Posts

Showing posts from June, 2019

CVE-2019-12181 Serv-U Exploit Writeup

Image
Tl;dr: I found a privilege escalation 0day ( CVE-2019-12181 ) in the Serv-U FTP Server through command injection. POC code available here Target 🎯 I searched for a program that isn't too niche and market specific that it hasn't had time to develop its security. Yet, I didn't want to commit long months of research to find a vulnerability in an extremely popular program that has already been reviewed by many security researchers. I came across Serv-U FTP Server from shodan and decided to pursue this target after seeing the respectable number of over 168,000 instances running worldwide exposed to the Internet. As its name suggests, Serv-U FTP Server is an FTP server; but it also has a web interface for easy file management and a web admin interface. Serv-U is available both for Linux and Windows. On Linux, the ftp server is a SUID executable and runs as root. Therefore, even an attack that can only be executed locally is still a threat as it will giv

Garbage CAN!

Image
I often take breaks from vulnerability hunting, and occasionally I find myself doing some really random things. For example, I stumbled across this poster and decided to make a version of my own. I wanted to make one that is slightly more offensive so that it can be gifted to a good friend. Here is the final result: GARBAGE CAN I used this image by PTNorbert with its free commercial license