0xdea/exploits 0xdea/exploits

  • Stars
    star
    581
  • Rank 76,901 (Top 2 %)
  • Language
    C
  • License
    MIT License
  • Created over 7 years ago
  • Updated 11 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
0xdea/exploits
github

0xdea

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A handy collection of my public exploits, all in one place.

exploits

"You can't argue with a root shell."

-- Felix "FX" Lindner

Linux

  • raptor_chown.c. Linux 2.6.x < 2.6.7-rc3 (CVE-2004-0497). Missing DAC controls in sys_chown() on Linux.
  • raptor_prctl.c. Linux 2.6.x from 2.6.13 up to versions before 2.6.17.4 (CVE-2006-2451). Suid_dumpable bug.
  • raptor_prctl2.c. Linux 2.6.x from 2.6.13 up to versions before 2.6.17.4 (CVE-2006-2451). Via logrotate(8).
  • raptor_truecrypt. TrueCrypt <= 4.3 (CVE-2007-1738). Local privilege escalation via setuid volume mount.
  • raptor_ldaudit. Local privilege escalation through glibc dynamic linker (CVE-2010-3856). Via crond(8).
  • raptor_ldaudit2. Local privilege escalation through glibc dynamic linker (CVE-2010-3856). Via logrotate(8).
  • raptor_exim_wiz. Local privilege escalation via "The Return of the WIZard" Exim bug (CVE-2019-10149).

Solaris

  • raptor_ucbps. Solaris 8, 9 (CVE-1999-1587). Information leak with /usr/ucb/ps on both SPARC and x86.
  • raptor_rlogin.c. Solaris 2.5.1, 2.6, 7, 8 (CVE-2001-0797). Buffer overflow in System V login via rlogin vector.
  • raptor_ldpreload.c. Solaris 2.6, 7, 8, 9 (CVE-2003-0609). Buffer overflow in the runtime linker ld.so.1.
  • raptor_libdthelp.c. Solaris 7, 8, 9 (CVE-2003-0834). Buffer overflow in CDE libDtHelp via dtprintinfo.
  • raptor_libdthelp2.c. Solaris 7, 8, 9 (CVE-2003-0834). Buffer overflow in CDE libDtHelp, non-exec stack.
  • raptor_passwd.c. Solaris 8, 9 (CVE-2004-0360). Buffer overflow in the circ() function of passwd(1).
  • raptor_sysinfo.c. Solaris 10 (CVE-2006-3824). Kernel memory disclosure with the sysinfo(2) system call.
  • raptor_xkb.c. Solaris 8, 9, 10 (CVE-2006-4655). Buffer overflow in the Strcmp() function of X11 XKEYBOARD.
  • raptor_libnspr. Solaris 10 (CVE-2006-4842). NSPR library arbitrary file creation oldschool local root.
  • raptor_libnspr2. Solaris 10 (CVE-2006-4842). NSPR library arbitrary file creation local root via LD_PRELOAD.
  • raptor_libnspr3. Solaris 10 (CVE-2006-4842). NSPR library arbitrary file creation local root via constructor.
  • raptor_peek.c. Solaris 8, 9, 10 (CVE-2007-5225). Kernel memory disclosure with fifofs I_PEEK ioctl(2).
  • raptor_solgasm. Solaris 11 (CVE-2018-14665). Local privilege escalation via Xorg -logfile and inittab.
  • raptor_dtprintname_sparc.c. Solaris 7-9 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (SPARC).
  • raptor_dtprintname_sparc2.c. Solaris 7-9 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (SPARC, NX).
  • raptor_dtprintname_sparc3.c. Solaris 10 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (SPARC, NX).
  • raptor_dtprintname_intel.c. Solaris 10 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (Intel, NX).
  • raptor_xscreensaver. Solaris 11.x (CVE-2019-3010). Local privilege escalation via xscreensaver.
  • raptor_session_ipa.c. Solaris 10 (CVE-2020-2696). Local privilege escalation via CDE dtsession (Intel, NX).
  • raptor_sdtcm_conv.c. Solaris 10 (CVE-2020-2944). Local privilege escalation via CDE sdtcm_convert (Intel, NX).
  • raptor_dtprintcheckdir_intel.c. Solaris 10 (CVE-2022-43752). Another buffer overflow in CDE dtprintinfo (Intel, NX).
  • raptor_dtprintcheckdir_intel2.c. Solaris 10 (CVE-2022-43752). Format string bug in CDE dtprintinfo (Intel, NX).
  • raptor_dtprintcheckdir_sparc.c. Solaris 10 (CVE-2022-43752). Format string bug in CDE dtprintinfo (SPARC PoC, NX).
  • raptor_dtprintcheckdir_sparc2.c. Solaris 10 (CVE-2022-43752). Format string bug in CDE dtprintinfo (SPARC, NX).
  • raptor_dtprintlibXmas.c. Solaris 10 (CVE-2023-24039). Buffer overflow in libXm via CDE dtprintinfo (Intel, NX).

AIX

  • raptor_libC. AIX 5.3, 6.1 (CVE-2009-2669). Arbitrary file creation or overwrite via libC debugging functions.

OpenBSD

  • raptor_xorgasm. OpenBSD 6.3, 6.4 (CVE-2018-14665). Local privilege escalation via Xorg -logfile and cron.
  • raptor_opensmtpd.pl. OpenBSD 6.4, 6.5, 6.6 (CVE-2020-7247). LPE and RCE in OpenBSD's OpenSMTPD.

Zyxel

Oracle

  • raptor_oraextproc.sql. Oracle 9i, 10g (CVE-2004-1364). Directory traversal vulnerability in extproc.
  • raptor_oraexec.sql. Exploitation suite for Oracle written in Java, to read/write files and execute OS commands.
  • raptor_orafile.sql. File system access suite for Oracle based on the utl_file package, to read/write files.

MySQL

  • raptor_udf.c. Helper dynamic library for local privilege escalation through MySQL run with root privileges.
  • raptor_udf2.c. Slight modification of raptor_udf.c, it works with recent versions of the open source database.
  • raptor_winudf. MySQL UDF backdoor kit for M$ Windows (ZIP password is "0xdeadbeef").

Miscellaneous

  • raptor_sshtime. OpenSSH (CVE-2003-0190, CVE-2006-5229). Remote timing attack information leak exploit.
  • raptor_dominohash. Lotus Domino R5, R6 (CVE-2005-2428). Webmail names.nsf password hash dumper.
  • raptor_xorgy. Xorg 1.19.0 - 1.20.2 (CVE-2018-14665). Local privilege escalation via Xorg -modulepath.

More Repositories

1

frida-scripts

A collection of my Frida.re instrumentation scripts to facilitate reverse engineering of mobile apps.
JavaScript
1,211
star
2

tactical-exploitation

Modern tactical exploitation toolkit.
Python
786
star
3

semgrep-rules

A collection of my Semgrep rules to facilitate vulnerability research.
C
540
star
4

ghidra-scripts

A collection of my Ghidra scripts to facilitate reverse engineering and vulnerability research.
Java
220
star
5

weggli-patterns

A collection of my weggli patterns to facilitate vulnerability research.
84
star
6

xorpd-solutions

[SPOILER ALERT] My attempt at tackling the x86_64 asm riddles in xorpd's xchg rax,rax book. Pull requests welcome.
Assembly
66
star
7

raptor_infiltrate19

#INFILTRATE19 raptor's party pack.
C
30
star
8

raptor_infiltrate20

#INFILTRATE20 raptor's party pack.
C
28
star
9

advisories

A collection of my public security advisories.
22
star
10

configurations

Configuration templates for common network security platforms. YMMV.
Shell
21
star
11

Ao64A

NASM macOS translation of the source code listings distributed with the Art of 64-bit Assembly Language book.
Assembly
15
star
12

backdoo-rs

A simple Meterpreter stager written in Rust.
Rust
15
star
13

shellcode

A collection of my shellcode samples.
C
13
star
14

raptor_romhack21

#RomHack21 raptor's party pack.
C
6
star
15

0xdea.github.io

0xdeadbeef.info website.
C
5
star
16

zero2prod

My code for "Zero To Production In Rust", a book by Luca Palmieri on API development using Rust.
Rust
3
star
17

0xdea

Who's raptor?
1
star
18

raptor-rust-template

My template for starting a Rust project, meant to be used with cargo-generate.
Rust
1
star