f8576
OpenOffice.org Xterm Spawn
Posted Nov 15, 2011
Authored by zx2c4

This is an amusing method of spawning an xterm using a macro in OpenOffice.org when using a Linux box.

tags | exploit
systems | linux
SHA-256 | e4ad2fa3a4cf1f1de98c219c6348e38c684d69e735f6c6fbde372c495a2f152c
glibc LD_AUDIT Privilege Escalation
Posted Nov 10, 2011
Authored by zx2c4

glibc LD_AUDIT arbitrary DSO load local root exploit that leverages a race condition to escalate privileges.

tags | exploit, arbitrary, local, root
advisories | CVE-2010-3856
SHA-256 | 8c9850741e5f8fca1981297aa3458369e2f156d2152d098c2e4d2f48ebf2a8c0
Calibre E-Book Reader Local Root Race Condition
Posted Nov 3, 2011
Authored by Dan Rosenberg, zx2c4

Calibre E-Book Reader local root race condition exploit that subverts recent changes preventing symlinks and checking path prefixes.

tags | exploit, local, root
SHA-256 | a8d8f271f9bcea57da5e8e80f09acc4ebc27b5f8820e5bdda23f748aa4eb75ef
Calibre E-Book Reader Local Root
Posted Nov 3, 2011
Authored by zx2c4

Calibre E-Book Reader local root exploit that uses the mount helper to mount a vfat filesystem over /etc and then tinkers with /etc/passwd to make the root password toor temporarily.

tags | exploit, local, root
SHA-256 | 803cea9af662f56f8c5d24c4e88e0d59ba6548ac865fb65d1a853fca08aef00c
Calibre E-Book Reader Local Root
Posted Nov 2, 2011
Authored by zx2c4

Calibre E-Book Reader local root exploit that leverages PATH manipulation and a suid mount helper.

tags | exploit, local, root
SHA-256 | e5fa170d241da03c918fe3a8ffb3e7a7364e4e4825c16fc83ac7bd17e8ee6b78
PolicyKit 0.101 Privilege Escalation
Posted Oct 5, 2011
Authored by zx2c4

PolicyKit versions 0.101 and below local privilege escalation exploit.

tags | exploit, local
advisories | CVE-2011-1485
SHA-256 | 8e1577823139cfa501ce0535ad03ba8172e54feaed9443aab35fb42423be384b
Linux Kernel 2.6 TCP_MAXSEG Denial Of Service
Posted Mar 10, 2011
Authored by zx2c4

Linux kernel versions prior to 2.6.37-rc2 TCP_MAXSEG kernel panic denial of service exploit that triggers a divide by zero error in net/ipv4/tcp.c.

tags | exploit, denial of service, kernel, tcp
systems | linux
advisories | CVE-2010-4165
SHA-256 | a828b90c5c0bad6750f1b7c65f1a2de7ed95c1f80ad18127d00d539bc776fa31
FreeBSD 6.4 Netgraph Privilege Escalation
Posted Mar 10, 2011
Authored by zx2c4

FreeBSD versions 6.4 and below Netgraph local privilege escalation exploit.

tags | exploit, local
systems | freebsd
advisories | CVE-2008-5736
SHA-256 | f9bec532885df70ffa4f6568914b356999d9c3d3c17fd766a1248a5b0e06d65d
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close