GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → intrinsic-propensity → turing-machine

intrinsic-propensity / turing-machine

Licence: other
A Python program implementing and exploiting the Minsky Turing machine considered in the paper "Intrinsic Propensity for Vulnerability in Computers? Arbitrary Code Execution in the Universal Turing Machine" as per CVE-2021-32471 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32471)

Programming Languages

python
139335 projects - #7 most used programming language

Labels

vulnerabilityturing-machineuniversal-turing-machineminskyarbitrary-code-execution

Projects that are alternatives of or similar to turing-machine

vmware guest auth bypass
Proof of concept of VMSA-2017-0012
Stars: ✭ 42 (-40%)
Mutual labels:  vulnerability
vulnscan
A static binary vulnerability scanner
Stars: ✭ 47 (-32.86%)
Mutual labels:  vulnerability
nmap-log4shell
Nmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228)
Stars: ✭ 54 (-22.86%)
Mutual labels:  vulnerability
SAP vulnerabilities
DoS PoC's for SAP products
Stars: ✭ 47 (-32.86%)
Mutual labels:  vulnerability
apachrot
Apache (Linux) CVE-2021-41773/2021-42013 Mass Vulnerability Checker
Stars: ✭ 21 (-70%)
Mutual labels:  vulnerability
PTEye
Phantom eye——A passive business logic vulnerability auditing tool
Stars: ✭ 55 (-21.43%)
Mutual labels:  vulnerability
trivy-vulnerability-explorer
Web application that allows to load a Trivy report in json format and displays the vulnerabilities of a single target in an interactive data table.
Stars: ✭ 63 (-10%)
Mutual labels:  vulnerability
CVE-2020-11651
CVE-2020-11651: Proof of Concept
Stars: ✭ 41 (-41.43%)
Mutual labels:  vulnerability
safelog4j
Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading
Stars: ✭ 38 (-45.71%)
Mutual labels:  vulnerability
exploits
Some of my public exploits
Stars: ✭ 50 (-28.57%)
Mutual labels:  vulnerability
break-fast-serial
A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs
Stars: ✭ 53 (-24.29%)
Mutual labels:  vulnerability
overflow
A command-line tool for exploiting stack-based buffer overflow vulnerabilities.
Stars: ✭ 66 (-5.71%)
Mutual labels:  vulnerability
rest-api
REST API backend for Reconmap
Stars: ✭ 48 (-31.43%)
Mutual labels:  vulnerability
weblogic honeypot
WebLogic Honeypot is a low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware. This is a Remote Code Execution vulnerability.
Stars: ✭ 30 (-57.14%)
Mutual labels:  vulnerability
SmmExploit
The report and the exploit of CVE-2021-26943, the kernel-to-SMM local privilege escalation vulnerability in ASUS UX360CA BIOS version 303.
Stars: ✭ 98 (+40%)
Mutual labels:  vulnerability
NIST-to-Tech
An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)
Stars: ✭ 61 (-12.86%)
Mutual labels:  vulnerability
TraditionalMitigation
Traditional Mitigation in GCC to defend Memory Corruption Vulnerability
Stars: ✭ 16 (-77.14%)
Mutual labels:  vulnerability
PayloadsAll
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (-55.71%)
Mutual labels:  vulnerability
exynos-usbdl
Unsigned code loader for Exynos BootROM
Stars: ✭ 57 (-18.57%)
Mutual labels:  vulnerability
Wireworld
A simple Wireworld cellular automaton explorer in Swift
Stars: ✭ 12 (-82.86%)
Mutual labels:  turing-machine
View All Similar Projects ➔

Arbitrary Code Execution in the Universal Turing Machine

This is an implementation of the Universal Turing Machine as presented in Minsky, Computation: Finite and infinite machines, 1967, Chapter 7.

The default input to the simulated machine is an exploit that achieves arbitrary code execution.

Run the program with

$ python3.7 minskys_turing_machine.py 
State 19 reading S writing B shifting left  resulting in:  00111MYBAAXAAAAAAAXAABAAAAB1000Y01SX0000001X0010110X0100011X0110100Y00 Step 380
                                                                                    A
State 19 reading S writing B shifting left  resulting in:  0011M0Y00BX0000000X001000011000Y00SX0000001X0010110X0100011X0110100Y00 Step 721
                                                                   A
State 19 reading S writing B shifting left  resulting in:  001M00Y00BX0000000X001000011000Y00SX0000001X0010110X0100011X0110100Y00 Step 1055
                                                                   A
State 19 reading S writing B shifting left  resulting in:  00M000Y00BX0000000X001000011000Y00SX0000001X0010110X0100011X0110100Y00 Step 1393
                                                                   A
State 18 reading S writing A shifting left  resulting in:  0M0000Y00AX0000000X001000011000Y00SX0000001X0010110X0100011X0110100Y00 Step 1735
                                                                   A
State 18 reading S writing A shifting left  resulting in:  M00000Y00AX0000000X001000011000Y00SX0000001X0010110X0100011X0110100Y00 Step 1909
                                                                   A
Ran out of tape!

Help is provided with

$ python3.7 minskys_turing_machine.py -h
usage: minskys_turing_machine.py [-h] [--machine_condition MACHINE_CONDITION]
                                 [--machine_description MACHINE_DESCRIPTION]
                                 [--machine_tape MACHINE_TAPE]
                                 [--verbosity VERBOSITY]

A Universal Turing Machine as described in Minsky, Computation: Finite and
infinite machines, 1967, Chapter 7.

optional arguments:
  -h, --help            show this help message and exit
  --machine_condition MACHINE_CONDITION
                        The internal state and the currently read symbol. The
                        default starts in state 00 and the head is scanning a
                        1.
  --machine_description MACHINE_DESCRIPTION
                        The program of the Turing machine to be simulated.
  --machine_tape MACHINE_TAPE
                        The simulated Turing machine's initial tape. The
                        default is an exploit that achieves arbitrary code
                        execution.
  --verbosity VERBOSITY
                        Degree of vebosity, 1-4.

The vulnerability has been assigned CVE-2021-32471 and is presented in detail in Pontus Johnson's paper Intrinsic Propensity for Vulnerability in Computers? Arbitrary Code Execution in the Universal Turing Machine from 2021. There is also a talk on YouTube on the vulnerability and its exploitation.

A visual simulation of the exploit is available at https://intrinsic-propensity.github.io.

For an alternative re-implementation of the vulnerable Minsky Turing machine, check out Andreas Rozek's specification for Martín Ugarte's Turing machine simulator.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].