https://solc0nf.github.io/tags/linux/index.html Recent content in linux on solc0nf Hugo -- gohugo.io en-us Sun, 30 Jul 2023 20:15:17 +0400 https://solc0nf.github.io/linux-howto/secure-passwords-in-linux/index.html Sun, 30 Jul 2023 20:15:17 +0400 https://solc0nf.github.io/linux-howto/secure-passwords-in-linux/index.html There are many utilities in Linux that help us in generating random passwords. The neccessity of having a strong password is well known. The problem with random passwords is that it is nearly impossible for us remember them. Using a password manager like KeePassX or KeePass2. That way, you only have to remember one password, the master pasword to unlock your password vault. This leads to another monkey’s tail scenario. If we loose/forget the master password, we you’re doomed. https://solc0nf.github.io/exploit-articles/dirty-pipe/index.html Thu, 09 Mar 2023 15:38:15 +0400 https://solc0nf.github.io/exploit-articles/dirty-pipe/index.html Vulnerability Affected OS CVE CVSS Score Disclosure Date Dirty Pipe Linux (kernel versions 5.8 and newer) CVE-2022-0847 7.8 (high) March 7 2022 This exploit was disclosed by Max Kellermann. DirtyPipe is a local privilege escalation vulnerability, which allows a user to bypass file permission restrictions and write arbitrary data to any file, provided certain conditions are met, the primary one being that the user has to have read permissions to the file. https://solc0nf.github.io/exploit-articles/shellshock/index.html Wed, 08 Mar 2023 07:17:41 +0400 https://solc0nf.github.io/exploit-articles/shellshock/index.html ShellShock is a vulnerability in the Bash shell (GNU Bash upto version 4.3) that allows Bash to execute unintentional commands from environment variables. Attackers can issue commands remotely on the target host with elevated privileges, resulting in complete takeover of the system. Let us have a look at what environment variables are. Environment variables are the variables specific to a certain environment, like a root user would have different environment variables than a normal user in a Linux system. https://solc0nf.github.io/exploit-articles/samba-trans2open-exploit/index.html Tue, 07 Mar 2023 19:31:16 +0400 https://solc0nf.github.io/exploit-articles/samba-trans2open-exploit/index.html A little about Samba. Samba is the standard Windows interoperabiity suite of programs for Linux and Unix. The Samba package provides secure, stable and fast file and print services for all clients such as OS/2, Linux, FreeBSD, using the SMB/CIFS protocol. Samba is an important component to seamlessly integrate Linux servers and desktops into a Windows Active Directory environment. It can function both as a domain controller or as a regular domain member.