MYBB_1.8.32_LFI_RCE
MyBB 1.8.32 – Chained LFI Remote Code Execution (RCE) (Authenticated) python exploit script…
Download: https://system32.ink/news-feed/p/194/
MyBB 1.8.32 – Chained LFI Remote Code Execution (RCE) (Authenticated) python exploit script…
Download: https://system32.ink/news-feed/p/194/
hackebds(2023.1.29 0.3.3)
Generate backdoor programs of various architectures. The backdoor program is packaged in shellless pure shellcode and is smal,Pure static backdoor .Armv5, Armv7, Armv8, mipsel, mips,mips64,mipsel64,powerpc, powerpc64,sparc,sparc64 are now supported, and they are still being updated (PS:bash support is added to the reverse shell after version 0.3.1). If the backdoor of the reverse shell is generated with the - power parameter, the reverse shell will continue to be generated on the target machine)
Generate reverse_shell shellcode of various architectures during the exploit process, and no null bytes, which facilitates the exploitation of memory corruption vulnerabilities on embedded devices. Armv5, Armv7, Armv8, mipsel, mips, mips64, mipsel64, powerpc, powerpc64,sparc are now supported, and they are still being updated|
Generate bind of various architectures bind_Shell file.
Support command line generation backdoor and shell code, Strong anti hunting ability,characterized by light, small, efficient and fast
Download: https://system32.ink/news-feed/p/204/
Generate backdoor programs of various architectures. The backdoor program is packaged in shellless pure shellcode and is smal,Pure static backdoor .Armv5, Armv7, Armv8, mipsel, mips,mips64,mipsel64,powerpc, powerpc64,sparc,sparc64 are now supported, and they are still being updated (PS:bash support is added to the reverse shell after version 0.3.1). If the backdoor of the reverse shell is generated with the - power parameter, the reverse shell will continue to be generated on the target machine)
Generate reverse_shell shellcode of various architectures during the exploit process, and no null bytes, which facilitates the exploitation of memory corruption vulnerabilities on embedded devices. Armv5, Armv7, Armv8, mipsel, mips, mips64, mipsel64, powerpc, powerpc64,sparc are now supported, and they are still being updated|
Generate bind of various architectures bind_Shell file.
Support command line generation backdoor and shell code, Strong anti hunting ability,characterized by light, small, efficient and fast
Download: https://system32.ink/news-feed/p/204/
Forwarded from 卩ro 爪Cracker
CVE-2023-23560 flaw exposes 100 Lexmark printer models to hack
https://securityaffairs.com/141428/hacking/lexmark-cve-2023-23560-rce.html
https://securityaffairs.com/141428/hacking/lexmark-cve-2023-23560-rce.html
Security Affairs
CVE-2023-23560 flaw exposes 100 Lexmark printer models to hack
Lexmark released a firmware update to fix a remote code execution flaw, tracked as CVE-2023-23560, that impacts more than 100 printer models.
OSINT tool to investigate GitHub profiles
https://github.com/mxrch/gitfive
Receive your WhatsApp messages on Telegram
https://github.com/subinps/TG-WhatsApp
Detecting Windows x86 API hooking and modification
https://github.com/ytk2128/api-monitor32
Sharing directory and files from cli to ios and android devices without need of an extra clien app
https://github.com/parvardegr/sharingl
https://github.com/mxrch/gitfive
Receive your WhatsApp messages on Telegram
https://github.com/subinps/TG-WhatsApp
Detecting Windows x86 API hooking and modification
https://github.com/ytk2128/api-monitor32
Sharing directory and files from cli to ios and android devices without need of an extra clien app
https://github.com/parvardegr/sharingl
🏆1
The shortest payload for a tiny php reverse shell written in 19 bytes using only non-alphanumeric characters. Hex values inside ⛶ indicate raw bytes.
This will help to bypass WAF and execute PHP reverse shell for RCE.
Download: https://system32.ink/news-feed/p/198/
This will help to bypass WAF and execute PHP reverse shell for RCE.
Download: https://system32.ink/news-feed/p/198/
CVE-2022-26485 exploit(UAF in XSLT parameter processing, bugzilla )
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. Mozilla have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox <
⚠️Tested against Firefox 78.0 (Windows)
Download: https://system32.ink/news-feed/p/199/
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. Mozilla have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox <
97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. ⚠️Tested against Firefox 78.0 (Windows)
Download: https://system32.ink/news-feed/p/199/
👍3
PoC of CVE-2021-34514(Windows Kernel EoP vuln, ALPC OOB)
Download: https://system32.ink/news-feed/p/201/
Download: https://system32.ink/news-feed/p/201/
🔥🔥🔥VMware vRealize Log Insight VMSA-2023-0001 Technical Deep Dive
This vulnerability is exploitable in the default configuration for VMware vRealize Log Insight. We have successfully reproduced this exploit and would like to provide the technical details about how this vulnerability works.
💥PoC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs:
💾 VMware vRealize Log Insight Directory Traversal Vulnerability
(CVE-2022-31706)
💾 VMware vRealize Log Insight broken access control Vulnerability
(CVE-2022-31704)
💾 VMware vRealize Log Insight contains an Information Disclosure Vulnerability
(CVE-2022-31711)
Download:https://system32.ink/news-feed/p/205/
This vulnerability is exploitable in the default configuration for VMware vRealize Log Insight. We have successfully reproduced this exploit and would like to provide the technical details about how this vulnerability works.
💥PoC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs:
💾 VMware vRealize Log Insight Directory Traversal Vulnerability
(CVE-2022-31706)
💾 VMware vRealize Log Insight broken access control Vulnerability
(CVE-2022-31704)
💾 VMware vRealize Log Insight contains an Information Disclosure Vulnerability
(CVE-2022-31711)
Download:https://system32.ink/news-feed/p/205/
Tracr: Compiled Transformers as a Laboratory for Interpretability
git clone https://github.com/deepmind/tracr
cd tracr6
pip3 install .7
https://github.com/deepmind/tracrhttps://arxiv.org/abs/2301.05062v1
GitHub
GitHub - google-deepmind/tracr
Contribute to google-deepmind/tracr development by creating an account on GitHub.
🤩2👍1
👍3
Forwarded from CYBER TRICKS ZONE 🇮🇳🚩 (𝙋𝙧𝙤𝙩𝙤𝙘𝙤𝙡 𝙉𝙞𝙘𝙠)
Master OAuth 2.0 Vulnerability
#bugbounty #infosec
Difficulty : Any
OAuth 2.0 Resources :👇
• https://owasp.org/www-pdf-archive/20151215-Top_X_OAuth_2_Hacks-asanso.pdf
• https://medium.com/@lokeshdlk77/stealing-facebook-mailchimp-application-oauth-2-0-access-token-3af51f89f5b0
• https://medium.com/a-bugz-life/the-wondeful-world-of-oauth-bug-bounty-edition-af3073b354c1
• https://gauravnarwani.com/misconfigured-oauth-to-account-takeover/
• https://medium.com/@Jacksonkv22/oauth-misconfiguration-lead-to-complete-account-takeover-c8e4e89a96a
• https://medium.com/@logicbomb_1/bugbounty-user-account-takeover-i-just-need-your-email-id-to-login-into-your-shopping-portal-7fd4fdd6dd56
• https://medium.com/@protector47/full-account-takeover-via-referrer-header-oauth-token-steal-open-redirect-vulnerability-chaining-324a14a1567
• https://hackerone.com/reports/49759
• https://hackerone.com/reports/131202
• https://hackerone.com/reports/6017
• https://hackerone.com/reports/7900
• https://hackerone.com/reports/244958
• https://hackerone.com/reports/405100
• https://ysamm.com/?p=379
• https://amolbaikar.com/facebook-oauth-framework-vulnerability/
•https://medium.com/@godofdarkness.msf/mail-ru-ext-b-scope-account-takeover-1500-abdb1560e5f9
• https://medium.com/@tristanfarkas/finding-a-security-bug-in-discord-and-what-it-taught-me-516cda561295
• https://medium.com/@0xgaurang/case-study-oauth-misconfiguration-leads-to-account-takeover-d3621fe8308b
• https://medium.com/@rootxharsh_90844/abusing-feature-to-steal-your-tokens-f15f78cebf74
• http://blog.intothesymmetry.com/2014/02/oauth-2-attacks-and-bug-bounties.html
• http://blog.intothesymmetry.com/2015/04/open-redirect-in-rfc6749-aka-oauth-20.html
• https://veracode.com/blog/research/spring-social-core-vulnerability-disclosure
• https://medium.com/@apkash8/oauth-and-security-7fddce2e1dc5
• https://xploitprotocol.medium.com/exploiting-oauth-2-0-authorization-code-grants-379798888893
Thanks You For Reading this 🙏
Hope You'll like 👍 it
#bugbounty #infosec
Difficulty : Any
OAuth 2.0 Resources :👇
• https://owasp.org/www-pdf-archive/20151215-Top_X_OAuth_2_Hacks-asanso.pdf
• https://medium.com/@lokeshdlk77/stealing-facebook-mailchimp-application-oauth-2-0-access-token-3af51f89f5b0
• https://medium.com/a-bugz-life/the-wondeful-world-of-oauth-bug-bounty-edition-af3073b354c1
• https://gauravnarwani.com/misconfigured-oauth-to-account-takeover/
• https://medium.com/@Jacksonkv22/oauth-misconfiguration-lead-to-complete-account-takeover-c8e4e89a96a
• https://medium.com/@logicbomb_1/bugbounty-user-account-takeover-i-just-need-your-email-id-to-login-into-your-shopping-portal-7fd4fdd6dd56
• https://medium.com/@protector47/full-account-takeover-via-referrer-header-oauth-token-steal-open-redirect-vulnerability-chaining-324a14a1567
• https://hackerone.com/reports/49759
• https://hackerone.com/reports/131202
• https://hackerone.com/reports/6017
• https://hackerone.com/reports/7900
• https://hackerone.com/reports/244958
• https://hackerone.com/reports/405100
• https://ysamm.com/?p=379
• https://amolbaikar.com/facebook-oauth-framework-vulnerability/
•https://medium.com/@godofdarkness.msf/mail-ru-ext-b-scope-account-takeover-1500-abdb1560e5f9
• https://medium.com/@tristanfarkas/finding-a-security-bug-in-discord-and-what-it-taught-me-516cda561295
• https://medium.com/@0xgaurang/case-study-oauth-misconfiguration-leads-to-account-takeover-d3621fe8308b
• https://medium.com/@rootxharsh_90844/abusing-feature-to-steal-your-tokens-f15f78cebf74
• http://blog.intothesymmetry.com/2014/02/oauth-2-attacks-and-bug-bounties.html
• http://blog.intothesymmetry.com/2015/04/open-redirect-in-rfc6749-aka-oauth-20.html
• https://veracode.com/blog/research/spring-social-core-vulnerability-disclosure
• https://medium.com/@apkash8/oauth-and-security-7fddce2e1dc5
• https://xploitprotocol.medium.com/exploiting-oauth-2-0-authorization-code-grants-379798888893
Thanks You For Reading this 🙏
Hope You'll like 👍 it
👍3
https://anubism3333.blogspot.com/2022/06/how-to-stay-motivated.html
https://anubism3333.blogspot.com/2022/06/at-which-time-you-should-feel-that-you.html
https://anubism3333.blogspot.com/2022/06/the-human-way-of-thinking.html
https://anubism3333.blogspot.com/2022/06/being-alone.html
https://anubism3333.blogspot.com/2022/07/the-quotations-that-reveal-reality.html
https://anubism3333.blogspot.com/2022/07/the-definition-of-love.html
https://hacklido.com/blog/271-windows-forensics-the-art-of-investigating-part-1
https://hacklido.com/d/56-windows-file-system-investigation-part-1introduction
https://hacklido.com/d/51-information-about-windows-registry
https://hacklido.com/d/55-windows-registry-investigation-cheatsheet-part-1
https://lonewarriorco.blogspot.com/2022/10/ram-forensics-using-volatility.html
https://hacklido.com/d/66-yara-language
https://hacklido.com/blog/251-securing-your-linux-server-with-host-based-firewall-protection-using-iptables
https://hacklido.com/blog/252-steps-to-set-up-a-firewall-with-ufw
https://hacklido.com/blog/258-honeypots-the-game-of-traps
https://hacklido.com/blog/262-proxy-my-love-part-1
https://www.codelivly.com/osint/
All my Motivational And Infosec Blogs.
https://anubism3333.blogspot.com/2022/06/at-which-time-you-should-feel-that-you.html
https://anubism3333.blogspot.com/2022/06/the-human-way-of-thinking.html
https://anubism3333.blogspot.com/2022/06/being-alone.html
https://anubism3333.blogspot.com/2022/07/the-quotations-that-reveal-reality.html
https://anubism3333.blogspot.com/2022/07/the-definition-of-love.html
https://hacklido.com/blog/271-windows-forensics-the-art-of-investigating-part-1
https://hacklido.com/d/56-windows-file-system-investigation-part-1introduction
https://hacklido.com/d/51-information-about-windows-registry
https://hacklido.com/d/55-windows-registry-investigation-cheatsheet-part-1
https://lonewarriorco.blogspot.com/2022/10/ram-forensics-using-volatility.html
https://hacklido.com/d/66-yara-language
https://hacklido.com/blog/251-securing-your-linux-server-with-host-based-firewall-protection-using-iptables
https://hacklido.com/blog/252-steps-to-set-up-a-firewall-with-ufw
https://hacklido.com/blog/258-honeypots-the-game-of-traps
https://hacklido.com/blog/262-proxy-my-love-part-1
https://www.codelivly.com/osint/
All my Motivational And Infosec Blogs.
🔥3
📲Enzyme is an jailbreak-free iOS modding framework that allows you to statically patch and hook iOS apps.
This repository contains an example using Enzyme. For modifying this, check out the CMakeLists.txt file, the patcher/main.py file, the patcher/bootstrap.asm file, and the src folder.
Download:- https://system32.ink/news-feed/p/213/
This repository contains an example using Enzyme. For modifying this, check out the CMakeLists.txt file, the patcher/main.py file, the patcher/bootstrap.asm file, and the src folder.
Download:- https://system32.ink/news-feed/p/213/
RedTeam-Tools-main.zip
40.1 KB
#RedTeam #hack #tools
Collection of 100+ tools and resources that can be useful for red teaming activities.
https://github.com/A-poc/RedTeam-Tools
Collection of 100+ tools and resources that can be useful for red teaming activities.
https://github.com/A-poc/RedTeam-Tools
👍1
Exploit for CVE-2022-25765 command injection in pdfkit < 0.8.6
download: https://system32.ink/news-feed/p/209/
download: https://system32.ink/news-feed/p/209/
🏆3