{"id":15813795,"url":"https://github.com/aigptcode/xz_vulnerability_crossplatform","last_synced_at":"2025-04-01T01:45:18.236Z","repository":{"id":231398537,"uuid":"781698328","full_name":"AiGptCode/Xz_vulnerability_crossplatform","owner":"AiGptCode","description":"xz-vulnerability-poc (cross platform) This repository contains a Proof of Concept (POC) script for the xz vulnerability","archived":false,"fork":false,"pushed_at":"2024-04-04T20:25:01.000Z","size":19,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-04-04T22:43:36.481Z","etag":null,"topics":["backdoor","backdoor-attacks","backdoorpython","fud","hacking","linux","lzma","lzma-sdk","mac","malware","ransomware","ssh","ssh-client","ssh-server","sshd","windows","xz","xz-compression-utilities","xz-utils","xz-utils-backdoor"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AiGptCode.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2024-04-03T21:45:35.000Z","updated_at":"2024-04-14T19:31:04.009Z","dependencies_parsed_at":"2024-04-19T12:00:58.604Z","dependency_job_id":null,"html_url":"https://github.com/AiGptCode/Xz_vulnerability_crossplatform","commit_stats":null,"previous_names":["aigptcode/xz_vulnerability_crossplatform"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AiGptCode%2FXz_vulnerability_crossplatform","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AiGptCode%2FXz_vulnerability_crossplatform/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AiGptCode%2FXz_vulnerability_crossplatform/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AiGptCode%2FXz_vulnerability_crossplatform/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AiGptCode","download_url":"https://codeload.github.com/AiGptCode/Xz_vulnerability_crossplatform/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246569006,"owners_count":20798341,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backdoor","backdoor-attacks","backdoorpython","fud","hacking","linux","lzma","lzma-sdk","mac","malware","ransomware","ssh","ssh-client","ssh-server","sshd","windows","xz","xz-compression-utilities","xz-utils","xz-utils-backdoor"],"created_at":"2024-10-05T04:06:02.309Z","updated_at":"2025-04-01T01:45:18.192Z","avatar_url":"https://github.com/AiGptCode.png","language":"Python","readme":"# xz-vulnerability-poc (cross platform)\n \n## just one click exploit\n\nThis repository contains a Proof of Concept (POC) script for the xz vulnerability \n\n## Description\n \nsources: https://www.openwall.com/lists/oss-security/2024/03/29/4\n\nThe provided Python script demonstrates the xz vulnerability by dynamically creating a malicious input file and executing the xz command with that file as input. Additionally, it opens a command shell after executing the exploit, and then deletes the exploit file and the symbolic or hard link. The script works on Linux, Windows, and macOS platforms.\n\n## Usage\n\n1. Clone this repository or download the script as a ZIP file.\n2. Extract the files if necessary.\n3. Run the script using Python: `python exploit.py`\n\n## Notes\n\n* The script has been tested on the latest Python 3.x versions.\n* For educational and security research purposes only. Use it responsibly and always seek permission before testing vulnerabilities on systems that you don't own or control.\n\n## Disclaimer\n\nThis repository is intended for educational and security research purposes only. The author is not responsible for any misuse or damage caused by the use of this script.\n\n## License\n\nThis repository is licensed under the MIT License.\n\n# STAR\n\nPlease don't forget to give us a star on GitHub ⭐️\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faigptcode%2Fxz_vulnerability_crossplatform","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faigptcode%2Fxz_vulnerability_crossplatform","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faigptcode%2Fxz_vulnerability_crossplatform/lists"}