Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/0xdea/exploits

A handy collection of my public exploits, all in one place.
https://github.com/0xdea/exploits

aix buffer-overflow exploits linux mysql openbsd oracle solaris zyxel

Last synced: 2 months ago
JSON representation

A handy collection of my public exploits, all in one place.

Awesome Lists containing this project

README

        

# exploits
[![](https://img.shields.io/github/stars/0xdea/exploits.svg?style=flat&color=yellow)](https://github.com/0xdea/exploits)
[![](https://img.shields.io/github/forks/0xdea/exploits.svg?style=flat&color=green)](https://github.com/0xdea/exploits)
[![](https://img.shields.io/github/watchers/0xdea/exploits.svg?style=flat&color=red)](https://github.com/0xdea/exploits)
[![](https://img.shields.io/badge/twitter-%400xdea-blue.svg)](https://twitter.com/0xdea)
[![](https://img.shields.io/badge/mastodon-%40raptor-purple.svg)](https://infosec.exchange/@raptor)

> "You can't argue with a root shell."
>
> -- Felix "FX" Lindner

## Linux
* [**raptor_chown.c**](https://github.com/0xdea/exploits/blob/master/linux/raptor_chown.c). Linux 2.6.x < 2.6.7-rc3 (CVE-2004-0497). Missing DAC controls in sys_chown() on Linux.
* [**raptor_prctl.c**](https://github.com/0xdea/exploits/blob/master/linux/raptor_prctl.c). Linux 2.6.x from 2.6.13 up to versions before 2.6.17.4 (CVE-2006-2451). Suid_dumpable bug.
* [**raptor_prctl2.c**](https://github.com/0xdea/exploits/blob/master/linux/raptor_prctl2.c). Linux 2.6.x from 2.6.13 up to versions before 2.6.17.4 (CVE-2006-2451). Via logrotate(8).
* [**raptor_truecrypt**](https://github.com/0xdea/exploits/tree/master/linux/raptor_truecrypt). TrueCrypt <= 4.3 (CVE-2007-1738). Local privilege escalation via setuid volume mount.
* [**raptor_ldaudit**](https://github.com/0xdea/exploits/blob/master/linux/raptor_ldaudit). Local privilege escalation through glibc dynamic linker (CVE-2010-3856). Via crond(8).
* [**raptor_ldaudit2**](https://github.com/0xdea/exploits/blob/master/linux/raptor_ldaudit2). Local privilege escalation through glibc dynamic linker (CVE-2010-3856). Via logrotate(8).
* [**raptor_exim_wiz**](https://github.com/0xdea/exploits/blob/master/linux/raptor_exim_wiz). Local privilege escalation via "The Return of the WIZard" Exim bug (CVE-2019-10149).

## Solaris
* [**raptor_ucbps**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_ucbps). Solaris 8, 9 (CVE-1999-1587). Information leak with /usr/ucb/ps on both SPARC and x86.
* [**raptor_rlogin.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_rlogin.c). Solaris 2.5.1, 2.6, 7, 8 (CVE-2001-0797). Buffer overflow in System V login via rlogin vector.
* [**raptor_ldpreload.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_ldpreload.c). Solaris 2.6, 7, 8, 9 (CVE-2003-0609). Buffer overflow in the runtime linker ld.so.1.
* [**raptor_libdthelp.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_libdthelp.c). Solaris 7, 8, 9 (CVE-2003-0834). Buffer overflow in CDE libDtHelp via dtprintinfo.
* [**raptor_libdthelp2.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_libdthelp2.c). Solaris 7, 8, 9 (CVE-2003-0834). Buffer overflow in CDE libDtHelp, non-exec stack.
* [**raptor_passwd.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_passwd.c). Solaris 8, 9 (CVE-2004-0360). Buffer overflow in the circ() function of passwd(1).
* [**raptor_sysinfo.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_sysinfo.c). Solaris 10 (CVE-2006-3824). Kernel memory disclosure with the sysinfo(2) system call.
* [**raptor_xkb.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_xkb.c). Solaris 8, 9, 10 (CVE-2006-4655). Buffer overflow in the Strcmp() function of X11 XKEYBOARD.
* [**raptor_libnspr**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_libnspr). Solaris 10 (CVE-2006-4842). NSPR library arbitrary file creation oldschool local root.
* [**raptor_libnspr2**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_libnspr2). Solaris 10 (CVE-2006-4842). NSPR library arbitrary file creation local root via LD_PRELOAD.
* [**raptor_libnspr3**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_libnspr3). Solaris 10 (CVE-2006-4842). NSPR library arbitrary file creation local root via constructor.
* [**raptor_peek.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_peek.c). Solaris 8, 9, 10 (CVE-2007-5225). Kernel memory disclosure with fifofs I_PEEK ioctl(2).
* [**raptor_solgasm**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_solgasm). Solaris 11 (CVE-2018-14665). Local privilege escalation via Xorg -logfile and inittab.
* [**raptor_dtprintname_sparc.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintname_sparc.c). Solaris 7-9 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (SPARC).
* [**raptor_dtprintname_sparc2.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintname_sparc2.c). Solaris 7-9 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (SPARC, NX).
* [**raptor_dtprintname_sparc3.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintname_sparc3.c). Solaris 10 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (SPARC, NX).
* [**raptor_dtprintname_intel.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintname_intel.c). Solaris 10 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (Intel, NX).
* [**raptor_xscreensaver**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_xscreensaver). Solaris 11.x (CVE-2019-3010). Local privilege escalation via xscreensaver.
* [**raptor_session_ipa.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtsession_ipa.c). Solaris 10 (CVE-2020-2696). Local privilege escalation via CDE dtsession (Intel, NX).
* [**raptor_sdtcm_conv.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_sdtcm_conv.c). Solaris 10 (CVE-2020-2944). Local privilege escalation via CDE sdtcm_convert (Intel, NX).
* [**raptor_dtprintcheckdir_intel.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintcheckdir_intel.c). Solaris 10 (CVE-2022-43752). Another buffer overflow in CDE dtprintinfo (Intel, NX).
* [**raptor_dtprintcheckdir_intel2.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintcheckdir_intel2.c). Solaris 10 (CVE-2022-43752). Format string bug in CDE dtprintinfo (Intel, NX).
* [**raptor_dtprintcheckdir_sparc.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintcheckdir_sparc.c). Solaris 10 (CVE-2022-43752). Format string bug in CDE dtprintinfo (SPARC PoC, NX).
* [**raptor_dtprintcheckdir_sparc2.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintcheckdir_sparc2.c). Solaris 10 (CVE-2022-43752). Format string bug in CDE dtprintinfo (SPARC, NX).
* [**raptor_dtprintlibXmas.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintlibXmas.c). Solaris 10 (CVE-2023-24039). Buffer overflow in libXm via CDE dtprintinfo (Intel, NX).

## AIX
* [**raptor_libC**](https://github.com/0xdea/exploits/blob/master/aix/raptor_libC). AIX 5.3, 6.1 (CVE-2009-2669). Arbitrary file creation or overwrite via libC debugging functions.

## OpenBSD
* [**raptor_xorgasm**](https://github.com/0xdea/exploits/blob/master/openbsd/raptor_xorgasm). OpenBSD 6.3, 6.4 (CVE-2018-14665). Local privilege escalation via Xorg -logfile and cron.
* [**raptor_opensmtpd.pl**](https://github.com/0xdea/exploits/blob/master/openbsd/raptor_opensmtpd.pl). OpenBSD 6.4, 6.5, 6.6 (CVE-2020-7247). LPE and RCE in OpenBSD's OpenSMTPD.

## Zyxel
* [**raptor_zysh_fhtagn.exp**](https://github.com/0xdea/exploits/blob/master/zyxel/raptor_zysh_fhtagn.exp). Zyxel zysh (CVE-2022-26531). Remote code execution via multiple format string bugs.

## Oracle
* [**raptor_oraextproc.sql**](https://github.com/0xdea/exploits/blob/master/oracle/raptor_oraextproc.sql). Oracle 9i, 10g (CVE-2004-1364). Directory traversal vulnerability in extproc.
* [**raptor_oraexec.sql**](https://github.com/0xdea/exploits/blob/master/oracle/raptor_oraexec.sql). Exploitation suite for Oracle written in Java, to read/write files and execute OS commands.
* [**raptor_orafile.sql**](https://github.com/0xdea/exploits/blob/master/oracle/raptor_orafile.sql). File system access suite for Oracle based on the utl_file package, to read/write files.

## MySQL
* [**raptor_udf.c**](https://github.com/0xdea/exploits/blob/master/mysql/raptor_udf.c). Helper dynamic library for local privilege escalation through MySQL run with root privileges.
* [**raptor_udf2.c**](https://github.com/0xdea/exploits/blob/master/mysql/raptor_udf2.c). Slight modification of raptor_udf.c, it works with recent versions of the open source database.
* [**raptor_winudf**](https://github.com/0xdea/exploits/tree/master/mysql/raptor_winudf). MySQL UDF backdoor kit for M$ Windows (ZIP password is "0xdeadbeef").

## Miscellaneous
* [**raptor_sshtime**](https://github.com/0xdea/exploits/blob/master/misc/raptor_sshtime). OpenSSH (CVE-2003-0190, CVE-2006-5229). Remote timing attack information leak exploit.
* [**raptor_dominohash**](https://github.com/0xdea/exploits/blob/master/misc/raptor_dominohash). Lotus Domino R5, R6 (CVE-2005-2428). Webmail names.nsf password hash dumper.
* [**raptor_xorgy**](https://github.com/0xdea/exploits/blob/master/misc/raptor_xorgy). Xorg 1.19.0 - 1.20.2 (CVE-2018-14665). Local privilege escalation via Xorg -modulepath.