This exploit is a local privilege escalation vulnerability in the Linux kernel. It allows an attacker to gain root privileges on a vulnerable system by exploiting a race condition in the kernel's memory management. The exploit works by creating two threads, one to wait for a page to be mapped in memory and the other to write to the page. The attacker then races the two threads, hoping that the write thread will finish before the wait thread. If the write thread wins, the attacker can gain root privileges.
This exploit is based on a vulnerability in the Linux kernel which allows an attacker to leak kernel addresses from uninitialized memory. The exploit uses a MAP_ANONYMOUS | MAP_HUGETLB mapping to touch a mishandle and then uses mincore() to find the kernel address. The kernel address can then be used to bypass kaslr.
This exploit is used to bypass the mmap_min_addr and dac_mmap_min_addr security checks in the Linux kernel. It uses a race condition to leak the kernel base address and then sets the mmap_min_addr and dac_mmap_min_addr to 0, allowing an unprivileged user to gain root privileges. This exploit was discovered in 2019 and affects Linux kernels prior to 5.0.7.
This exploit is a local root exploit for Ubuntu 16.04 with kernel version 4.4.0-21-generic. It exploits a vulnerability in the netfilter target_offset module, which allows an attacker to gain root privileges. The exploit involves decrementing the reference count of the target_offset module, which can be done by running the decr.c program. Once the reference count is decremented, the attacker can run the pwn.c program to gain root privileges.
This exploit allows the execution of local binaries, read/write functions and exfiltration of Chrome OAuth tokens to a remote server.
This Exploit allows arbitrary memory writes and reads. Running the specified payload within this package will write to the device's main CPU kernel, causing it to crash.
This is an Javascript exploit actively used against TorBrowser NOW. It consists of one HTML and one CSS file, both pasted below and also de-obscured. The exact functionality is unknown but it's getting access to 'VirtualAlloc' in 'kernel32.dll' and goes from there. It leverages a memory corruption vulnerability in the background to make direct calls to kernel32.dll, which allows malicious code to be executed on computers running Windows and makes redirect to '/member.php' after code execution.
This exploit uses a malicious script to redirect users to a malicious website if they are not on Google.com. If they are on Google.com, the title of the page is changed to 'Google Search'.
This is a free, copyleft license for software and other kinds of works. It is intended to guarantee the freedom to share and change all versions of a program--to make sure it remains free software for all its users.
rootsh is a local privilege escalation targeting OS X Yosemite 10.10.5 build 14F27. It exploits CVE-2016-1758 and CVE-2016-1828, two vulnerabilities in XNU that were patched in OS X El Capitan 10.11.4 and 10.11.5. CVE-2016-1758 is an information leak caused by copying out uninitialized bytes of kernel stack to user space. By comparing leaked kernel pointers with fixed reference addresses it is possible to recover the kernel slide. CVE-2016-1828 is a use-after-free during object deserialization. By passing a crafted binary-serialized dictionary into the kernel, it is possible to trigger a virtual method invocation on an object with a controlled vtable pointer.
Services By CQR