Hacking CVE-2021-31607 SaltStack Minion Privledge Escaltion in Snapper Module tldr;I discovered a command injection vulnerability in SaltStack's Salt that allows privilege escalation using malicious filenames on a minion when the master calls snapper.diff. But... I was too
Hacking CVE-2020-28243 (2) SaltStack Minion Denial of Service via Argument Injection Note: This post builds upon an exploit from previous post here, that may be useful to read first.tldr;Recently I disclosed a local privilege escalation, CVE-2020-28243, in SaltStack's Salt
Hacking CVE-2020-28243 SaltStack Minion Local Privilege Escalation tldr;I discovered a command injection vulnerability in SaltStack's Salt that allows privilege escalation via specially crafted process names on a minion when the master calls restartcheck. Affected Versions: All
Metasploit New Metasploit Module: docker_privileged_container_escape I wrote a new metasploit module, docker_privileged_container_escape, that escapes from a docker container with access to the docker sock obtaining a root shell on the host operating
Software Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE) I developed a container enumeration script. Think of it like linpeas/linenum but for containers.
Hacking Python UUEncode Vulnerability tl;dr Found a vuln in some old and mostly unused data format in python, spoke to Guido van Rossum (inventor of Python), and submitted a PR with a fix.
