> "You can't argue with a root shell." -- Felix "FX" Lindner
5
5
6
6
## Linux
7
-
* **raptor_chown.c**. Linux 2.6.x < 2.6.7-rc3 (CVE-2004-0497). Missing DAC controls in sys_chown() on Linux.
8
-
* **raptor_prctl.c**. Linux 2.6.x from 2.6.13 up to versions before 2.6.17.4 (CVE-2006-2451). Suid_dumpable bug.
9
-
* **raptor_prctl2.c**. Linux 2.6.x from 2.6.13 up to versions before 2.6.17.4 (CVE-2006-2451). Via logrotate(8).
10
-
* **raptor_truecrypt.tgz**. TrueCrypt <= 4.3 (CVE-2007-1738). Local privilege escalation via setuid volume mount.
11
-
* **raptor_ldaudit**. Local privilege escalation through glibc dynamic linker (CVE-2010-3856). Via crond(8).
12
-
* **raptor_ldaudit2**. Local privilege escalation through glibc dynamic linker (CVE-2010-3856). Via logrotate(8).
13
-
* **raptor_exim_wiz**. Local privilege escalation via "The Return of the WIZard" Exim bug (CVE-2019-10149).
7
+
* [**raptor_chown.c**](https://github.com/0xdea/exploits/blob/master/linux/raptor_chown.c). Linux 2.6.x < 2.6.7-rc3 (CVE-2004-0497). Missing DAC controls in sys_chown() on Linux.
8
+
* [**raptor_prctl.c**](https://github.com/0xdea/exploits/blob/master/linux/raptor_prctl.c). Linux 2.6.x from 2.6.13 up to versions before 2.6.17.4 (CVE-2006-2451). Suid_dumpable bug.
9
+
* [**raptor_prctl2.c**](https://github.com/0xdea/exploits/blob/master/linux/raptor_prctl2.c). Linux 2.6.x from 2.6.13 up to versions before 2.6.17.4 (CVE-2006-2451). Via logrotate(8).
10
+
* [**raptor_truecrypt**](https://github.com/0xdea/exploits/tree/master/linux/raptor_truecrypt). TrueCrypt <= 4.3 (CVE-2007-1738). Local privilege escalation via setuid volume mount.
11
+
* [**raptor_ldaudit**](https://github.com/0xdea/exploits/blob/master/linux/raptor_ldaudit). Local privilege escalation through glibc dynamic linker (CVE-2010-3856). Via crond(8).
12
+
* [**raptor_ldaudit2**](https://github.com/0xdea/exploits/blob/master/linux/raptor_ldaudit2). Local privilege escalation through glibc dynamic linker (CVE-2010-3856). Via logrotate(8).
13
+
* [**raptor_exim_wiz**](https://github.com/0xdea/exploits/blob/master/linux/raptor_exim_wiz). Local privilege escalation via "The Return of the WIZard" Exim bug (CVE-2019-10149).
14
14
15
15
## Solaris
16
-
* **raptor_ucbps**. Solaris 8, 9 (CVE-1999-1587). Information leak with /usr/ucb/ps on both SPARC and x86.
17
-
* **raptor_rlogin.c**. Solaris 2.5.1, 2.6, 7, 8 (CVE-2001-0797). Buffer overflow in System V login via rlogin vector.
18
-
* **raptor_ldpreload.c**. Solaris 2.6, 7, 8, 9 (CVE-2003-0609). Buffer overflow in the runtime linker ld.so.1.
19
-
* **raptor_libdthelp.c**. Solaris 7, 8, 9 (CVE-2003-0834). Buffer overflow in CDE libDtHelp via dtprintinfo.
20
-
* **raptor_libdthelp2.c**. Solaris 7, 8, 9 (CVE-2003-0834). Buffer overflow in CDE libDtHelp, non-exec stack.
21
-
* **raptor_passwd.c**. Solaris 8, 9 (CVE-2004-0360). Buffer overflow in the circ() function of passwd(1).
22
-
* **raptor_sysinfo.c**. Solaris 10 (CVE-2006-3824). Kernel memory disclosure with the sysinfo(2) system call.
23
-
* **raptor_xkb.c**. Solaris 8, 9, 10 (CVE-2006-4655). Buffer overflow in the Strcmp() function of X11 XKEYBOARD.
24
-
* **raptor_libnspr**. Solaris 10 (CVE-2006-4842). NSPR library arbitrary file creation oldschool local root.
25
-
* **raptor_libnspr2**. Solaris 10 (CVE-2006-4842). NSPR library arbitrary file creation local root via LD_PRELOAD.
26
-
* **raptor_libnspr3**. Solaris 10 (CVE-2006-4842). NSPR library arbitrary file creation local root via constructor.
27
-
* **raptor_peek.c**. Solaris 8, 9, 10 (CVE-2007-5225). Kernel memory disclosure with fifofs I_PEEK ioctl(2).
28
-
* **raptor_solgasm**. Solaris 11 (CVE-2018-14665). Local privilege escalation via Xorg -logfile and inittab.
29
-
* **raptor_dtprintname_sparc.c**. Solaris 7-10 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (SPARC).
30
-
* **raptor_dtprintname_sparc2.c**. Solaris 7-10 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (SPARC, ROP).
31
-
* **raptor_dtprintname_intel.c**. Solaris 7-10 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (Intel, ROP).
32
-
* **raptor_xscreensaver**. Solaris 11.x (CVE-2019-3010). Local privilege escalation via xscreensaver.
33
-
* **raptor_session_ipa.c**. Solaris 10 (CVE-2020-2696). Local privilege escalation via CDE dtsession (Intel, ROP).
16
+
* [**raptor_ucbps**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_ucbps). Solaris 8, 9 (CVE-1999-1587). Information leak with /usr/ucb/ps on both SPARC and x86.
17
+
* [**raptor_rlogin.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_rlogin.c). Solaris 2.5.1, 2.6, 7, 8 (CVE-2001-0797). Buffer overflow in System V login via rlogin vector.
18
+
* [**raptor_ldpreload.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_ldpreload.c). Solaris 2.6, 7, 8, 9 (CVE-2003-0609). Buffer overflow in the runtime linker ld.so.1.
19
+
* [**raptor_libdthelp.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_libdthelp.c). Solaris 7, 8, 9 (CVE-2003-0834). Buffer overflow in CDE libDtHelp via dtprintinfo.
20
+
* [**raptor_libdthelp2.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_libdthelp2.c). Solaris 7, 8, 9 (CVE-2003-0834). Buffer overflow in CDE libDtHelp, non-exec stack.
21
+
* [**raptor_passwd.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_passwd.c). Solaris 8, 9 (CVE-2004-0360). Buffer overflow in the circ() function of passwd(1).
22
+
* [**raptor_sysinfo.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_sysinfo.c). Solaris 10 (CVE-2006-3824). Kernel memory disclosure with the sysinfo(2) system call.
23
+
* [**raptor_xkb.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_xkb.c). Solaris 8, 9, 10 (CVE-2006-4655). Buffer overflow in the Strcmp() function of X11 XKEYBOARD.
24
+
* [**raptor_libnspr**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_libnspr). Solaris 10 (CVE-2006-4842). NSPR library arbitrary file creation oldschool local root.
25
+
* [**raptor_libnspr2**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_libnspr2). Solaris 10 (CVE-2006-4842). NSPR library arbitrary file creation local root via LD_PRELOAD.
26
+
* [**raptor_libnspr3**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_libnspr3). Solaris 10 (CVE-2006-4842). NSPR library arbitrary file creation local root via constructor.
27
+
* [**raptor_peek.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_peek.c). Solaris 8, 9, 10 (CVE-2007-5225). Kernel memory disclosure with fifofs I_PEEK ioctl(2).
28
+
* [**raptor_solgasm**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_solgasm). Solaris 11 (CVE-2018-14665). Local privilege escalation via Xorg -logfile and inittab.
29
+
* [**raptor_dtprintname_sparc.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintname_sparc.c). Solaris 7-10 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (SPARC).
30
+
* [**raptor_dtprintname_sparc2.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintname_sparc2.c). Solaris 7-10 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (SPARC, ROP).
31
+
* [**raptor_dtprintname_intel.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintname_intel.c). Solaris 7-10 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (Intel, ROP).
32
+
* [**raptor_xscreensaver**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_xscreensaver). Solaris 11.x (CVE-2019-3010). Local privilege escalation via xscreensaver.
33
+
* [**raptor_session_ipa.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtsession_ipa.c). Solaris 10 (CVE-2020-2696). Local privilege escalation via CDE dtsession (Intel, ROP).
34
34
35
35
## AIX
36
-
* **raptor_libC**. AIX 5.3, 6.1 (CVE-2009-2669). Arbitrary file creation or overwrite via libC debugging functions.
36
+
* [**raptor_libC**](https://github.com/0xdea/exploits/blob/master/aix/raptor_libC). AIX 5.3, 6.1 (CVE-2009-2669). Arbitrary file creation or overwrite via libC debugging functions.
37
37
38
38
## OpenBSD
39
-
* **raptor_xorgasm**. OpenBSD 6.3, 6.4 (CVE-2018-14665). Local privilege escalation via Xorg -logfile and cron.
40
-
* **raptor_opensmtpd.pl**. OpenBSD 6.4, 6.5, 6.6 (CVE-2020-7247). LPE and RCE in OpenBSD's OpenSMTPD.
39
+
* [**raptor_xorgasm**](https://github.com/0xdea/exploits/blob/master/openbsd/raptor_xorgasm). OpenBSD 6.3, 6.4 (CVE-2018-14665). Local privilege escalation via Xorg -logfile and cron.
40
+
* [**raptor_opensmtpd.pl**](https://github.com/0xdea/exploits/blob/master/openbsd/raptor_opensmtpd.pl). OpenBSD 6.4, 6.5, 6.6 (CVE-2020-7247). LPE and RCE in OpenBSD's OpenSMTPD.
* [**raptor_oraexec.sql**](https://github.com/0xdea/exploits/blob/master/oracle/raptor_oraexec.sql). Exploitation suite for Oracle written in Java, to read/write files and execute OS commands.
45
+
* [**raptor_orafile.sql**](https://github.com/0xdea/exploits/blob/master/oracle/raptor_orafile.sql). File system access suite for Oracle based on the utl_file package, to read/write files.
46
46
47
47
## MySQL
48
-
* **raptor_udf.c**. Helper dynamic library for local privilege escalation through MySQL run with root privileges.
49
-
* **raptor_udf2.c**. Slight modification of raptor_udf.c, it works with recent versions of the open source database.
50
-
* **raptor_winudf.zip**. MySQL UDF backdoor kit for M$ Windows (ZIP password is "0xdeadbeef").
48
+
* [**raptor_udf.c**](https://github.com/0xdea/exploits/blob/master/mysql/raptor_udf.c). Helper dynamic library for local privilege escalation through MySQL run with root privileges.
49
+
* [**raptor_udf2.c**](https://github.com/0xdea/exploits/blob/master/mysql/raptor_udf2.c). Slight modification of raptor_udf.c, it works with recent versions of the open source database.
50
+
* [**raptor_winudf**](https://github.com/0xdea/exploits/tree/master/mysql/raptor_winudf). MySQL UDF backdoor kit for M$ Windows (ZIP password is "0xdeadbeef").