EZEA
SUDO_KILLER
Our great sponsors
EZEA | SUDO_KILLER | |
---|---|---|
10 | 8 | |
91 | 2,092 | |
- | - | |
1.8 | 8.8 | |
almost 3 years ago | about 1 month ago | |
Shell | Shell | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
EZEA
- I passed OSCP, and here is how you should(nt) do it
-
5/5 full compromise. Rick Rolled the proctor. 😂
Congrats bro, I personally like notion. And use tilix for terminal segmention. Made a bash script for enumeration: https://github.com/yassirlaaouissi/EZEA
-
Exam in 1 week, any last tips
I have my exam on thr 6th of june, 09:00, amsterdam time. I have the entire public PWK network done, 25 hackthebox machines from TJ Nulls list, 10 BOF machines, an automated enum tool (https://github.com/yassirlaaouissi/EZEA), all of my notes and a healthy amount of failure anxiety for the OSCP Exam. Did most of the boxes without hints, the 5 big ones and some hackthebox machines mostly needed hints on initial foothold for me.
-
Exam in <24 hours - Planning to fail. What do I do, study, or at least research?
I made a nice enum tool, use it: https://github.com/yassirlaaouissi/EZEA
-
Mid OSCP Update #2
The first two weeks of my labtime went to the course material (PDF and video). After that I spent a week or two on making an enumeration tool: https://github.com/yassirlaaouissi/EZEA
-
Tips and resources on pentesting methodology?
Many people make tools based on steps in the methodology. I've made a tool to auromate the enumeration step: https://github.com/yassirlaaouissi/EZEA
-
Just Failed First Attempt - BOF, and then NOTHING - HUH?
This is kinda self advertising, but trust me. It will save you time; I use this tool to enumerate my targets. Have done around 30 PWK boxes and 7 HTB machines with it so far: https://github.com/yassirlaaouissi/EZEA
-
Mid OSCP Update
I have been using my enumeration tool EZEA (https://github.com/yassirlaaouissi/EZEA), and so far I am not disappointed I spent time on it. If anyone has suggestions on how to make this tool better, or on how to practice buffer overflows, please do tell me. Have a nice day!
-
Made a nice OSCP enum tool
Made this tool based on several other tools that can simplify the enumeration proces for OSCP-like environments. Have rooted 8 boxes so far using this tool in 2 weeks time. Here is the link, let me know how you feel about it: https://github.com/yassirlaaouissi/EZEA
-
OSCP tips: Enumeration + time management
I've made an automatic enumerator for myself to prevent timeloss typing all commands from scratch during OSCP. Here it is, let me know what you think about it: https://github.com/yassirlaaouissi/EZEA
SUDO_KILLER
- cve-2023-22809
-
CVE-2023-22809
this project https://github.com/TH3xACE/SUDO_KILLER can be used to detect and exploit this CVE.
-
Sudoedit can edit arbitrary files (CVE-2023-22809)
check the project https://github.com/TH3xACE/SUDO_KILLER ... there is a docker and the tool within it to play with the described scenario and there is a video also...showing the exploitation :)
- TH3xACE/SUDO_KILLER - A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
- Some of the latest CVEs like CVE-2014-0106, CVE-2015-5602, CVE-2017-1000367, CVE-2019-14287, CVE-2019-18634, CVE-2021-3156 and CVE-2021-23240 are detected by the tool and much more. If you like the project, don't forget to give a +1 star on github. Thanks
- How to detect sudo’s CVE-2021-3156 using Falco
-
Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)
Detection and checks for CVE-2021-3156 and CVE-2021-23240 were added to https://github.com/TH3xACE/SUDO_KILLER . Please give a +1 star on github if you appreciate the project.
What are some alternatives?
OSCP-Exam-Report-Template - Modified template for the OSCP Exam and Labs. Used during my passing attempt
AutoRecon - AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
linux-smart-enumeration - Linux enumeration tool for pentesting and CTFs with verbosity levels
nmapAutomator - A script that you can run in the background!
linux-exploit-suggester - Linux privilege escalation auditing tool
Pentest-Service-Enumeration - Suggests programs to run against services found during the enumeration phase of a Pentest
CTF-Difficulty - This cheasheet is aimed at the CTF Players and Beginners to help them sort the CTF Challenges on the basis of Difficulties.
alacarte
CVE-2021-4034 - PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)
RELY - RELY (Name composed on project members Romy, Esther, Lucille and Yassir) is a python tool developed to help a Digital Forensics Triage procedure on some Microsoft Windows devices.
OSCP-BoF - This is a walkthrough about understanding the #BoF machine present in the #OSCP exam.