CVE-2018-14665

This Metasploit module exploits a privilege escalation vulnerability in Xorg X11 server on IBM AIX systems by overwriting /etc/passwd to create a root user. It leverages flawed permission checks in the -modulepath and -logfile options.

This Metasploit module exploits CVE-2018-14665, a privilege escalation vulnerability in Xorg X11 server versions 1.19.0 to 1.20.2. It leverages flawed permission checks for the -modulepath and -logfile options to overwrite /etc/crontab and execute arbitrary code as root.

This exploit leverages CVE-2018-14665 to escalate privileges on Solaris 11 by abusing incorrect permission checks in xorg-x11-server for -modulepath and -logfile options. It modifies /etc/inittab to execute a setuid shell, granting root access.

This exploit leverages incorrect command-line parameter validation in the Xorg X server on AIX to overwrite /etc/passwd, creating a new user with root privileges. It uses the '-config' and '-logfile' arguments to inject malicious content into the passwd file.

This exploit leverages CVE-2018-14665 to escalate privileges to root by abusing the -modulepath option in Xorg. It compiles a malicious shared library that spawns a root shell when loaded by the X server.

This exploit leverages CVE-2018-14665 to escalate privileges on RHEL 7 systems by abusing Xorg's file permissions to overwrite /etc/crontab and execute a payload as root. It requires a non-root user to be logged in via console.

This exploit leverages CVE-2018-14665 in xorg-x11-server (1.19.0-1.20.2) to escalate privileges to root on OpenBSD by abusing incorrect permission checks for -modulepath and -logfile options. It injects a malicious cron job to compile and set a setuid root shell.

This exploit leverages CVE-2018-14665 to overwrite the /etc/master.passwd file on OpenBSD systems by abusing the Xorg server's -fp and -logfile options, allowing local privilege escalation to root.

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2018-14665, targeting Xorg X Server versions 1.19.0 to 1.20.2 on OpenBSD 6.3 and 6.4. The exploit abuses the -logfile parameter to overwrite /etc/master.passwd with a root user entry, allowing password-based root access.

This is a functional local privilege escalation (LPE) exploit for CVE-2018-14665, targeting Xorg server versions < 1.20.1 on RHEL 7. It leverages improper file permissions to overwrite /etc/crontab and execute arbitrary commands as root.

This repository contains functional exploit code for CVE-2018-14665, targeting Xorg's -logfile and -modulepath vulnerabilities for local privilege escalation on Solaris and OpenBSD. The exploits are well-documented and include multiple variants for different architectures and environments.

This Metasploit module exploits a privilege escalation vulnerability in Xorg X11 Server (CVE-2018-14665) by leveraging improper permission checks on the -modulepath and -logfile options to overwrite /etc/crontab and execute arbitrary code as root.

This Metasploit module exploits a privilege escalation vulnerability in Xorg X11 server (CVE-2018-14665) by leveraging improper permission checks on the -modulepath and -logfile options. It compiles a shared object to gain root privileges via a malicious constructor function.

This Metasploit module exploits a permission check flaw in Xorg X11 Server on AIX systems, allowing local privilege escalation by overwriting /etc/passwd to create a root user. It leverages the -modulepath and -logfile options to inject malicious configurations.