jm33_ng
  • Cryptography
  • Ctf
  • Misc
  • Pentest
  • Programming
  • Tools
  • Vulnerabilities

jm33_ng


an infosec newbie's tech blog

An RCE Approach of CVE-2018-7750

Date Wed 07 November 2018 Tags CVE-2018-7750 / paramiko / RCE / exploit / CVE

paramiko logo

paramiko has an auth bypass vuln (found in March 2018), ie. CVE-2018-7750

which can be leveraged to execute arbitrary command (if the ssh server implementation supports command execution)

affects

anything that uses paramiko for ssh implementation, we can do things on it, unauthed

exploit

https://github.com/jm33-m0/CVE-2018-7750

# Exploit …

View comments.

more ...

Write Better Linux Rootkits

Date Thu 01 November 2018 Tags linux / rootkit / lkm

有个中文版在Freebuf,需要的可以去看看

linux rootkit

dig deeper into user space

lets abuse inits

the INIT

a lot of script kiddies know how to write their own SysV service file or modify the existing ones, fortunate for them, SysVinit is still widely supported in Linux world. Debian family choose to keep their SysVinit compatability …

View comments.

more ...
  • «
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • »

About jm33

Who

  • weaponizer / linux user / vimer / pythonist / gopher / gray hat / male / siscon / freak

Contact

  • Online CV

  • 3A5DBF07

  • Leave a message

  • Social

    • Twitter
    • LinkedIn
    • StackOverflow
    • Github

  • Recent Posts

    • emp3r0r - Process Injection And Persistence
    • emp3r0r - Break Out Of Internal Network
    • Pure Memory Based Emp3r0r Agents
    • SSHD Injection and Password Harvesting
    • Process Injection On Linux

  • Tags
    • 443
    • active directory
    • ad
    • announcement
    • anonymity
    • antivirus
    • anyconnect
    • apache
    • assembly
    • baidu
    • blackhat
    • buffer overflow
    • C#
    • career
    • censorship
    • change
    • cisco
    • code maintainance
    • compton
    • Coursera
    • crypto
    • cryptography
    • ctf
    • CVE
    • CVE-2018-18955
    • CVE-2018-7750
    • dairy
    • Diary
    • DNS污染
    • DPI
    • email
    • emp3r0r
    • exploit
    • file transfer
    • gf
    • gfw
    • github
    • Glowing Bear
    • golang
    • google hacking
    • great wall
    • greatwall
    • hacking
    • hacking tool
    • HiWiFi
    • HTTP2
    • https
    • injection
    • IRC
    • 极路由
    • Joomla
    • KCP
    • kcptun
    • kernel
    • killer
    • lede
    • life
    • linux
    • linux kernel
    • lkm
    • local privilege escalation
    • log cleaner
    • login bypass
    • LPE
    • macos
    • mass exploit
    • mec
    • memory layout
    • mentohust
    • Misc
    • multi-threaded crawler
    • mysql
    • namespace
    • netcat
    • network
    • nic
    • nikto
    • nmap
    • obfs4
    • obfsproxy
    • ocserv
    • openwrt
    • OSIN
    • paramiko
    • pentest
    • pep8
    • PGP
    • php
    • pi
    • plan
    • port-forwarding
    • post-exploitation
    • privilege escalation
    • programming
    • project
    • proxy
    • ptrace
    • PTRACE_TRACEME
    • pythonic
    • quote
    • RCE
    • reverse shell
    • reversing
    • rootkit
    • router
    • s2-045
    • scanner
    • scramblesuit
    • SEED lab
    • shadowsocks
    • shadowsocks-plus
    • shellcode
    • skydog
    • smartphone
    • socket
    • sqli
    • sqlmap
    • SS
    • sshd
    • SSL
    • Stanford
    • sudo
    • systemd
    • Thomas Jefferson
    • TMUX
    • tools
    • Tor
    • trasparent proxy
    • vim
    • virtualbox
    • vpn
    • wayland
    • web
    • weechat
    • windows
    • windows domain
    • windows server
    • xfce4
    • xfwm
    • xhost
    • xml
    • xmpp
    • zoomeye
© 2021 jm33-ng - About this site

Creative Commons License Content licensed under a Creative Commons Attribution-NonCommercial 4.0 International License, except where indicated otherwise.

Images hosted on this site are either my own or from Google Image Search