what you don't know can hurt you
Showing 1 - 25 of 306 RSS Feed

Bash Files

F5 BIG-IP iControl Remote Code Execution
Posted May 12, 2022
Authored by Alt3kx, Ron Bowes, Heyder Andrade, James Horseman | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in the F5 BIG-IP iControl REST service to gain access to the admin account, which is capable of executing commands through the /mgmt/tm/util/bash endpoint. Successful exploitation results in remote code execution as the root user.

tags | exploit, remote, root, code execution, bash, bypass
advisories | CVE-2022-1388
SHA-256 | bb3a5bef34f53053f0da7eec9cad038bc4f47a0997b2e9cd601a17a1f034a0ad
Ubuntu Security Notice USN-5380-1
Posted Apr 20, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5380-1 - It was discovered that Bash did not properly drop privileges when the binary had the setuid bit enabled. An attacker could possibly use this issue to escalate privileges.

tags | advisory, bash
systems | linux, ubuntu
advisories | CVE-2019-18276
SHA-256 | 173a734aa620d03a2270533a7ff0022b9fb8a72908396d8604869220c0c5934d
TestSSL 3.0.7
Posted Feb 21, 2022
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: Added SSLv2 and OpenSSL fixes. 15 additional bug fixes and improvements.
tags | tool, scanner, protocol, bash
systems | unix
SHA-256 | c2beb3ae1fc1301ad845c7aa01c0a292c41b95747ef67f34601f21fb2da16145
Linux Kernel Slab Out-Of-Bounds Write
Posted Jan 26, 2022
Authored by Crusaders of Rust | Site github.com

This archive contains demo exploits for CVE-2022-0185. There are two versions here. The non-kctf version (fuse version) specifically targets Ubuntu with kernel version 5.11.0-44. It does not directly return a root shell, but makes /bin/bash suid, which will lead to trivial privilege escalation. Adjusting the single_start and modprobe_path offsets should allow it to work on most other Ubuntu versions that have kernel version 5.7 or higher; for versions between 5.1 and 5.7, the spray will need to be improved as in the kctf version. The exploitation strategy relies on FUSE and SYSVIPC elastic objects to achieve arbitrary write. The kctf version achieves code execution as the root user in the root namespace, but has at most 50% reliability - it is targeted towards Kubernetes 1.22 (1.22.3-gke.700). This exploitation strategy relies on pipes and SYSVIPC elastic objects to trigger a stack pivot and execute a ROP chain in kernelspace.

tags | exploit, arbitrary, shell, kernel, root, code execution, bash
systems | linux, ubuntu
advisories | CVE-2022-0185
SHA-256 | 8f9e0a3bd934c75bb63bb75c98368d05ec18006a64e52a0bc3f9ae155f0b72c1
Log4j Linux IoC Detector
Posted Dec 15, 2021
Authored by santosomar | Site github.com

This is a basic bash script to detect log4j indicators of compromise (IoCs) in Linux log files.

tags | java, system logging, bash
systems | linux, unix
advisories | CVE-2021-44228
SHA-256 | cac18b2d6343c61bc55d312a115a6b13a4e02c2b28f3e4b83320cd33353f71a1
Apache Storm Nimbus 2.2.0 Command Execution
Posted Nov 19, 2021
Authored by Spencer McIntyre, Alvaro Munoz | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability within the Nimbus service component of Apache Storm. The getTopologyHistory RPC method method takes a single argument which is the name of a user which is concatenated into a string that is executed by bash. In order for the vulnerability to be exploitable, there must have been at least one topology submitted to the server. The topology may be active or inactive, but at least one must be present. Successful exploitation results in remote code execution as the user running Apache Storm. This vulnerability was patched in versions 2.1.1, 2.2.1 and 1.2.4. This exploit was tested on version 2.2.0 which is affected.

tags | exploit, remote, code execution, bash
advisories | CVE-2021-38294
SHA-256 | bdeabaf8ee1de5cc701765d5b3a2960189a0cd18ac93bcb180979bd32c8d528a
Bing.com Hostname / IP Enumerator 1.0.5
Posted Oct 4, 2021
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: Minor release. Changed User-Agent to wget/1.20. Fixed an error where it finds no results.
tags | tool, scanner, bash
systems | linux, unix
SHA-256 | 0a198af8d7876d7adb9c0517025bd6443d13399a188615a078cf3e45e120f19e
TestSSL 3.0.6
Posted Oct 4, 2021
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: Codespell introduction and implementation for GHA CI. Documentation update to reflect renaming standard ciphers to cipher categories. Now ignores usage of ~/.digrc where possible. Various other updates and fixes.
tags | tool, scanner, protocol, bash
systems | unix
SHA-256 | 05768444d6cf3dc5812f8fb88695d17a82668089deddd6aaf969041ba4c10b10
Seth RDP Man-In-The-Middle Tool
Posted Oct 4, 2021
Authored by Dr. Adrian Vollmer | Site github.com

Seth is a tool written in Python and Bash to MitM RDP connections by attempting to downgrade the connection in order to extract clear text credentials. It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops or talks.

tags | tool, python, bash
systems | unix
SHA-256 | c7390c0ef2061eb2f26a7cc5a7ad91394e34550d095a3ea3099eb5b7fd50be60
Gentoo Linux Security Advisory 202105-34
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-34 - A vulnerability in Bash may allow users to escalate privileges. Versions less than 5.0_p11-r1 are affected.

tags | advisory, bash
systems | linux, gentoo
advisories | CVE-2019-18276
SHA-256 | d14b7a6c79dcafc423e08f9754342a9daaccb7c5435a66a2f26302075f56dfe8
Red Hat Security Advisory 2021-1679-01
Posted May 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1679-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.

tags | advisory, shell, bash
systems | linux, redhat
advisories | CVE-2019-18276
SHA-256 | bedd180f89519978a938efa7386b96d2a29ca03aa105a237c7520eed9b71134e
TestSSL 3.0.5
Posted May 10, 2021
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: Fixed off by one error in HSTS. Fixed minor output inconsistency in JSON output. Improved compatibility for OpenSSL 3.0. Fixed localization issue for ciphers. Various other updates and fixes.
tags | tool, scanner, protocol, bash
systems | unix
SHA-256 | 9de744fe0e51a03d42fa85e4b83340948baeaa7080427f90b0efd23e9106fece
TestSSL 3.0.4
Posted Nov 23, 2020
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: This version is a quick fix for a regression of detecting SSLv2 ciphers in a basic function. Please upgrade.
tags | tool, scanner, protocol, bash
systems | unix
SHA-256 | 92d17b8139c50d7dc865942fdf35fc0375cd7a98af655fba1de479cfa4fd8e44
erfs 1.4
Posted Nov 19, 2020
Authored by thc, Skyper | Site thc.org

erfs is an easy-to-use, easy-to-setup, hassle-free secure file system with the encrypted data being stored on a remote cloud server without having to trust the server. The client is a bash-script. The cloud server is provided by THC for free (as in free beer!). There is no limit per user, no limit of the number of file systems and no limit of how many locations can access the same file system simultaneously. It supports collaboration and the same filesystem can be accessed from different computers at the same time. The data is securely and seamlessly synchronized. The server has no knowledge of the content. A rogue server operator can not access the data. All key material is created on the user's computer and never stored or transferred to the server.

tags | tool, remote, bash
systems | unix
SHA-256 | acabf88a256ecdeddf175c24b4263b0d4b660b4cd2c60eb52dccc56cdcbf11cf
TestSSL 3.0.3
Posted Nov 19, 2020
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: Updated certificate stores. BREACH is now medium. Dockerfile improvements. Various other updates and improvements.
tags | tool, scanner, protocol, bash
systems | unix
SHA-256 | 32bac618c807d5f960f68dd20d1a1b3988f4033d5535daa8ffcd26fca4a4dc43
Bing.com Hostname / IP Enumerator 1.0.4
Posted Oct 2, 2020
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: This is a minor release with no code changes.
tags | tool, scanner, bash
systems | linux, unix
SHA-256 | f83cb6b91b197a079e3bfbb484b1d652a62b381e1175cf46a6f305177af13bd1
Red Hat Security Advisory 2020-3803-01
Posted Sep 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3803-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.

tags | advisory, shell, bash
systems | linux, redhat
advisories | CVE-2019-9924
SHA-256 | d6f38e216c1e79df65073c477e0b9f6950a67b9786832a4007ce8a159d249021
Ubuntu Security Notice USN-4512-1
Posted Sep 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4512-1 - It was discovered that the umount bash completion script shipped in util-linux incorrectly handled certain mountpoints. If a local attacker were able to create arbitrary mountpoints, another user could be tricked into executing arbitrary code when attempting to run the umount command with bash completion.

tags | advisory, arbitrary, local, bash
systems | linux, ubuntu
advisories | CVE-2018-7738
SHA-256 | 721b596b39c552a83413d7c73f21fa99895259ca2b06e7ee12a54af082236b77
Red Hat Security Advisory 2020-3592-01
Posted Sep 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3592-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.

tags | advisory, shell, bash
systems | linux, redhat
advisories | CVE-2019-9924
SHA-256 | 67dc5c6ba3fbf2b09490124b6fc4334e806688dcf2bb5cf1dd12d730ec9c5baa
Red Hat Security Advisory 2020-3474-01
Posted Aug 18, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3474-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.

tags | advisory, shell, bash
systems | linux, redhat
advisories | CVE-2019-9924
SHA-256 | e33707a21648effcc7921de1ee320bb14788d0b377049fe958d23e6f263fc180
vBulletin 5.x Remote Code Execution
Posted Aug 11, 2020
Authored by Zenofex | Site blog.exploitee.rs

vBulletin version 5.x pre-authentication widget_tabbedcontainer_tab_panel remote code execution exploit. This exploit demonstrates that the patch for CVE-2019-16759 was not sufficient. Written in bash.

tags | exploit, remote, code execution, bash
advisories | CVE-2019-16759
SHA-256 | 800381f3649a533440af653fbd52534ea9e111590ccf2388f4920393f6d270a2
Arista Restricted Shell Escape / Privilege Escalation
Posted Jun 16, 2020
Authored by Chris Anders | Site metasploit.com

This Metasploit module takes advantage of a poorly configured TACACS+ config, Arista's bash shell, and a TACACS+ read-only account to achieve privilege escalation.

tags | exploit, shell, bash
advisories | CVE-2020-9015
SHA-256 | 86fccaf72b7727767295df0286ab1d606f02b1e49f7979bfafc39f16ae633df4
Bing.com Hostname / IP Enumerator 1.0.3
Posted Jun 8, 2020
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: Fixed an issue with Bing.
tags | tool, scanner, bash
systems | linux, unix
SHA-256 | 7773e8f8531efb3e4dd207571a8dff688359261bbcf9a2beeefaba8acb4c5484
TestSSL 3.0.2
Posted May 8, 2020
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: This is another bugfix release of the stable branch 3.0.
tags | tool, scanner, protocol, bash
systems | unix
SHA-256 | cfca31a0e5fd0e706002e7c1b044c11be5140091f0e22f0ae5b9aa644ef50da2
Bing.com Hostname / IP Enumerator 1.0.2
Posted Apr 27, 2020
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: Fixed a couple of bugs. Added an animated GIF of searching Bing.com to README.
tags | tool, scanner, bash
systems | linux, unix
SHA-256 | 1edf0c378bb51329cb87cf581499ceb5bf11db8419e73a8fb388b9e4cee169fc
Page 1 of 13
Back12345Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close