A New Linux root exploit was found. This allows root access without a password.
A nice Linux exploit, this allows root access without a password.
exploit
Microsoft Remote Powershell exploit in Microsoft Office a silent threat in 2022.
There is a new threat in Microsoft Office, this allows the remote execution of Powershell code on a target computer. This means that you can download an infected office document and then be open to an attack from a script that could do anything to your computer. There is a Proof of Concept file here: … Read more
New root exploit found for Linux machines.
A new Linux exploit has been found for Linux machines. This involves the FUSE filesystem framework and can crash Systemd after executing a program as a normal user. This is CVE-2021-33910, Denial of service (stack exhaustion) in Systemd (PID 1). More information about this exploit may be found here: https://www.openwall.com/lists/oss-security/2021/07/20/2. A sample program proof of … Read more
Exploit found in older Linux systems involving Xorg and su.
There is an exploit that has been found in Linux that can overwrite the /etc/shadow file with a new password for root. But this requires the setuid root bit for Xorg and to be run from a text console that is not already running Xorg. So this will only work on an older Linux system. … Read more
A variant of the shellshock bug that still works with the bash 4.3.11 shell.
This is a variant of the shellshock bug for bash that still works on a patched system. I am using Ubuntu 14.04 and this still works for me. env VAR1=’me() {echo "hello"}\ ‘ /bin/touch /home/$LOGNAME/my.textenv VAR1=’me() {echo "hello"}\ ‘ /bin/touch /home/$LOGNAME/my.text So you can still put arbitrary content after the function definition in a bash … Read more
Some miscellaneous Linux tips for Ubuntu and Linux Mint users.
If you are starting Firefox from a terminal window where you have specified the proxy settings, and you have the use system proxy settings option ticked, you will not need to set the proxy within Firefox. That is a very cool tip indeed. If you need to set the proxy before using apt, you will … Read more
New exploit targeting Internet Explorer 9.0 and earlier. A good reason to apt-get install firefox instead.
A new zero-day exploit in the wild that targets the Internet Explorer 9.0 and earlier releases is making the rounds. This is another reason to not depend on closed source software if you can help it. I have tried running Windows 8 and then Windows 7 exclusively the last few days and it was not … Read more