Some dynamically linked binary builds of the CVSup package contain untrusted paths in the ELF RPATH fields of the executables which may allow for local privilege escalation.
b8782bca72a905590f6df6d37502a533b73ad0fe9fb35cea32cce7475f90ab88elFinder versions below 2.1.59 are vulnerable to a command injection vulnerability via its archive functionality. When creating a new zip archive, the name parameter is sanitized with the escapeshellarg() php function and then passed to the zip utility. Despite the sanitization, supplying the -TmTT argument as part of the name parameter is still permitted and enables the execution of arbitrary commands as the www-data user.
eefba941559b0ed45889286a43dda93328d3b84159ce379897131f28b557f0baThis Metasploit module exploits a command injection vulnerability in elFinder versions prior to 2.1.48. The PHP connector component allows unauthenticated users to upload files and perform file modification operations, such as resizing and rotation of an image. The file name of uploaded files is not validated, allowing shell metacharacters. When performing image operations on JPEG files, the filename is passed to the exiftran utility without appropriate sanitization, causing shell commands in the file name to be executed, resulting in remote command injection as the web server user. The PHP connector is not enabled by default. The system must have exiftran installed and in the PATH. This module has been tested successfully on elFinder versions 2.1.47, 2.1.20, and 2.1.16 on Ubuntu.
5222268c0c1677f7e0637fd6b8a807ef9ea4bfb24107aadeb85ce45155354bc3elFinder versions 2.1.47 and below suffer from a command injection vulnerability in the PHP connector.
c18a99273f5751aac3069a948d7904a72a24ff8573296cdae06be2c2d58ce090elFinder 2 suffers from a remote command execution vulnerability via file creation.
57884d86d295df818f1cab870ceaf073323f6d2bc260384a3aeccee8ff36816fElfChat version 5.2.0 Pro suffers from a cross site scripting vulnerability.
14c2be5038a765871520e53de63ae1d22508257a57f5adb84596065a25eb45ebElfChat version 5.1.2 Pro suffers from a cross site scripting vulnerability.
5dbc0c25c91ac9c248972741c037874ae862593c456258d1c27f34c121b8cf11Whitepaper called Cheats with ELF - Code Injecting into ELF Headers.
2737a2b61dd3e9303deffc4c5ed16acb439de026f629f5909b558e4d76f6372bExploit that demonstrates an elfdump crash flaw when analyzing a specially crafted ELF file.
c3cea28a2e7394096322ead670ca856079d5192d98b98ba04aed8cbae0f111d3Infecting ELF binaries to gain local root.
ddbff7dec2b42a5c6f2a6392277bd7b695ef9ef374ad2f4856babe17083ef0d0Linux kernel binfmt_elf core dump buffer overflow exploit.
58a6abd1f277ec637f9a44b64e7406574fa600212c6681ae666cddafa25fbac1Project Freedocs Volume 3 - A collection of tutorials regarding elf programming.
b82d788fa1cc03185f252c3dd0cd47a9996e0422cc57dc5a354273bd6e0db8caelf is a command-line tool that allows a user, be it a script or a human, to analyze the contents of an ELF object file header. This header contains various integral values such as the virtual entry point of the object file, the machine architecture it was compiled for and more.
ba504141b5e785fc1d7f12e8239b05346b36be25671c0ad626f1baa248ad8791Proof of concept exploit that will patch an ELF binary to utilize the stack overflow in file 3.39 and below. If someone runs file against said binary, a suid shell is created as /tmp/.sh of that uid. New version works on both Linux and the BSDs .
21103ace980bf29abaf0743ed5d8816533999653245d3642f709e758b76ba991Proof of concept exploit that will patch an ELF binary to utilize the stack overflow in file 3.39 and below. If someone runs file against said binary, a suid shell is created as /tmp/.sh of that uid.
15a084aac71ca804bb1ff97e1ca230d473228271616ff4493d50b4b2a3d11cd4elfpgp signs an ELF binary by using standard PGP/GnuPG keys. It also allows for verification of said signatures. The signature is stored in the binary in an ELF record.
c72305a22e7ace63cfd05154d33e383e750ba58c7cec03ad65c3754c61d2550dElfcmp compares running processes to the their respective binary image to ensure that the process image in memory has not been tampered with after execution. This is useful for security auditing, as other methods that rely strictly on checking disk image checksums are not reliable if only the process image is being tampered with.
cc834fee066f13e42f1cba14a95de3239289c91042562ea57d720564a2a26f41Elf Shell v0.51b3-portable is an automated reverse engineering tool with read/write capability for the ELF format. Sophisticated output with cross references using .got, .ctors, .dtors, .symtab, .dynsym, .dynamic, .rel.* and many other with an integrated hexdump. Designed for Linux. All calls encapsulated in libelfsh.a, so the elfsh API is really reusable.
ecffe100d0da12235cfe464726313491409739493030f3fbdb3a28696b23447fScanner to look up infection techniques that can be used in ELF modules. Includes function hijacking, relocation files, etc. Runs on linux 2.4.X.
dcd0e0b68ca65f72ca23959a54204f1f589d2cac48c5840fd77dc0b45db13d17A demonstration of ELF relocation.
15f16677b70d453d8baa3551f84c1a7dff88f2b60f14e3269391e42b8eeba9fbElf binder v1.5 will bind a tar file to the end of an executable. It will then untar the file in /tmp, run the installation script, and can be useful for automation.
7c68d9e3a950633449b73b3e7cc149f45eb56ccbd2ba6ed0f2f1cd101337429cElfrip is a tiny cat-like utility for ripping the code section out of a nasm generated elf image.
d04491b975521b75ef0b591b237c4372cec5f1be775b96ff57fb534aa0a5189fElf Shell v0.43b-portable is an automated reverse engineering tool with read/write capability for the ELF format. Sophisticated output with cross references using .got, .ctors, .dtors, .symtab, .dynsym, .dynamic, .rel.* and many other with an integrated hexdump. Designed for Linux. All calls encapsulated in libelfsh.a, so the elfsh API is really reusable. Sample output here.
9068395673dc10ca19ad2f71181d0ce313ff9da89bde2727c0db51c616b87c20Reversing the ELF - Stepping with GDB during PLT uses and .GOT fixup. This is a GDB tutorial about runtime process fixup using the Procedure Linkage Table section (.plt) and the Global Offset Table section (.got) by the dynamic linker ld-linux.so. ASM knowledge will be helpful. More info on ELF here.
d827aaba5feb045e90dea774ade60c84ce956eb244b90457391bfb60f6d84432An article on UNIX ELF PARASITES AND VIRUSES including a fully working parasite infector and binary virus for Linux (UNIX portable however). The parasites and virus described and given do not destroy the executeables functionality but instead as with many DOS viruses simply append new code to the image. Rudimentary techniques for disabling the parasites and virus is also described. (includes LONG rant at beginning by author).
41101f0b3c5ca938f20c81b9751270536b75203824557fe9301873ac62f7da1e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed