🖥 https://system32.ink/necroword-embed-payload-using-undetect-macros/ 🖥

💻NecroWord - Embed Payload Using Undetect Macros🔩

ℹ️NecroWord — an easy way to embed a payload using undetect macros! 😀

🤔 What is it?

➡️— In simple words - you can create an undetect infected .doc document 📄

✏️How to use ?

➡️• Generate payload gird (image file with generated code)

🟣• Set download link to your payload-grid

➡️• Generate your infected document!

🆘Attention! — This is not a CVE | We condemn the use of software for illegal purposes. All responsibility for use lies with you

🖥 https://system32.ink/litespeed-cache-privilege-escalation-cve-2024-28000-exploit/ 🖥

📡 LiteSpeed Cache Privilege Escalation CVE-2024-28000 Exploit 💻

ℹ️ The LiteSpeed Cache plugin's user simulation feature is protected by a weak security hash generated using predictable values. An attacker can exploit this vulnerability by brute-forcing the security hash and passing it in a cookie along with a targeted user ID. If successful, the attacker can escalate their privileges to that of an Administrator. 🖥

📌Affected Versions
LiteSpeed Cache plugin versions prior to 6.4 are vulnerable.

🖥 https://system32.ink/xsslite-stealer/ 🖥

🎮 XSSLite Stealer 🐻

💻 XSSLite is a well-obfuscated piece of malicious software that uses several anti-analysis and anti-detection mechanisms. For example, this stealer checks whether it is launched on a virtual machine by looking for infrastructures related to Hyper-V and VMware. It also boasts some anti-debugging features.

📡XSSLite uses the DLL side-loading technique to infiltrate machines. In other words, it utilizes the Windows DLL search order mechanism to leverage a legitimate program that executes the malicious payload. Following successful installation, the malicious program begins collecting relevant device data.

🆘XSSLite can extract and exfiltrate data from Chromium-based browsers. Typically, stealers target browsing and search engine histories, Internet cookies, log-in credentials (usernames/passwords), personally identifiable details, credit card numbers, and other sensitive information.

ℹ️According to XSSLite's promotional material, it can obtain data from all types of browser extensions. This could include plug-ins related to cloud storage, password management, 2FA/MFA (Two/Multi-Factor Authentication), cryptocurrency platforms, etc.

📢Furthermore, this malware can exfiltrate (download) victims' desktop files. The program also aims to steal cryptocurrency wallets. Additionally, the stealer has keylogging abilities, i.e., it can record keystrokes (keyboard input).

➡️It is pertinent to mention that malware developers commonly improve upon their creations and methodologies; therefore, potential future iterations of XSSLite could have additional/different capabilities.

🖥 https://system32.ink/windows-tcp-ip-remote-code-execution-cve-2024-38063-exploit/ 🖥

🖥 Windows TCP/IP Remote Code Execution CVE-2024-38063 Exploit 💻

📡 RCE in tcpip.sys 🖥

✏️ ईश्वरः परमः कृष्णः सच्चिदानन्दविग्रहः।
अनादिरादिर्गोविन्दः सर्वेकारणकारणम् ॥

⚡️ Lord Krishna who is known as Govinda is the Supreme Godhead. He
has an eternal, blissful, spiritual body. He is the origin of
all. He has no other origin and He is the prime cause of all

➡️भगवान् तो कृष्ण हैं, जो सच्चिदानन्द स्वरुप हैं। उनका कोई आदि नहीं है, क्योंकि वे प्रत्येक वस्तु के आदि हैं।
भगवान गोविंद समस्त कारणों के कारण हैं।

🖥 Cacti 1.2.26 CVE-2024-25641 RCE Automated Exploit 🪩

🔠0️⃣🔠🔠🔠🔠🔠🔠 🔣 https://system32.ink/cacti-1-2-26-cve-2024-25641-rce-automated-exploit/ 🖥

💻 Fully automated exploit for CVE-2024-25641. When a user is authenticated, Cacti version 1.2.26 is vulnerable to an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server (RCE).🐻

🖥 https://system32.ink/oxyco-rat-pro-v3-9-6/ 🖥

💻 Oxyco RAT PRO v3.9.6 🤡

ℹ️ Compatible with all devices
🟢 Bypass Play Store Signature
😈 The bypass does not depend on APK files outside the Play Store
🛡 100% FUD APK file
⏳ No screen permissions required
🍎 No permission requests when installing APKs on your device

⏰⏰⏰⏰⏰⏰⏰⏰⏰⏰⏰⏰⏰

gg's hacker's ( have a good day —❤️
‼️anyone remember ? miss you all

Link

Search by keyword, 
filter by vulnerability type,
service affected and OS. Detailed description for each exploit
(with PoC, Nuclei template or Metasploit module

#hacker_bano_chutiya_nhe 🌜❤️🌛 { back to work }

Thank You For 1️⃣0️⃣🔠 Subscribers 💟

Something 🆕 Is Comming 🌟🌟

🖥 🔠🔠🔠🔠🔠🔠🔠🔣🟰 https://system32.ink/avtech-devices-rce-cve-2024-7029-exploit/ 🖥

💻 AvTech Devices RCE CVE-2024-7029 Exploit🖥

📡➡️CVE-2024-7029 is a critical security flaw in AVTech devices that allows unauthorized access through authentication bypass, potentially leading to remote code execution. This vulnerability is particularly concerning because it can be exploited remotely, making networks with these devices highly vulnerable.➡️

⏰⏰⏰⏰⏰⏰⏰⏰⏰⏰⏰

🖥 https://system32.ink/mediatek-wi-fi-chipsets-cve-2024-20017-exploit/

🖥 MediaTek Wi-Fi Chipsets CVE-2024-20017 Exploit 💻

⏰⏰⏰⏰⏰⏰⏰⏰⏰⏰⏰⏰
🎮 Zero Click Exploit 😎
⏰⏰⏰⏰⏰⏰⏰⏰⏰⏰⏰⏰

ℹ️ The vulnerability is a buffer overflow caused by a copy operation that uses a length value taken directly from attacker-controlled packet data without bounds checking. Overall it’s a pretty simple bug to understand as it’s just a run-of-the-mill stack buffer overflow, so I thought I’d use this bug as a case study to explore multiple exploit strategies that can be taken using for this one bug, applying different exploit mitigations and conditions along the way. I think this is interesting as it provides an opportunity to focus on the more creative parts of exploit development: once you know there’s a bug, and you understand the constraints, coming up with all of the different ways you can influence the logic of the application and the effects of the bug to get code execution and pop a shell.➡️