Giter Club home page Giter Club logo

pub's Introduction

❤ Be a Hero, tip a 🍺 🙂 ⟶ Ƀ: 1AZMeGVfCBbYwVYyG9s79pJDyocTZgiApa | Ξth: 0x438B38E30eF117C15fBfF833f9C2c70182925815

Exploit PoCs and tools for vulnerabilities disclosed by tintinweb.

pub

[police line - do not cross] ==== [police line - do not cross] ==== [police line - do not cross]
                             ==== [                          ] ==== 
[police line - do not cross] ==== [police line - do not cross] ==== [police line - do not cross]

proceed

GPG

Fingerprint: 8CBAF803B970FA71202AB0851801E37B756236CB

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFQ8JL0BEACw0FRuV8snna5e/+d42GwObCbRaYFRfXwCsnmLzXsVxV38Ox4k
1CJYmLqDibBB3MLQ4oqsseXzbjedIRFvmWl1nzPR4npMtbJyaXXEgBhesyxhc3Gi
3G++9N8OYN016+btnxYUoEfmH2OBG9NH8hEl/hgB6OOpITF3hj7V9C72eM1xjY6+
ZQX3Lpzen54xN1ZJ0zGTRBjXueFIoqjZ+g3JcX5Eaa+9ZYkBzWQKBSHXt6OgKVUq
FJPbX4JpgBFbNYD4Wq2aathVxgYjZ6RmPfoAzHfawXu1Q0JFAetW93ReRSZUlx2N
V/zmX31N8KKvPRrmmuTJ3de2XaadOiUsSz1Zz7w8af0bT2oEpnOmCxdXkH7O44kS
MoVU1SbVyegBbwldBARg+EI4FEmOL3EXsbB41M7v5FG72kw9OmZujL8EhUntAtYK
FT4iqpwpZbAmqCPhbbwHxt9ec1SC6woBcT7B9dRTK+Hib+/12i7/Fep36kYOA9cq
lrMvvTMVj9hfLvmmbv6+s2Xc6jFRPfWxqS2h9zLU/Ud8I6XKmCanid6cst7/6Je1
yk/iLApx4jNaUcQpYAtUktXJ9M/EKTJw6F1cSFP8zHWtOujuITbHEkv8x34xycz2
OVwZs/ngrXwhOWy+vvRyd6duX9xamLTxHaiEI1jjZQcyf2Dw3MIMfKFJpwARAQAB
tCB0ZWFtIG9zdHN0cm9tIDxwdWJAb3N0c3Ryb20uY29tPokCPwQTAQIAKQIbDwcL
CQgHAwIBBhUIAgkKCwQWAgMBAh4BAheABQJWy4+UBQkEcJ5XAAoJEBgB43t1YjbL
wv0QAKWGJj9FDDUmeATSyUfqPMEPip2c1j2E+E24iYHUe3g7WLtbqrHCKs9LJ+4b
JJ8TsMNdQfrEYz+PEhJ7pCApJxdGq47agXZl3FwGsh62wIZw7vsx+d+6xiBxvV22
B18wz5ZTfsnAvS3RFMu8tfIrIILwkJcVdh6lWOYv3CtvRxAI9ZDj++IiZisdJInI
C9aqDdZ8ecwh32BMjnj/n2nqANGvzglZ8rqM2HRIZ1xtuF8dUz6gidNYSWdnIpTu
HGuyxKxbYp99D4eTO8Rurhl85++r2MUiOdw0pGlogm3Pl7n8giuqcsg5i8YwNoMD
Z2fcU9IhkH9+nMbsniNmUyQmKFgqeDHV6xh/DWdOTa/aVsi1frn83/1FI/dhCCH+
3UK9msu1l0vPLfUVG5ShfrcU9biBYx2BXPfTEe87Dd8MllNsJSuwZblybVdXqaL+
LvpEIf7ZTQgsDbME9SPFE2e6EvgnenaRWcQv2jXwpfX8ubUOKlQ1gpg71REmLzRa
ipHVPt10QzZJRdztfFIj5MqBe9TNIpG9vEtujOXHqwaMq+j7V7EPo6hXN7UT1WNm
pFxm7Eru/aXKwb3pSQjRohdYc5lC49tIm2BKQWT1dCwniIGDIN/KD/+CXQkhSr3F
Z50kgXwXeWwvpZDz+CjEmNiZHetJyGWLIInkunSSLyvU3n7X
=toza
-----END PGP PUBLIC KEY BLOCK-----
	

history:

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFQ8JL0BEACw0FRuV8snna5e/+d42GwObCbRaYFRfXwCsnmLzXsVxV38Ox4k
1CJYmLqDibBB3MLQ4oqsseXzbjedIRFvmWl1nzPR4npMtbJyaXXEgBhesyxhc3Gi
3G++9N8OYN016+btnxYUoEfmH2OBG9NH8hEl/hgB6OOpITF3hj7V9C72eM1xjY6+
ZQX3Lpzen54xN1ZJ0zGTRBjXueFIoqjZ+g3JcX5Eaa+9ZYkBzWQKBSHXt6OgKVUq
FJPbX4JpgBFbNYD4Wq2aathVxgYjZ6RmPfoAzHfawXu1Q0JFAetW93ReRSZUlx2N
V/zmX31N8KKvPRrmmuTJ3de2XaadOiUsSz1Zz7w8af0bT2oEpnOmCxdXkH7O44kS
MoVU1SbVyegBbwldBARg+EI4FEmOL3EXsbB41M7v5FG72kw9OmZujL8EhUntAtYK
FT4iqpwpZbAmqCPhbbwHxt9ec1SC6woBcT7B9dRTK+Hib+/12i7/Fep36kYOA9cq
lrMvvTMVj9hfLvmmbv6+s2Xc6jFRPfWxqS2h9zLU/Ud8I6XKmCanid6cst7/6Je1
yk/iLApx4jNaUcQpYAtUktXJ9M/EKTJw6F1cSFP8zHWtOujuITbHEkv8x34xycz2
OVwZs/ngrXwhOWy+vvRyd6duX9xamLTxHaiEI1jjZQcyf2Dw3MIMfKFJpwARAQAB
tCB0ZWFtIG9zdHN0cm9tIDxwdWJAb3N0c3Ryb20uY29tPokCPwQTAQIAKQUCVDwk
vQIbDwUJAKG0cwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEBgB43t1YjbL
t48QAJtEGay0RD4nVJ0fsGU2Gv5NIiGf+X/BGXERSLhSrBXSA6E6acDH1+SV13dI
OH3TnheOvcITm5wyBbkI27lKXi5BcBn+zbbp23QZ3kd9pi2+lLxsOyJmbXZ2AUfz
hBsPBX24Cg5fN+H9Jv+8ecSdXBs6TVdt0IuIQjKM0Z/w9Hi6MUcjLwhPfgWgElqu
3BW9XQi/Xkt3vYadXHJaRXlFPoLW3X1sNoiKb//IAjYC1AMynX1eBM7wKtJjsptL
z8mpfqyUgfmVGNQ8kyBU90t6n1MaTQxj1ANQtxoWhmFuGIpxffXkE0FEHSSq8zl3
704hL8RFuTQj4+S8Y6WxUUXdH3pSd/L28bLxaZZ3C9zp4T6l9uEQO+A9DOZp/M7D
gDp9Q41uEX/t8irfHRZGksEp44U0Iyc39skzN/7vLs9fiHB2KQ8MhP5iz/0iuTIu
N4AoOJ8+FbY0zi3fn4TpKGO4NEytgm4q6WUbkEafiXRhcZz7VOMM4hEQrHsjHo5o
XmUPEAeNj+mMxCK/dFV5dxk47n8POcnOjKtFQqeYDhOiuMpUcguiarAiPyqnqfSB
i0gMqgAkzO6++ArEI0LxTyi+dXo8UFPbKZcLyp6PBrA4qlWrXbwS1viSc6eN8P9b
naiI5IBYWb0FCcD91EDrp2ca4B78Rh74C7spj9ut/bT844Bj
=nkv0
-----END PGP PUBLIC KEY BLOCK-----

pub's People

Contributors

chenull avatar tintinweb avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

atimorin johnjohnsp1 chubbymaggie tourountzis macc6579 idkwim zhuyue1314 yeyintminthuhtut eagleusb fork42541 hackpanda superman1982 lucabongiorni vinsonzou thanatoskira mlmh husoul limq test123test111 retanoj totwo blueroutecn kiabras khanhnnvn hax0rg1rl wangpeng003 starrkdevil yosrixp prsood dkmos2016 olivierh59500 dotslashtx 00nbc00 jeperez csijun alilangtest chushuai gncao justwee ck6y6 talk2noob decioseo threecool goldboy123 hafnerst expertasif orf53975 m3duza79 hermitguo binihao5bei wg135 sh1nu11bi ocean-y libraggbond lzqbegin fjsnogueiracx sjsolim jdiazmx maskedfox lyxw sec-db myndtt nhas liuyusjs azurecloudmonk simolin grigory-z aravind5908 changheluor007 ssslow777 yangsirrr xxxvanhao suasm raystyle wh0amis r00thunter palmteam se7venom silentmagic hyunwen inveteck a11en4 5l1v3r1 darkfunct lxkxc chennqqi 3453-315h 759451733 ijoshoa zero-codex pigfff monastyr m0ck1ng-b1rd hattrick-v handsomecat00 cr1m3ra jiang800702 adeshkolte msiva21 whoimi199

pub's Issues

Problem about poc.py of CVE-2016-3115

environment:

clients:

  • openssh 7.7p1
  • openssl 1.0.2o
  • kali 2018-2
  • python 2.7.15

server:

  • openssh 6.6.1p1
  • openssl 1.0.1f
  • Ubuntu 14.0.4.1-LTS
  • X11Forward yes

It seemed that I used this poc.py login as user2 successfully.
But when i typed ".info" or any other commands, it crashed like this.

Traceback (most recent call last):
  File "poc.py", line 152, in <module>
    LOGGER.info(ex.exploit_fwd_readfile(cmd.split(" ",1)[1]))
  File "poc.py", line 52, in exploit_fwd_readfile
    data = self.exploit("xxxx\nsource %s\n"%path)
  File "poc.py", line 38, in exploit
    session.request_x11(auth_cookie=cmd)
  File "/usr/lib/python2.7/dist-packages/paramiko/channel.py", line 63, in _check
    return func(self, *args, **kwds)
  File "/usr/lib/python2.7/dist-packages/paramiko/channel.py", line 474, in request_x11
    self._wait_for_event()
  File "/usr/lib/python2.7/dist-packages/paramiko/channel.py", line 1198, in _wait_for_event
    raise e
paramiko.ssh_exception.SSHException: Channel closed.

[CVE-2016-2563] confused with PoC

Hi, @tintinweb !

I am getting lost when I am trying to reproduce this bug.

What is step 5 of PoC? Everything is reproduced until step 5. Is it the output of some other utility that is not specified in README?

My understanding is that the error message should be output of pscp. Am I getting is right?

Best,
Victor

dropbear

楼主在吗,有问题咨询,关于dropbear

CVE-2016-2563

when i run poc.py error:ImportError: No module named py3compat

poc.py for cve-2016-3116?

Hello

Is there a chance you are going to release the proof of concept for cve-2016-3116?
I am testing IoT devices and this cve came up in a couple, it would be nice to see if they can be exploited.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.