Collaborate Disseminate
Attention Linux Users!
A new vulnerability has been discovered in Sudo—one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system.
The vulnerability in… Continue reading Sudo Flaw Lets Linux Users Run Commands As Root Even When They’re Restricted
I found DLL Hijacking vulnerability in a program. It doesn’t load VERSION.dll properly. Then I try to use DLL Proxying technique.
I try to create malicious DLL with C++. This is my code:
#pragma once
#pragma comment(linker,… Continue reading DLL Hijacking doesn’t work (DLL Proxy technique)
In lab for testing, I have initial shell in www-data. Where to find a directory that I have write access to put the exploit for privilege escalation?
I’m not allowed to use sudo -l
Continue reading Where to find a directory that I have write access to put an exploit? [on hold]
Ive been chipping away at this for days and going in circles so I need to put this out there – somewhere.
My Samsung s9+ hasnt been acting properly for a long time – but in the past few weeks this thing has become a nightma… Continue reading Android exploited – elevated privileges – SE Policy exploit – system as root – dual boot – living in my ramdisk. What now? [on hold]
Forcepoint has fixed a privilege escalation vulnerability in its VPN Client for Windows. Continue reading Forcepoint VPN Client is Vulnerable to Privilege Escalation Attacks
I’ve been studying Docker security and examining ways of escaping from container to host.
Suppose Docker sock (docker.sock) is mounted into the container at /var/run/docker.sock, so that Docker client (docker) can send comma… Continue reading How to execute a command directly on the host system through docker.sock in a Docker container?
I’ve downloaded and installed NordVPN on Ubuntu and am a bit incredulous at its operation.
After I downloaded its .deb file and installed it, apparently it can be activated with the command nordvpn connect, and I’m expected to believe that… Continue reading Why doesn’t NordVPN require sudo?
A bug in an obscure legacy Windows protocol can lead to serious real-world privilege-escalation attacks. Continue reading 20-Year-Old Bug in Legacy Microsoft Code Plagues All Windows Users
Scenario:
Person A’s normal computer account is personA. They have locked this out with too many bad password attempts.
The user is part of the IT group, so they also have an admin account: personA-admin.
They use this a… Continue reading Is it ok to let someone unlock their own account with their admin account?
Scenario:
Person A’s normal computer account is personA. They have locked this out with too many bad password attempts.
The user is part of the IT group, so they also have an admin account: personA-admin.
They use this a… Continue reading Is it ok to let someone unlock their own account with their admin account?