what you don't know can hurt you
Showing 1 - 25 of 290 RSS Feed

Bash Files

Red Hat Security Advisory 2020-3803-01
Posted Sep 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3803-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.

tags | advisory, shell, bash
systems | linux, redhat
advisories | CVE-2019-9924
MD5 | 09a3b8e514d3cfd4046dff77d503199d
Ubuntu Security Notice USN-4512-1
Posted Sep 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4512-1 - It was discovered that the umount bash completion script shipped in util-linux incorrectly handled certain mountpoints. If a local attacker were able to create arbitrary mountpoints, another user could be tricked into executing arbitrary code when attempting to run the umount command with bash completion.

tags | advisory, arbitrary, local, bash
systems | linux, ubuntu
advisories | CVE-2018-7738
MD5 | fd698bcee448baf8032ab156756cd4d9
Red Hat Security Advisory 2020-3592-01
Posted Sep 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3592-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.

tags | advisory, shell, bash
systems | linux, redhat
advisories | CVE-2019-9924
MD5 | 6866e5562af91fd7c2e0245ba478bbd0
Red Hat Security Advisory 2020-3474-01
Posted Aug 18, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3474-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.

tags | advisory, shell, bash
systems | linux, redhat
advisories | CVE-2019-9924
MD5 | b84476e366afe54f22aacc4f6034cd1d
vBulletin 5.x Remote Code Execution
Posted Aug 11, 2020
Authored by Zenofex | Site blog.exploitee.rs

vBulletin version 5.x pre-authentication widget_tabbedcontainer_tab_panel remote code execution exploit. This exploit demonstrates that the patch for CVE-2019-16759 was not sufficient. Written in bash.

tags | exploit, remote, code execution, bash
advisories | CVE-2019-16759
MD5 | 69ef9f6bd01f8cf67a09f62be35d69fd
Arista Restricted Shell Escape / Privilege Escalation
Posted Jun 16, 2020
Authored by Chris Anders | Site metasploit.com

This Metasploit module takes advantage of a poorly configured TACACS+ config, Arista's bash shell, and a TACACS+ read-only account to achieve privilege escalation.

tags | exploit, shell, bash
advisories | CVE-2020-9015
MD5 | c89e5030f0dbb92c9b9a0aaee9be5226
Bing.com Hostname / IP Enumerator 1.0.3
Posted Jun 8, 2020
Authored by Andrew Horton (urbanadventurer) | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: Fixed an issue with Bing.
tags | tool, scanner, bash
systems | linux, unix
MD5 | e8d1cc0e2a6dd8929622f15b3aa8fe58
TestSSL 3.0.2
Posted May 8, 2020
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: This is another bugfix release of the stable branch 3.0.
tags | tool, scanner, protocol, bash
systems | unix
MD5 | 23f32eb9dee4e088a704a11bd2a2339a
Bing.com Hostname / IP Enumerator 1.0.2
Posted Apr 27, 2020
Authored by Andrew Horton (urbanadventurer) | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: Fixed a couple of bugs. Added an animated GIF of searching Bing.com to README.
tags | tool, scanner, bash
systems | linux, unix
MD5 | 729407dd3aa962f4430fedcaf5d5dc72
Linux/x64_86 ROL Encoded Execve Shellcode
Posted Apr 24, 2020
Authored by Bobby Cooke

57 bytes small Linux/x64_86 /bin/bash shellcode. The stub decodes the ROL Encoded shellcode. When the stub has finished decoding the payload, execution control is passed to the payload.

tags | shellcode, bash
systems | linux
MD5 | 8dfa373d1ce188f0f22dd71251acb232
Linux/x64_86 Egghunter Execve Shellcode
Posted Apr 24, 2020
Authored by Bobby Cooke

63 bytes small Linux/x64_86 dynamic egghunter shellcode that searches memory for 2 instances of the egg. When the eggs are found, the egghunter passes execution control to the payload at the memory address of the eggs. The payload is an execve(/bin/bash) shellcode.

tags | shellcode, bash
systems | linux
MD5 | a26b8168f0e16f88cec1b72030695f38
TestSSL 3.0.1
Posted Apr 15, 2020
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: This is a bugfix release of the stable branch 3.0.
tags | tool, scanner, protocol, bash
systems | unix
MD5 | 397556aadba7a2092a659fed9c8414af
Vesta Control Panel Authenticated Remote Code Execution
Posted Apr 14, 2020
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits an authenticated command injection vulnerability in the v-list-user-backups bash script file in Vesta Control Panel to gain remote code execution as the root user.

tags | exploit, remote, root, code execution, bash
advisories | CVE-2020-10808
MD5 | 33bd5dbc2ecccd00ba2b6203d75e3317
Vesta Control Panel Authenticated Remote Code Execution
Posted Apr 6, 2020
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits command injection vulnerability in v-list-user-backups bash script file. Low privileged authenticated users can execute arbitrary commands under the context of the root user. An authenticated attacker with a low privileges can inject a payload in the file name starts with dot. During the user backup process, this file name will be evaluated by the v-user-backup bash scripts. As result of that backup process, when an attacker try to list existing backups injected payload will be executed.

tags | exploit, arbitrary, root, bash
advisories | CVE-2020-10808
MD5 | 1ae36b8679434621ce93a5d3b05036e3
Red Hat Security Advisory 2020-1113-01
Posted Apr 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1113-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.

tags | advisory, shell, bash
systems | linux, redhat
advisories | CVE-2019-9924
MD5 | 7222ad43e6ca5147a2e91eb9bc73be2f
Apache James Server 2.3.2 Insecure User Creation / Arbitrary File Write
Posted Feb 20, 2020
Authored by Matthew Aberegg, Michael Burkey, Palaczynski Jakub | Site metasploit.com

This Metasploit module exploits a vulnerability that exists due to a lack of input validation when creating a user. Messages for a given user are stored in a directory partially defined by the username. By creating a user with a directory traversal payload as the username, commands can be written to a given directory. To use this module with the cron exploitation method, run the exploit using the given payload, host, and port. After running the exploit, the payload will be executed within 60 seconds. Due to differences in how cron may run in certain Linux operating systems such as Ubuntu, it may be preferable to set the target to Bash Completion as the cron method may not work. If the target is set to Bash completion, start a listener using the given payload, host, and port before running the exploit. After running the exploit, the payload will be executed when a user logs into the system. For this exploitation method, bash completion must be enabled to gain code execution. This exploitation method will leave an Apache James mail object artifact in the /etc/bash_completion.d directory and the malicious user account.

tags | exploit, code execution, bash
systems | linux, ubuntu
advisories | CVE-2015-7611
MD5 | 3d2e5a1c98fb29c02aab67ae9f098b24
TestSSL 3.0
Posted Jan 24, 2020
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: Full support of TLS 1.3 added. ROBOT check added. Better TLS extension support and extended protocol downgrade checks added. Many other updates and improvements.
tags | tool, scanner, protocol, bash
systems | unix
MD5 | 81b8166ba2d7dc97b529a7b8769e6ba5
Bash Profile Persistence
Posted Dec 16, 2019
Authored by Michael Long | Site metasploit.com

This Metasploit module writes an execution trigger to the target's Bash profile. The execution trigger executes a call back payload whenever the target user opens a Bash terminal. A handler is not run automatically, so you must configure an appropriate exploit/multi/handler to receive the callback.

tags | exploit, bash
MD5 | 9ac5bc3f15cb2da635c3325eee14b3cc
TestSSL 3.0rc6
Posted Dec 11, 2019
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: Various updates.
tags | tool, scanner, protocol, bash
systems | unix
MD5 | 36d94bca1825ba88a55c5fbf3b513609
Bash 5.0 Patch 11 Privilege Escalation
Posted Nov 29, 2019
Authored by Mohin Paramasivam, Chet Ramey, Ian Pudney

An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.

tags | exploit, shell, bash
systems | linux
advisories | CVE-2019-18276
MD5 | 839a835373eff1043e2c6d5d697405eb
Bing.com Hostname / IP Enumerator 1.0
Posted Nov 19, 2019
Authored by Andrew Horton (urbanadventurer) | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: New progress display with more details about the scraping job. New parsing of Bing.com search results. Various updates and fixes.
tags | tool, scanner, bash
systems | linux, unix
MD5 | 38d7944b4cf69b9f39013928ac892a15
Ubuntu Security Notice USN-4180-1
Posted Nov 11, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4180-1 - It was discovered that Bash incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

tags | advisory, arbitrary, bash
systems | linux, ubuntu
advisories | CVE-2012-6711
MD5 | 84500e6f61e9615f39dd61abd736f9f0
Ubuntu Security Notice USN-4058-2
Posted Aug 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4058-2 - USN-4058-1 fixed a vulnerability in bash. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command. Various other issues were also addressed.

tags | advisory, shell, bash
systems | linux, ubuntu
advisories | CVE-2019-9924
MD5 | 39a86cf8b87a3b8b7d8f4058195385f5
Ubuntu Security Notice USN-4058-1
Posted Jul 16, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4058-1 - It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command.

tags | advisory, shell, bash
systems | linux, ubuntu
advisories | CVE-2019-9924
MD5 | 7fb315e3b1d5e09fee1ed9f654e88e7a
TestSSL 3.0rc5
Posted Apr 25, 2019
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: This is the fifth release candidate of testssl.sh 3.0 to reflect changes. All distributors and others who use it also for production-like environment are encouraged to switch to this branch as 2.9.5 will not be supported anymore once 3.0 has been released.
tags | tool, scanner, protocol, bash
systems | unix
MD5 | 1058df6866cad62c6de8e7b64fc64fb2
Page 1 of 12
Back12345Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close