Forwarded from DailyCVE
π΅WebSphere Application Server- CVE-2020-4329 CVE-2019-10086 :
https://dailycve.com/websphere-application-server-cve-2020-4329-cve-2019-10086
https://dailycve.com/websphere-application-server-cve-2020-4329-cve-2019-10086
Dailycve
WebSphere Application Server- CVE-2020-4329 CVE-2019-10086 | CVE
Details:
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HACKING PRACTICAL TUTORIALS :
Mid-Course Capstone
Cracking Hashes with Hashcat: https://youtu.be/eq097dEB8Sw
Introduction to Exploit Development (Buffer Overflows)
Immunity Debugger: https://www.immunityinc.com/products/debugger/
Vulnserver: http://www.thegreycorner.com/p/vulnserver.html
Attacking Active Directory: Initial Attack Vectors
mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/
Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/
Attacking Active Directory: Post-Compromise Attacks
Group Policy Pwnage: https://blog.rapid7.com/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/
Mimikatz: https://github.com/gentilkiwi/mimikatz
Active Directory Security Blog: https://adsecurity.org/
Harmj0y Blog: http://blog.harmj0y.net/
Pentester Academy Active Directory: https://www.pentesteracademy.com/activedirectorylab
Pentester Academy Red Team Labs: https://www.pentesteracademy.com/redteamlab
eLS PTX: https://www.elearnsecurity.com/course/penetration_testing_extreme/
(from git)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HACKING PRACTICAL TUTORIALS :
Mid-Course Capstone
Cracking Hashes with Hashcat: https://youtu.be/eq097dEB8Sw
Introduction to Exploit Development (Buffer Overflows)
Immunity Debugger: https://www.immunityinc.com/products/debugger/
Vulnserver: http://www.thegreycorner.com/p/vulnserver.html
Attacking Active Directory: Initial Attack Vectors
mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/
Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/
Attacking Active Directory: Post-Compromise Attacks
Group Policy Pwnage: https://blog.rapid7.com/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/
Mimikatz: https://github.com/gentilkiwi/mimikatz
Active Directory Security Blog: https://adsecurity.org/
Harmj0y Blog: http://blog.harmj0y.net/
Pentester Academy Active Directory: https://www.pentesteracademy.com/activedirectorylab
Pentester Academy Red Team Labs: https://www.pentesteracademy.com/redteamlab
eLS PTX: https://www.elearnsecurity.com/course/penetration_testing_extreme/
(from git)
β β β Uππ»βΊπ«Δπ¬πβ β β β
YouTube
Cracking Linux Password Hashes with Hashcat
In this video, we will cover how to use Hashcat to crack Linux hashes.
Hashcat: https://hashcat.net/hashcat/
Timestamps:
0:06 - Introduction
0:45 - Reviewing the /etc/passwd file
1:48 - Reviewing the /etc/shadow file
4:05 - Using unshadow to combine passwdβ¦
Hashcat: https://hashcat.net/hashcat/
Timestamps:
0:06 - Introduction
0:45 - Reviewing the /etc/passwd file
1:48 - Reviewing the /etc/shadow file
4:05 - Using unshadow to combine passwdβ¦
Forwarded from DailyCVE
Forwarded from UNDERCODE NEWS
Update 27.20.100.9126 of the Intel graphics driver launches and addresses errors in 10th and 11th generation nuclear displays.
#Updates
#Updates
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to create a password for basic authentication of HTTP users ?
Install the apache2-utils package.
$ sudo apt install apache2-utils
Let's create an empty file to hold the HTTP account information.
$ sudo touch /etc/nginx/snippets/statistics.htpasswd
You can use htpasswd to create a file to store your HTTP account information, but I am opposed as this solution is error prone.
Let's display the encrypted password for user username on standard output.
$ echo "password" | htpasswd -i -n username
username: $ apr1 $ Qzu3mckE $ xiu7cvijFfWTqha / AEQhE1
Add or update your HTTP account information.
$ echo "stats" | sudo htpasswd -i /etc/nginx/snippets/statistics.htpasswd stats
Adding password for user stats
$ echo "stats-" | sudo htpasswd -i /etc/nginx/snippets/statistics.htpasswd stats
Updating password for user stats
Let's check the password for a specific HTTP user.
$ echo "stats-" | sudo htpasswd -i -v /etc/nginx/snippets/statistics.htpasswd stats
Password for user stats correct.
$ echo "stats" | sudo htpasswd -i -v /etc/nginx/snippets/statistics.htpasswd stats
password verification failed
Remove a specific HTTP user.
$ sudo htpasswd -D /etc/nginx/snippets/statistics.htpasswd stats
Deleting password for user stats
$ sudo htpasswd -D /etc/nginx/snippets/statistics.htpasswd stats
User stats not found
Rewrite HTTP account information. You end up with one HTTP account.
$ echo "stats" | sudo htpasswd -i -c /etc/nginx/snippets/statistics.htpasswd stats
Adding password for user stats
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to create a password for basic authentication of HTTP users ?
Install the apache2-utils package.
$ sudo apt install apache2-utils
Let's create an empty file to hold the HTTP account information.
$ sudo touch /etc/nginx/snippets/statistics.htpasswd
You can use htpasswd to create a file to store your HTTP account information, but I am opposed as this solution is error prone.
Let's display the encrypted password for user username on standard output.
$ echo "password" | htpasswd -i -n username
username: $ apr1 $ Qzu3mckE $ xiu7cvijFfWTqha / AEQhE1
Add or update your HTTP account information.
$ echo "stats" | sudo htpasswd -i /etc/nginx/snippets/statistics.htpasswd stats
Adding password for user stats
$ echo "stats-" | sudo htpasswd -i /etc/nginx/snippets/statistics.htpasswd stats
Updating password for user stats
Let's check the password for a specific HTTP user.
$ echo "stats-" | sudo htpasswd -i -v /etc/nginx/snippets/statistics.htpasswd stats
Password for user stats correct.
$ echo "stats" | sudo htpasswd -i -v /etc/nginx/snippets/statistics.htpasswd stats
password verification failed
Remove a specific HTTP user.
$ sudo htpasswd -D /etc/nginx/snippets/statistics.htpasswd stats
Deleting password for user stats
$ sudo htpasswd -D /etc/nginx/snippets/statistics.htpasswd stats
User stats not found
Rewrite HTTP account information. You end up with one HTTP account.
$ echo "stats" | sudo htpasswd -i -c /etc/nginx/snippets/statistics.htpasswd stats
Adding password for user stats
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from DailyCVE
Dailycve
Windows ipv6 stack CVE-2020-16898 | CVE
Details:
Microsoft revealed an incredibly significant flaw in the Windows IPv6 stack on October 13, which allows an attacker to send maliciously designed packets to a remote device to potentially run arbitrary code. The proof-of-concept shared with representativesβ¦
Microsoft revealed an incredibly significant flaw in the Windows IPv6 stack on October 13, which allows an attacker to send maliciously designed packets to a remote device to potentially run arbitrary code. The proof-of-concept shared with representativesβ¦
Forwarded from UNDERCODE NEWS
Check Point: 25% jump in cyber attacks on medical institutions in Israel at the end of 2020.
#CyberAttacks
#CyberAttacks
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦List of Websites Giving free RDP/VPS
http://vpswala.org/
http://ohosti.com/vpshosting.php
https://gratisvps.net/
https://my.letscloud.io/sign-up/
https://developer.rackspace.com/
https://www.vultr.com/
https://www.ionos.com/
https://www.cloudsigma.com/
https://www.digitalocean.com/
http://ezywatch.com/freevps/
https://yellowcircle.net/
https://www.ctl.io/free-trial/
https://www.ihor.ru/
https://www.neuprime.com/l_vds3.php
https://www.skysilk.com/
https://sadd.io/
https://www.apponfly.com/en/
Source Redit
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦List of Websites Giving free RDP/VPS
http://vpswala.org/
http://ohosti.com/vpshosting.php
https://gratisvps.net/
https://my.letscloud.io/sign-up/
https://developer.rackspace.com/
https://www.vultr.com/
https://www.ionos.com/
https://www.cloudsigma.com/
https://www.digitalocean.com/
http://ezywatch.com/freevps/
https://yellowcircle.net/
https://www.ctl.io/free-trial/
https://www.ihor.ru/
https://www.neuprime.com/l_vds3.php
https://www.skysilk.com/
https://sadd.io/
https://www.apponfly.com/en/
Source Redit
β β β Uππ»βΊπ«Δπ¬πβ β β β
VPSWala
Free VPS | 8GB RAM Windows/Linux Servers | NVMe SSD | Full Root Access
Launch your Free VPS instantly! β 100% Free Forever β 8GB RAM Windows/Linux β NVMe SSD Storage β Full Root Access β No Credit Card Required β 24/7 Support. Deploy enterprise-grade infrastructure in 60 seconds.
Forwarded from UNDERCODE NEWS
Why user companies should get a cloud "driver's license"
#International
#International
Forwarded from UNDERCODE NEWS
Forwarded from DailyCVE
π΅Newsletter wordpress CVE-2020-35933, XSS:
https://dailycve.com/newsletter-wordpress-cve-2020-35933-xss
https://dailycve.com/newsletter-wordpress-cve-2020-35933-xss