{"vulnerability": "CVE-2021-41091", "sightings": [{"uuid": "25df4787-ea3f-442f-9abc-3a19f8ea8b85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41091", "type": "published-proof-of-concept", "source": "https://t.me/b4ckc0nn3ct/44", "content": "#pentest #linux #docker\n\n\u041c\u0430\u0448\u0438\u043d\u0430 : twomonitors (hack the box)\n\n1. \u041f\u043e\u043f\u0430\u043b\u0438 \u043d\u0430 \u0442\u0430\u0447\u043a\u0443 (\u0432 \u0434\u043e\u043a\u0435\u0440 +  \u043d\u0430 \u0445\u043e\u0441\u0442), \u0432\u043d\u0443\u0442\u0440\u0438 \u043a\u0440\u0443\u0442\u0438\u0442\u0441\u044f \u0434\u043e\u043a\u0435\u0440 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \n2. \u041f\u043e\u0432\u044b\u0448\u0430\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0432\u043d\u0443\u0442\u0440\u0438 \u0434\u043e\u043a\u0435\u0440\u0430 \u0434\u043e root (\u0443\u0442\u0438\u043b\u0438\u0442\u0430 \u0432\u044b\u0448\u0435)\n3. \u0412\u044b\u0441\u043a\u0430\u043a\u0438\u0432\u0430\u0435\u043c \u0438\u0437 \u0434\u043e\u043a\u0435\u0440\u0430 \u0447\u0435\u0440\u0435\u0437 https://github.com/UncleJ4ck/CVE-2021-41091\n4. \u041f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u0440\u0443\u0442\u0430 \u043d\u0430 \u0445\u043e\u0441\u0442\u0435, \u0437\u0430 \u0441\u0447\u0435\u0442 \u0442\u043e\u0433\u043e \u0447\u0442\u043e \u0440\u0443\u0442 \u0431\u044b\u043b \u0432\u043d\u0443\u0442\u0440\u0438 \u0434\u043e\u043a\u0435\u0440\u0430", "creation_timestamp": "2023-05-24T14:01:07.000000Z"}, {"uuid": "1c8ed302-0d26-49c2-9fdf-afc017bace9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41091", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8335", "content": "#exploit\n1. CVE-2021-41091:\nFlaw in Moby (Docker Engine)\nhttps://github.com/UncleJ4ck/CVE-2021-41091\n\n2. MS17-010 Exploit Code\nhttps://github.com/3ndG4me/AutoBlue-MS17-010", "creation_timestamp": "2023-05-21T14:52:19.000000Z"}, {"uuid": "b1081c5d-bedd-4fea-985b-c285fd39a4d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41091", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3045", "content": "CVE-2021-41091\n\nThis exploit offers an in-depth look at the CVE-2021-41091 security vulnerability and provides a step-by-step guide on how to utilize the exploit script to achieve privilege escalation on a host.\n\nhttps://github.com/UncleJ4ck/CVE-2021-41091\n\n#cve #infosec", "creation_timestamp": "2023-05-23T16:52:52.000000Z"}, {"uuid": "49b17921-8064-456a-91a6-5eac2275f39a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41091", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3038", "content": "Tools - Hackers Factory \n\n\u200b\u200bPuredns\n\nA fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.\n\nhttps://github.com/d3mondev/puredns\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bCVE-2021-41091\n\nThis exploit offers an in-depth look at the CVE-2021-41091 security vulnerability and provides a step-by-step guide on how to utilize the exploit script to achieve privilege escalation on a host.\n\nhttps://github.com/UncleJ4ck/CVE-2021-41091\n\n#cve #infosec #exploit\n\n\u200b\u200bSSH-Harvester\n\nHarvest passwords automatically from OpenSSH server.\n\nhttps://github.com/jm33-m0/SSH-Harvester\n\n#infosec #pentesting #redteam\n\n\u200b\u200bEATGuard\n\nImplementation of an export address table protection mitigation, like Export Address Filtering (EAF)\n\nhttps://github.com/connormcgarr/EATGuard\n\n#cybersecurity #infosec\n\n\u200b\u200bMS17-010 Exploit Code\n\nThis is just an semi-automated fully working, no-bs, non-metasploit version of the public exploit code for MS17-010.\n\nhttps://github.com/3ndG4me/AutoBlue-MS17-010\n\n#exploit #cybersecurity #infosec\n\n\u200b\u200bWSLHostPatcher\n\nDynamic patch WSL2 to listen port on any interfaces.\n\nhttps://github.com/CzBiX/WSLHostPatcher\n\n#cybersecurity #infosec\n\n\u200b\u200bIvySyn\n\nA fully-automated framework for discovering memory error vulnerabilities in Deep Learning (DL) frameworks.\n\nhttps://gitlab.com/brown-ssl/ivysyn\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bCVE-2023-31664\n\nA reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 Api Manager below v4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter.\n\nhttps://github.com/adilkhan7/CVE-2023-31664\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bPowerLessShell\n\nPowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.\n\nhttps://github.com/Mr-Un1k0d3r/PowerLessShell\n\n#infosec #pentesting #redteam\n\n\u200b\u200bSAP_Cloud_Connector_SSFS_Decryption\n\nThis repository offers a Proof of Concept (PoC) for decrypting SAP Cloud Connector SSFS. The core feature of this PoC is the exploitation of an exported function - getRecord, present in the libsapscc20jni.so file. The advantage is that you can decrypt the SSFS properties values WITHOUT REVERSING THE ECRYPTION ALGORITHM.\n\nhttps://github.com/redrays-io/SAP_Cloud_Connector_SSFS_Decryption\n\n#cybersecurity #infosec #poc\n\n\u200b\u200bFuzzing Templates\n\nCommunity curated list of fuzzing templates for the nuclei engine to find unknown security vulnerabilities.\n\nhttps://github.com/projectdiscovery/fuzzing-templates\n\n#pentesting #infosec #bugbounty\n\n\u200b\u200brebuff\n\nRebuff is designed to protect AI applications from prompt injection (PI) attacks through a multi-layered defense.\n\nhttps://github.com/woop/rebuff\n\n#cybersecurity #infosec\n\n\u200b\u200bDetection-Validation\n\nThe tool automates the process of simulating malicious process events without need to go through setup of real processes.\n\nhttps://github.com/alwashali/Detection-Validation\n\n#cybersecurity #infosec #malware\n\n\u200b\u200bMinefield\n\nThis is the PoC implementation for the USENIX 2022 paper Minefield: A Software-only Protection for SGX Enclaves against DVFS Attacks\n\nhttps://github.com/iaik/minefield\n\n#cybersecurity #infosec\n\n\u200b\u200bAfuzz \n\nAutomated web path fuzzing tool for the Bug Bounty projects.\n\nhttps://github.com/RapidDNS/Afuzz\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bdumpulator\n\nAn easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).\n\nhttps://github.com/mrexodia/dumpulator\n\n#malware #cybersecurity #infosec\n\n\u200b\u200bAtomicSyscall\n\nTools and PoCs for Windows syscall investigation.\n\nhttps://github.com/daem0nc0re/AtomicSyscall\n\n#infosec #pentesting #redteam\n\n\u200b\u200bezXSS\n\nezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.\n\nhttps://github.com/ssl/ezXSS\n\n#infosec #redteam #bugbounty\n\n\u200b\u200bhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-05-22T14:01:04.000000Z"}, {"uuid": "382ac490-8798-4ce5-8510-4d62b218ba42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41091", "type": "published-proof-of-concept", "source": "https://t.me/xakep_ru/14619", "content": "HTB MonitorsTwo. \u041f\u043e\u0432\u044b\u0448\u0430\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0441\u0431\u0435\u0433\u0430\u0435\u043c \u0438\u0437 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430 Docker #\u0441\u0442\u0430\u0442\u044c\u0438 #\u043f\u043e\u0434\u043f\u0438\u0441\u0447\u0438\u043a\u0430\u043c\n\n\u0412 \u044d\u0442\u043e\u043c \u0440\u0430\u0439\u0442\u0430\u043f\u0435 \u043c\u044b \u0441\u00a0\u0442\u043e\u0431\u043e\u0439 \u043f\u043e\u0434\u043d\u0438\u043c\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0432\u00a0\u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0435 Docker, \u0437\u0430\u0442\u0435\u043c \u0441\u043e\u0432\u0435\u0440\u0448\u0438\u043c \u043f\u043e\u0431\u0435\u0433 \u0438\u0437\u00a0\u043d\u0435\u0433\u043e \u0438\u00a0\u0437\u0430\u044e\u0437\u0430\u0435\u043c CVE-2021-41091\u00a0\u0434\u043b\u044f\u00a0\u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u0440\u0443\u0442\u0430 \u043d\u0430\u00a0\u0445\u043e\u0441\u0442\u043e\u0432\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u0435. \u041d\u043e\u00a0\u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u043d\u0443\u0436\u043d\u043e \u0431\u0443\u0434\u0435\u0442 \u0432\u0437\u043b\u043e\u043c\u0430\u0442\u044c \u0441\u0430\u0439\u0442 \u0438\u00a0\u043f\u0440\u043e\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u00a0\u0434\u0432\u0438\u0436\u043a\u0435 Cacti.\n\nhttps://xakep.ru/2023/09/04/htb-monitorstwo/", "creation_timestamp": "2023-09-04T11:42:19.000000Z"}, {"uuid": "1384e82a-5674-4627-925c-6cd97ad24719", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41091", "type": "seen", "source": "https://t.me/cibsecurity/29947", "content": "\u203c CVE-2021-41091 \u203c\n\nMoby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-05T00:30:31.000000Z"}]}