Forwarded from 卩ro 爪Cracker
CVE-2022-39952_PoC.zip
2 KB
🔥🔥🔥Fortinet FortiNAC CVE-2022-39952 Deep-Dive, PoC and IOCs
An external control of file name or path vulnerability [CWE-73] in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system.
🔖PoC exploit here
An external control of file name or path vulnerability [CWE-73] in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system.
🔖PoC exploit here
A blog on Nmap
Let's learn how to use Nmap.
Nmap commands
Nmap cheat sheet
Nmap techniques
Here is a link to the blog
https://techofide.com/blogs/nmap-commands-how-to-use-nmap-tool-nmap-cheat-sheet/
Join our group for more exclusive cyber security content
t.me/ethicalhackingtechofide
Let's learn how to use Nmap.
Nmap commands
Nmap cheat sheet
Nmap techniques
Here is a link to the blog
https://techofide.com/blogs/nmap-commands-how-to-use-nmap-tool-nmap-cheat-sheet/
Join our group for more exclusive cyber security content
t.me/ethicalhackingtechofide
This media is not supported in your browser
VIEW IN TELEGRAM
BREAKING: Russian hacker group Phoenix announces hacking major ministries of Pakistan Govt.
The group called the hack "hacking the whole Pakistan."
ब्रेकिंग: रूसी हैकर समूह फीनिक्स ने पाकिस्तान सरकार के प्रमुख मंत्रालयों को हैक करने की घोषणा की।
समूह ने हैक को "पूरे पाकिस्तान को हैक करना" कहा।
https://twitter.com/_treeni/status/1628089198929670150
🔺Just In: @AngrySaffron
The group called the hack "hacking the whole Pakistan."
ब्रेकिंग: रूसी हैकर समूह फीनिक्स ने पाकिस्तान सरकार के प्रमुख मंत्रालयों को हैक करने की घोषणा की।
समूह ने हैक को "पूरे पाकिस्तान को हैक करना" कहा।
https://twitter.com/_treeni/status/1628089198929670150
🔺Just In: @AngrySaffron
👌4
⚡2
💥PS script to exploit ESC1/retrieve your own NTLM password hash using only built-in Windows binaries to generate the PFX.
Download: https://system32.ink/news-feed/p/248/
Download: https://system32.ink/news-feed/p/248/
Hi Everyone!
A new Blog on Burp Suite.
Let's learn how to use it like a Cyber Security Professional
A beginners blog to take your first step towards Burp Suite
Here is the link 🔗
https://techofide.com/blogs/what-is-burp-suite-how-to-use-burp-suite-burp-suite-tutorial-for-beginners/
Join our group for such exclusive content
t.me/ethicalhackingtechofide
A new Blog on Burp Suite.
Let's learn how to use it like a Cyber Security Professional
A beginners blog to take your first step towards Burp Suite
Here is the link 🔗
https://techofide.com/blogs/what-is-burp-suite-how-to-use-burp-suite-burp-suite-tutorial-for-beginners/
Join our group for such exclusive content
t.me/ethicalhackingtechofide
Link updated...
CVE-2023-0754
PTC Thingworx Edge C-SDK twHeader_fromStream Integer Overflow RCE Vulnerability
CVE-2023-0755
PTC Thingworx Edge C-SDK mulitpartMessageStoreEntry_Create Array Indexing OOB Write RCE Vulnerability
Download POC exploit: https://system32.ink/news-feed/p/249/
CVE-2023-0754
PTC Thingworx Edge C-SDK twHeader_fromStream Integer Overflow RCE Vulnerability
CVE-2023-0755
PTC Thingworx Edge C-SDK mulitpartMessageStoreEntry_Create Array Indexing OOB Write RCE Vulnerability
Download POC exploit: https://system32.ink/news-feed/p/249/
Forwarded from ♛♛♛🇦 🇳 🇺 🇷 🇦 🇬 ༄●⃝ᶫᵒꪜe☯ᴮᴼᵞ࿐♛꧂ ꧁ANURAG ᭄ᴮᴼˢˢ꧂
❤️KrishnaGyan.in is a fantastic website that offers a unique and exciting service similar to ChatGPT But Difreent is that its not ChatGPT All Your Answer Come Across
To Our Bhagwat Geeta 🕉.
Link : KrishnaGyan.in
🤞Whether you want to know about science, technology, history, philosophy, or anything in between, KrishnaGyan.in has got you covered. It is designed to provide you with accurate and insightful answers to your queries, just like a human expert would.🛕
Click Here To Visit
To Our Bhagwat Geeta 🕉.
Link : KrishnaGyan.in
🤞Whether you want to know about science, technology, history, philosophy, or anything in between, KrishnaGyan.in has got you covered. It is designed to provide you with accurate and insightful answers to your queries, just like a human expert would.🛕
Click Here To Visit
❤2
💥Patchless/breakpoint in process amsi bypass thingy with C#
Download CS File:- https://system32.ink/news-feed/p/257/
Download CS File:- https://system32.ink/news-feed/p/257/
OpenSSH 9.1 exploit and Mass Scan
Vulnerability CVE-2023-25136 affects the SSH pre-authentication process. Using it, an attacker can corrupt memory and execute arbitrary code on a machine without being authenticated on the target server.Download: https://system32.ink/news-feed/p/258/
Forwarded from 卩ro 爪Cracker
💥Fancy new way to conceal XSS payloads(Assignable protocol with location)
<script>location.protocol='javascript'</script>⚠️⚠️⚠️⚠️⚠️⚠️⚠️
Hello homies. Wait for uploading soon music share and support
Wait wait every day 1 music upload soon and download link
I have 900 music you don't know how is good https://t.me/Darkwebmusician
Hello homies. Wait for uploading soon music share and support
Wait wait every day 1 music upload soon and download link
I have 900 music you don't know how is good https://t.me/Darkwebmusician
A new blog on OSINT Bug Hunting series
Learn dorks and filters of Shodan, LinkedIn, Dnsdumpster, GitHub dorks, Wayback machine, Google dorks and much more...
Here is the link to the blog
https://techofide.com/blogs/osint-framework-osint-for-bug-hunters-practical-demo-part-3/
Haven't seen the first part?
Here is the link
https://techofide.com/blogs/osint-framework-osint-for-bug-hunters-practical-demo-part-1/
Haven't seen the second part?
Here is the link
https://techofide.com/blogs/osint-framework-osint-for-bug-hunters-practical-demo-part-2/
Join our group for such exclusive content
t.me/ethicalhackingtechofide
Learn dorks and filters of Shodan, LinkedIn, Dnsdumpster, GitHub dorks, Wayback machine, Google dorks and much more...
Here is the link to the blog
https://techofide.com/blogs/osint-framework-osint-for-bug-hunters-practical-demo-part-3/
Haven't seen the first part?
Here is the link
https://techofide.com/blogs/osint-framework-osint-for-bug-hunters-practical-demo-part-1/
Haven't seen the second part?
Here is the link
https://techofide.com/blogs/osint-framework-osint-for-bug-hunters-practical-demo-part-2/
Join our group for such exclusive content
t.me/ethicalhackingtechofide
Forwarded from 卩ro 爪Cracker
🔥Arm Mali: insufficient cache invalidation for non-page-aligned user buffer imports
When a user buffer is imported into Mali and mapped into the GPU, Mali calls
However, when a user buffer is imported that does not begin/end at page boundaries, Mali still installs PTEs on the CPU and GPU that map the entire page, but only calls
Therefore, when the GPU is not cache-coherent (which Jahn think means there's no ACE or ACE-Lite) or when Mali creates uncached CPU-side mappings, malicious code can read stale memory contents. This is a problem if the last cache writeback happened before the kernel's page allocator zeroed the page and handed it to userspace, since that means the stale data we're reading is whatever the previous user of the page wrote into it.
When a user buffer is imported into Mali and mapped into the GPU, Mali calls
dma_map_page(). This implicitly does a dcache_clean_poc() on the mapped range (unless the kernel knows that the device is DMA-coherent) to ensure that dirty cache state is written back to main memory before the user buffer can be accessed by the GPU and possibly also uncached mappings on the CPU.However, when a user buffer is imported that does not begin/end at page boundaries, Mali still installs PTEs on the CPU and GPU that map the entire page, but only calls
dma_map_page() on the user-specified range. This means that the rest of the page is mapped without any cache maintenance.Therefore, when the GPU is not cache-coherent (which Jahn think means there's no ACE or ACE-Lite) or when Mali creates uncached CPU-side mappings, malicious code can read stale memory contents. This is a problem if the last cache writeback happened before the kernel's page allocator zeroed the page and handed it to userspace, since that means the stale data we're reading is whatever the previous user of the page wrote into it.
Forwarded from 卩ro 爪Cracker
mali-coherent-test.c
8.8 KB
💥Reproducer just uses the uncached CPU-side mapping(example run):
aarch64-linux-gnu-gcc -static -o mali-coherent-test mali-coherent-test.c && adb push mali-coherent-test /data/local/tmp/ && adb shell /data/local/tmp/mali-coherent-test