๐ฅNETGEAR Routers: A Playground for Hackers?
Overall, the security posture of custom binaries built by NETGEAR contained many vulnerabilities, largely due to the widespread usage of insecure C functions such as
Content:
๐พ Summary
๐พ Advisories
๐พ Vulnerabilities
๐ฝ Telnet
๐ PSV-2023-0008 โ Telnet Default Account Privilege Escalation Breakout
๐ฝ Web Application
๐ PSV-2022-???? โ JSON Response Stack Data Leak
๐ฝ SOAP Service
๐ PSV-2023-0009 โ Write HTTP Response Stack Pointer Leak
๐ PSV-2022-???? โ SOAPAction Stack Buffer Overflow
๐ PSV-2023-0010 โ HTTP Body Off-By-One NULL Terminator Stack Canary Corruption
๐ PSV-2023-0011 โ HTTP Protocol Stack Buffer Overflow
๐ PSV-2023-0012 โ SOAP Parameters Stack Buffer Overflow
๐พ Conclusion
Overall, the security posture of custom binaries built by NETGEAR contained many vulnerabilities, largely due to the widespread usage of insecure C functions such as
strcpy, strcat, sprintf, or from off-by-one errors. However, the majority of the binaries on the NETGEAR router were compiled with many protections in place, including stack canaries, non-executable stack (NX), position-independent code (PIE) and address layout randomization (ASLR) enabled. These protections made many of the vulnerabilities identified difficult to exploit on their own.Content:
๐พ Summary
๐พ Advisories
๐พ Vulnerabilities
๐ฝ Telnet
๐ PSV-2023-0008 โ Telnet Default Account Privilege Escalation Breakout
๐ฝ Web Application
๐ PSV-2022-???? โ JSON Response Stack Data Leak
๐ฝ SOAP Service
๐ PSV-2023-0009 โ Write HTTP Response Stack Pointer Leak
๐ PSV-2022-???? โ SOAPAction Stack Buffer Overflow
๐ PSV-2023-0010 โ HTTP Body Off-By-One NULL Terminator Stack Canary Corruption
๐ PSV-2023-0011 โ HTTP Protocol Stack Buffer Overflow
๐ PSV-2023-0012 โ SOAP Parameters Stack Buffer Overflow
๐พ Conclusion
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
โก1๐1
๐ Web Pentesting Roadmap for Success ๐
Web pentesting is a process of finding and exploiting security vulnerabilities in web applications or websites to ensure their security. It involves gathering information about the target, identifying weaknesses, and providing recommendations for improvement.
๐Link: bit.ly/Web-Pentesting-Roadmap
Share with Love๐
Web pentesting is a process of finding and exploiting security vulnerabilities in web applications or websites to ensure their security. It involves gathering information about the target, identifying weaknesses, and providing recommendations for improvement.
๐Link: bit.ly/Web-Pentesting-Roadmap
Share with Love๐
๐1
Forwarded from Tสษชแดแดส Pแดษดษขแดษชษด ( trickypenguin.ink )
Malware is a type of software that is designed to cause harm to a computer or its users. It can be used to steal personal information, damage files, or even take control of a computer.
Read Full Article
https://trickypenguin.ink/what-is-malware-and-how-to-protect-against-malware-attacks/
#malware #botnets #torjan
Read Full Article
https://trickypenguin.ink/what-is-malware-and-how-to-protect-against-malware-attacks/
#malware #botnets #torjan
โค5
Forwarded from CYBER TRICKS ZONE ๐ฎ๐ณ๐ฉ (๐๐ง๐ค๐ฉ๐ค๐๐ค๐ก ๐๐๐๐ )
CSO
Hackers exploit WordPress vulnerability within hours of PoC exploit release
The exploitation of the vulnerability leads to a cross-site scripting (XSS) attack in which a threat actor can inject malicious scripts, redirects, advertisements, and other forms of URL manipulation into a victim site.
๐ฅ PoC for CVE-2023-32233(tested under Ubuntu 23.04)
Once the PoC is started on a vulnerable system, it may leave that system in an unstable state with corrupted kernel memory. We strongly recommend to test the PoC on a dedicated system to avoid potential data corruptions.
Download: https://system32.ink/news-feed/p/367/
Once the PoC is started on a vulnerable system, it may leave that system in an unstable state with corrupted kernel memory. We strongly recommend to test the PoC on a dedicated system to avoid potential data corruptions.
Download: https://system32.ink/news-feed/p/367/
โค3
Especially when it comes to Bug Bounty hunting, reconnaissance is one of the most valuable things to do. There are still "easy winsโ out there which can be found, if you have a good strategy when it comes to reconnaissance.
In this Blogpost I want to explain, how I am normally performing reconnaissance during Pentests and for Bug Bounties.
Read Full Article
In this Blogpost I want to explain, how I am normally performing reconnaissance during Pentests and for Bug Bounties.
Read Full Article
โคโ๐ฅ3
Media is too big
VIEW IN TELEGRAM
How to save all post in private from public channel
Using bot
Post credit @its_me_dollar
@Deadlymalwarexpbot
Using bot
Post credit @its_me_dollar
@Deadlymalwarexpbot
โค1
g's hacker's ( its a bad day for me but โโค๏ธ
โผ๏ธHere we go again
Microsoft is scanning the inside of password-protected zip files for malware
read_more
#hacker_bano_chutiya_nhe ๐ค
#fuck_Microsoft ๐
โผ๏ธHere we go again
Microsoft is scanning the inside of password-protected zip files for malware
read_more
#hacker_bano_chutiya_nhe ๐ค
#fuck_Microsoft ๐
Forwarded from Tสษชแดแดส Pแดษดษขแดษชษด ( trickypenguin.ink )
Best Online MD5 Encryption & Decryption Tools
https://trickypenguin.ink/best-online-md5-encryption-decryption-tools/
@trickypenguin
#pentesting #cryptography
https://trickypenguin.ink/best-online-md5-encryption-decryption-tools/
@trickypenguin
#pentesting #cryptography
โค4
This media is not supported in your browser
VIEW IN TELEGRAM
โค10โคโ๐ฅ2๐1
๐ฝ๐ช๐ ๐๐ฎ๐ฅ๐ : Reflected XSS
๐๐๐ฃ๐ : https://youtube.com/shorts/Mw9tXoozrKo?feature=share
๐๐๐ฃ๐ : https://youtube.com/shorts/Mw9tXoozrKo?feature=share
YouTube
Reflected XSS
๐ฝ๐ช๐ ๐๐ฎ๐ฅ๐: Reflected XSS๐ฟ๐๐จ๐๐ง๐๐ฅ๐ฉ๐๐ค๐ฃ: Reflected XSS vulnerability happens when a website fails to validate user input, allowing malicious cod...
๐Google Dorks: Learn to Hack Anyone's Account with Google๐
โ What you'll learn?
โข Complete understanding of Google Dorks
โข How to find Vulnerabilities
โข How to find anyone's Username & Password
โข How to do Google search like a Hacker
๐Link: http://bit.ly/GoogleDorksForHacking
Share with Love๐
โ What you'll learn?
โข Complete understanding of Google Dorks
โข How to find Vulnerabilities
โข How to find anyone's Username & Password
โข How to do Google search like a Hacker
๐Link: http://bit.ly/GoogleDorksForHacking
Share with Love๐
web2shell
A Python program used to automate converting webshells into reverse shells. If you regularly do CTF, HTB, or red teaming you've probably spent a good chunk of time testing payloads to convert a webshell into a reverse shell. This tool aims to simplify this process.
A Python program used to automate converting webshells into reverse shells. If you regularly do CTF, HTB, or red teaming you've probably spent a good chunk of time testing payloads to convert a webshell into a reverse shell. This tool aims to simplify this process.
CVE-2023-32243 | wordpress
Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation
Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation
usage: exploit.py [-h] -u URL -p PASSWORD [-usr USERNAME]Download Exploit
โค2
gg's hacker's ( I love you โโค๏ธ
โผ๏ธHere we go again
here we go again ๐
#OSINT
1โพ Visual Ping web page monitoring service,
helps to track of changes on any particular website.
( hourly/everyday )
2โพ All the internet combines results from
different search engines and social media.
3โพ izito searches and combines all Search Engines!
Yahoo, Microsoft Bing, YouTube, Wikipedia, Entireweb etc...
#exploit
1. CVE-2023-1586:
Avast Anti-Virus privileged arbitrary file create on virus restore
and as always #hacker_bano_chutiya_nhe ๐๐
โผ๏ธHere we go again
here we go again ๐
#OSINT
1โพ Visual Ping web page monitoring service,
helps to track of changes on any particular website.
( hourly/everyday )
2โพ All the internet combines results from
different search engines and social media.
3โพ izito searches and combines all Search Engines!
Yahoo, Microsoft Bing, YouTube, Wikipedia, Entireweb etc...
#exploit
1. CVE-2023-1586:
Avast Anti-Virus privileged arbitrary file create on virus restore
and as always #hacker_bano_chutiya_nhe ๐๐
โก2
Forwarded from CYBER TRICKS ZONE ๐ฎ๐ณ๐ฉ (๐๐ง๐ค๐ฉ๐ค๐๐ค๐ก ๐๐๐๐ )
State Times
Hackers attack Ahmedabad hospital with ransomware, demand USD 70,000 to restore data
AHMEDABAD: Servers of a private multi-speciality hospital here has come under a ransomware attack with the hackers demanding Bitcoin worth USD 70,000 to restore data, police said.Based on a complaint filed by K D Hospital, located on the outskirts of
Forwarded from CYBER TRICKS ZONE ๐ฎ๐ณ๐ฉ (๐๐ง๐ค๐ฉ๐ค๐๐ค๐ก ๐๐๐๐ )
The GitHub Blog
How GitHub Copilot is getting better at understanding your code
With a new Fill-in-the-Middle paradigm, GitHub engineers improved the way GitHub Copilot contextualizes your code. By continuing to develop and test advanced retrieval algorithms, theyโre working on making our AI tool even more advanced.
Forwarded from CYBER TRICKS ZONE ๐ฎ๐ณ๐ฉ (๐๐ง๐ค๐ฉ๐ค๐๐ค๐ก ๐๐๐๐ )
Realpython
Use ChatGPT to Learn Python Programming โ Real Python
Learn Python with ChatGPT! Get instant help, pair program, fix errors, and explore alternate solutions to grow your Python coding skills.
Forwarded from CYBER TRICKS ZONE ๐ฎ๐ณ๐ฉ (๐๐ง๐ค๐ฉ๐ค๐๐ค๐ก ๐๐๐๐ )
DEV Community
Git Cheat Sheet: Essential Commands for Effective Code Management
In this blog post, I have tried to cover some basic Git commands that I used frequently in my work...
OEBuilder | Hack Using Excel And Doc
OEBuilder uunique assembly, crypter and macro generator for stitching your bootloader into the doc file. The software is very convenient and understandable.
Features:
*Fake Error
*UAC Bypass
*Add password to doc
*add text
*USG
*DOC
*XLS
*Silent add ons
OEBuilder uunique assembly, crypter and macro generator for stitching your bootloader into the doc file. The software is very convenient and understandable.
Features:
*Fake Error
*UAC Bypass
*Add password to doc
*add text
*USG
*DOC
*XLS
*Silent add ons
A new blog on OWASP ZAP Tool
A perfect tool for beginners to start their web application security testing journey
Here is the links to that blog:
https://techofide.com/blogs/owasp-zap-a-powerful-web-application-security-testing-tool/
Join our group for more such Cyber Security content:
t.me/ethicalhackingtechofide
A perfect tool for beginners to start their web application security testing journey
Here is the links to that blog:
https://techofide.com/blogs/owasp-zap-a-powerful-web-application-security-testing-tool/
Join our group for more such Cyber Security content:
t.me/ethicalhackingtechofide
๐1