This Metasploit module exploits an authentication bypass vulnerability in the F5 BIG-IP iControl REST service to gain access to the admin account, which is capable of executing commands through the /mgmt/tm/util/bash endpoint. Successful exploitation results in remote code execution as the root user.
bb3a5bef34f53053f0da7eec9cad038bc4f47a0997b2e9cd601a17a1f034a0ad
Ubuntu Security Notice 5380-1 - It was discovered that Bash did not properly drop privileges when the binary had the setuid bit enabled. An attacker could possibly use this issue to escalate privileges.
173a734aa620d03a2270533a7ff0022b9fb8a72908396d8604869220c0c5934d
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
c2beb3ae1fc1301ad845c7aa01c0a292c41b95747ef67f34601f21fb2da16145
This archive contains demo exploits for CVE-2022-0185. There are two versions here. The non-kctf version (fuse version) specifically targets Ubuntu with kernel version 5.11.0-44. It does not directly return a root shell, but makes /bin/bash suid, which will lead to trivial privilege escalation. Adjusting the single_start and modprobe_path offsets should allow it to work on most other Ubuntu versions that have kernel version 5.7 or higher; for versions between 5.1 and 5.7, the spray will need to be improved as in the kctf version. The exploitation strategy relies on FUSE and SYSVIPC elastic objects to achieve arbitrary write. The kctf version achieves code execution as the root user in the root namespace, but has at most 50% reliability - it is targeted towards Kubernetes 1.22 (1.22.3-gke.700). This exploitation strategy relies on pipes and SYSVIPC elastic objects to trigger a stack pivot and execute a ROP chain in kernelspace.
8f9e0a3bd934c75bb63bb75c98368d05ec18006a64e52a0bc3f9ae155f0b72c1
This is a basic bash script to detect log4j indicators of compromise (IoCs) in Linux log files.
cac18b2d6343c61bc55d312a115a6b13a4e02c2b28f3e4b83320cd33353f71a1
This Metasploit module exploits an unauthenticated command injection vulnerability within the Nimbus service component of Apache Storm. The getTopologyHistory RPC method method takes a single argument which is the name of a user which is concatenated into a string that is executed by bash. In order for the vulnerability to be exploitable, there must have been at least one topology submitted to the server. The topology may be active or inactive, but at least one must be present. Successful exploitation results in remote code execution as the user running Apache Storm. This vulnerability was patched in versions 2.1.1, 2.2.1 and 1.2.4. This exploit was tested on version 2.2.0 which is affected.
bdeabaf8ee1de5cc701765d5b3a2960189a0cd18ac93bcb180979bd32c8d528a
This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
0a198af8d7876d7adb9c0517025bd6443d13399a188615a078cf3e45e120f19e
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
05768444d6cf3dc5812f8fb88695d17a82668089deddd6aaf969041ba4c10b10
Seth is a tool written in Python and Bash to MitM RDP connections by attempting to downgrade the connection in order to extract clear text credentials. It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops or talks.
c7390c0ef2061eb2f26a7cc5a7ad91394e34550d095a3ea3099eb5b7fd50be60
Gentoo Linux Security Advisory 202105-34 - A vulnerability in Bash may allow users to escalate privileges. Versions less than 5.0_p11-r1 are affected.
d14b7a6c79dcafc423e08f9754342a9daaccb7c5435a66a2f26302075f56dfe8
Red Hat Security Advisory 2021-1679-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.
bedd180f89519978a938efa7386b96d2a29ca03aa105a237c7520eed9b71134e
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
9de744fe0e51a03d42fa85e4b83340948baeaa7080427f90b0efd23e9106fece
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
92d17b8139c50d7dc865942fdf35fc0375cd7a98af655fba1de479cfa4fd8e44
erfs is an easy-to-use, easy-to-setup, hassle-free secure file system with the encrypted data being stored on a remote cloud server without having to trust the server. The client is a bash-script. The cloud server is provided by THC for free (as in free beer!). There is no limit per user, no limit of the number of file systems and no limit of how many locations can access the same file system simultaneously. It supports collaboration and the same filesystem can be accessed from different computers at the same time. The data is securely and seamlessly synchronized. The server has no knowledge of the content. A rogue server operator can not access the data. All key material is created on the user's computer and never stored or transferred to the server.
acabf88a256ecdeddf175c24b4263b0d4b660b4cd2c60eb52dccc56cdcbf11cf
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
32bac618c807d5f960f68dd20d1a1b3988f4033d5535daa8ffcd26fca4a4dc43
This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
f83cb6b91b197a079e3bfbb484b1d652a62b381e1175cf46a6f305177af13bd1
Red Hat Security Advisory 2020-3803-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.
d6f38e216c1e79df65073c477e0b9f6950a67b9786832a4007ce8a159d249021
Ubuntu Security Notice 4512-1 - It was discovered that the umount bash completion script shipped in util-linux incorrectly handled certain mountpoints. If a local attacker were able to create arbitrary mountpoints, another user could be tricked into executing arbitrary code when attempting to run the umount command with bash completion.
721b596b39c552a83413d7c73f21fa99895259ca2b06e7ee12a54af082236b77
Red Hat Security Advisory 2020-3592-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.
67dc5c6ba3fbf2b09490124b6fc4334e806688dcf2bb5cf1dd12d730ec9c5baa
Red Hat Security Advisory 2020-3474-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.
e33707a21648effcc7921de1ee320bb14788d0b377049fe958d23e6f263fc180
vBulletin version 5.x pre-authentication widget_tabbedcontainer_tab_panel remote code execution exploit. This exploit demonstrates that the patch for CVE-2019-16759 was not sufficient. Written in bash.
800381f3649a533440af653fbd52534ea9e111590ccf2388f4920393f6d270a2
This Metasploit module takes advantage of a poorly configured TACACS+ config, Arista's bash shell, and a TACACS+ read-only account to achieve privilege escalation.
86fccaf72b7727767295df0286ab1d606f02b1e49f7979bfafc39f16ae633df4
This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
7773e8f8531efb3e4dd207571a8dff688359261bbcf9a2beeefaba8acb4c5484
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
cfca31a0e5fd0e706002e7c1b044c11be5140091f0e22f0ae5b9aa644ef50da2
This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
1edf0c378bb51329cb87cf581499ceb5bf11db8419e73a8fb388b9e4cee169fc