​CVE-2022-23642

PoC for Sourcegraph Gitserver 3.37.0 RCE

Sourcegraph prior to 3.37.0 has a remote code execution vulnerability on its gitserver service. This is due to lack of restriction on git config execution thus "core.sshCommand" can be passed on the HTTP arguments which can contain arbitrary bash commands. Note that this is only possible if gitserver is exposed to the attacker.

https://github.com/Altelus1/CVE-2022-23642

Research:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23642

#exploit #cve

COFFInjector

A Proof of Concept code - loading and injecting MSVC object file.

https://github.com/0xpat/COFFInjector

Research:
https://0xpat.github.io/Malware_development_part_8/

𝗪𝗵𝗮𝘁 𝗶𝘀 𝘁𝗵𝗲 𝗧𝗖𝗣/𝗜𝗣 𝗠𝗼𝗱𝗲𝗹?

Introduction to TCP/IP Model. 🧵👇🏻

It is a standardization model for computer networking. The OSI model, while widely referenced, is not used in practice. The TCP/IP model, on the other hand, is the real deal. Fortunately, it's not all that different.


https://twitter.com/xtremepentest/status/1535919885586513920?t=CYsB6fjYnnnxarfpZ3pEUw&s=19

https://github.com/Screetsec/TheFatRat

Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV softw…

https://github.com/SecuProject/DLLHijackingScanner

This is a PoC for bypassing UAC using DLL hijacking and abusing the "Trusted Directories" verification.

These people are underestimating the Indian hackers, then show them some power. Their twitter handle: https://twitter.com/DragonForceIO

From XSS to reverse shell with BeEF
https://youtu.be/cdVxC-Fwgyo

https://github.com/youhacker55/BeefAuto

python script Automate Beef And Configure it to use overwan by using ngrok to open ports

https://github.com/swagkarna/Nivistealer

steal victim images exact location device info and much more

From XSS to reverse shell with BeEF
https://youtu.be/cdVxC-Fwgyo

https://github.com/pussycat0x/malicious-pdf

Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator

https://github.com/hahwul/dalfox

DalFox is an powerful open source XSS scanning tool and parameter analyzer and utility that fast the process of detecting and verify XSS flaws. It comes with a powerful testing engine, many niche features for the cool hacker!

https://github.com/0xh4di/GSMDecryption

This open source software allows the 'cracking' of A5/1 keys used to encrypt GSM 2G calls and SMS. The cracking utility Kraken, developed by Frank A. Stevenson, is written in C++/python and runs on AMD GPUs or CPUs. Kraken leverages rainbow tables that were computed as a community effort.

2FA Verification Code Bypass Attack via Burpsuite | OTP Verification Bypass | Bug Bounty
https://youtu.be/OjWhPenOkyA

[#CYBER_TRICKS_ZONE]

INTERACTIVE CYBER SECURITY CAREER ROADMAP

CREDITS :- CYBRARY.IT

SUPPORT TO CYBER TRICKS ZONE ❤️
@cybertrickszone1