Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/aigptcode/xz_vulnerability_crossplatform

xz-vulnerability-poc (cross platform) This repository contains a Proof of Concept (POC) script for the xz vulnerability
https://github.com/aigptcode/xz_vulnerability_crossplatform

backdoor backdoor-attacks backdoorpython fud hacking linux lzma lzma-sdk mac malware ransomware ssh ssh-client ssh-server sshd windows xz xz-compression-utilities xz-utils xz-utils-backdoor

Last synced: 20 days ago
JSON representation

xz-vulnerability-poc (cross platform) This repository contains a Proof of Concept (POC) script for the xz vulnerability

Host: GitHub
URL: https://github.com/aigptcode/xz_vulnerability_crossplatform
Owner: AiGptCode
Created: 2024-04-03T21:45:35.000Z (8 months ago)
Default Branch: main
Last Pushed: 2024-04-04T20:25:01.000Z (7 months ago)
Last Synced: 2024-04-04T22:43:36.481Z (7 months ago)
Topics: backdoor, backdoor-attacks, backdoorpython, fud, hacking, linux, lzma, lzma-sdk, mac, malware, ransomware, ssh, ssh-client, ssh-server, sshd, windows, xz, xz-compression-utilities, xz-utils, xz-utils-backdoor
Language: Python
Homepage:
Size: 18.6 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# xz-vulnerability-poc (cross platform)

## just one click exploit

This repository contains a Proof of Concept (POC) script for the xz vulnerability

## Description

sources: https://www.openwall.com/lists/oss-security/2024/03/29/4

The provided Python script demonstrates the xz vulnerability by dynamically creating a malicious input file and executing the xz command with that file as input. Additionally, it opens a command shell after executing the exploit, and then deletes the exploit file and the symbolic or hard link. The script works on Linux, Windows, and macOS platforms.

## Usage

1. Clone this repository or download the script as a ZIP file.
2. Extract the files if necessary.
3. Run the script using Python: `python exploit.py`

## Notes

* The script has been tested on the latest Python 3.x versions.
* For educational and security research purposes only. Use it responsibly and always seek permission before testing vulnerabilities on systems that you don't own or control.

## Disclaimer

This repository is intended for educational and security research purposes only. The author is not responsible for any misuse or damage caused by the use of this script.

## License

This repository is licensed under the MIT License.

# STAR

Please don't forget to give us a star on GitHub ⭐️