Forwarded from UNDERCODE TESTING
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ Support & Share: t.me/undercodecommunity
This is the hub for Ethical Hackers and tech enthusiasts:
γTopics We Cover:
1οΈβ£ CVE News & Databases
2οΈβ£ Hacker & Tech News
3οΈβ£ Cybersecurity, Hacking, and Secret Methods
π Our Mission:
Share your knowledge, collaborate, and grow together in a community designed for innovation and learning.
π Join now: bit.ly/joinundercode
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ Support & Share: t.me/undercodecommunity
This is the hub for Ethical Hackers and tech enthusiasts:
γTopics We Cover:
1οΈβ£ CVE News & Databases
2οΈβ£ Hacker & Tech News
3οΈβ£ Cybersecurity, Hacking, and Secret Methods
π Our Mission:
Share your knowledge, collaborate, and grow together in a community designed for innovation and learning.
π Join now: bit.ly/joinundercode
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE TESTING
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Popular Exploit development library:
γPwntools (https://github.com/Gallopsled/pwntools) is a popular CTF (Capture The Flag) framework and exploit development library written in Python. It provides tools and features that streamline the process of writing, testing, and executing exploits, especially for binary exploitation challenges.
Key Features:
- Automated Exploit Scripts**: Easily interact with remote or local binaries.
- ROP (Return Oriented Programming): Simplifies creating ROP chains.
- Tubes: Abstraction for handling sockets, SSH, or processes.
- Assembler/Disassembler: Integrates tools like Capstone and Keystone.
- Debugging Utilities: Interfaces with GDB for dynamic analysis.
- Custom Shellcodes: Generate shellcode tailored to your needs.
Requirements:
Pwntools is compatible with Python 3 and can be installed via pip:
pip install pwntools
Example Usage:
Hereβs a basic example of using Pwntools to exploit a binary:
from pwn import *
# Connect to the remote service
conn = remote('example.com', 1337)
# Send payload
payload = b'A' * 64 + b'\xdeadbeef'
conn.sendline(payload)
# Interact with the shell
conn.interactive()
Check out the repository for detailed documentation and examples.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Popular Exploit development library:
γPwntools (https://github.com/Gallopsled/pwntools) is a popular CTF (Capture The Flag) framework and exploit development library written in Python. It provides tools and features that streamline the process of writing, testing, and executing exploits, especially for binary exploitation challenges.
Key Features:
- Automated Exploit Scripts**: Easily interact with remote or local binaries.
- ROP (Return Oriented Programming): Simplifies creating ROP chains.
- Tubes: Abstraction for handling sockets, SSH, or processes.
- Assembler/Disassembler: Integrates tools like Capstone and Keystone.
- Debugging Utilities: Interfaces with GDB for dynamic analysis.
- Custom Shellcodes: Generate shellcode tailored to your needs.
Requirements:
Pwntools is compatible with Python 3 and can be installed via pip:
pip install pwntools
Example Usage:
Hereβs a basic example of using Pwntools to exploit a binary:
from pwn import *
# Connect to the remote service
conn = remote('example.com', 1337)
# Send payload
payload = b'A' * 64 + b'\xdeadbeef'
conn.sendline(payload)
# Interact with the shell
conn.interactive()
Check out the repository for detailed documentation and examples.
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - Gallopsled/pwntools: CTF framework and exploit development library
CTF framework and exploit development library. Contribute to Gallopsled/pwntools development by creating an account on GitHub.
Forwarded from Exploiting Crew (Pr1vAt3)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦C++ scanner that retrieves tuples from a PostgreSQL database and scans them for malware:
Hereβs a simple C++ scanner that connects to a PostgreSQL database to retrieve tuples and checks them for malware. In this example, I'll assume the tuples are strings that need to be compared against a predefined list of known malware signatures.
- Security: This example does not implement secure credential handling (such as using a .pgpass file) and lacks measures to protect against SQL injection.
- Malware Detection: The method for detecting malware here is quite basic. In a real application, you would want to employ more advanced techniques, potentially involving hash checks against a comprehensive database of malware signatures.
- Error Handling: Itβs important to include proper error handling for code intended for production use.
- Dependencies: Make sure you have the libpqxx library installed, which provides the C++ API for PostgreSQL.
Ref: Maximilian Feldthusen
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦C++ scanner that retrieves tuples from a PostgreSQL database and scans them for malware:
Hereβs a simple C++ scanner that connects to a PostgreSQL database to retrieve tuples and checks them for malware. In this example, I'll assume the tuples are strings that need to be compared against a predefined list of known malware signatures.
- Security: This example does not implement secure credential handling (such as using a .pgpass file) and lacks measures to protect against SQL injection.
- Malware Detection: The method for detecting malware here is quite basic. In a real application, you would want to employ more advanced techniques, potentially involving hash checks against a comprehensive database of malware signatures.
- Error Handling: Itβs important to include proper error handling for code intended for production use.
- Dependencies: Make sure you have the libpqxx library installed, which provides the C++ API for PostgreSQL.
Ref: Maximilian Feldthusen
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π A Year Later: #Tesla Sweden Defies Blockades, Leaving Unions Frustrated
https://undercodenews.com/a-year-later-tesla-sweden-defies-blockades-leaving-unions-frustrated/
@Undercode_News
https://undercodenews.com/a-year-later-tesla-sweden-defies-blockades-leaving-unions-frustrated/
@Undercode_News
UNDERCODE NEWS
A Year Later: Tesla Sweden Defies Blockades, Leaving Unions Frustrated - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π€ Smart TV Automation with Modes and Routines: Elevate Your Viewing Experience
https://undercodenews.com/smart-tv-automation-with-modes-and-routines-elevate-your-viewing-experience/
@Undercode_News
https://undercodenews.com/smart-tv-automation-with-modes-and-routines-elevate-your-viewing-experience/
@Undercode_News
UNDERCODE NEWS
Smart TV Automation with Modes and Routines: Elevate Your Viewing Experience - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from DailyCVE
π Wazifa System 10: Cross-Site Scripting (XSS), #CVE-2024-12001 (MEDIUM)
https://dailycve.com/wazifa-system-10-cross-site-scripting-xss-cve-2024-12001-medium/
@DailyCVE
https://dailycve.com/wazifa-system-10-cross-site-scripting-xss-cve-2024-12001-medium/
@DailyCVE
DailyCVE
Wazifa System 10: Cross-Site Scripting (XSS), CVE-2024-12001 (MEDIUM) - DailyCVE
2024-12-11 : A medium severity cross-site scripting (XSS) vulnerability (CVE-2024-12001) has been identified in Wazifa System 1.0. This vulnerability affects [β¦]
Forwarded from DailyCVE
π΄ 1000 Projects Library Management System 10, SQL Injection, #CVE-2024-12188 (Critical)
https://dailycve.com/1000-projects-library-management-system-10-sql-injection-cve-2024-12188-critical/
@Daily_CVE
https://dailycve.com/1000-projects-library-management-system-10-sql-injection-cve-2024-12188-critical/
@Daily_CVE
DailyCVE
1000 Projects Library Management System 10, SQL Injection, CVE-2024-12188 (Critical) - DailyCVE
2024-12-11 : A critical SQL injection vulnerability (CVE-2024-12188) has been identified in 1000 Projects Library Management System version 1.0. This [β¦]
Forwarded from DailyCVE
π΄ PHPGurukul Complaint Management System 10: Critical SQL Injection (#CVE-2024-12230)
https://dailycve.com/phpgurukul-complaint-management-system-10-critical-sql-injection-cve-2024-12230/
@Daily_CVE
https://dailycve.com/phpgurukul-complaint-management-system-10-critical-sql-injection-cve-2024-12230/
@Daily_CVE
DailyCVE
PHPGurukul Complaint Management System 10: Critical SQL Injection (CVE-2024-12230) - DailyCVE
2024-12-11 : A critical SQL injection vulnerability (CVE-2024-12230) has been identified in PHPGurukul Complaint Management System version 1.0. This vulnerability [β¦]
Forwarded from DailyCVE
π΄ WeiYe-Jing datax-web 211: Remote Code Execution (#CVE-2024-12358) - Critical
https://dailycve.com/weiye-jing-datax-web-211-remote-code-execution-cve-2024-12358-critical/
@Daily_CVE
https://dailycve.com/weiye-jing-datax-web-211-remote-code-execution-cve-2024-12358-critical/
@Daily_CVE
DailyCVE
WeiYe-Jing datax-web 211: Remote Code Execution (CVE-2024-12358) - Critical - DailyCVE
2024-12-11 : A critical vulnerability (CVE-2024-12358) exists in WeiYe-Jing datax-web version 2.1.1. This vulnerability allows remote attackers to execute arbitrary [β¦]
Forwarded from DailyCVE
π΄ TP-Link VN020 F3v(T) SOAP Request Handler Buffer Overflow (#CVE-2024-12343) - Critical
https://dailycve.com/tp-link-vn020-f3vt-soap-request-handler-buffer-overflow-cve-2024-12343-critical/
@Daily_CVE
https://dailycve.com/tp-link-vn020-f3vt-soap-request-handler-buffer-overflow-cve-2024-12343-critical/
@Daily_CVE
DailyCVE
TP-Link VN020 F3v(T) SOAP Request Handler Buffer Overflow (CVE-2024-12343) - Critical - DailyCVE
2024-12-11 Vulnerability : A critical vulnerability exists in TP-Link VN020 F3v(T) routers running firmware version TT_V6.2.1021. This vulnerability affects an [β¦]
Forwarded from DailyCVE
π΄ Online Class and Exam Scheduling System 10, SQL Injection, #CVE-2024-12360 (Critical)
https://dailycve.com/online-class-and-exam-scheduling-system-10-sql-injection-cve-2024-12360-critical/
@Daily_CVE
https://dailycve.com/online-class-and-exam-scheduling-system-10-sql-injection-cve-2024-12360-critical/
@Daily_CVE
DailyCVE
Online Class and Exam Scheduling System 10, SQL Injection, CVE-2024-12360 (Critical) - DailyCVE
2024-12-11 : A critical SQL injection vulnerability (CVE-2024-12360) has been identified in Online Class and Exam Scheduling System version 1.0. [β¦]
Forwarded from DailyCVE
π TOTOLINK EX1800T Stack Overflow Vulnerability (#CVE-2024-12352) - Medium
https://dailycve.com/totolink-ex1800t-stack-overflow-vulnerability-cve-2024-12352-medium/
@Daily_CVE
https://dailycve.com/totolink-ex1800t-stack-overflow-vulnerability-cve-2024-12352-medium/
@Daily_CVE
DailyCVE
TOTOLINK EX1800T Stack Overflow Vulnerability (CVE-2024-12352) - Medium - DailyCVE
2024-12-11 A security vulnerability (CVE-2024-12352) has been identified in TOTOLINK EX1800T routers running firmware version 9.1.0cu.2112_B20220316. This vulnerability is classified [β¦]
Forwarded from DailyCVE
π΄ Online Notice Board Unrestricted Upload Vulnerability (#CVE-2024-12233 - Critical)
https://dailycve.com/online-notice-board-unrestricted-upload-vulnerability-cve-2024-12233-critical/
@Daily_CVE
https://dailycve.com/online-notice-board-unrestricted-upload-vulnerability-cve-2024-12233-critical/
@Daily_CVE
DailyCVE
Online Notice Board Unrestricted Upload Vulnerability (CVE-2024-12233 - Critical) - DailyCVE
2024-12-11 : A critical vulnerability (CVE-2024-12233) exists in code-projects Online Notice Board version 1.0. This vulnerability allows attackers to upload [β¦]
Forwarded from DailyCVE
π SourceCodester Phone Contact Manager System 10, Improper Input Validation, #CVE-2024-12353 (Medium)
https://dailycve.com/sourcecodester-phone-contact-manager-system-10-improper-input-validation-cve-2024-12353-medium/
@Daily_CVE
https://dailycve.com/sourcecodester-phone-contact-manager-system-10-improper-input-validation-cve-2024-12353-medium/
@Daily_CVE
DailyCVE
SourceCodester Phone Contact Manager System 10, Improper Input Validation, CVE-2024-12353 (Medium) - DailyCVE
2024-12-11 : A security vulnerability (CVE-2024-12353) has been identified in SourceCodester Phone Contact Manager System 1.0. This vulnerability affects the [β¦]
Forwarded from DailyCVE
π΄ PHPGurukul Complaint Management System 10: Critical SQL Injection (#CVE-2024-12228)
https://dailycve.com/phpgurukul-complaint-management-system-10-critical-sql-injection-cve-2024-12228/
@Daily_CVE
https://dailycve.com/phpgurukul-complaint-management-system-10-critical-sql-injection-cve-2024-12228/
@Daily_CVE
DailyCVE
PHPGurukul Complaint Management System 10: Critical SQL Injection (CVE-2024-12228) - DailyCVE
2024-12-11 : A critical SQL injection vulnerability (CVE-2024-12228) has been identified in PHPGurukul Complaint Management System version 1.0. This vulnerability [β¦]
Forwarded from DailyCVE
π΄ SourceCodester Petrol Pump Management #Software 10 Unrestricted File Upload (#CVE-2024-2059) - Critical
https://dailycve.com/sourcecodester-petrol-pump-management-software-10-unrestricted-file-upload-cve-2024-2059-critical/
@Daily_CVE
https://dailycve.com/sourcecodester-petrol-pump-management-software-10-unrestricted-file-upload-cve-2024-2059-critical/
@Daily_CVE
DailyCVE
SourceCodester Petrol Pump Management Software 10 Unrestricted File Upload (CVE-2024-2059) - Critical - DailyCVE
2024-12-11 : A critical vulnerability (CVE-2024-2059) exists in SourceCodester Petrol Pump Management Software 1.0. This vulnerability allows attackers to upload [β¦]
Forwarded from DailyCVE
π SourceCodester Best House Rental Management System 10, File Inclusion Vulnerability, #CVE-2024-12357 (Medium)
https://dailycve.com/sourcecodester-best-house-rental-management-system-10-file-inclusion-vulnerability-cve-2024-12357-medium/
@Daily_CVE
https://dailycve.com/sourcecodester-best-house-rental-management-system-10-file-inclusion-vulnerability-cve-2024-12357-medium/
@Daily_CVE
DailyCVE
SourceCodester Best House Rental Management System 10, File Inclusion Vulnerability, CVE-2024-12357 (Medium) - DailyCVE
2024-12-11 : A vulnerability (CVE-2024-12357) exists in SourceCodester Best House Rental Management System 1.0. This vulnerability allows for remote file [β¦]
Forwarded from DailyCVE
π SourceCodester Phone Contact Manager System, Improper Input Validation, #CVE-2024-12355 (Medium)
https://dailycve.com/sourcecodester-phone-contact-manager-system-improper-input-validation-cve-2024-12355-medium/
@Daily_CVE
https://dailycve.com/sourcecodester-phone-contact-manager-system-improper-input-validation-cve-2024-12355-medium/
@Daily_CVE
DailyCVE
SourceCodester Phone Contact Manager System, Improper Input Validation, CVE-2024-12355 (Medium) - DailyCVE
2024-12-11 : A vulnerability (CVE-2024-12355) has been identified in SourceCodester Phone Contact Manager System 1.0. This vulnerability stems from improper [β¦]
Forwarded from DailyCVE
π Tenda Router Vulnerability: Null Pointer Dereference (#CVE-2024-12002) - MEDIUM
https://dailycve.com/tenda-router-vulnerability-null-pointer-dereference-cve-2024-12002-medium/
@Daily_CVE
https://dailycve.com/tenda-router-vulnerability-null-pointer-dereference-cve-2024-12002-medium/
@Daily_CVE
DailyCVE
Tenda Router Vulnerability: Null Pointer Dereference (CVE-2024-12002) - MEDIUM - DailyCVE
2024-12-11 This article describes a vulnerability (CVE-2024-12002) affecting specific Tenda routers (FH451, FH1201, FH1202, FH1206) with firmware versions up to [β¦]
Forwarded from DailyCVE
π Checkmk Exchange Plugin for MikroTik (#CVE-2024-38861): Medium Severity Certificate Validation Vulnerability
https://dailycve.com/checkmk-exchange-plugin-for-mikrotik-cve-2024-38861-medium-severity-certificate-validation-vulnerability/
@DailyCVE
https://dailycve.com/checkmk-exchange-plugin-for-mikrotik-cve-2024-38861-medium-severity-certificate-validation-vulnerability/
@DailyCVE
DailyCVE
Checkmk Exchange Plugin for MikroTik (CVE-2024-38861): Medium Severity Certificate Validation Vulnerability - DailyCVE
2024-12-11 : This article details a vulnerability (CVE-2024-38861) in the Checkmk Exchange plugin for MikroTik versions 2.0.0 through 2.5.5 and [β¦]
Forwarded from DailyCVE
π΅ #Apple #iOS, iPadOS, #macOS, watchOS, tvOS: Kernel Vulnerability (#CVE-2024-44169)
https://dailycve.com/apple-ios-ipados-macos-watchos-tvos-kernel-vulnerability-cve-2024-44169/
@Daily_CVE
https://dailycve.com/apple-ios-ipados-macos-watchos-tvos-kernel-vulnerability-cve-2024-44169/
@Daily_CVE
DailyCVE
Apple iOS, iPadOS, macOS, watchOS, tvOS: Kernel Vulnerability (CVE-2024-44169) - DailyCVE
2024-12-11 : Apple patched a kernel vulnerability (CVE-2024-44169) that could allow an app to leak network traffic outside a VPN [β¦]