testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
85b7b8a6e133d634247b01fd085c8134testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
2ba4ba9d50b056ddda260d039a124853erfs is an easy-to-use, easy-to-setup, hassle-free secure file system with the encrypted data being stored on a remote cloud server without having to trust the server. The client is a bash-script. The cloud server is provided by THC for free (as in free beer!). There is no limit per user, no limit of the number of file systems and no limit of how many locations can access the same file system simultaneously. It supports collaboration and the same filesystem can be accessed from different computers at the same time. The data is securely and seamlessly synchronized. The server has no knowledge of the content. A rogue server operator can not access the data. All key material is created on the user's computer and never stored or transferred to the server.
8760e61d1fb0d63faba1e847ebb48b34testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
afcbd6001bd3128b99675f5eceab35ceThis tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
b337bc57bc4bb3aed8d93453ecc18db2Red Hat Security Advisory 2020-3803-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.
09a3b8e514d3cfd4046dff77d503199dUbuntu Security Notice 4512-1 - It was discovered that the umount bash completion script shipped in util-linux incorrectly handled certain mountpoints. If a local attacker were able to create arbitrary mountpoints, another user could be tricked into executing arbitrary code when attempting to run the umount command with bash completion.
fd698bcee448baf8032ab156756cd4d9Red Hat Security Advisory 2020-3592-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.
6866e5562af91fd7c2e0245ba478bbd0Red Hat Security Advisory 2020-3474-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.
b84476e366afe54f22aacc4f6034cd1dvBulletin version 5.x pre-authentication widget_tabbedcontainer_tab_panel remote code execution exploit. This exploit demonstrates that the patch for CVE-2019-16759 was not sufficient. Written in bash.
69ef9f6bd01f8cf67a09f62be35d69fdThis Metasploit module takes advantage of a poorly configured TACACS+ config, Arista's bash shell, and a TACACS+ read-only account to achieve privilege escalation.
c89e5030f0dbb92c9b9a0aaee9be5226This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
e8d1cc0e2a6dd8929622f15b3aa8fe58testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
23f32eb9dee4e088a704a11bd2a2339aThis tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
729407dd3aa962f4430fedcaf5d5dc7257 bytes small Linux/x64_86 /bin/bash shellcode. The stub decodes the ROL Encoded shellcode. When the stub has finished decoding the payload, execution control is passed to the payload.
8dfa373d1ce188f0f22dd71251acb23263 bytes small Linux/x64_86 dynamic egghunter shellcode that searches memory for 2 instances of the egg. When the eggs are found, the egghunter passes execution control to the payload at the memory address of the eggs. The payload is an execve(/bin/bash) shellcode.
a26b8168f0e16f88cec1b72030695f38testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
397556aadba7a2092a659fed9c8414afThis Metasploit module exploits an authenticated command injection vulnerability in the v-list-user-backups bash script file in Vesta Control Panel to gain remote code execution as the root user.
33bd5dbc2ecccd00ba2b6203d75e3317This Metasploit module exploits command injection vulnerability in v-list-user-backups bash script file. Low privileged authenticated users can execute arbitrary commands under the context of the root user. An authenticated attacker with a low privileges can inject a payload in the file name starts with dot. During the user backup process, this file name will be evaluated by the v-user-backup bash scripts. As result of that backup process, when an attacker try to list existing backups injected payload will be executed.
1ae36b8679434621ce93a5d3b05036e3Red Hat Security Advisory 2020-1113-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.
7222ad43e6ca5147a2e91eb9bc73be2fThis Metasploit module exploits a vulnerability that exists due to a lack of input validation when creating a user. Messages for a given user are stored in a directory partially defined by the username. By creating a user with a directory traversal payload as the username, commands can be written to a given directory. To use this module with the cron exploitation method, run the exploit using the given payload, host, and port. After running the exploit, the payload will be executed within 60 seconds. Due to differences in how cron may run in certain Linux operating systems such as Ubuntu, it may be preferable to set the target to Bash Completion as the cron method may not work. If the target is set to Bash completion, start a listener using the given payload, host, and port before running the exploit. After running the exploit, the payload will be executed when a user logs into the system. For this exploitation method, bash completion must be enabled to gain code execution. This exploitation method will leave an Apache James mail object artifact in the /etc/bash_completion.d directory and the malicious user account.
3d2e5a1c98fb29c02aab67ae9f098b24testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
81b8166ba2d7dc97b529a7b8769e6ba5This Metasploit module writes an execution trigger to the target's Bash profile. The execution trigger executes a call back payload whenever the target user opens a Bash terminal. A handler is not run automatically, so you must configure an appropriate exploit/multi/handler to receive the callback.
9ac5bc3f15cb2da635c3325eee14b3cctestssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
36d94bca1825ba88a55c5fbf3b513609An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.
839a835373eff1043e2c6d5d697405eb
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed