Tim Brown timb-machine
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ sudo getcap `which ping` | |
| sudo getcap `which ping` | |
| [sudo] password for xx: | |
| /bin/ping = cap_net_raw+ep |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FreeBSD 9.2-RC1: | |
| $ nc -n -vv -l -p 9090 | hexdump -C | |
| listening on [any] 9090 ... | |
| connect to [192.168.x.y] from (UNKNOWN) [192.168.124.194] 52680 | |
| 00000000 68 65 6c 6c 6f 0a 00 00 00 00 00 00 00 00 00 00 |hello...........| | |
| sent 0, rcvd 30 | |
| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |..............| | |
| 0000001e |
timb-machine
/ CVE-2014-8904 AIX lquerylv EoP
Created
September 4, 2017 04:01
CVE-2014-8904 AIX lquerylv EoP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .text:10000354 .using unk_30000BB4, %r31 | |
| .text:10000354 stw %r3, 0x110+var_28(%sp) | |
| .text:10000358 addi %r3, %r31, 0x48C # a_dbgcmd_lquery # "_DBGCMD_LQUERYLV" | |
| .text:1000035C bl .getenv | |
| .text:10000360 lwz %rtoc, 0x110+saved_toc(%sp) | |
| .text:10000364 lwz %r29, off_30001568 # dword_300015E4 | |
| .text:10000368 .using dword_300015E4, %r29 | |
| .text:10000368 cmpwi %r3, 0 | |
| .text:1000036C bne loc_100006D0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| BINFILENAME="${1}" | |
| tempfilename="`tempfile`" | |
| echo "set pagination off" > "${tempfilename}" | |
| # | grep ":$" | grep -v "\." | cut -f 2 -d "<" | cut -f 1 -d ">" | cut -f 1 -d "@" | |
| # | grep "@plt" | cut -f 2 -d "<" | cut -f 1 -d "@" | |
| objdump -D "${BINFILENAME}" | grep ":$" | grep -v "\." | cut -f 2 -d "<" | cut -f 1 -d ">" | cut -f 1 -d "@" | sort | uniq | while read line^M | |
| do |
timb-machine
/ CVE-2010-4577 & CVE-2010-0046 WebKit type confusion
Created
September 4, 2017 04:13
CVE-2010-4577 & CVE-2010-0046 WebKit type confusion
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE-2010-4577 | |
| Red Hat - https://bugs.webkit.org/show_bug.cgi?id=49883 / http://trac.webkit.org/changeset/72685 | |
| Bug report inaccessible but changeset: | |
| CSSParserValueList* args = val->function->args.get(); | |
| 3632 3632 if (args && args->size() == 1) { | |
| 3633 if (equalIgnoringCase(val->function->name, "local(") && !expectComma) { | |
| 3633 if (equalIgnoringCase(val->function->name, "local(") && !expectComma && (args->current()->unit == CSSPrimitiveValue::CSS_STRING || args->current()->unit == CSSPrimitiveValue::CSS_IDENT)) { |
timb-machine
/ no-unqualified-linker-paths.diff.txt example 2
Created
September 4, 2017 13:46
no-unqualified-linker-paths.diff.txt example 2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ LD_LIBRARY_PATH=unqualified:/qualified: SLEEP=0 ../glibc-2.19/build-tree/amd64-libc/elf/ld.so ./test-dlopen-LD_LIBRARY_PATH | |
| 10030: [+] operating on non setuid binary | |
| 10030: [+] being opened via LD_LIBRARY_PATH | |
| 10030: [+] not marked insecure=unqualified/ | |
| 10030: [+] not fully qualified, marking insecure=unqualified/ (via LD_LIBRARY_PATH) | |
| 10030: [+] operating on non setuid binary | |
| 10030: [+] being opened via LD_LIBRARY_PATH | |
| 10030: [+] not marked insecure=unqualified/ | |
| 10030: [+] not fully qualified, marking insecure=unqualified/ (via LD_LIBRARY_PATH) | |
| 10030: [+] operating on non setuid binary |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl | |
| # largely purloined from http://www.perlmonks.org/?node_id=1093916 as my PoC for the old options overflow proved too messy^wPerlish to rework - [machine] | |
| use strict; | |
| use IO::Socket; | |
| use Net::DHCP::Packet; | |
| use Net::DHCP::Constants; | |
| my $serveripaddress = "10.10.10.1"; |
timb-machine
/ BB10 accessible via usb0 on 169.254.x.x
Created
September 4, 2017 14:16
BB10 accessible via usb0 on 169.254.x.x
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| + usb0 IPv6 Invoke_AD4E4603568803A4 _bp2p._tcp local | |
| + usb0 IPv6 Friendly_F034C06D29A99B20_0AB96FC3A2E87129 _bp2p._tcp local | |
| + usb0 IPv4 Invoke_AD4E4603568803A4 _bp2p._tcp local | |
| + usb0 IPv4 Friendly_F034C06D29A99B20_0AB96FC3A2E87129 _bp2p._tcp local | |
| + usb0 IPv6 24EF7DCD11803ADA9573A4E61C4C02 _tunnel._tcp local | |
| + usb0 IPv4 24EF7DCD11803ADA9573A4E61C4C02 _tunnel._tcp local |
timb-machine
/ CVE-2013-2171 FreeBSD ptrace() & mmap() EoP
Last active
September 24, 2017 23:25
CVE-2013-2171 FreeBSD ptrace() & mmap() EoP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Redistribution and use in source and binary forms, with or without | |
| modification, are permitted provided that the following conditions are met: | |
| * Redistributions of source code must retain the above copyright notice, this | |
| list of conditions and the following disclaimer. | |
| * Redistributions in binary form must reproduce the above copyright notice, | |
| this list of conditions and the following disclaimer in the documentation | |
| and/or other materials provided with the distribution. | |
| * Neither the name of the Nth Dimension nor the names of its contributors may |
timb-machine
/ Hardening Sendmail cipher suites
Created
September 4, 2017 14:28
Hardening Sendmail cipher suites
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Taken from http://www.michaelm.info/blog/?p=1256: | |
| LOCAL_CONFIG | |
| O ServerSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_CIPHER_SERVER_PREFERENCE | |
| O ClientSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_CIPHER_SERVER_PREFERENCE | |
| O CipherList=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA |