This Metasploit module exploits an authentication bypass vulnerability in the F5 BIG-IP iControl REST service to gain access to the admin account, which is capable of executing commands through the /mgmt/tm/util/bash endpoint. Successful exploitation results in remote code execution as the root user.
bb3a5bef34f53053f0da7eec9cad038bc4f47a0997b2e9cd601a17a1f034a0adUbuntu Security Notice 5380-1 - It was discovered that Bash did not properly drop privileges when the binary had the setuid bit enabled. An attacker could possibly use this issue to escalate privileges.
173a734aa620d03a2270533a7ff0022b9fb8a72908396d8604869220c0c5934dtestssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
c2beb3ae1fc1301ad845c7aa01c0a292c41b95747ef67f34601f21fb2da16145This archive contains demo exploits for CVE-2022-0185. There are two versions here. The non-kctf version (fuse version) specifically targets Ubuntu with kernel version 5.11.0-44. It does not directly return a root shell, but makes /bin/bash suid, which will lead to trivial privilege escalation. Adjusting the single_start and modprobe_path offsets should allow it to work on most other Ubuntu versions that have kernel version 5.7 or higher; for versions between 5.1 and 5.7, the spray will need to be improved as in the kctf version. The exploitation strategy relies on FUSE and SYSVIPC elastic objects to achieve arbitrary write. The kctf version achieves code execution as the root user in the root namespace, but has at most 50% reliability - it is targeted towards Kubernetes 1.22 (1.22.3-gke.700). This exploitation strategy relies on pipes and SYSVIPC elastic objects to trigger a stack pivot and execute a ROP chain in kernelspace.
8f9e0a3bd934c75bb63bb75c98368d05ec18006a64e52a0bc3f9ae155f0b72c1This is a basic bash script to detect log4j indicators of compromise (IoCs) in Linux log files.
cac18b2d6343c61bc55d312a115a6b13a4e02c2b28f3e4b83320cd33353f71a1This Metasploit module exploits an unauthenticated command injection vulnerability within the Nimbus service component of Apache Storm. The getTopologyHistory RPC method method takes a single argument which is the name of a user which is concatenated into a string that is executed by bash. In order for the vulnerability to be exploitable, there must have been at least one topology submitted to the server. The topology may be active or inactive, but at least one must be present. Successful exploitation results in remote code execution as the user running Apache Storm. This vulnerability was patched in versions 2.1.1, 2.2.1 and 1.2.4. This exploit was tested on version 2.2.0 which is affected.
bdeabaf8ee1de5cc701765d5b3a2960189a0cd18ac93bcb180979bd32c8d528aThis tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
0a198af8d7876d7adb9c0517025bd6443d13399a188615a078cf3e45e120f19etestssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
05768444d6cf3dc5812f8fb88695d17a82668089deddd6aaf969041ba4c10b10Seth is a tool written in Python and Bash to MitM RDP connections by attempting to downgrade the connection in order to extract clear text credentials. It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops or talks.
c7390c0ef2061eb2f26a7cc5a7ad91394e34550d095a3ea3099eb5b7fd50be60Gentoo Linux Security Advisory 202105-34 - A vulnerability in Bash may allow users to escalate privileges. Versions less than 5.0_p11-r1 are affected.
d14b7a6c79dcafc423e08f9754342a9daaccb7c5435a66a2f26302075f56dfe8Red Hat Security Advisory 2021-1679-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.
bedd180f89519978a938efa7386b96d2a29ca03aa105a237c7520eed9b71134etestssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
9de744fe0e51a03d42fa85e4b83340948baeaa7080427f90b0efd23e9106fecetestssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
92d17b8139c50d7dc865942fdf35fc0375cd7a98af655fba1de479cfa4fd8e44erfs is an easy-to-use, easy-to-setup, hassle-free secure file system with the encrypted data being stored on a remote cloud server without having to trust the server. The client is a bash-script. The cloud server is provided by THC for free (as in free beer!). There is no limit per user, no limit of the number of file systems and no limit of how many locations can access the same file system simultaneously. It supports collaboration and the same filesystem can be accessed from different computers at the same time. The data is securely and seamlessly synchronized. The server has no knowledge of the content. A rogue server operator can not access the data. All key material is created on the user's computer and never stored or transferred to the server.
acabf88a256ecdeddf175c24b4263b0d4b660b4cd2c60eb52dccc56cdcbf11cftestssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
32bac618c807d5f960f68dd20d1a1b3988f4033d5535daa8ffcd26fca4a4dc43This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
f83cb6b91b197a079e3bfbb484b1d652a62b381e1175cf46a6f305177af13bd1Red Hat Security Advisory 2020-3803-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.
d6f38e216c1e79df65073c477e0b9f6950a67b9786832a4007ce8a159d249021Ubuntu Security Notice 4512-1 - It was discovered that the umount bash completion script shipped in util-linux incorrectly handled certain mountpoints. If a local attacker were able to create arbitrary mountpoints, another user could be tricked into executing arbitrary code when attempting to run the umount command with bash completion.
721b596b39c552a83413d7c73f21fa99895259ca2b06e7ee12a54af082236b77Red Hat Security Advisory 2020-3592-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.
67dc5c6ba3fbf2b09490124b6fc4334e806688dcf2bb5cf1dd12d730ec9c5baaRed Hat Security Advisory 2020-3474-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.
e33707a21648effcc7921de1ee320bb14788d0b377049fe958d23e6f263fc180vBulletin version 5.x pre-authentication widget_tabbedcontainer_tab_panel remote code execution exploit. This exploit demonstrates that the patch for CVE-2019-16759 was not sufficient. Written in bash.
800381f3649a533440af653fbd52534ea9e111590ccf2388f4920393f6d270a2This Metasploit module takes advantage of a poorly configured TACACS+ config, Arista's bash shell, and a TACACS+ read-only account to achieve privilege escalation.
86fccaf72b7727767295df0286ab1d606f02b1e49f7979bfafc39f16ae633df4This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
7773e8f8531efb3e4dd207571a8dff688359261bbcf9a2beeefaba8acb4c5484testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
cfca31a0e5fd0e706002e7c1b044c11be5140091f0e22f0ae5b9aa644ef50da2This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
1edf0c378bb51329cb87cf581499ceb5bf11db8419e73a8fb388b9e4cee169fc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed