exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 309 RSS Feed

Bash Files

Bing.com Hostname / IP Enumerator 1.0.3
Posted Jun 8, 2020
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: Fixed an issue with Bing.
tags | tool, scanner, bash
systems | linux, unix
SHA-256 | 7773e8f8531efb3e4dd207571a8dff688359261bbcf9a2beeefaba8acb4c5484
TestSSL 3.0.2
Posted May 8, 2020
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: This is another bugfix release of the stable branch 3.0.
tags | tool, scanner, protocol, bash
systems | unix
SHA-256 | cfca31a0e5fd0e706002e7c1b044c11be5140091f0e22f0ae5b9aa644ef50da2
Bing.com Hostname / IP Enumerator 1.0.2
Posted Apr 27, 2020
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: Fixed a couple of bugs. Added an animated GIF of searching Bing.com to README.
tags | tool, scanner, bash
systems | linux, unix
SHA-256 | 1edf0c378bb51329cb87cf581499ceb5bf11db8419e73a8fb388b9e4cee169fc
Linux/x64_86 ROL Encoded Execve Shellcode
Posted Apr 24, 2020
Authored by Bobby Cooke

57 bytes small Linux/x64_86 /bin/bash shellcode. The stub decodes the ROL Encoded shellcode. When the stub has finished decoding the payload, execution control is passed to the payload.

tags | shellcode, bash
systems | linux
SHA-256 | 0b2a9ee02c0b7d0258cad51519bebf538bc5adf11a6b79a09c2f9a31449092a7
Linux/x64_86 Egghunter Execve Shellcode
Posted Apr 24, 2020
Authored by Bobby Cooke

63 bytes small Linux/x64_86 dynamic egghunter shellcode that searches memory for 2 instances of the egg. When the eggs are found, the egghunter passes execution control to the payload at the memory address of the eggs. The payload is an execve(/bin/bash) shellcode.

tags | shellcode, bash
systems | linux
SHA-256 | c3ff54b357a821a1566c2d7a70204024eb13af4cdf6c240a1725a87696156951
TestSSL 3.0.1
Posted Apr 15, 2020
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: This is a bugfix release of the stable branch 3.0.
tags | tool, scanner, protocol, bash
systems | unix
SHA-256 | f38f25336cf59ecdf0ae3826982a6580ea53b056fb96d1430cf97645a8b1b560
Vesta Control Panel Authenticated Remote Code Execution
Posted Apr 14, 2020
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits an authenticated command injection vulnerability in the v-list-user-backups bash script file in Vesta Control Panel to gain remote code execution as the root user.

tags | exploit, remote, root, code execution, bash
advisories | CVE-2020-10808
SHA-256 | a64694c4be6f8e142202272067ab8240d23b31e8f44348ffeb1c7d3cbe55c1cf
Vesta Control Panel Authenticated Remote Code Execution
Posted Apr 6, 2020
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits command injection vulnerability in v-list-user-backups bash script file. Low privileged authenticated users can execute arbitrary commands under the context of the root user. An authenticated attacker with a low privileges can inject a payload in the file name starts with dot. During the user backup process, this file name will be evaluated by the v-user-backup bash scripts. As result of that backup process, when an attacker try to list existing backups injected payload will be executed.

tags | exploit, arbitrary, root, bash
advisories | CVE-2020-10808
SHA-256 | c994018871aaf2d9fb2b0d77fe7087abdbe4671491c2b25721371a3f880b91c3
Red Hat Security Advisory 2020-1113-01
Posted Apr 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1113-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.

tags | advisory, shell, bash
systems | linux, redhat
advisories | CVE-2019-9924
SHA-256 | 9f9bad025557f1bc587712d35d4490df582235c42501868862fae07d19296a16
Apache James Server 2.3.2 Insecure User Creation / Arbitrary File Write
Posted Feb 20, 2020
Authored by Matthew Aberegg, Michael Burkey, Palaczynski Jakub | Site metasploit.com

This Metasploit module exploits a vulnerability that exists due to a lack of input validation when creating a user. Messages for a given user are stored in a directory partially defined by the username. By creating a user with a directory traversal payload as the username, commands can be written to a given directory. To use this module with the cron exploitation method, run the exploit using the given payload, host, and port. After running the exploit, the payload will be executed within 60 seconds. Due to differences in how cron may run in certain Linux operating systems such as Ubuntu, it may be preferable to set the target to Bash Completion as the cron method may not work. If the target is set to Bash completion, start a listener using the given payload, host, and port before running the exploit. After running the exploit, the payload will be executed when a user logs into the system. For this exploitation method, bash completion must be enabled to gain code execution. This exploitation method will leave an Apache James mail object artifact in the /etc/bash_completion.d directory and the malicious user account.

tags | exploit, code execution, bash
systems | linux, ubuntu
advisories | CVE-2015-7611
SHA-256 | 38aec6cad30d28bc144df66f4ad6d698b59a52c8a529a3cc66391e571ee852c6
TestSSL 3.0
Posted Jan 24, 2020
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: Full support of TLS 1.3 added. ROBOT check added. Better TLS extension support and extended protocol downgrade checks added. Many other updates and improvements.
tags | tool, scanner, protocol, bash
systems | unix
SHA-256 | ab3c9a000f0f6703e4fc94821e06f531de6d2799322bf534188ebf766365a9c1
Bash Profile Persistence
Posted Dec 16, 2019
Authored by Michael Long | Site metasploit.com

This Metasploit module writes an execution trigger to the target's Bash profile. The execution trigger executes a call back payload whenever the target user opens a Bash terminal. A handler is not run automatically, so you must configure an appropriate exploit/multi/handler to receive the callback.

tags | exploit, bash
SHA-256 | 4392eb90277372be9287a047138be4763f374339baef421bece0ca945a6dac1e
TestSSL 3.0rc6
Posted Dec 11, 2019
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: Various updates.
tags | tool, scanner, protocol, bash
systems | unix
SHA-256 | fc5aee354e5350448ac48294dee04c34989a21517d2181ff83738b6858eb12f2
Bash 5.0 Patch 11 Privilege Escalation
Posted Nov 29, 2019
Authored by Mohin Paramasivam, Chet Ramey, Ian Pudney

An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.

tags | exploit, shell, bash
systems | linux
advisories | CVE-2019-18276
SHA-256 | 506feee71f53fac76413f6d8f5b4cad88bddee539003ffcdf0c54f19b9a741ec
Bing.com Hostname / IP Enumerator 1.0
Posted Nov 19, 2019
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: New progress display with more details about the scraping job. New parsing of Bing.com search results. Various updates and fixes.
tags | tool, scanner, bash
systems | linux, unix
SHA-256 | f611e29ee74a4a212fca8367be3d4c75c49d90644e66e88ced166d6d554f433b
Ubuntu Security Notice USN-4180-1
Posted Nov 11, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4180-1 - It was discovered that Bash incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

tags | advisory, arbitrary, bash
systems | linux, ubuntu
advisories | CVE-2012-6711
SHA-256 | 623be0eec5677140c8ee4be1687509db194744de8f6f3c1075cfdeee00932de0
Ubuntu Security Notice USN-4058-2
Posted Aug 5, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4058-2 - USN-4058-1 fixed a vulnerability in bash. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command. Various other issues were also addressed.

tags | advisory, shell, bash
systems | linux, ubuntu
advisories | CVE-2019-9924
SHA-256 | 9ba9f0cddea4221c044081def8b0eed7869e1f235dbf33ec2c842c12899fcda0
Ubuntu Security Notice USN-4058-1
Posted Jul 16, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4058-1 - It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command.

tags | advisory, shell, bash
systems | linux, ubuntu
advisories | CVE-2019-9924
SHA-256 | c33bd8d129ccce9d7cbeb7c4e2f9efdfd541bd0c862ffb4ff5810ee260585dcb
TestSSL 3.0rc5
Posted Apr 25, 2019
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: This is the fifth release candidate of testssl.sh 3.0 to reflect changes. All distributors and others who use it also for production-like environment are encouraged to switch to this branch as 2.9.5 will not be supported anymore once 3.0 has been released.
tags | tool, scanner, protocol, bash
systems | unix
SHA-256 | 6118f08b88c0075f39820296f0d76889165dd67e64dbfdfd1104d6d122a938c9
TestSSL 2.9.5-8
Posted Apr 24, 2019
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: This update contains bug fixes.
tags | tool, scanner, protocol, bash
systems | unix
SHA-256 | b236094a5360883bc8b1bb283c8a2c6f75230ca42e88bc04f0ab65074cd21e8a
Advanced Bash-Scripting Guide Code Execution
Posted Mar 26, 2019
Site redteam-pentesting.de

RedTeam Pentesting discovered that the shell function "getopt_simple", as presented in the "Advanced Bash-Scripting Guide", allows execution of attacker-controlled commands.

tags | exploit, shell, bash
advisories | CVE-2019-9891
SHA-256 | 774ed521003d36a5ec3bd1c92f36d2980cef1f0a9edd2618ea47b78c70be3822
TestSSL 3.0rc4
Posted Feb 19, 2019
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: This is the fourth release candidate of testssl.sh 3.0 to reflect changes. All distributors and others who use it also for production-like environment are encouraged to switch to this branch as 2.9.5 won't be supported anymore once 3.0 has been released. Various other updates and fixes.
tags | tool, scanner, protocol, bash
systems | unix
SHA-256 | 70f00460fab958f2f607e805b46a05db0fd288009d6b94b3db97f3ae2f412612
IPSet List 3.7.2
Posted Feb 14, 2019
Authored by AllKind | Site sourceforge.net

ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.

Changes: Various updates.
tags | tool, firewall, bash
systems | linux, unix
SHA-256 | 4aaf94db4e589d54ade6361b661410c42198d5fa12a1169521022005f49c9622
IPSet List 3.7.1
Posted Feb 12, 2019
Authored by AllKind | Site sourceforge.net

ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.

Changes: Various updates.
tags | tool, firewall, bash
systems | linux, unix
SHA-256 | e7a7e35d19eb00c27d3e5a83f49a37732228ab8b9169c402dd0fc23ea9477c79
Linux/x86 execve(/usr/bin/ncat -lvp 1337 -e /bin/bash) Shellcode
Posted Dec 12, 2018
Authored by T3jv1l

95 bytes small Linux/x86 execve(/usr/bin/ncat -lvp 1337 -e /bin/bash) null-free shellcode.

tags | x86, shellcode, bash
systems | linux
SHA-256 | 680426a3f5a1bca289c7211b9fde035fd3ea3ff2cefde80c678d8fa8c9c28153
Page 2 of 13
Back12345Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close