The reverse shell is a staple technique in the offensive security industry. The ability to convert a remote code execution vulnerability into a fully fledged interactive session is endlessly useful for enumeration, privilege escalation, and pivoting.
In this article I propose a new tool oneshell to solve some of the problems with existing tooling.
Judge0 is an open source service used to run arbitrary code inside a secure sandbox. The Judge0 website lists 23 clients using the service, with more than 300 self hosted instances available on the public internet and potentially many more within internal networks.
Tanto Security disclosed vulnerabilities in Judge0 that allows an adversary with sufficient access to perform a sandbox escape and obtain root permissions on the host machine. These vulnerabilities were assigned CVE-2024-29021, CVE-2024-28185 and CVE-2024-28189.
Let our seasoned experts sharpen your cyber security. Call 1300 1 TANTO 82686 or send us a message.
Please include a little about the service you are after and what you need done. We will work with you to achieve the desired result.
Please include a little about the service you are after and what you need done. We will work with you to achieve the desired result.
Protected by reCAPTCHAv3
