what you don't know can hurt you
Showing 1 - 25 of 3,445 RSS Feed

Root Files

Ubuntu Security Notice USN-5427-1
Posted May 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5427-1 - Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. Gerrit Venema discovered that Apport incorrectly handled connections to Apport sockets inside containers. A local attacker could possibly use this issue to connect to arbitrary sockets as the root user.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2021-3899, CVE-2022-1242, CVE-2022-28652, CVE-2022-28654, CVE-2022-28655, CVE-2022-28656, CVE-2022-28657, CVE-2022-28658
SHA-256 | 4a7a1a4b4a53f12a5e131a2b8e72000ea9e3e0b7606d2ddd406b23a06bd16806
Konica Minolta bizhub MFP Printer Terminal Sandbox Escape
Posted May 13, 2022
Authored by W. Schober, Johannes Kruchem | Site sec-consult.com

Multiple Konica Minolta bizhub MFP printer terminals suffer from a sandbox escape with root access and have clear-text password vulnerabilities.

tags | exploit, root, vulnerability
advisories | CVE-2022-29586, CVE-2022-29587, CVE-2022-29588
SHA-256 | 57e210f71bf42a3b11e36e7813fbbb82fccbd07555cd2d876285ea9c410da45c
F5 BIG-IP iControl Remote Code Execution
Posted May 12, 2022
Authored by Alt3kx, Ron Bowes, Heyder Andrade, James Horseman | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in the F5 BIG-IP iControl REST service to gain access to the admin account, which is capable of executing commands through the /mgmt/tm/util/bash endpoint. Successful exploitation results in remote code execution as the root user.

tags | exploit, remote, root, code execution, bash, bypass
advisories | CVE-2022-1388
SHA-256 | bb3a5bef34f53053f0da7eec9cad038bc4f47a0997b2e9cd601a17a1f034a0ad
Cisco RV340 SSL VPN Unauthenticated Remote Code Execution
Posted May 11, 2022
Authored by Pedro Ribeiro, Radek Domanski | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in the Cisco RV series router's SSL VPN functionality. The default SSL VPN configuration is exploitable, with no authentication required and works over the Internet! The stack is executable and no ASLR is in place, which makes exploitation easier. Successful execution of this module results in a reverse root shell. A custom payload is used as Metasploit does not have ARMLE null free shellcode. This vulnerability was presented by the Flashback Team in Pwn2Own Austin 2021 and OffensiveCon 2022. For more information check the referenced advisory. This module has been tested in firmware versions 1.0.03.15 and above and works with around 65% reliability. The service restarts automatically so you can keep trying until you pwn it. Only the RV340 router was tested, but other RV series routers should work out of the box.

tags | exploit, overflow, shell, root, shellcode
systems | cisco
advisories | CVE-2022-20699
SHA-256 | 619682621429d96cd23a1e1bcd69a008398c5244223265886c52e2e417242d02
Mandos Encrypted File System Unattended Reboot Utility 1.8.15
Posted Apr 26, 2022
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Bug fix added related to password handling and backslashes.
tags | tool, remote, root
systems | linux, unix
SHA-256 | 74e7e1915cb5cb3617d80c379d9ecac315cfe154c815faf6a226ae482383f03f
Kramer VIAware Remote Code Execution
Posted Apr 7, 2022
Authored by sharkmoos

Kramer VIAware remote code execution exploit that achieves root.

tags | exploit, remote, root, code execution
advisories | CVE-2021-35064, CVE-2021-36356
SHA-256 | 8404177fc0140512f4c0692c887519b39c5ae5574106d110007ffd87f2556907
Ubuntu Security Notice USN-5326-1
Posted Mar 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5326-1 - It was discovered that FUSE is susceptible to a restriction bypass flaw on a system that has SELinux active. A local attacker with non-root privileges could mount a FUSE file system that is accessible to other users and trick them into accessing files on that file system, which could result in a Denial of Service or other unspecified conditions.

tags | advisory, denial of service, local, root
systems | linux, ubuntu
advisories | CVE-2018-10906
SHA-256 | 0f13d64ecbaa2b12059bb1588f8db131119cf3c35938ac23b6462cd8d6c0c8f5
Dirty Pipe SUID Binary Hijack Privilege Escalation
Posted Mar 8, 2022
Authored by Blasty, Max Kellermann

Variant proof of concept exploit for the Dirty Pipe file overwrite vulnerability. This version hijacks a SUID binary to spawn a root shell.

tags | exploit, shell, root, proof of concept
advisories | CVE-2022-0847
SHA-256 | 896e5b87da1c2dcdc6b5bf2a4c03daf9da0145521f3b205c1bcf72db8ff2340f
Dirty Pipe Linux Privilege Escalation
Posted Mar 8, 2022
Authored by Max Kellermann | Site dirtypipe.cm4all.com

Proof of concept for a vulnerability in the Linux kernel existing since version 5.8 that allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes.

tags | exploit, arbitrary, kernel, root, proof of concept
systems | linux
advisories | CVE-2022-0847
SHA-256 | 44e38035938b0841fe6c4b79375b95d9bdcc4665c0a63ed1dcb0ca5df0c03212
pfSense 2.5.2 Shell Upload
Posted Mar 4, 2022
Authored by Abdel Adim Oisfi, jbaines-r7 | Site metasploit.com

This Metasploit module exploits an arbitrary file creation vulnerability in the pfSense HTTP interface (CVE-2021-41282). The vulnerability affects versions 2.5.2 and below and can be exploited by an authenticated user if they have the "WebCfg - Diagnostics: Routing tables" privilege. This module uses the vulnerability to create a web shell and execute payloads with root privileges.

tags | exploit, web, arbitrary, shell, root
advisories | CVE-2021-41282
SHA-256 | 749bce942f6a26bc40cf265a69c07ac56ab2b47d26b9b02bc8c5c749e022b2a6
Win32k ConsoleControl Offset Confusion / Privilege Escalation
Posted Feb 28, 2022
Authored by Spencer McIntyre, BITTER APT, LiHao, KaLendsi, MaDongZe, TuXiaoYi, JinQuan, L4ys | Site metasploit.com

A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being treated as an offset despite being populated by an attacker-controlled value. This can be leveraged to achieve an out of bounds write operation, eventually leading to privilege escalation. This flaw was originally identified as CVE-2021-1732 and was patched by Microsoft on February 9th, 2021. In early 2022, a technique to bypass the patch was identified and assigned CVE-2022-21882. The root cause is is the same for both vulnerabilities. This exploit combines the patch bypass with the original exploit to function on a wider range of Windows 10 targets.

tags | exploit, root, vulnerability
systems | windows
advisories | CVE-2021-1732, CVE-2022-21882
SHA-256 | 9902434a58e36c7838c71ee860592d8624368fc1b380cf4c9ccf530f09895fd2
Axis IP Camera Shell Upload
Posted Feb 28, 2022
Authored by jbaines-r7 | Site metasploit.com

This Metasploit module exploits the "Apps" feature in Axis IP cameras. The feature allows third party developers to upload and execute eap applications on the device. The system does not validate the application comes from a trusted source, so a malicious attacker can upload and execute arbitrary code. The issue has no CVE, although the technique was made public in 2018. This module uploads and executes stageless meterpreter as root. Uploading the application requires valid credentials. The default administrator credentials used to be root:root but newer firmware versions force users to provide a new password for the root user. The module was tested on an Axis M3044-V using the latest firmware (9.80.3.8: December 2021). All modules that support the "Apps" feature are presumed to be vulnerable.

tags | exploit, arbitrary, root
SHA-256 | 3b946c3c32ffbe1237309479a6f3fbc02ff1259e17c42ed2ee33315e97a2b97e
Hikvision IP Camera Unauthenticated Command Injection
Posted Feb 28, 2022
Authored by bashis, jbaines-r7, Watchful_IP | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection in a variety of Hikvision IP cameras (CVE-2021-36260). The module inserts a command into an XML payload used with an HTTP PUT request sent to the /SDK/webLanguage endpoint, resulting in command execution as the root user. This module specifically attempts to exploit the blind variant of the attack. The module was successfully tested against an HWI-B120-D/W using firmware V5.5.101 build 200408. It was also tested against an unaffected DS-2CD2142FWD-I using firmware V5.5.0 build 170725. Please see the Hikvision advisory for a full list of affected products.

tags | exploit, web, root
advisories | CVE-2021-36260
SHA-256 | 7bd3dd72f17285cba701691f5d8795c84e79f211db3e6ea8a840141f658935a5
Ubuntu Security Notice USN-5260-3
Posted Feb 3, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5260-3 - USN-5260-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Orange Tsai discovered that the Samba vfs_fruit module incorrectly handled certain memory operations. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code as root.

tags | advisory, remote, denial of service, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2021-44142
SHA-256 | 2c75ee8163364bc261cc0476d7d873eba34c2b09d0ef92e3a26e8735310d5e88
Samba VFS Heap Out-Of-Bounds Read / Write
Posted Feb 2, 2022
Authored by Orange Tsai | Site samba.org

All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit.

tags | advisory, remote, arbitrary, root
advisories | CVE-2021-44142
SHA-256 | 6ba7846654bf7c08a244dc803a03a08db25b7266912db0c581e64adf257781a6
Ubuntu Security Notice USN-5260-1
Posted Feb 1, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5260-1 - Orange Tsai discovered that the Samba vfs_fruit module incorrectly handled certain memory operations. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code as root. Michael Hanselmann discovered that Samba incorrectly created directories. In certain configurations, a remote attacker could possibly create a directory on the server outside of the shared directory.

tags | advisory, remote, denial of service, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2021-43566, CVE-2021-44142, CVE-2022-0336
SHA-256 | 1150766a9f5acaee9066e266cb394d5fcb11a48e64845279538c22bdac77ac58
Ubuntu Security Notice USN-5260-2
Posted Feb 1, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5260-2 - Orange Tsai discovered that the Samba vfs_fruit module incorrectly handled certain memory operations. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code as root.

tags | advisory, remote, denial of service, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2021-44142
SHA-256 | 69faabb25cfae22c65e81b78d83b23a53e6dc20c613861ebb9a20102dff021b1
Gentoo Linux Security Advisory 202201-01
Posted Jan 27, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202201-1 - A vulnerability in polkit could lead to local root privilege escalation. Versions less than 0.120-r2 are affected.

tags | advisory, local, root
systems | linux, gentoo
advisories | CVE-2021-4034
SHA-256 | d11426713b556943aaabfa3a7507c7905257729200bd39fec54ff2e0f803eb1f
Linux Kernel Slab Out-Of-Bounds Write
Posted Jan 26, 2022
Authored by Crusaders of Rust | Site github.com

This archive contains demo exploits for CVE-2022-0185. There are two versions here. The non-kctf version (fuse version) specifically targets Ubuntu with kernel version 5.11.0-44. It does not directly return a root shell, but makes /bin/bash suid, which will lead to trivial privilege escalation. Adjusting the single_start and modprobe_path offsets should allow it to work on most other Ubuntu versions that have kernel version 5.7 or higher; for versions between 5.1 and 5.7, the spray will need to be improved as in the kctf version. The exploitation strategy relies on FUSE and SYSVIPC elastic objects to achieve arbitrary write. The kctf version achieves code execution as the root user in the root namespace, but has at most 50% reliability - it is targeted towards Kubernetes 1.22 (1.22.3-gke.700). This exploitation strategy relies on pipes and SYSVIPC elastic objects to trigger a stack pivot and execute a ROP chain in kernelspace.

tags | exploit, arbitrary, shell, kernel, root, code execution, bash
systems | linux, ubuntu
advisories | CVE-2022-0185
SHA-256 | 8f9e0a3bd934c75bb63bb75c98368d05ec18006a64e52a0bc3f9ae155f0b72c1
Polkit pkexec CVE-2021-4034 Local Root
Posted Jan 26, 2022
Authored by Daniele Linguaglossa | Site github.com

Local privilege escalation root exploit for Polkit's pkexec vulnerability as described in CVE-2021-4034 and known as PwnKit. Written in Go.

tags | exploit, local, root
systems | linux
advisories | CVE-2021-4034
SHA-256 | 55be64db4ee1fc4cb9ff1188b66c70af217b5dc74fb821becc08afd02c1fcfb7
Polkit pkexec CVE-2021-4034 Proof Of Concept
Posted Jan 26, 2022
Authored by Andris Raugulis | Site github.com

Local privilege escalation root exploit for Polkit's pkexec vulnerability as described in CVE-2021-4034. Verified on Debian 10 and CentOS 7. Written in C.

tags | exploit, local, root
systems | linux, debian, centos
advisories | CVE-2021-4034
SHA-256 | 5c59fb8b51079e3f956e9fcbe1974b3cbb587b1887064897119332a9ecf3f86a
Polkit pkexec Local Privilege Escalation
Posted Jan 26, 2022
Authored by Qualys Security Advisory | Site qualys.com

Qualys discovered a local privilege escalation (from any user to root) in polkit's pkexec, a SUID-root program that is installed by default on every major Linux distribution.

tags | advisory, local, root
systems | linux
advisories | CVE-2021-4034
SHA-256 | 23ec1cb3b1b5fe5409bb892ba3ae31bb746e06cafdf7afafd72fd7d4b136ebba
Polkit pkexec CVE-2021-4034 Local Root
Posted Jan 26, 2022
Authored by Davide Berardi | Site github.com

Local privilege escalation root exploit for Polkit's pkexec vulnerability as described in CVE-2021-4034 and known as PwnKit.

tags | exploit, local, root
systems | linux
advisories | CVE-2021-4034
SHA-256 | 12d83236acbffaf0f0962a4bba1234b4a0a9221ec6681b9ef274c6a8a414398c
Grandstream UCM62xx IP PBX sendPasswordEmail Remote Code Execution
Posted Jan 25, 2022
Authored by jbaines-r7 | Site metasploit.com

This Metasploit module exploits an unauthenticated SQL injection vulnerability and a command injection vulnerability affecting the Grandstream UCM62xx IP PBX series of devices. The vulnerabilities allow an unauthenticated remote attacker to execute commands as root.

tags | exploit, remote, root, vulnerability, sql injection
advisories | CVE-2020-5722
SHA-256 | 4066544895b5150487b562aeb10cbead4ed40ccc1b2880b31c05f426293dbef2
Ubuntu Security Notice USN-5249-1
Posted Jan 21, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5249-1 - It was discovered that USBView allowed unprivileged users to run usbview as root. A local attacker could use this vulnerability to gain administrative privileges or cause a denial of service.

tags | advisory, denial of service, local, root
systems | linux, ubuntu
advisories | CVE-2022-23220
SHA-256 | 9f0537ab8d4fdb42da520a867ff3fd738d8c8bca5435596ed0d1ce7b4be39041
Page 1 of 138
Back12345Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close