This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) | |
# The author disclaims copyright to this source code. | |
# | |
# Modified slightly by Andreas Thienemann <athienemann@schubergphilis.com> for clearer exploit code | |
# and 64k reads | |
# | |
# This version of the exploit does write received data to a file called "dump" in the local directory | |
# for analysis. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <string> | |
#include <typeinfo> | |
#include <memory> | |
#include <functional> | |
using std::placeholders::_1; | |
typedef std::function<int(int)> CallbackFunc; | |
// Helper stdout callback usage. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* Copyright (c) 2014, Facebook, Inc. | |
* All rights reserved. | |
* | |
* This source code is licensed under the BSD-style license found in the | |
* LICENSE file in the root directory of this source tree. An additional grant | |
* of patent rights can be found in the PATENTS file in the same directory. | |
* | |
*/ | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// This is a leaky program! | |
// Line 40 will leak a few bytes in the SecurityFramework | |
// %I in xcode, profile. | |
#include <CoreFoundation/CoreFoundation.h> | |
#include <CoreFoundation/CFData.h> | |
#include <Security/Security.h> | |
void CreateAuthorities() { | |
CFMutableDictionaryRef query; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/Makefile.am b/Makefile.am | |
index 4b5d1d8..a225237 100644 | |
--- a/Makefile.am | |
+++ b/Makefile.am | |
@@ -18,7 +18,7 @@ endif | |
if WITH_LUA | |
SUBDIRS += luaext | |
endif | |
-SUBDIRS += rpmio lib sign build scripts fileattrs doc . | |
+SUBDIRS += rpmio lib . |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/osquery/core/windows/wmi.cpp b/osquery/core/windows/wmi.cpp | |
index 43e8d1f..d336118 100644 | |
--- a/osquery/core/windows/wmi.cpp | |
+++ b/osquery/core/windows/wmi.cpp | |
@@ -197,8 +197,6 @@ WmiRequest::WmiRequest(const std::string& query, BSTR nspace) { | |
std::wstring wql = stringToWstring(query); | |
HRESULT hr = E_FAIL; | |
- | |
- hr = ::CoInitializeEx(0, COINIT_MULTITHREADED); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
select os_version.version, case when from_base64(p2.value) like '%passwordLastSet%' then 1 else 0 end as password_set, case when p1.value = '*' then 0 else 1 end as account_enabled, u.shell, u.username as account_username from plist p1, plist p2, os_version, (select * from users where directory != '/var/empty') u where (p1.path = '/var/db/dslocal/nodes/Default/users/' || username || '.plist' and p1.key = 'passwd') and (p2.path = '/var/db/dslocal/nodes/Default/users/' || username || '.plist' and p2.key = 'accountPolicyData'); |