Skip to content

Instantly share code, notes, and snippets.

View CVE-2018-12327.txt
# Exploit Title: ntpq and ntpdc 4.2.8p11 Local Buffer Overflow
# Date: 2018-06-06
# Exploit Author: Fakhri Zulkifli (@d0lph1n98)
# Vendor Homepage: http://www.ntp.org/
# Software Link: http://www.ntp.org/downloads.html
# Version: 4.2.8p11 and earlier
# Tested on: 4.2.8p11
# CVE : CVE-2018-12327
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows a local attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter.
View CVE-2018-12326.txt
# Exploit Title: Redis-cli Buffer Overflow
# Date: 2018-06-13
# Exploit Author: Fakhri Zulkifli (@d0lph1n98)
# Vendor Homepage: https://redis.io/
# Software Link: https://redis.io/download
# Version: 5.0, 4.0, 3.2
# Fixed on: 5.0, 4.0, 3.2
# CVE : CVE-2018-12326
Buffer overflow in redis-cli of Redis version 3.2, 4.0, and 5.0 allows a local attacker to achieve code execution and escalate to higher privileges via a long string in the hostname parameter.
View dmesg.txt
[ 0.000000] Linux version 4.15.0-29-generic (buildd@lcy01-amd64-024) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10)) #31~16.04.1-Ubuntu SMP Wed Jul 18 08:54:04 UTC 2018 (Ubuntu 4.15.0-29.31~16.04.1-generic 4.15.18)
[ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-4.15.0-29-generic root=UUID=698582a6-55a9-44bf-b937-26bede2bff48 ro find_preseed=/preseed.cfg auto noprompt priority=critical locale=en_US quiet
[ 0.000000] KERNEL supported cpus:
[ 0.000000] Intel GenuineIntel
[ 0.000000] AMD AuthenticAMD
[ 0.000000] Centaur CentaurHauls
[ 0.000000] Disabled fast string operations
[ 0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
[ 0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
[ 0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
View CVE-2018-13457.txt
# Exploit Title: Nagios Core qh_echo Denial of Service
# Date: 2018-07-09
# Exploit Author: Fakhri Zulkifli (@d0lph1n98)
# Vendor Homepage: https://www.nagios.org/
# Software Link: https://www.nagios.org/downloads/nagios-core/
# Version: 4.4.1 and earlier
# Tested on: 4.4.1
# CVE : CVE-2018-13457
qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
View CVE-2018-13458.txt
# Exploit Title: Nagios Core qh_core Denial of Service
# Date: 2018-07-09
# Exploit Author: Fakhri Zulkifli (@d0lph1n98)
# Vendor Homepage: https://www.nagios.org/
# Software Link: https://www.nagios.org/downloads/nagios-core/
# Version: 4.4.1 and earlier
# Tested on: 4.4.1
# CVE : CVE-2018-13458
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
View CVE-2018-13441.txt
# Exploit Title: Nagios Core qh_help Denial of Service
# Date: 2018-07-09
# Exploit Author: Fakhri Zulkifli (@d0lph1n98)
# Vendor Homepage: https://www.nagios.org/
# Software Link: https://www.nagios.org/downloads/nagios-core/
# Version: 4.4.1 and earlier
# Tested on: 4.4.1
# CVE : CVE-2018-13441
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
View CVE-2018-12617.txt
# Exploit Title: QEMU Guest Agent Denial of Service
# Date: 2018-06-07
# Exploit Author: Fakhri Zulkifli (@d0lph1n98)
# Vendor Homepage: https://www.qemu.org/
# Software Link: https://www.qemu.org/download/
# Version: 2.12.50 and earlier
# Tested on: 2.12.50
# CVE : CVE-2018-12617
QEMU Guest Agent 2.12.50 and earlier has an integer overflow causing a g_malloc0() call to trigger a segfault() call when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a specific QMP command to the agent via the listening socket.
View CVE-2018-12453.txt
# Exploit Title: Redis 5.0 Denial of Service
# Date: 2018-06-13
# Exploit Author: Fakhri Zulkifli (@d0lph1n98)
# Vendor Homepage: https://redis.io/
# Software Link: https://redis.io/download
# Version: 5.0
# Fixed on: 5.0
# CVE : CVE-2018-12453
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.
View tajul.py
#!/usr/bin/python
# -*- coding: utf-8 -*-
import os
import sys
import errno
from datetime import datetime
from time import time
rootdir = os.getcwd()
View interviewitems.MD

##Google Interview Questions: Product Marketing Manager

  • Why do you want to join Google? -- Because I want to create tools for others to learn, for free. I didn't have a lot of money when growing up so I didn't get access to the same books, computers and resources that others had which caused money, I want to help ensure that others can learn on the same playing field regardless of their families wealth status or location.
  • What do you know about Google’s product and technology? -- A lot actually, I am a beta tester for numerous products, I use most of the Google tools such as: Search, Gmaill, Drive, Reader, Calendar, G+, YouTube, Web Master Tools, Keyword tools, Analytics etc.
  • If you are Product Manager for Google’s Adwords, how do you plan to market this?
  • What would you say during an AdWords or AdSense product seminar?
  • Who are Google’s competitors, and how does Google compete with them? -- Google competes on numerous fields: --- Search: Baidu, Bing, Duck Duck Go