testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
45f8aed24ad749175608a29c50566240a8a1b8ebcb32531d7bf6231ec269f4a558 bytes small Linux/x86 bind (99999/TCP) netcat traditional (/bin/nc) shell (/bin/bash) shellcode.
e8ad9402dd064b6380ad50ccdfd554955945a67f19f071027c1fbeec4b1380adtestssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
9c78313a1926e455e5a89e22c093d3d0d6165d5c03e766c754ec141f3c00580fStaubli Jacquard Industrial System JC6 suffers from a bash environment variable handling code injection vulnerability.
298aac6aa0537ef624d332e5623f63e990ee12f9376d9baef4524a5f870ca6cbtestssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
cefa572026119fbc872d24dc0fcec64a105b0e11a85291b48f0e5ef494f55517testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
7e120408f238ed49685bed1eb1cce25fb09990e3934743bbb552d67018f5e4b7testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
836a7b45455c95f17c4d7eec9468028a7fc6b613fd4b3c8e8e125b7b8206b89dtestssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
5163f76d40acfe404d65145c498cbe8fb716bb49119e8d0773e063203cff9c03testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
0e040218d72d6d3b0172bedbc784268e3e297d7689ffa343f150fb05a9d2491aDebian Linux Security Advisory 4134-1 - Bjorn Bosselmann discovered that the umount bash completion from util-linux does not properly handle embedded shell commands in a mountpoint name. An attacker with rights to mount filesystems can take advantage of this flaw for privilege escalation if a user (in particular root) is tricked into using the umount completion while a specially crafted mount is present.
83b60daf457134ad19dfdbe3b0fbb827b9872307ec8d73874d18ff1123086aa2testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
8f697339561200bc40130d3c756b4e0c0e49be86f32fb60d6168ff86e701e5cbipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.
8c3bf8eacd72ce4aa2ac52d22f3e789d9459dc63c18d2e1bc0e23a7ae549264dThis Metasploit module exploits a shellshock vulnerability on Qmail, a public domain MTA written in C that runs on Unix systems. Due to the lack of validation on the MAIL FROM field, it is possible to execute shell code on a system with a vulnerable BASH (Shellshock). This flaw works on the latest Qmail versions (qmail-1.03 and netqmail-1.06). However, in order to execute code, /bin/sh has to be linked to bash (usually default configuration) and a valid recipient must be set on the RCPT TO field (usually admin@exampledomain.com). The exploit does not work on the "qmailrocks" community version as it ensures the MAILFROM field is well-formed.
312980cfe01d6ece2e6c4f8b4625555a7173a1cdd391e9346ac2f685ab5d2b6atestssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
ef241da90c11302fcd773dd2146b803c714abc297c8b4c7f8247c95ae82429adSlackware Security Advisory - New bash packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and 14.2 to fix security issues.
ba9d80075aa6467b40c474393520905ddb2a050ea2d6771e0a50223704e5e799swap_digger is a bash script used to automate Linux swap analysis for post-exploitation or forensics purpose. It automates swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, HTTP basic authentication, WiFi SSID and keys, etc.
53147e0cf82da4bdc5ee73a8bc75667f3afd51f62351d8d4a1ef19fbcbf6f22fRed Hat Security Advisory 2017-1931-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux. Security Fix: An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances. An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances.
eaaebd55e6b9153d92abdd2f6dec8be4965a8a2c4d186f269c3463725e387cc2Ubuntu Security Notice 3294-2 - USN-3294-1 fixed a vulnerability in Bash. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Bash incorrectly handled the SHELLOPTS and PS4 environment variables. A local attacker could use this issue to execute arbitrary code with root privileges. Various other issues were also addressed.
1c5f65968b7a178ac908c453b9766134aaed4348c26fa73062a3fee0ee96039eThis Metasploit module exploits a SQL injection flaw in the login functionality for GoAutoDial version 3.3-1406088000 and below, and attempts to perform command injection. This also attempts to retrieve the admin user details, including the cleartext password stored in the underlying database. Command injection will be performed with root privileges. The default pre-packaged ISO builds are available from goautodial.org. Currently, the hardcoded command injection payload is an encoded reverse-tcp bash one-liner and the handler should be setup to receive it appropriately.
94721ce87cbcec20c3b6fb430d3119351af84675d49a97004d25f1efe7edfa5dtestssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
b160969dd8950f63afd57243cbbe2af0f7de9501a877e78b9b8ed9bae5405b59Ubuntu Security Notice 3294-1 - Bernd Dietzel discovered that Bash incorrectly expanded the hostname when displaying the prompt. If a remote attacker were able to modify a hostname, this flaw could be exploited to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that Bash incorrectly handled the SHELLOPTS and PS4 environment variables. A local attacker could use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.
f45d68112bea29f65c3632f3d6b8227dff94e29452d9f3d29a6943cc82cb3905110 bytes small Linux/x86 reverse /bin/bash shellcode.
c877dbeb641d857b55e73f461a09ca14679ca4f290a989b9b455e4512cce7981Red Hat Security Advisory 2017-0725-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux. Security Fix: An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances. An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances.
ec88f4635773f8c357e90336dc5b241990df59544ff8b895b01996472d9147fbHPE Security Bulletin HPESBNS03702 1 - Several potential security vulnerabilities have been discovered in the Bash Shell in NonStop OSS Core Utilities. The vulnerabilities allow local users to execute arbitrary commands with root privileges. Revision 1 of this advisory.
b394c6436beea9a6bf8342eba0148f8bddd15f76db1bb124829cbda5a60ef3e9Gentoo Linux Security Advisory 201701-2 - Multiple vulnerabilities were found in Bash, the worst of which may allow execution of arbitrary code. Versions less than 4.3_p48-r1 are affected.
eb521b305299c64bbde2141030ca2fa3167c5ae1199bd14058e8e35f1707047f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed