CVE-2020-14871

This exploit leverages a pre-authentication stack-based buffer overflow in Oracle Solaris' PAM module (CVE-2020-14871) to achieve remote code execution. It uses a ROP chain to bypass memory protections and execute a reverse shell payload.

This exploit targets CVE-2020-14871 in Solaris SunSSH 11.0 x86, leveraging a buffer overflow in libpam to achieve remote root access. It uses a crafted payload with a reverse shell to execute arbitrary commands on the target system.

This exploit targets a stack-based buffer overflow in libpam on Solaris (CVE-2020-14871), achievable remotely via SunSSH with keyboard-interactive authentication. It uses ROP gadgets to disable NX stack protections and execute a bind shell payload.

This is a functional ROP-based exploit for CVE-2020-14871, targeting a stack-based buffer overflow in the PAM parse_user_name function in Solaris systems. It leverages SSH Keyboard-Interactive authentication to trigger the overflow and execute arbitrary commands, including a Python-based reverse shell.

This repository contains a Python script that checks for the presence of CVE-2020-14871, a buffer overflow vulnerability in Solaris PAM `pam_unix_auth` during SSH keyboard-interactive authentication. It sends a long string to trigger the vulnerability and detects if the system is vulnerable based on the response.

This Metasploit module exploits a stack-based buffer overflow in Oracle Solaris SunSSH PAM's username parsing during keyboard-interactive authentication. It uses a ret2libc technique to achieve remote code execution by overflowing the buffer with a crafted payload.