crash.software
Projects
Pull Requests
Issues
Builds
0xdea-exploits
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY 0xdea-exploits Commits 5df87e34
🤬
  • ■ ■ ■ ■ ■ ■
    README.md
    skipped 3 lines
    4 4  > "You can't argue with a root shell." -- Felix "FX" Lindner
    5 5   
    6 6  ## Linux
    7  -* **raptor_chown.c**. Linux 2.6.x < 2.6.7-rc3 (CVE-2004-0497). Missing DAC controls in sys_chown() on Linux.
    8  -* **raptor_prctl.c**. Linux 2.6.x from 2.6.13 up to versions before 2.6.17.4 (CVE-2006-2451). Suid_dumpable bug.
    9  -* **raptor_prctl2.c**. Linux 2.6.x from 2.6.13 up to versions before 2.6.17.4 (CVE-2006-2451). Via logrotate(8).
    10  -* **raptor_truecrypt.tgz**. TrueCrypt <= 4.3 (CVE-2007-1738). Local privilege escalation via setuid volume mount.
    11  -* **raptor_ldaudit**. Local privilege escalation through glibc dynamic linker (CVE-2010-3856). Via crond(8).
    12  -* **raptor_ldaudit2**. Local privilege escalation through glibc dynamic linker (CVE-2010-3856). Via logrotate(8).
    13  -* **raptor_exim_wiz**. Local privilege escalation via "The Return of the WIZard" Exim bug (CVE-2019-10149).
     7 +* [**raptor_chown.c**](https://github.com/0xdea/exploits/blob/master/linux/raptor_chown.c). Linux 2.6.x < 2.6.7-rc3 (CVE-2004-0497). Missing DAC controls in sys_chown() on Linux.
     8 +* [**raptor_prctl.c**](https://github.com/0xdea/exploits/blob/master/linux/raptor_prctl.c). Linux 2.6.x from 2.6.13 up to versions before 2.6.17.4 (CVE-2006-2451). Suid_dumpable bug.
     9 +* [**raptor_prctl2.c**](https://github.com/0xdea/exploits/blob/master/linux/raptor_prctl2.c). Linux 2.6.x from 2.6.13 up to versions before 2.6.17.4 (CVE-2006-2451). Via logrotate(8).
     10 +* [**raptor_truecrypt**](https://github.com/0xdea/exploits/tree/master/linux/raptor_truecrypt). TrueCrypt <= 4.3 (CVE-2007-1738). Local privilege escalation via setuid volume mount.
     11 +* [**raptor_ldaudit**](https://github.com/0xdea/exploits/blob/master/linux/raptor_ldaudit). Local privilege escalation through glibc dynamic linker (CVE-2010-3856). Via crond(8).
     12 +* [**raptor_ldaudit2**](https://github.com/0xdea/exploits/blob/master/linux/raptor_ldaudit2). Local privilege escalation through glibc dynamic linker (CVE-2010-3856). Via logrotate(8).
     13 +* [**raptor_exim_wiz**](https://github.com/0xdea/exploits/blob/master/linux/raptor_exim_wiz). Local privilege escalation via "The Return of the WIZard" Exim bug (CVE-2019-10149).
    14 14   
    15 15  ## Solaris
    16  -* **raptor_ucbps**. Solaris 8, 9 (CVE-1999-1587). Information leak with /usr/ucb/ps on both SPARC and x86.
    17  -* **raptor_rlogin.c**. Solaris 2.5.1, 2.6, 7, 8 (CVE-2001-0797). Buffer overflow in System V login via rlogin vector.
    18  -* **raptor_ldpreload.c**. Solaris 2.6, 7, 8, 9 (CVE-2003-0609). Buffer overflow in the runtime linker ld.so.1.
    19  -* **raptor_libdthelp.c**. Solaris 7, 8, 9 (CVE-2003-0834). Buffer overflow in CDE libDtHelp via dtprintinfo.
    20  -* **raptor_libdthelp2.c**. Solaris 7, 8, 9 (CVE-2003-0834). Buffer overflow in CDE libDtHelp, non-exec stack.
    21  -* **raptor_passwd.c**. Solaris 8, 9 (CVE-2004-0360). Buffer overflow in the circ() function of passwd(1).
    22  -* **raptor_sysinfo.c**. Solaris 10 (CVE-2006-3824). Kernel memory disclosure with the sysinfo(2) system call.
    23  -* **raptor_xkb.c**. Solaris 8, 9, 10 (CVE-2006-4655). Buffer overflow in the Strcmp() function of X11 XKEYBOARD.
    24  -* **raptor_libnspr**. Solaris 10 (CVE-2006-4842). NSPR library arbitrary file creation oldschool local root.
    25  -* **raptor_libnspr2**. Solaris 10 (CVE-2006-4842). NSPR library arbitrary file creation local root via LD_PRELOAD.
    26  -* **raptor_libnspr3**. Solaris 10 (CVE-2006-4842). NSPR library arbitrary file creation local root via constructor.
    27  -* **raptor_peek.c**. Solaris 8, 9, 10 (CVE-2007-5225). Kernel memory disclosure with fifofs I_PEEK ioctl(2).
    28  -* **raptor_solgasm**. Solaris 11 (CVE-2018-14665). Local privilege escalation via Xorg -logfile and inittab.
    29  -* **raptor_dtprintname_sparc.c**. Solaris 7-10 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (SPARC).
    30  -* **raptor_dtprintname_sparc2.c**. Solaris 7-10 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (SPARC, ROP).
    31  -* **raptor_dtprintname_intel.c**. Solaris 7-10 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (Intel, ROP).
    32  -* **raptor_xscreensaver**. Solaris 11.x (CVE-2019-3010). Local privilege escalation via xscreensaver.
    33  -* **raptor_session_ipa.c**. Solaris 10 (CVE-2020-2696). Local privilege escalation via CDE dtsession (Intel, ROP).
     16 +* [**raptor_ucbps**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_ucbps). Solaris 8, 9 (CVE-1999-1587). Information leak with /usr/ucb/ps on both SPARC and x86.
     17 +* [**raptor_rlogin.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_rlogin.c). Solaris 2.5.1, 2.6, 7, 8 (CVE-2001-0797). Buffer overflow in System V login via rlogin vector.
     18 +* [**raptor_ldpreload.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_ldpreload.c). Solaris 2.6, 7, 8, 9 (CVE-2003-0609). Buffer overflow in the runtime linker ld.so.1.
     19 +* [**raptor_libdthelp.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_libdthelp.c). Solaris 7, 8, 9 (CVE-2003-0834). Buffer overflow in CDE libDtHelp via dtprintinfo.
     20 +* [**raptor_libdthelp2.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_libdthelp2.c). Solaris 7, 8, 9 (CVE-2003-0834). Buffer overflow in CDE libDtHelp, non-exec stack.
     21 +* [**raptor_passwd.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_passwd.c). Solaris 8, 9 (CVE-2004-0360). Buffer overflow in the circ() function of passwd(1).
     22 +* [**raptor_sysinfo.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_sysinfo.c). Solaris 10 (CVE-2006-3824). Kernel memory disclosure with the sysinfo(2) system call.
     23 +* [**raptor_xkb.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_xkb.c). Solaris 8, 9, 10 (CVE-2006-4655). Buffer overflow in the Strcmp() function of X11 XKEYBOARD.
     24 +* [**raptor_libnspr**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_libnspr). Solaris 10 (CVE-2006-4842). NSPR library arbitrary file creation oldschool local root.
     25 +* [**raptor_libnspr2**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_libnspr2). Solaris 10 (CVE-2006-4842). NSPR library arbitrary file creation local root via LD_PRELOAD.
     26 +* [**raptor_libnspr3**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_libnspr3). Solaris 10 (CVE-2006-4842). NSPR library arbitrary file creation local root via constructor.
     27 +* [**raptor_peek.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_peek.c). Solaris 8, 9, 10 (CVE-2007-5225). Kernel memory disclosure with fifofs I_PEEK ioctl(2).
     28 +* [**raptor_solgasm**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_solgasm). Solaris 11 (CVE-2018-14665). Local privilege escalation via Xorg -logfile and inittab.
     29 +* [**raptor_dtprintname_sparc.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintname_sparc.c). Solaris 7-10 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (SPARC).
     30 +* [**raptor_dtprintname_sparc2.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintname_sparc2.c). Solaris 7-10 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (SPARC, ROP).
     31 +* [**raptor_dtprintname_intel.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintname_intel.c). Solaris 7-10 (CVE-2019-2832). Buffer overflow in CDE dtprintinfo (Intel, ROP).
     32 +* [**raptor_xscreensaver**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_xscreensaver). Solaris 11.x (CVE-2019-3010). Local privilege escalation via xscreensaver.
     33 +* [**raptor_session_ipa.c**](https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtsession_ipa.c). Solaris 10 (CVE-2020-2696). Local privilege escalation via CDE dtsession (Intel, ROP).
    34 34   
    35 35  ## AIX
    36  -* **raptor_libC**. AIX 5.3, 6.1 (CVE-2009-2669). Arbitrary file creation or overwrite via libC debugging functions.
     36 +* [**raptor_libC**](https://github.com/0xdea/exploits/blob/master/aix/raptor_libC). AIX 5.3, 6.1 (CVE-2009-2669). Arbitrary file creation or overwrite via libC debugging functions.
    37 37   
    38 38  ## OpenBSD
    39  -* **raptor_xorgasm**. OpenBSD 6.3, 6.4 (CVE-2018-14665). Local privilege escalation via Xorg -logfile and cron.
    40  -* **raptor_opensmtpd.pl**. OpenBSD 6.4, 6.5, 6.6 (CVE-2020-7247). LPE and RCE in OpenBSD's OpenSMTPD.
     39 +* [**raptor_xorgasm**](https://github.com/0xdea/exploits/blob/master/openbsd/raptor_xorgasm). OpenBSD 6.3, 6.4 (CVE-2018-14665). Local privilege escalation via Xorg -logfile and cron.
     40 +* [**raptor_opensmtpd.pl**](https://github.com/0xdea/exploits/blob/master/openbsd/raptor_opensmtpd.pl). OpenBSD 6.4, 6.5, 6.6 (CVE-2020-7247). LPE and RCE in OpenBSD's OpenSMTPD.
    41 41   
    42 42  ## Oracle
    43  -* **raptor_oraextproc.sql**. Oracle 9i, 10g (CVE-2004-1364). Directory traversal vulnerability in extproc.
    44  -* **raptor_oraexec.sql**. Exploitation suite for Oracle written in Java, to read/write files and execute OS commands.
    45  -* **raptor_orafile.sql**. File system access suite for Oracle based on the utl_file package, to read/write files.
     43 +* [**raptor_oraextproc.sql**](https://github.com/0xdea/exploits/blob/master/oracle/raptor_oraextproc.sql). Oracle 9i, 10g (CVE-2004-1364). Directory traversal vulnerability in extproc.
     44 +* [**raptor_oraexec.sql**](https://github.com/0xdea/exploits/blob/master/oracle/raptor_oraexec.sql). Exploitation suite for Oracle written in Java, to read/write files and execute OS commands.
     45 +* [**raptor_orafile.sql**](https://github.com/0xdea/exploits/blob/master/oracle/raptor_orafile.sql). File system access suite for Oracle based on the utl_file package, to read/write files.
    46 46   
    47 47  ## MySQL
    48  -* **raptor_udf.c**. Helper dynamic library for local privilege escalation through MySQL run with root privileges.
    49  -* **raptor_udf2.c**. Slight modification of raptor_udf.c, it works with recent versions of the open source database.
    50  -* **raptor_winudf.zip**. MySQL UDF backdoor kit for M$ Windows (ZIP password is "0xdeadbeef").
     48 +* [**raptor_udf.c**](https://github.com/0xdea/exploits/blob/master/mysql/raptor_udf.c). Helper dynamic library for local privilege escalation through MySQL run with root privileges.
     49 +* [**raptor_udf2.c**](https://github.com/0xdea/exploits/blob/master/mysql/raptor_udf2.c). Slight modification of raptor_udf.c, it works with recent versions of the open source database.
     50 +* [**raptor_winudf**](https://github.com/0xdea/exploits/tree/master/mysql/raptor_winudf). MySQL UDF backdoor kit for M$ Windows (ZIP password is "0xdeadbeef").
    51 51   
    52 52  ## Miscellaneous
    53  -* **raptor_sshtime**. OpenSSH (CVE-2003-0190, CVE-2006-5229). Remote timing attack information leak exploit.
    54  -* **raptor_dominohash**. Lotus Domino R5, R6 (CVE-2005-2428). Webmail names.nsf password hash dumper.
    55  -* **raptor_xorgy**. Xorg 1.19.0 - 1.20.2 (CVE-2018-14665). Local privilege escalation via Xorg -modulepath.
     53 +* [**raptor_sshtime**](https://github.com/0xdea/exploits/blob/master/misc/raptor_sshtime). OpenSSH (CVE-2003-0190, CVE-2006-5229). Remote timing attack information leak exploit.
     54 +* [**raptor_dominohash**](https://github.com/0xdea/exploits/blob/master/misc/raptor_dominohash). Lotus Domino R5, R6 (CVE-2005-2428). Webmail names.nsf password hash dumper.
     55 +* [**raptor_xorgy**](https://github.com/0xdea/exploits/blob/master/misc/raptor_xorgy). Xorg 1.19.0 - 1.20.2 (CVE-2018-14665). Local privilege escalation via Xorg -modulepath.
    56 56   
Please wait...
Page is in error, reload to recover