c665f41cd6
Fix description
2013-09-13 09:09:14 -05:00
8db66aeb98
Yes, clearly it is.
2013-09-12 14:16:34 -05:00
bf40dc02ce
Add module for CVE-2013-4984
2013-09-09 23:27:24 -05:00
896bb129cd
Retab changes for PR #2325
2013-09-05 13:24:09 -05:00
5ff25d8b96
Merge for retab
2013-09-05 13:23:25 -05:00
50c6f26329
Don't deregister PrependFork
2013-09-05 10:50:36 -05:00
b913fcf1a7
Add a proper PrependFork for linux
...
Also fixes a typo bug for AppendExit
2013-09-04 00:15:07 -05:00
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
feae4a41e7
I don't like end-of-line comments
2013-08-28 12:42:26 -05:00
93c46c4be5
Complete the Author metadata
2013-08-26 23:29:16 -05:00
e1e889131b
Add references and comments
2013-08-26 23:26:13 -05:00
63786f9e86
Add local exploit for taviso's vmware privesc
2013-08-26 21:06:40 -05:00
6c1ba9c9c9
Switch to Failure vs Exploit::Failure
2013-08-15 14:14:46 -05:00
b86b4d955a
Make random strings also length random
2013-06-24 12:01:30 -05:00
6672679530
Add local privilege escalation for ZPanel zsudo abuse
2013-06-23 11:00:39 -05:00
ae17e9f7b5
add osvdb ref 56992
2013-06-02 18:32:46 -05:00
61c8861fcf
add osvdb ref
2013-06-02 08:33:42 -05:00
f3ff5b5205
Factorize and remove includes
...
Speeds up compilation and removes dependency on bionic source
2013-05-28 15:46:06 -05:00
5e925f6629
Description update
2013-05-14 14:20:27 -05:00
42cfa72f81
Update data after test kloxo 6.1.12
2013-05-13 19:09:06 -05:00
58f2373171
Added module for EDB 25406
2013-05-13 18:08:23 -05:00
0c25ffb4de
Landing #1695 , agix's smhstart local root exploit
2013-04-06 17:32:12 +02:00
b947dc71e9
english :) "must be"
2013-04-03 13:47:57 +02:00
60dfece55c
add opcode description
2013-04-03 13:46:56 +02:00
7359151c14
decrement esp to fix crash in the middle of shellcode
2013-04-02 13:25:31 +02:00
30111e3d8b
hpsmh smhstart local exploit BOF
2013-03-31 13:04:34 +02:00
9c95c7992b
Require's for all the include's
2012-10-23 13:24:05 -05:00
f9ac55c221
Infohash key cleanups
...
Replace obvious typos in infohash keys. Note that this *does*
affect the behaviour as those keys have been ignored before.
2012-10-22 21:24:36 +02:00
529f88c66d
Some msftidy fixes
2012-10-14 19:16:54 -05:00
8b251b053e
initializing msghdr a little better
2012-09-18 12:12:27 +02:00
16c5df46fc
fix while testing ubuntu intrepid
2012-09-18 11:52:50 +02:00
bbeb6cc97a
Add a privilege escalation exploit for udev < 1.4.1
...
Also includes a new ```rm_f``` method for Post::File for deleting remote
files in a platform-independent way.
2012-09-10 12:32:14 -05:00
3cb60fb42a
Fix 1.8-specific regexp syntax bug
...
The bug was:
line 343: warning: regexp has invalid interval
line 343: warning: regexp has '}' without escape
2012-07-26 02:19:13 -05:00
d238debb2f
Add disclo date, discoverers, and better description
2012-07-18 16:14:32 -06:00
ebe48ecf16
Add Rank for schelevator, update sock_sendpage's
2012-07-18 11:16:29 -06:00
7091d1c65b
Add an exploit for sock_sendpage
...
Unfortunately, adds a dep on bionic for runtime compilation.
Gets ring0, sets the (res)uid to 0 and jumps to the payload. Still some
payload issues because linux stagers don't mprotect(2) the buffer they
read(2) into. Single payloads work fine, though.
Also cleans up and improves local exploits' ability to compile C.
[SEERM #3038 ]
2012-07-15 20:29:48 -06:00
6913440d67
More progress on syscall wrappers
...
Something is still broken, my socket() is returning EAFNOSUPPORT whereas
what looks like the same syscall in wunderbar_emporium's exploit.c is
returning a socket. Similarly, my __mmap2() is returning EFAULT when
trying to map anything, not just NULL.
2012-06-22 17:45:49 -06:00
fd8b1636b9
Add the first bits of a sock_sendpage exploit
...
This can currently build an executable that creates a socket, opens a
temporary file, truncates that file with ftruncate(2) and calls
sendfile. Still needs to mmap NULL and figure out ring0 shellcode.
Baby steps.
2012-06-22 00:03:29 -06:00
jvazquez-r7
sinn3r
Tab Assassin
James Lee
HD Moore
Steve Tornio
agix
Michael Schierl
sinn3r