Forwarded from DailyCVE
π΅Egavilanmedia User Registration & Login System SQL injection vulnerability:
https://dailycve.com/node/15
https://dailycve.com/node/15
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦CAPTURE & TRACKING NEW BEST COLLETION 4 :
>> CapTipper(https://github.com/omriher/CapTipper): Malicious HTTP traffic explorer
>> Chopshop(https://github.com/MITRECND/chopshop): is a MITRE developed framework to aid analysts in the creation and execution of pynids based decoders and detectors of APT tradecraft.
>> CoralReef(http://www.caida.org/tools/measurement/coralreef/): is a software suite developed by CAIDA to analyze data collected by passive Internet traffic monitors. It provides a programming library libcoral, similar to libpcap with extensions for ATM and other network types, which is available from both C and Perl.
>> DPDK(http://dpdk.org/): is a set of libraries and drivers for fast packet processing. It was designed to run on any processors. The first supported CPU was Intel x86 and it is now extended to IBM Power 8, EZchip TILE-Gx and ARM. It runs mostly in Linux userland. A FreeBSD port is available for a subset of DPDK features.
>> DPKT(https://github.com/kbandla/dpkt): Python packet creation/parsing library.
>> ECap(https://bitbucket.org/nathanj/ecap/wiki): (External Capture) is a distributed network sniffer with a web front- end. Ecap was written many years ago in 2005, but a post on the tcpdump-workers mailing list requested a similar application... so here it is. It would be fun to update it and work on it again if there's any interest.
>> EtherApe(http://etherape.sourceforge.net/): is a graphical network monitor for Unix modeled after etherman. Featuring link layer, ip and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display. It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network.
>> HttpSniffer(https://github.com/caesar0301/http-sniffer): A multi-threading tool to sniff TCP flow statistics and embedded HTTP headers from PCAP file. Each TCP flow carrying HTTP is exported to text file in JSON format.
>> Ipsumdump(http://www.read.seas.harvard.edu/~kohler/ipsumdump/): summarizes TCP/IP dump files into a self-describing ASCII format easily readable by humans and programs. Ipsumdump can read packets from network interfaces, from tcpdump files, and from existing ipsumdump files. It will transparently uncompress tcpdump or ipsumdump files when necessary. It can randomly sample traffic, filter traffic based on its contents, anonymize IP addresses, and sort packets from multiple dumps by timestamp. Also, it can optionally create a tcpdump file containing actual packet data. It's also convenient to work with CLICK as a inserted module.
>> ITA(http://ita.ee.lbl.gov/): The Internet Traffic Archive is a moderated repository to support widespread access to traces of Internet network traffic, sponsored by ACM SIGCOMM. The traces can be used to study network dynamics, usage characteristics, and growth patterns, as well as providing the grist for trace- driven simulations. The archive is also open to programs for reducing raw trace data to more manageable forms, for generating synthetic traces, and for analyzing traces.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦CAPTURE & TRACKING NEW BEST COLLETION 4 :
>> CapTipper(https://github.com/omriher/CapTipper): Malicious HTTP traffic explorer
>> Chopshop(https://github.com/MITRECND/chopshop): is a MITRE developed framework to aid analysts in the creation and execution of pynids based decoders and detectors of APT tradecraft.
>> CoralReef(http://www.caida.org/tools/measurement/coralreef/): is a software suite developed by CAIDA to analyze data collected by passive Internet traffic monitors. It provides a programming library libcoral, similar to libpcap with extensions for ATM and other network types, which is available from both C and Perl.
>> DPDK(http://dpdk.org/): is a set of libraries and drivers for fast packet processing. It was designed to run on any processors. The first supported CPU was Intel x86 and it is now extended to IBM Power 8, EZchip TILE-Gx and ARM. It runs mostly in Linux userland. A FreeBSD port is available for a subset of DPDK features.
>> DPKT(https://github.com/kbandla/dpkt): Python packet creation/parsing library.
>> ECap(https://bitbucket.org/nathanj/ecap/wiki): (External Capture) is a distributed network sniffer with a web front- end. Ecap was written many years ago in 2005, but a post on the tcpdump-workers mailing list requested a similar application... so here it is. It would be fun to update it and work on it again if there's any interest.
>> EtherApe(http://etherape.sourceforge.net/): is a graphical network monitor for Unix modeled after etherman. Featuring link layer, ip and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display. It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network.
>> HttpSniffer(https://github.com/caesar0301/http-sniffer): A multi-threading tool to sniff TCP flow statistics and embedded HTTP headers from PCAP file. Each TCP flow carrying HTTP is exported to text file in JSON format.
>> Ipsumdump(http://www.read.seas.harvard.edu/~kohler/ipsumdump/): summarizes TCP/IP dump files into a self-describing ASCII format easily readable by humans and programs. Ipsumdump can read packets from network interfaces, from tcpdump files, and from existing ipsumdump files. It will transparently uncompress tcpdump or ipsumdump files when necessary. It can randomly sample traffic, filter traffic based on its contents, anonymize IP addresses, and sort packets from multiple dumps by timestamp. Also, it can optionally create a tcpdump file containing actual packet data. It's also convenient to work with CLICK as a inserted module.
>> ITA(http://ita.ee.lbl.gov/): The Internet Traffic Archive is a moderated repository to support widespread access to traces of Internet network traffic, sponsored by ACM SIGCOMM. The traces can be used to study network dynamics, usage characteristics, and growth patterns, as well as providing the grist for trace- driven simulations. The archive is also open to programs for reducing raw trace data to more manageable forms, for generating synthetic traces, and for analyzing traces.
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - omriher/CapTipper: Malicious HTTP traffic explorer
Malicious HTTP traffic explorer. Contribute to omriher/CapTipper development by creating an account on GitHub.
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Axiomtek is launching the AIE100-903-FL-NX AI Edge framework that can perform in rugged conditions.
#Technologies
#Technologies
Forwarded from DailyCVE
Dailycve
URI.js input validation error vulnerability | CVE
Details:
URI.js has an input validation error flaw, which comes from causing the host name to be spoofed by using a backslash (``) character followed by an at (`@`) The decision may be wrong if the host name is included in the protection decision. The effectβ¦
URI.js has an input validation error flaw, which comes from causing the host name to be spoofed by using a backslash (``) character followed by an at (`@`) The decision may be wrong if the host name is included in the protection decision. The effectβ¦
Forwarded from DailyCVE
π΅Multiple vulnerabilities in Aterm SA3500G provided by NEC Corporation:
https://dailycve.com/node/17
https://dailycve.com/node/17
Dailycve
Multiple vulnerabilities in Aterm SA3500G provided by NEC Corporation | CVE
Details:
OS Command Injection ( CWE-78 ) --CVE-2020-5635
CVSS v3CVSS: 3.0 / AV: A / AC: L / PR: N / UI: N / S: U / C: H / I: H / A: HBase value: 8.8
CVSS v2AV: A / AC: L / Au: N / C: P / I: P / A: PBase value: 5.8
OS Command Injection ( CWE-78 ) --CVE-2020-5635
CVSS v3CVSS: 3.0 / AV: A / AC: L / PR: N / UI: N / S: U / C: H / I: H / A: HBase value: 8.8
CVSS v2AV: A / AC: L / Au: N / C: P / I: P / A: PBase value: 5.8
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π Bring your favorite shell wherever you go through the ssh:
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½
PyPi 3
1) pip3 install xxh-xxh
pipx - good alternative to brew and pip, read comparision
2) pipx install xxh-xxh
Conda-forge feedstock
3) conda config --add channels conda-forge
conda install xxh-xxh
Β» Homebrew
> brew install xxh
Β» Linux portable binary
1) mkdir ~/xxh && cd ~/xxh
2) wget https://github.com/xxh/xxh-portable/raw/master/result/xxh-portable-musl-alpine-Linux-x86_64.tar.gz
3) tar -xzf xxh-portable-musl-alpine-Linux-x86_64.tar.gz
4) ./xxh
> >Linux AppImage
1) mkdir ~/xxh && cd ~/xxh
2) wget -O xxh https://github.com/xxh/xxh-appimage/releases/
download/continuous/xxh-release-x86_64.AppImage
3) chmod +x xxh && ./xxh
β β β Uππ»βΊπ«Δπ¬πβ β β β
π Bring your favorite shell wherever you go through the ssh:
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½
PyPi 3
1) pip3 install xxh-xxh
pipx - good alternative to brew and pip, read comparision
2) pipx install xxh-xxh
Conda-forge feedstock
3) conda config --add channels conda-forge
conda install xxh-xxh
Β» Homebrew
> brew install xxh
Β» Linux portable binary
1) mkdir ~/xxh && cd ~/xxh
2) wget https://github.com/xxh/xxh-portable/raw/master/result/xxh-portable-musl-alpine-Linux-x86_64.tar.gz
3) tar -xzf xxh-portable-musl-alpine-Linux-x86_64.tar.gz
4) ./xxh
> >Linux AppImage
1) mkdir ~/xxh && cd ~/xxh
2) wget -O xxh https://github.com/xxh/xxh-appimage/releases/
download/continuous/xxh-release-x86_64.AppImage
3) chmod +x xxh && ./xxh
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
Releases Β· xxh/xxh-appimage
xonsh.AppImage continuous build. Contribute to xxh/xxh-appimage development by creating an account on GitHub.
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from DailyCVE
Dailycve
Plone XXE attacks | CVE
Details:
Plone is a Zope Technology Server-based open source content management system (CMS). In Plone versions prior to 5.2.3, there is a security vulnerability which allows XXE attacks to be carried out without permission through features protected byβ¦
Plone is a Zope Technology Server-based open source content management system (CMS). In Plone versions prior to 5.2.3, there is a security vulnerability which allows XXE attacks to be carried out without permission through features protected byβ¦
π¦free recommended project Haka:
An open source security oriented language which allows to describe protocols and apply security policies on (live) captured traffic. The scope of Haka language is twofold. First of all, it allows to write security rules in order to filter/alter/drop unwanted packets and log and report malicious activities. Second, Haka features a grammar enabling to specify network protocols and their underlying state machine.
Β» http://www.haka-security.org
An open source security oriented language which allows to describe protocols and apply security policies on (live) captured traffic. The scope of Haka language is twofold. First of all, it allows to write security rules in order to filter/alter/drop unwanted packets and log and report malicious activities. Second, Haka features a grammar enabling to specify network protocols and their underlying state machine.
Β» http://www.haka-security.org
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
The truth of the 'phantom market merger' of NEC / Fujitsu, the Hinomaru Union set up by NTTT.
#International
#International
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hack/ Pentesting ios browser's with bug: guide
https://bugs.chromium.org/p/project-zero/issues/detail?id=1858
1) The class _NSDataFileBackedFuture can be deserialized even if secure encoding is enabled.
2) This class is a file-backed NSData object that loads a local file into memory when the [NSData bytes] selector is called.
3) This presents two problems. First, it could potentially allow undesired access to local files if the code deserializing the buffer ever shares it (this is more likely to cause problems in components that use serialized objects to communicate locally than in iMessage).
4) Second, it allows an NSData object to be created with a length that is different than the length of its byte array. This violates a very basic property that should always be true of NSData objects. This can allow out of bounds reads, and could also potentially lead to out-of-bounds writes, as it is now possible to create NSData objects with very large sizes that would not be possible if the buffer was backed.
π¦To reproduce the issue with the files in filebacked.zip:
1) install frida (pip3 install frida)
2) open sendMessage.py, and replace the sample receiver with the phone number or email of the target device
in injectMessage.js replace the marker "PATH" with the path of the obj file
3) in the local directory, run:
4) python3 sendMessage.py
Please note that the attached repro case is a simple example to demonstrate the reach-ability of the class in Springboard. The actual consequences of the bug are likely more serious. This PoC only works on devices with iOS 12 or later.
code/ref :
https://github.com/TinToSer/ios-RCE-Vulnerability
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hack/ Pentesting ios browser's with bug: guide
https://bugs.chromium.org/p/project-zero/issues/detail?id=1858
1) The class _NSDataFileBackedFuture can be deserialized even if secure encoding is enabled.
2) This class is a file-backed NSData object that loads a local file into memory when the [NSData bytes] selector is called.
3) This presents two problems. First, it could potentially allow undesired access to local files if the code deserializing the buffer ever shares it (this is more likely to cause problems in components that use serialized objects to communicate locally than in iMessage).
4) Second, it allows an NSData object to be created with a length that is different than the length of its byte array. This violates a very basic property that should always be true of NSData objects. This can allow out of bounds reads, and could also potentially lead to out-of-bounds writes, as it is now possible to create NSData objects with very large sizes that would not be possible if the buffer was backed.
π¦To reproduce the issue with the files in filebacked.zip:
1) install frida (pip3 install frida)
2) open sendMessage.py, and replace the sample receiver with the phone number or email of the target device
in injectMessage.js replace the marker "PATH" with the path of the obj file
3) in the local directory, run:
4) python3 sendMessage.py
Please note that the attached repro case is a simple example to demonstrate the reach-ability of the class in Springboard. The actual consequences of the bug are likely more serious. This PoC only works on devices with iOS 12 or later.
code/ref :
https://github.com/TinToSer/ios-RCE-Vulnerability
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - TinToSer/ios-RCE-Vulnerability: Latest ios RCE Vulnerability disclosed by Google Security Researcher
Latest ios RCE Vulnerability disclosed by Google Security Researcher - TinToSer/ios-RCE-Vulnerability
Forwarded from DailyCVE
Dailycve
Umbraco path traversal vulnerability | CVE
Details:
Umbraco is a Content Management System (CMS) open source written by Umbraco, Denmark, in C#. There is a path traversal flaw in Umbraco CMS 8.9.1 and earlier versions, allowing arbitrary files to be written outside the home directory of the site andβ¦
Umbraco is a Content Management System (CMS) open source written by Umbraco, Denmark, in C#. There is a path traversal flaw in Umbraco CMS 8.9.1 and earlier versions, allowing arbitrary files to be written outside the home directory of the site andβ¦