Tuesday, July 8, 2014

So I Guess This Happened

LZO Exploit, You Say?

What's that, you say? No functional exploits for LZO or LZ4? I guess both are proven, now. Sorry, folks, but we had to wait for a bit to let people get patched. We're kind to the Internet community like that. 

In the next few days, we'll have a website up that lets you play around with the video payloads. Hold tight, because that will be released to the public soon! In the mean time, enjoy the following video. 

In this video, I (Don A. Bailey) exploit an updated version of Ubuntu x86_64 through the latest revision of Firefox 30.0. Yes, everything is updated. And yes, I show the Firefox version in the video. 

Instead of just popping a shell, the shellcode executes `telnet nyancat.dakko.us`, because why not?!

If you can't see the embedded video, check it out here

Best,
Don A. Bailey
Founder / CEO
Lab Mouse Security
@InfoSecMouse
https://www.securitymouse.com/

No comments:

Post a Comment