Collaborate Disseminate
Citizen Lab has identified yet another Israeli company that sells spyware to governments around the world: Candiru.
From the report:
Summary:
Candiru is a secretive Israel-based company that sells spyware exclusively to governments. Reportedly, their… Continue reading Candiru: Another Cyberweapons Arms Manufacturer
As a developer, I ask how to approach security concerns regarding permissions of a binary which needs access to resources only available to root users.
For example, let’s think of a simple tool which creates a virtual device or executes co… Continue reading Secure way to run a linux binary which needs access to ressources only available to root?
I am trying to privilege escalate a vulnerable box and I’ve stuck with this output:
sudo -l
Matching Defaults entries for charlie on sewers:
env_reset, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/… Continue reading Sudo -l systemctl bypass
Because tech vendors have turned to over-the-air updates – the idea is to not give their customers any excuses for not keeping firmware current – Eclypsium’s discovery of a chain of four vulnerabilities in the BIOSConnect feature within Dell Client BI… Continue reading Dell BIOSConnect Flaws Show Over-the-Air Risks
Background
Currently doing some vulnservers on Offensive Security’s Proving Grounds Practice Labs. A vulnserver is a machine configured with vulnerabilities for testing/audit and research purposes.
I came across a machine that had a cronjo… Continue reading SUID Priv Escalation – LD_LIBRARY_PATH versus ldconfig and /etc/ld.so.conf
Endpoint security is a hot topic of discussion, especially now with so many businesses shifting to remote work. First, let’s define what endpoints are. Endpoints are end-user devices like desktops, laptops, and mobile devices. They serve as points of a… Continue reading The role of endpoints in the security of your network
I am trying to execute the sudo buffer overflow (CVE-2021-3156) on one of my systems, but haven’t got it working yet. The system is definitely vulnerable (taking into account sudo version and sudoedit -A -s \\ output (malloc error).
I crea… Continue reading How to fine tune timing for CVE-2021-3156 (sudo privilege escalation)?
As we know running mysql with root privilege is not recommended which leads to privilege escalation using UDF’s.
I’m trying to setup a machine to demonstrate this and I wanted to run mysqld as root user.
Im running ubuntu 21.04 and with my… Continue reading Running mysqld with root privilege [migrated]
I am working as an intern for an online coding platform startup (similar to LeetCode or HackerRank).
The backend is written in Nodejs. Instead of running the code in a sandbox of some sort, the lead dev decided to execute the submitted cod… Continue reading Spawning child processes from root using runuser command
Here is the scenario:
running id gives this :
uid=1001(test1) gid=1001(test1) euid=1000(bl4ckc4t) groups=1001(test1) –
This means that I am user test1, but my euid is set to another user.
My goal is to get my uid to change to 1000 from my … Continue reading Is there a way to change your current UID to equal your EUID?