jm33_ng
  • Cryptography
  • Ctf
  • Misc
  • Pentest
  • Programming
  • Tools
  • Vulnerabilities

jm33_ng


an infosec newbie's tech blog

CVE-2018-18955 - A Handy LPE for Newer Linux Kernels

Date Thu 24 January 2019 Tags CVE / CVE-2018-18955 / linux kernel / namespace / privilege escalation

banner

中文版已发Freebuf

theres no posts about this cve as far as i know, and the original advisory is just too difficult for newbies like me, so..

warm up

whats user namespace

lets assume you use linux, man user_namespaces will give you what you need

in case you aint familiar with linux …

View comments.

more ...

An RCE Approach of CVE-2018-7750

Date Wed 07 November 2018 Tags CVE-2018-7750 / paramiko / RCE / exploit / CVE

paramiko logo

paramiko has an auth bypass vuln (found in March 2018), ie. CVE-2018-7750

which can be leveraged to execute arbitrary command (if the ssh server implementation supports command execution)

affects

anything that uses paramiko for ssh implementation, we can do things on it, unauthed

exploit

https://github.com/jm33-m0/CVE-2018-7750

# Exploit …

View comments.

more ...
  • «
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • »

About jm33

Who

  • ASU / weaponizer / linux user / vimer / pythonist / gopher / gray hat / male / siscon / freak

Contact

  • Online CV

  • 3A5DBF07

  • Leave a message

  • Social

    • Twitter
    • LinkedIn
    • StackOverflow
    • Github

  • Recent Posts

    • QQ Is Reading Your Browsing History
    • emp3r0r - Process Injection And Persistence
    • emp3r0r - Break Out Of Internal Network
    • Pure Memory Based Emp3r0r Agents
    • SSHD Injection and Password Harvesting

  • Tags
    • 443
    • active directory
    • ad
    • announcement
    • anonymity
    • antivirus
    • anyconnect
    • apache
    • assembly
    • baidu
    • blackhat
    • buffer overflow
    • C#
    • career
    • censorship
    • change
    • cisco
    • code maintainance
    • compton
    • Coursera
    • crypto
    • cryptography
    • ctf
    • CVE
    • CVE-2018-18955
    • CVE-2018-7750
    • dairy
    • Diary
    • DNS污染
    • DPI
    • email
    • emp3r0r
    • exploit
    • file transfer
    • gf
    • gfw
    • github
    • Glowing Bear
    • golang
    • google hacking
    • great wall
    • greatwall
    • hacking
    • hacking tool
    • HiWiFi
    • HTTP2
    • https
    • injection
    • IRC
    • 极路由
    • Joomla
    • KCP
    • kcptun
    • kernel
    • killer
    • lede
    • life
    • linux
    • linux kernel
    • lkm
    • local privilege escalation
    • log cleaner
    • login bypass
    • LPE
    • macos
    • mass exploit
    • mec
    • memory layout
    • mentohust
    • Misc
    • multi-threaded crawler
    • mysql
    • namespace
    • netcat
    • network
    • nic
    • nikto
    • nmap
    • obfs4
    • obfsproxy
    • ocserv
    • openwrt
    • OSIN
    • paramiko
    • pentest
    • pep8
    • PGP
    • php
    • pi
    • plan
    • port-forwarding
    • post-exploitation
    • privilege escalation
    • programming
    • project
    • proxy
    • ptrace
    • PTRACE_TRACEME
    • pythonic
    • QQ
    • quote
    • RCE
    • reverse shell
    • reversing
    • rootkit
    • router
    • s2-045
    • scanner
    • scramblesuit
    • SEED lab
    • shadowsocks
    • shadowsocks-plus
    • shellcode
    • skydog
    • smartphone
    • socket
    • sqli
    • sqlmap
    • SS
    • sshd
    • SSL
    • Stanford
    • sudo
    • systemd
    • Thomas Jefferson
    • TMUX
    • tools
    • Tor
    • trasparent proxy
    • vim
    • virtualbox
    • vpn
    • wayland
    • web
    • weechat
    • windows
    • windows domain
    • windows server
    • xfce4
    • xfwm
    • xhost
    • xml
    • xmpp
    • zoomeye
© 2021 jm33-ng - About this site

Creative Commons License Content licensed under a Creative Commons Attribution-NonCommercial 4.0 International License, except where indicated otherwise.

Images hosted on this site are either my own or from Google Image Search