A collection of files related to my personal security research. Additional content will be posted on my blog https://blog.mirch.io.
Tool | Description |
---|---|
openssldir_check | Windows utility to check for potential insecure paths used by the OPENSSLDIR build parameter in OpenSSL libraries |
ssscache2john | Convert SSSD LDAP cache files to John The Ripper format |
DumpTompcatSessions | Dump Tomcat sessions using JMX |
-
CVE-2020-3950 - VMware Fusion Elevation of Privilege Vulnerability. PoC: CVE-2020-3950.sh.
-
CVE-2019-19954 - Signal Desktop Windows Elevation of Privilege Vulnerability. Detailed write-up: https://blog.mirch.io/signal-desktop-windows-lpe
-
CVE-2019-3466 - Debian / Ubuntu PostgreSQL Privilege Escalation via pg_ctlcluster. CVE-2019-3466-stage1.sh CVE-2019-3466-stage2.sh. Detailed write-up: https://blog.mirch.io/cve-2019-3466-debian-ubuntu-pg_ctlcluster-privilege-escalation. Debian Advisory: DSA-4568. Ubuntu Advisory: 4194-1
-
CVE-2019-12571 - PIA macOS Arbitrary File Overwrite. CVE-2019-12571.txt.
-
CVE-2019-12572 - PIA Windows Privilege Escalation: Malicious OpenSSL engine. CVE-2019-12572.txt. Walk through https://blog.mirch.io/2019/06/10/cve-2019-12572-pia-windows-privilege-escalation-malicious-openssl-engine/
-
CVE-2019-12573 - PIA Linux, macOS Arbitrary File Overwrite. CVE-2019-12573.txt.
-
CVE-2019-12574 - PIA Windows Privilege Escalation: DLL Injection. Detailed write-up: CVE-2019-12574.txt.
-
CVE-2019-12575 - PIA Linux, macOS Privilege Escalation: Shared Object Injection. CVE-2019-12575.txt.
-
CVE-2019-12576 - PIA macOS Privilege Escalation: Untrusted Search Path. CVE-2019-12576.txt.
-
CVE-2019-12577 - PIA macOS Privilege Escalation: Insecure umask. CVE-2019-12577.txt.
-
CVE-2019-12578 - PIA Linux Privilege Escalation: Argument Injection. CVE-2019-12578.txt.
-
CVE-2019-12579 - PIA Linux, macOS Privilege Escalation: Command Injection. CVE-2019-12579.txt.
-
CVE-2019-6617 - F5 BIG-IP Resource Administrator Privilege Escalation. CVE-2019-6617.txt. F5 Advisory: https://support.f5.com/csp/article/K38941195
-
CVE-2019-6724 - Barracuda VPN Client Privilege Escalation on Linux and macOS. PoC: CVE-2019-6724.sh. Detailed write-up: CVE-2019-6724: Barracuda VPN Client Privilege Escalation on Linux and macOS. Barracuda VPN Client Release Notes
-
CVE-2018-1792.sh - IBM MQ can allow an attacker to execute a privilege escalation attack on a local machine. PoC: CVE-2018-1792.sh. Detailed write-up: CVE-2018-1792 – IBM MQ Privilege Escalation: Fun with RUNPATH. IBM Advisory: ibm10734447
-
CVE-2018-15332 - F5 BIG-IP APM client for Linux and macOS arbitrary file takeover vulnerability. Detailed write-up: CVE-2018-15332.txt. F5 Advisory: K12130880
-
CVE-2018-5529, CVE-2018-5546 - F5 BIG-IP APM client for Linux and macOS vulnerability. Detailed write-up: CVE-2018-5529.txt. F5 Advisories: K52171282, K54431371
-
CVE-2018-18629 - Privilege Escalation on Linux via keybase-redirector . PoC: CVE-2018-18629.sh. Detailed write-up: CVE-2018-18629: Keybase Linux privilege escalation. Keybase Advisory: Local Privilege Escalation on Linux via keybase-redirector (KB002)
-
CVE-2018-19788 - PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. PoC: CVE-2018-19788.sh. Detailed write-up: CVE-2018-19788 PoC – polkit: Improper handling of user with uid > INT_MAX leading to authentication bypass. The Hacker News article: Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command
-
CVE-2018-18556 - VyOS Privilege escalation via sudo pppd for operator users. PoC: CVE-2018-18556.sh. Detailed write-up: CVE-2018-18556 – VyOS Privilege escalation via sudo pppd for operator users. Advisory: The "operator" level is proved insecure and will be removed in the next releases