{"id":13539185,"url":"https://github.com/0xdea/exploits","last_synced_at":"2025-05-15T15:07:36.011Z","repository":{"id":65557387,"uuid":"97018750","full_name":"0xdea/exploits","owner":"0xdea","description":"A handy collection of my public exploits, all in one place.","archived":false,"fork":false,"pushed_at":"2025-04-22T07:54:56.000Z","size":450,"stargazers_count":607,"open_issues_count":0,"forks_count":113,"subscribers_count":49,"default_branch":"master","last_synced_at":"2025-04-22T08:45:02.203Z","etag":null,"topics":["aix","buffer-overflow","exploits","linux","mysql","openbsd","oracle","solaris","zyxel"],"latest_commit_sha":null,"homepage":"https://0xdeadbeef.info","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0xdea.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-07-12T14:40:55.000Z","updated_at":"2025-04-22T07:55:00.000Z","dependencies_parsed_at":"2025-03-28T17:01:11.129Z","dependency_job_id":"4cf221ea-7b02-43b5-b023-4922d1c02f0f","html_url":"https://github.com/0xdea/exploits","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xdea%2Fexploits","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xdea%2Fexploits/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xdea%2Fexploits/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xdea%2Fexploits/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0xdea","download_url":"https://codeload.github.com/0xdea/exploits/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254364270,"owners_count":22058878,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aix","buffer-overflow","exploits","linux","mysql","openbsd","oracle","solaris","zyxel"],"created_at":"2024-08-01T09:01:21.365Z","updated_at":"2025-05-15T15:07:31.001Z","avatar_url":"https://github.com/0xdea.png","language":"C","readme":"# exploits\n[![](https://img.shields.io/github/stars/0xdea/exploits.svg?style=flat\u0026color=yellow)](https://github.com/0xdea/exploits)\n[![](https://img.shields.io/github/forks/0xdea/exploits.svg?style=flat\u0026color=green)](https://github.com/0xdea/exploits)\n[![](https://img.shields.io/github/watchers/0xdea/exploits.svg?style=flat\u0026color=red)](https://github.com/0xdea/exploits)\n[![](https://img.shields.io/badge/twitter-%400xdea-blue.svg)](https://twitter.com/0xdea)\n[![](https://img.shields.io/badge/mastodon-%40raptor-purple.svg)](https://infosec.exchange/@raptor)\n\n\u003e \"You can't argue with a root shell.\" \n\u003e\n\u003e -- Felix \"FX\" Lindner\n\n## Linux\n* [**raptor_chown.c**](https://github.com/0xdea/exploits/blob/master/linux/raptor_chown.c). Linux 2.6.x \u003c 2.6.7-rc3 (CVE-2004-0497). Missing DAC controls in sys_chown() on Linux.\n* [**raptor_prctl.c**](https://github.com/0xdea/exploits/blob/master/linux/raptor_prctl.c). Linux 2.6.x from 2.6.13 up to versions before 2.6.17.4 (CVE-2006-2451). Suid_dumpable bug.\n* [**raptor_prctl2.c**](https://github.com/0xdea/exploits/blob/master/linux/raptor_prctl2.c). Linux 2.6.x from 2.6.13 up to versions before 2.6.17.4 (CVE-2006-2451). Via logrotate(8).\n* [**raptor_truecrypt**](https://github.com/0xdea/exploits/tree/master/linux/raptor_truecrypt). TrueCrypt \u003c= 4.3 (CVE-2007-1738). Local privilege escalation via setuid volume mount.\n* [**raptor_ldaudit**](https://github.com/0xdea/exploits/blob/master/linux/raptor_ldaudit). Local privilege escalation through glibc dynamic linker (CVE-2010-3856). Via crond(8).\n* [**raptor_ldaudit2**](https://github.com/0xdea/exploits/blob/master/linux/raptor_ldaudit2). Local privilege escalation through glibc dynamic linker (CVE-2010-3856). Via logrotate(8).\n* [**raptor_exim_wiz**](https://github.com/0xdea/exploits/blob/master/linux/raptor_exim_wiz). Local privilege escalation via \"The Return of the WIZard\" Exim bug (CVE-2019-10149).\n\n## Solaris\n* [**raptor_ucbps**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_ucbps). Solaris 8, 9 (CVE-1999-1587). Information leak with /usr/ucb/ps on both SPARC and x86.\n* [**raptor_rlogin.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_rlogin.c). Solaris 2.5.1, 2.6, 7, 8 (CVE-2001-0797). Buffer overflow in System V login via rlogin vector.\n* [**raptor_ldpreload.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_ldpreload.c). Solaris 2.6, 7, 8, 9 (CVE-2003-0609). Buffer overflow in the runtime linker ld.so.1.\n* [**raptor_libdthelp.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_libdthelp.c). Solaris 7, 8, 9 (CVE-2003-0834). Buffer overflow in CDE libDtHelp via dtprintinfo.\n* [**raptor_libdthelp2.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_libdthelp2.c). Solaris 7, 8, 9 (CVE-2003-0834). Buffer overflow in CDE libDtHelp, non-exec stack.\n* [**raptor_passwd.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_passwd.c). Solaris 8, 9 (CVE-2004-0360). Buffer overflow in the circ() function of passwd(1).\n* [**raptor_sysinfo.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_sysinfo.c). Solaris 10 (CVE-2006-3824). Kernel memory disclosure with the sysinfo(2) system call.\n* [**raptor_xkb.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_xkb.c). Solaris 8, 9, 10 (CVE-2006-4655). Buffer overflow in the Strcmp() function of X11 XKEYBOARD.\n* [**raptor_libnspr**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_libnspr). Solaris 10 (CVE-2006-4842). NSPR library arbitrary file creation oldschool local root.\n* [**raptor_libnspr2**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_libnspr2). Solaris 10 (CVE-2006-4842). NSPR library arbitrary file creation local root via LD_PRELOAD.\n* [**raptor_libnspr3**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_libnspr3). Solaris 10 (CVE-2006-4842). NSPR library arbitrary file creation local root via constructor.\n* [**raptor_peek.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_peek.c). Solaris 8, 9, 10 (CVE-2007-5225). Kernel memory disclosure with fifofs I_PEEK ioctl(2).\n* [**raptor_solgasm**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_solgasm). Solaris 11 (CVE-2018-14665). Local privilege escalation via Xorg -logfile and inittab.\n* [**raptor_dtprintname_sparc.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintname_sparc.c). Solaris 7-9 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (SPARC).\n* [**raptor_dtprintname_sparc2.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintname_sparc2.c). Solaris 7-9 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (SPARC, NX).\n* [**raptor_dtprintname_sparc3.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintname_sparc3.c). Solaris 10 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (SPARC, NX).\n* [**raptor_dtprintname_intel.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintname_intel.c). Solaris 10 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (Intel, NX).\n* [**raptor_xscreensaver**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_xscreensaver). Solaris 11.x (CVE-2019-3010). Local privilege escalation via xscreensaver.\n* [**raptor_session_ipa.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtsession_ipa.c). Solaris 10 (CVE-2020-2696). Local privilege escalation via CDE dtsession (Intel, NX).\n* [**raptor_sdtcm_conv.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_sdtcm_conv.c). Solaris 10 (CVE-2020-2944). Local privilege escalation via CDE sdtcm_convert (Intel, NX).\n* [**raptor_dtprintcheckdir_intel.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintcheckdir_intel.c). Solaris 10 (CVE-2022-43752). Another buffer overflow in CDE dtprintinfo (Intel, NX).\n* [**raptor_dtprintcheckdir_intel2.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintcheckdir_intel2.c). Solaris 10 (CVE-2022-43752). Format string bug in CDE dtprintinfo (Intel, NX).\n* [**raptor_dtprintcheckdir_sparc.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintcheckdir_sparc.c). Solaris 10 (CVE-2022-43752). Format string bug in CDE dtprintinfo (SPARC PoC, NX).\n* [**raptor_dtprintcheckdir_sparc2.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintcheckdir_sparc2.c). Solaris 10 (CVE-2022-43752). Format string bug in CDE dtprintinfo (SPARC, NX).\n* [**raptor_dtprintlibXmas.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintlibXmas.c). Solaris 10 (CVE-2023-24039). Buffer overflow in libXm via CDE dtprintinfo (Intel, NX).\n\n## AIX\n* [**raptor_libC**](https://github.com/0xdea/exploits/blob/master/aix/raptor_libC). AIX 5.3, 6.1 (CVE-2009-2669). Arbitrary file creation or overwrite via libC debugging functions.\n\n## OpenBSD\n* [**raptor_xorgasm**](https://github.com/0xdea/exploits/blob/master/openbsd/raptor_xorgasm). OpenBSD 6.3, 6.4 (CVE-2018-14665). Local privilege escalation via Xorg -logfile and cron.\n* [**raptor_opensmtpd.pl**](https://github.com/0xdea/exploits/blob/master/openbsd/raptor_opensmtpd.pl). OpenBSD 6.4, 6.5, 6.6 (CVE-2020-7247). LPE and RCE in OpenBSD's OpenSMTPD.\n\n## Zyxel\n* [**raptor_zysh_fhtagn.exp**](https://github.com/0xdea/exploits/blob/master/zyxel/raptor_zysh_fhtagn.exp). Zyxel zysh (CVE-2022-26531). Remote code execution via multiple format string bugs.\n* **TBA**. *TBA*.\n\n## Oracle\n* [**raptor_oraextproc.sql**](https://github.com/0xdea/exploits/blob/master/oracle/raptor_oraextproc.sql). Oracle 9i, 10g (CVE-2004-1364). Directory traversal vulnerability in extproc.\n* [**raptor_oraexec.sql**](https://github.com/0xdea/exploits/blob/master/oracle/raptor_oraexec.sql). Exploitation suite for Oracle written in Java, to read/write files and execute OS commands.\n* [**raptor_orafile.sql**](https://github.com/0xdea/exploits/blob/master/oracle/raptor_orafile.sql). File system access suite for Oracle based on the utl_file package, to read/write files.\n\n## MySQL\n* [**raptor_udf.c**](https://github.com/0xdea/exploits/blob/master/mysql/raptor_udf.c). Helper dynamic library for local privilege escalation through MySQL run with root privileges.\n* [**raptor_udf2.c**](https://github.com/0xdea/exploits/blob/master/mysql/raptor_udf2.c). Slight modification of raptor_udf.c, it works with recent versions of the open source database.\n* [**raptor_winudf**](https://github.com/0xdea/exploits/tree/master/mysql/raptor_winudf). MySQL UDF backdoor kit for M$ Windows (ZIP password is \"0xdeadbeef\").\n\n## Miscellaneous\n* [**raptor_sshtime**](https://github.com/0xdea/exploits/blob/master/misc/raptor_sshtime). OpenSSH (CVE-2003-0190, CVE-2006-5229). Remote timing attack information leak exploit.\n* [**raptor_dominohash**](https://github.com/0xdea/exploits/blob/master/misc/raptor_dominohash). Lotus Domino R5, R6 (CVE-2005-2428). Webmail names.nsf password hash dumper.\n* [**raptor_xorgy**](https://github.com/0xdea/exploits/blob/master/misc/raptor_xorgy). Xorg 1.19.0 - 1.20.2 (CVE-2018-14665). Local privilege escalation via Xorg -modulepath.\n","funding_links":[],"categories":["\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing","C","\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集"],"sub_categories":["\u003ca id=\"41ae40ed61ab2b61f2971fea3ec26e7c\"\u003e\u003c/a\u003e漏洞利用"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xdea%2Fexploits","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0xdea%2Fexploits","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xdea%2Fexploits/lists"}