computers & stuff


Some (public) software exploit code I wrote over the years.

  • blasty-vs-tipc.c

    • Linux local privilege escalation exploit for CVE-2021-43267. Heap overflow in the TIPC subsystem.
  • blasty-vs-ebpf.c

    • Linux local privilege escalation exploit for CVE-2020-27194. Bypasses the eBPF bytecode verifier in order to gain arbitrary read/write primitive in kernel land.
  • blasty-vs-zte-upnpd.py

    • LAN RCE for ZTE DSL modems. These things are a-plenty in my country and ISP’s/vendors don’t care enough to actually patch up these holes.
  • blasty-vs-dir850l.py

    • I entered SSD’s hack2win competition with this RCE exploit. Bypasses authentication and (ab)uses a very limited command injection vulnerability to stitch together a connectback ELF.
  • blasty-vs-exim.sh

    • Exim is the gift that keeps on giving, check out this ridiculously simple and reliable method for getting uid0 with CVE-2016-1531.
  • upc_keys.c

    • WPA2 passphrase recovery tool for broadom based UPC cable modems. A fun journey in eCos reverse engineering.
  • blasty-vs-netusb.py

    • A remote Linux (MIPS) kernel exploit for NETGEAR WiFi routers.
  • blasty-vs-samba.py

    • Someone once leaked me some info on a juicy samba vuln (CVE-2012-1182), I wrote a shitty exploit. Has since been ported to a metasploit module by some people.
  • blasty-vs-nagios.py

    • An exploit for a buffer overflow in Nagios3’s history.cgi.
  • blasty-vs-zyxel.py

    • WAN exploit for buffer overflow vulnerability in ZyXEl DSL modems.
  • blasty-vs-php.php

    • Breaking out of the PHP sandbox (bypassing disable_functions etc.) using (one of many) vulnerabilities disclosed to php.net a long time ago, which remained unfixed for a long while.