TANTO DOJO BLOG

One Shell To Rule Them All

The reverse shell is a staple technique in the offensive security industry. The ability to convert a remote code execution vulnerability into a fully fledged interactive session is endlessly useful for enumeration, privilege escalation, and pivoting.

In this article I propose a new tool oneshell to solve some of the problems with existing tooling.

Judge0 Sandbox Escape

Judge0 is an open source service used to run arbitrary code inside a secure sandbox. The Judge0 website lists 23 clients using the service, with more than 300 self hosted instances available on the public internet and potentially many more within internal networks.

Tanto Security disclosed vulnerabilities in Judge0 that allows an adversary with sufficient access to perform a sandbox escape and obtain root permissions on the host machine. These vulnerabilities were assigned CVE-2024-29021, CVE-2024-28185 and CVE-2024-28189.

Let our seasoned experts sharpen your cyber security. Call 1300 1 TANTO 82686 or send us a message.

CONTACT Let’s talk

Please include a little about the service you are after and what you need done. We will work with you to achieve the desired result.

Level 4, 350 Collins Street
MELBOURNE VIC
3000 AUSTRALIA

Level 1, 234 George Street
SYDNEY NSW
2000 AUSTRALIA

Please include a little about the service you are after and what you need done. We will work with you to achieve the desired result.

Read terms & conditions

Protected by reCAPTCHAv3

Protected by reCAPTCHAv3