HackDig : Dig high-quality web security articles for hacker

CVSSv3 Disappointment

I was incredibly happy with the initial release of CVSSv3. While it wasn’t perfect, it was a huge improvement over CVSSv2 in that a couple of the weaknesses in v2 were removed.The first of two particularly great changes was the language related to the network attack vector in the specification document:A vulnerability exploitable with network access means th
Publish At:2016-08-11 04:05 | Read:6511 | Comments:0 | Tags:Off Topic CVSSv2 CVSSv3 local Network vulnerability

Fedora abrt Race Condition Exploit

#include <stdlib.h>#include <unistd.h>#include <stdbool.h>#include <stdio.h>#include <signal.h>#include <err.h>#include <string.h>#include <alloca.h>#include <limits.h>#include <sys/inotify.h>#include <sys/prctl.h>#include <sys/types.h>#include <sys/types.h>#include <sys/wait.h&
Publish At:2015-04-14 10:55 | Read:2766 | Comments:0 | Tags:local exploit

Apport/Abrt Local Root Exploit

#define _GNU_SOURCE#include <stdio.h>#include <unistd.h>#include <stdlib.h>#include <fcntl.h>#include <signal.h>#include <elf.h>#include <err.h>#include <syslog.h>#include <sched.h>#include <linux/sched.h>#include <sys/types.h>#include <sys/stat.h>#include <sys/auxv.h>#include <
Publish At:2015-04-14 10:55 | Read:3823 | Comments:0 | Tags:local exploit

Mac OS X "Rootpipe" Privilege Escalation

### This module requires Metasploit: http://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'class Metasploit4 < Msf::Exploit::Local Rank = GreatRanking include Msf::Post::OSX::System include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initialize(info = {}) super(update_info(inf
Publish At:2015-04-13 18:55 | Read:2541 | Comments:0 | Tags:local

Mac OS X rootpipe Local Privilege Escalation

########################################################## PoC exploit code for rootpipe (CVE-2015-1130)## Created by Emil Kvarnhammar, TrueSec## Tested on OS X 10.7.5, 10.8.2, 10.9.5 and 10.10.2#########################################################import osimport sysimport platformimport reimport ctypesimport objcimport sysfrom Cocoa import NSData, NS
Publish At:2015-04-09 18:50 | Read:2156 | Comments:0 | Tags:local

BZR Player 1.03 - DLL Hijacking

/*#[+] Author: TUNISIAN CYBER#[+] Exploit Title: BZR Player 1.03 DLL Hijacking#[+] Date: 29-03-2015#[+] Type: Local Exploits#[+] Vendor: http://bzrplayer.blazer.nu/#[+] Tested on: WinXp/Windows 7 Pro#[+] Friendly Sites: sec4ever.com#[+] Twitter: @TCYB3R#[+] gcc -shared -o [DLLNAME_choose one from the lis below].dll tcyber.c# Copy it to the software dir. the
Publish At:2015-03-30 18:30 | Read:3886 | Comments:0 | Tags:local

ZIP Password Recovery Professional 7.1 - DLL Hijacking

/*#[+] Author: TUNISIAN CYBER#[+] Exploit Title: ZIP Password Recovery Professional 7.1 DLL Hijacking#[+] Date: 29-03-2015#[+] Type: Local Exploits#[+] Vendor: http://www.recoverlostpassword.com/products/zippasswordrecovery.html#compare#[+] Tested on: WinXp/Windows 7 Pro#[+] Friendly Sites: sec4ever.com#[+] Twitter: @TCYB3R#[+] gcc -shared -o dwmapi.dll tcy
Publish At:2015-03-30 18:30 | Read:2352 | Comments:0 | Tags:local

Fedora21 setroubleshootd Local Root PoC

setroubleshoot tries to find out which rpm a particularfile belongs to when it finds SELinux access violation reports.The idea is probably to have convenient reports for the adminwhich type enforcement rules have to be relaxed. setroubleshootruns as root (although in its own domain). In util.pywe have:266 def get_rpm_nvr_by_file_path_temporary(name):267
Publish At:2015-03-30 18:30 | Read:2437 | Comments:0 | Tags:local

Mini-stream Ripper v2.7.7.100 Local Buffer Overflow

#!/usr/bin/env python#[+] Author: TUNISIAN CYBER#[+] Exploit Title: Mini-sream Ripper v2.7.7.100 Local Buffer Overflow#[+] Date: 25-03-2015#[+] Type: Local Exploits#[+] Tested on: WinXp/Windows 7 Pro#[+] Vendor: http://software-files-a.cnet.com/s/software/10/65/60/43/Mini-streamRipper.exe?token=1427334864_8d9c5d7d948871f54ae14ed9304d1ddf&fileName=Mini-st
Publish At:2015-03-26 18:25 | Read:6872 | Comments:0 | Tags:local

RM Downloader 2.7.5.400 Local Buffer Overflow

#!/usr/bin/env python#[+] Author: TUNISIAN CYBER#[+] Exploit Title: RM Downloader v2.7.5.400 Local Buffer Overflow#[+] Date: 25-03-2015#[+] Type: Local Exploits#[+] Tested on: WinXp/Windows 7 Pro#[+] Vendor: http://software-files-a.cnet.com/s/software/10/65/60/49/Mini-streamRM-MP3Converter.exe?token=1427318981_98f71d0e10e2e3bd2e730179341feb0a&fileName=Mi
Publish At:2015-03-26 18:25 | Read:2127 | Comments:0 | Tags:local

Free MP3 CD Ripper 2.6 - Local Buffer Overflow

#!/usr/bin/python #[+] Author: TUNISIAN CYBER#[+] Exploit Title: Free MP3 CD Ripper All versions Local Buffer Overflow#[+] Date: 20-03-2015#[+] Type: Local Exploits#[+] Tested on: WinXp/Windows 7 Pro#[+] Vendor: http://www.commentcamarche.net/download/telecharger-34082200-free-mp3-cd-ripper#[+] Friendly Sites: sec4ever.com#[+] Twitter: @TCYB3R## EDB Note: Di
Publish At:2015-03-24 18:25 | Read:1963 | Comments:0 | Tags:local

Spybot Search & Destroy 1.6.2 Security Center Service - Privilege Escalation

Spybot Search & Destroy 1.6.2 Security Center Service Privilege EscalationVendor: Safer-Networking Ltd.Product web page: http://www.safer-networking.orgAffected version: 1.6.2Summary: Spybot – Search & Destroy (S&D) is a spyware and adware removalcomputer program compatible with Microsoft Windows 95 and later. It scansthe computer hard disk and/
Publish At:2015-03-17 10:00 | Read:1651 | Comments:1 | Tags:local

Rowhammer: Linux Kernel Privilege Escalation PoC

Sources:http://googleprojectzero.blogspot.ca/2015/03/exploiting-dram-rowhammer-bug-to-gain.htmlhttps://code.google.com/p/google-security-research/issues/detail?id=283Full PoC: http://www.exploit-db.com/sploits/36310.tar.gzThis is a proof-of-concept exploit that is able to gain kernelprivileges on machines that are susceptible to the DRAM "rowhammer"
Publish At:2015-03-10 01:50 | Read:2271 | Comments:0 | Tags:local

Rowhammer: NaCl Sandbox Escape PoC

Sources:http://googleprojectzero.blogspot.ca/2015/03/exploiting-dram-rowhammer-bug-to-gain.htmlhttps://code.google.com/p/google-security-research/issues/detail?id=284Full PoC: http://www.exploit-db.com/sploits/36311.tar.gzThis is a proof-of-concept exploit that is able to escape from NativeClient's x86-64 sandbox on machines that are susceptible to the DRAM&
Publish At:2015-03-10 01:50 | Read:1988 | Comments:0 | Tags:local

VFU 4.10-1.1 - Move Entry Buffer Overflow

# Exploit Title: VFU Move Entry Buffer Overflow# Date: 2015-02-25# Exploit Author: Bas van den Berg -- @barrebas# Vendor Homepage: http://cade.datamax.bg/# Software Link: http://cade.datamax.bg/vfu/#download# Version: 4.10-1.1# Tested on: GNU/Linux Kali 1.09 32-bit & Crunchbang 11 Waldorf (based on Debian Wheezy), kernel 3.2.0-4# VFU 4.10 (probably up to
Publish At:2015-03-06 01:45 | Read:2258 | Comments:0 | Tags:local

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud