https://system32.ink/geoserver-reverse-system-shell-cve-2024-36401-rce-exploit/
How it Works
Sets up a listener on your machine for incoming reverse shell from the target.
This POC will send a post request with the payloads.
Attempts to establish a shell on the target server.
This technique assumes nc is installed on the target.
GeoServer Reverse System Shell CVE-2024-36401 RCE Exploit
How it Works
Sets up a listener on your machine for incoming reverse shell from the target.
This POC will send a post request with the payloads.
Attempts to establish a shell on the target server.
This technique assumes nc is installed on the target.
https://system32.ink/prince-ransomware-chacha20-and-ecies-encryption/
Prince is a ransomware written from scratch in Go. It uses a mixture of ChaCha20 and ECIES cryptography in order to encrypt files securely so that they cannot be recovered by traditional recovery tools. Files which have been encrypted by Prince can only be decrypted using the corresponding decryptor.
Prince Ransomware - ChaCha20 And ECIES Encryption
Prince is a ransomware written from scratch in Go. It uses a mixture of ChaCha20 and ECIES cryptography in order to encrypt files securely so that they cannot be recovered by traditional recovery tools. Files which have been encrypted by Prince can only be decrypted using the corresponding decryptor.
https://system32.ink/splunk-enterprise-windows-path-traversal-cve-2024-36991-exploit/
Splunk Enterprise (windows) Path Traversal CVE-2024-36991 Exploit
Forwarded from OSINT AMBITION (Dheeraj Yadav)
Find public files in Amazon S3
http://s3digger.com
Find public files in Dropbox
https://www.drodigger.com/
Find public files in Disk Yandex
https://www.yadigger.com/
Find public files in Google Drive
https://www.drodigger.com/
Find public files in other file sharing sites
https://www.fidigger.com/
Find public files on url shortening sites
https://www.shortdigger.com/
By @osintambition
http://s3digger.com
Find public files in Dropbox
https://www.drodigger.com/
Find public files in Disk Yandex
https://www.yadigger.com/
Find public files in Google Drive
https://www.drodigger.com/
Find public files in other file sharing sites
https://www.fidigger.com/
Find public files on url shortening sites
https://www.shortdigger.com/
By @osintambition
👍3
https://system32.in/product/coding-botnet-backdoor-in-python-for-ethical-hacking-udemy/
Coding Botnet & Backdoor In Python For Ethical Hacking! [Udemy]
Forwarded from OSINT AMBITION (Dheeraj Yadav)
❤1
https://system32.ink/cve-2024-34361-pi-hole-remote-code-execution-exploit/
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the
CVE-2024-34361 Pi-hole Remote Code Execution Exploit
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the
gravity_DownloadBlocklistFromUrl() function. Depending on some circumstances, the vulnerability could lead to remote command execution.https://system32.ink/progress-whatsup-gold-unauthenticated-rce-cve-2024-4885-exploit/
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.
WhatsUp Gold Unauthenticated RCE (CVE-2024-4885) Exploit
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.
https://system32.ink/microsoft-sharepoint-remote-code-execution-cve-2024-38094-exploit/
Microsoft SharePoint Remote Code Execution CVE-2024-38094 Exploit
👍2
Forwarded from OSINT AMBITION (Dheeraj Yadav)
Wednesday Updates #5 is out now.
Highlights: 8 blogs, 6 external reading, 3 videos, 2 podcast episodes, 2 new events and one challenge, 3 tool updates, 3 awesome tools, a free course and many more.
🔗 https://osintambition.substack.com/p/wednesday-updates-5
Don't forget to subscribe to get all new posts directly in your inbox.
#osint #osintforgood #socmint #osinttools #osintnews #weeklyupdate
Highlights: 8 blogs, 6 external reading, 3 videos, 2 podcast episodes, 2 new events and one challenge, 3 tool updates, 3 awesome tools, a free course and many more.
🔗 https://osintambition.substack.com/p/wednesday-updates-5
Don't forget to subscribe to get all new posts directly in your inbox.
#osint #osintforgood #socmint #osinttools #osintnews #weeklyupdate
Osintupdates
Wednesday Updates #5
Highlights: 8 blogs, 6 external reading, 3 videos, 2 podcast episodes, 2 new events and one challenge, 3 tool updates, 3 awesome tools, a free course and many more.
👍1
❤3
💻 NecroWord - Embed Payload Using Undetect Macros🔩
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡3❤1👍1🥰1
Forwarded from OSINT AMBITION (Dheeraj Yadav)
Social Media OSINT Tools Collection
https://github.com/osintambition/Social-Media-OSINT-Tools-Collection
As you people have showed so much love to the repo, we had updated it yesterday. Many new tools and categories has been added.
If we missed any tool that you believe should be mentioned. Tell us in comments and we will add it.
Join @osintambition for more amazing stuff like this.
#osint #socmint #socint #tools #osinttools #resources #osintcollection
https://github.com/osintambition/Social-Media-OSINT-Tools-Collection
As you people have showed so much love to the repo, we had updated it yesterday. Many new tools and categories has been added.
If we missed any tool that you believe should be mentioned. Tell us in comments and we will add it.
Join @osintambition for more amazing stuff like this.
#osint #socmint #socint #tools #osinttools #resources #osintcollection
GitHub
GitHub - osintambition/Social-Media-OSINT-Tools-Collection: A collection of most useful osint tools for SOCINT.
A collection of most useful osint tools for SOCINT. - osintambition/Social-Media-OSINT-Tools-Collection
👍3
Forwarded from Team-Network-Nine 🇮🇳
Association of Voluntary Actions for Society (AVAS) of Bangladeash has been hacked by TEAM-NETWORK-NINE
☢️ Site https://www.avas.org.bd/ind_desk.php
✅ Poc https://ownzyou.com/zone/241999
☢️ Threat Actor : Solveig
Greetz to
#TEAM 4-Bit
#Team NWH SECURITY
#Demonsec
#Team D4RK PREDAT0RZ
#ʀᴀsʜᴛʀɪʏᴀ ᴄʏʙᴇʀ ғᴏʀᴄᴇ
#Team ucc
#Team BlackDragonsec
#indiancybermafia
#anonsec
#cryptojackers india
#Hacktivist of vanguard
#the_nh_india
#kingsman
COUNTER CYBER ATTACK
☢️ Site https://www.avas.org.bd/ind_desk.php
✅ Poc https://ownzyou.com/zone/241999
☢️ Threat Actor : Solveig
Greetz to
#TEAM 4-Bit
#Team NWH SECURITY
#Demonsec
#Team D4RK PREDAT0RZ
#ʀᴀsʜᴛʀɪʏᴀ ᴄʏʙᴇʀ ғᴏʀᴄᴇ
#Team ucc
#Team BlackDragonsec
#indiancybermafia
#anonsec
#cryptojackers india
#Hacktivist of vanguard
#the_nh_india
#kingsman
COUNTER CYBER ATTACK
🍾5👍1
Forwarded from CYBER TRICKS ZONE 🇮🇳🚩 (𝙋𝙧𝙤𝙩𝙤𝙘𝙤𝙡 𝙉𝙞𝙘𝙠)
🌟Subdominator🌟 is a powerful tool for passive subdomain enumeration during bug hunting and reconnaissance processes.
📥 https://github.com/sanjai-AK47/Subdominator
📥 https://github.com/sanjai-AK47/Subdominator
👍6
🔥1
Forwarded from 𝐓𝐇𝐄 𝐍𝐈𝐆𝐇𝐓 𝐇𝐔𝐍𝐓𝐄𝐑𝐒 ⚡️ [offline]
"⚡️ यद् हृषीकेशः तद् वादः तद् वादः परमः शिवः"
1 State Earthquake Reconstruction & rehabilitation agency (SERRA) Pakistan
2 Foaimplants Pakistan
3 Galaxy Petroleum Pakistan
4 Jinnah Business Review Pakistan
5 Gondal Memon Association Pakistan
6 Khyber Pakhtunkhwa Human Capital Investment Project Pakistan
7 Kiran Group of Companies Pakistan
8 Horizon Oil Company Pakistan
9 Rashid Latif Medical Complex Pakistan
10 Native School System Pakistan Pakistan
#team_aica #network_nine
#kingsman
#team404error #anonymous_india
#hacktivist_heaven
Please open Telegram to view this post
VIEW IN TELEGRAM
👍5🔥2❤🔥1🍾1