Collaborate Disseminate
The following code should be exploited and I need to exploit it in such a way that it runs my command (l33t) and there should be shellcode and exploit included, so that it runs my command. I believe I need to use GDB and it has something t… Continue reading How can I exploit the following code using string format vulnerabilities, Global offset table & GDB? [closed]
I’ve been battling with one school task for a couple of days and can’t seem to find any idea how to solve it. The task is pretty simple:
On the server there is a secret.txt file in the /root folder, which is
owned by root. The task is to … Continue reading Escalating user privileges on Linux
The strange vulnerability could have allowed for escalation of privilege, denial of service or information disclosure attacks. Continue reading Intel Patches Widespread Processor Vulnerability
I have a target that is configured to run winget installers as admin, are there any packages I could install that’d give me priv esc?
Continue reading Need help with possible privilege escalation using winget installer
A polkit authentication agent provides the user interface for administrators to input their password. It runs in user space. (https://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html) An authentication agent is typically auto-… Continue reading Why is there no prevention of malicious polkit authentication agents?
I am trying to do a proof of concept where I use technique T1574.010. In this technique, I should rewrite the binpath of some service in Windows 10 so that when the service starts again the payload that I want is executed, which in this ca… Continue reading Proof of concept: Services File Permissions Weakness (T1574.010)
I’m doing an educational project and I need an executable to try different DLL hijacking techniques in Windows 10.
Obviously, there are no such vulnerabilities in Windows 10 by default, so I thought about creating an executable in C and co… Continue reading Executable to try DLL hijacking attacks
I am calculating the CVSS score for an issue, and I am confused about the Privileges Required (PR).
The issue is, for a client desktop app that connects to a server, the logged in user allows debugging, the JWT token of the user will be lo… Continue reading How to assess the Privilege Required?
The Linux kernel lets me register and execute additional binary formats as if they were regular executables.
I am thinking of this mostly as a convenience method, completing what specifying the interpreter via Shebang already partially acc… Continue reading Does allowing binfmt_misc significantly increase the attack surface for unprivileged users that already can launch – native – binaries?
(This is a question regarding a challenge in a wargame on overthewire.org called Narnia similar to Shellcode does not execute as the owner )
When exporting shellcode to EGG environment variable
export EGG=`python3 -c "import sys; sys…. Continue reading Exporting shellcode to environment variable doesn’t work as expected