This Metasploit module exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to disable the package interface, allowing attackers to load arbitrary libraries. On a typical redis deployment (not docker), this module achieves execution as the redis user. Debian/Ubuntu packages run Redis using systemd with the "MemoryDenyWriteExecute" permission, which limits some of what an attacker can do. For example, staged meterpreter will fail when attempting to use mprotect. As such, stageless meterpreter is the preferred payload. Redis can be configured with authentication or not. This module will work with either configuration (provided you provide the correct authentication details). This vulnerability could theoretically be exploited across a few architectures: i386, arm, ppc, etc. However, the module only supports x86_64, which is likely to be the most popular version.
25990c6dc1f07a86ea2e834b9c66c011d9af3d483f0592ec3011de6f791bfa0aThe Linux kernel failed to properly initialize some entries the proto_ops struct for several protocols, leading to NULL being derefenced and used as a function pointer. By using mmap(2) to map page 0, an attacker can execute arbitrary code in the context of the kernel. Several public exploits exist for this vulnerability, including spender's wunderbar_emporium and rcvalle's ppc port, sock_sendpage.c. All Linux 2.4/2.6 versions since May 2001 are believed to be affected: 2.4.4 up to and including 2.4.37.4; 2.6.0 up to and including 2.6.30.4
9bd69f05ada8cee6b76af8cc4636ab3a3a49a49bfad809f7b97fefaea4e48bb0Secunia Security Advisory - A vulnerability has been reported in Inout PPC Engine, which can be exploited by malicious people to conduct cross-site request forgery attacks.
741671f80cb0ce5e087eae53054cbb3511a0827357da5efddcb9794e0bbe9fc3Inout PPC Engine suffers from a cross site request forgery vulnerability.
90f4689b231b1d5b6ba910b66501e0fec7e9f15000c0b9dade252c465f04136cLinux 2.4 and 2.6 kernel sock_sendpage() NULL pointer dereference exploit. The third and final version of this exploit. This third version features: Complete support for i386, x86_64, ppc and ppc64; The personality trick published by Tavis Ormandy and Julien Tinnes; The TOC pointer workaround for data items addressing on ppc64 (i.e. functions on exploit code and libc can be referenced); Improved search and transition to SELinux types with mmap_zero permission.
4c81627c007c2bba523f9c37b9474159727cda368af2e7454b6bc420e0606a47Trafscrambler is an anti-sniffer/IDS NKE (Network Kernel Extension) for Mac OS X. Author tested this on x86 OS X versions 10.5.6 and 10.5.7. It should work on PPC and older releases as well.
63f1a54386d4a4b92cc91435a781879d181cdc1b453243be6c98c029cb8cdb2eTrafscrambler is an anti-sniffer/IDS NKE (Network Kernel Extension) for Mac OS X. Author tested this on x86 OS X versions 10.5.6 and 10.5.7. It should work on PPC and older releases as well.
fa6467defc5898d3d8beae8d23338a8978e1e90bd33e00f07621ebd82993a881Trafscrambler is an anti-sniffer/IDS NKE (Network Kernel Extension) for Mac OS X. This initial release implements SYN-decoy, Pre/Post connections SYN, TCP reset, and zero window attacks. Author tested this on x86 OS X versions 10.5.6 and 10.5.7. It should work on PPC and older releases as well.
aab723f080dfb7656d1c9a5a1e0be87e610747f7fbbad4ff67a4c809ec5c6cf2ppc engine suffers from a remote file inclusion flaw.
699e0d1ff2d4aeb0321e16b94610e6290e9a724451a740c711c10f58ddadf8d7Month Of Apple Bugs - A vulnerability in the handling of the udp:// URL handler for the VLC Media Player allows remote arbitrary code execution. This is just a vanilla format string exploit for OSX on ppc.
eee494f2f67e54b963758dd0fa93937a50e35597b8d00f31b63f7f421bb37406A simple program to inject linux shellcode into the environment and find its location in memory. It contains 8 shellcodes for x86, sparc, mips, and ppc.
e5d36b983e480ffe96e9dc0e95687d5812143c67e87a4caecd8bc2d1d2851661Exploit for fetchmail on Mac OSX versions 10.4.7 and below on the PPC architecture.
8fefc8253056f33ef76e022136819d38456365ed244f5190a475b2f1a4db32edProof of concept exploit for Mac OS X versions 10.4.6 and below which are susceptible to a vulnerability in launchd's syslog() function. PPC version.
219477bc10fd86f44e79866b7a5a535c7bfad56e533185cc869da47f54021bdfSecunia Security Advisory - r0t has reported a vulnerability in QualityEBiz Quality PPC (QualityPPC), which can be exploited by malicious people to conduct cross-site scripting attacks.
d440074c01912e13cd64203245c4493b9699ca1d8ff8c6c2cbe7132d5020a75bexecve("/bin/sh",{"/bin/sh",NULL},NULL) shellcode for Mac OSX on both the PPC and x86 platforms.
a8906c546585510d29afd14973965fe1856fd3050999ab89dc35b4d8c1a853fbread(0,stack,1028); stack(); shellcode for Linux PPC. readnexecppc-core.s appended.
d0b4499072948b6491f643ea4ced7fa7145948d309b2bbfe20f29161e8bd9115execve /bin/sh shellcode for Linux PPC. execve-core.s is appended.
e4820ba2d6164b87e8b80dd60e8b6f7fb00ec0069aeb21349b4dc1a0069f00cdLinux/ppc shellcode which connects /bin/sh to a host. connect-core5.s is appended.
ff836d3fdda9ddcc1157a20752d7f94cb9c0518549ed0ff11dc9dc5f996f11bfProftpd (<= pre6) linux ppc remote exploit.
6794b66bd9b67beb831092c9ee6bb6d6a88f66d33536244eea1007cad32cadba
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed