A hacker has claims to selling of a remote code execution (RCE) exploit for the Albatross Protocol. According to the hacker, the exploit leverages a buffer overflow vulnerability, though it faces limitations with certain security measures.
Exploit Details:
- Type: Remote Code Execution (RCE)
- Target: Albatross Protocol
- Vulnerability: Buffer Overflow
- Limitations:
- Does not work with Address Space Layout Randomization (ASLR) enabled.
- Faces issues bypassing FULL RELRO (Read-Only Relocations) as it requires writing in the Global Offset Table (GOT).
- Successfully bypasses NX (No eXecute) or Data Execution Prevention (DEP).
- Price: $10,000
- Availability: Works on all versions for the past 7 months
Seller’s Note: The hacker claims that despite the limitations, the exploit is effective across multiple versions of the Albatross Protocol over the last seven months. Potential buyers are directed to contact the seller for more information through the provided thread.
Exploit 2: Nimiq’s Blockchain Protocol
Details:
- Type: Buffer Overflow (BOF)
- Target: Nimiq’s Blockchain Protocol
- Tested on: Linux
- Version: Latest
- Price: $5,000
- Capabilities: Can be exploited to achieve RCE, though not weaponized; the seller offers the vulnerable point.
- Payment Method: Bitcoin (BTC) and Escrow only
The hacker previously advertised a buffer overflow exploit in Nimiq’s blockchain protocol. This vulnerability, tested on the latest Linux version, can potentially lead to remote code execution.
