Forwarded from Deadly malware xp
#exploit
PandoraFMS NG765 - Pre-Auth RCE
https://3sjay.github.io/2023/01/06/pandoraFMS-Pre-Auth-RCE.html
PandoraFMS NG765 - Pre-Auth RCE
https://3sjay.github.io/2023/01/06/pandoraFMS-Pre-Auth-RCE.html
Esjay’s Blog
PandoraFMS - Pre-Auth Remote Code Execution
Assessed Version: PandoraFMS NG 765
Forwarded from Deadly malware xp
#exploit
SSRF attack on MySQL Server with password using php-curl
https://github.com/wupco/rwctf2023-ASTLIBRA
SSRF attack on MySQL Server with password using php-curl
https://github.com/wupco/rwctf2023-ASTLIBRA
GitHub
GitHub - wupco/rwctf2023-ASTLIBRA
Contribute to wupco/rwctf2023-ASTLIBRA development by creating an account on GitHub.
Forwarded from 卩ro 爪Cracker
CVE-2022-39073
Proof of concept for the command injection vulnerability affecting the ZTE MF286R router, including an RCE exploit.
https://github.com/v0lp3/CVE-2022-39073
#cve #exploit
Proof of concept for the command injection vulnerability affecting the ZTE MF286R router, including an RCE exploit.
https://github.com/v0lp3/CVE-2022-39073
#cve #exploit
#exploit
1. CVE-2022-31705:
Geekpwn 2022 Vmware EHCI OOB
https://github.com/s0duku/cve-2022-31705
2. Linux >=4.10: UAF in __do_semtimedop() due to lockless check outside RCU section
https://bugs.chromium.org/p/project-zero/issues/detail?id=2391
3. Lexmark Printers/Copiers haxx 0-day Exploit
https://github.com/blasty/lexmark
1. CVE-2022-31705:
Geekpwn 2022 Vmware EHCI OOB
https://github.com/s0duku/cve-2022-31705
2. Linux >=4.10: UAF in __do_semtimedop() due to lockless check outside RCU section
https://bugs.chromium.org/p/project-zero/issues/detail?id=2391
3. Lexmark Printers/Copiers haxx 0-day Exploit
https://github.com/blasty/lexmark
GitHub
GitHub - s0duku/cve-2022-31705: CVE-2022-31705 (Geekpwn 2022 Vmware EHCI OOB) POC
CVE-2022-31705 (Geekpwn 2022 Vmware EHCI OOB) POC - GitHub - s0duku/cve-2022-31705: CVE-2022-31705 (Geekpwn 2022 Vmware EHCI OOB) POC
#exploit
1. CVE-2023-0210:
Unauthenticated remote DOS in ksmbd NTLMv2 authentication (Linux kernel)
https://seclists.org/oss-sec/2023/q1/4
2. CVE-2022-20452:
Privilege escalation on Android from installed app to system/another app via LazyValue using Parcel after recycle()
https://github.com/michalbednarski/LeakValue
1. CVE-2023-0210:
Unauthenticated remote DOS in ksmbd NTLMv2 authentication (Linux kernel)
https://seclists.org/oss-sec/2023/q1/4
2. CVE-2022-20452:
Privilege escalation on Android from installed app to system/another app via LazyValue using Parcel after recycle()
https://github.com/michalbednarski/LeakValue
seclists.org
oss-sec: Linux kernel: Unauthenticated remote DOS in ksmbd NTLMv2 authentication
#exploit
1. PoC for arbitrary file delete/move in Razer Synapse 3 Macro module
https://github.com/Wh04m1001/RazerEoP
2. CVE-2023-21752:
PoC for arbitrary file delete vulnerability in Windows Backup service
https://github.com/Wh04m1001/CVE-2023-21752
1. PoC for arbitrary file delete/move in Razer Synapse 3 Macro module
https://github.com/Wh04m1001/RazerEoP
2. CVE-2023-21752:
PoC for arbitrary file delete vulnerability in Windows Backup service
https://github.com/Wh04m1001/CVE-2023-21752
GitHub
GitHub - Wh04m1001/RazerEoP
Contribute to Wh04m1001/RazerEoP development by creating an account on GitHub.
#exploit
1. CVE-2022-28944/CVE-2022-24644:
EMCO Software Multiple Products/KeyMouse 3.08 (Win) - Unauth. Update RCE
https://github.com/gerr-re/cve-2022-28944
https://github.com/gerr-re/cve-2022-24644
2. Client-Side SSRF to Google Cloud Project Takeover [Google VRP]
https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover
3. CVE-2022-3656:
Symbolic Link Following + Upload Warning Bypass
https://bugs.chromium.org/p/chromium/issues/detail?id=1345275#c34
1. CVE-2022-28944/CVE-2022-24644:
EMCO Software Multiple Products/KeyMouse 3.08 (Win) - Unauth. Update RCE
https://github.com/gerr-re/cve-2022-28944
https://github.com/gerr-re/cve-2022-24644
2. Client-Side SSRF to Google Cloud Project Takeover [Google VRP]
https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover
3. CVE-2022-3656:
Symbolic Link Following + Upload Warning Bypass
https://bugs.chromium.org/p/chromium/issues/detail?id=1345275#c34
GitHub
GitHub - gerr-re/cve-2022-28944
Contribute to gerr-re/cve-2022-28944 development by creating an account on GitHub.
#exploit
1. CVE-2022-22274:
A Stack-based buffer overflow vulnerability in the SonicOS
https://github.com/pwneddr/Sonic_CVE-2022-22274_poc
2. CVE-2022-3652:
Race condition in JSCreateLowering, leading to RCE
https://bugs.chromium.org/p/chromium/issues/detail?id=1369871
1. CVE-2022-22274:
A Stack-based buffer overflow vulnerability in the SonicOS
https://github.com/pwneddr/Sonic_CVE-2022-22274_poc
2. CVE-2022-3652:
Race condition in JSCreateLowering, leading to RCE
https://bugs.chromium.org/p/chromium/issues/detail?id=1369871
GitHub
GitHub - 4lucardSec/Sonic_CVE-2022-22274_poc
Contribute to 4lucardSec/Sonic_CVE-2022-22274_poc development by creating an account on GitHub.
#exploit
1. Redis 6.0.16 - RCE
https://medium.com/@emil.lerner/hacking-redis-for-fun-and-ctf-points-3450c351bec1
2. Linux kernel exploit development
https://breaking-bits.gitbook.io/breaking-bits/exploit-development/linux-kernel-exploit-development?s=09
1. Redis 6.0.16 - RCE
https://medium.com/@emil.lerner/hacking-redis-for-fun-and-ctf-points-3450c351bec1
2. Linux kernel exploit development
https://breaking-bits.gitbook.io/breaking-bits/exploit-development/linux-kernel-exploit-development?s=09
Medium
Hacking Redis for fun and CTF points
This post will go through an exploit that achieves code execution in the Redis server via a memory corruption issue. It works for Redis…
Forwarded from Deadly malware xp
#exploit
1. CVE-2023-0179:
Linux kernel stack buffer overflow in nftables
https://seclists.org/oss-sec/2023/q1/20
2. Security Audit of Git:
CVE-2022-23521:
Truncated Allocation Leading to Out of Bounds Write Via Large Number of Attributes
CVE-2022-41903:
Out of Bounds Memory Write in Log Formatting
https://x41-dsec.de/security/research/news/2023/01/17/git-security-audit-ostif
1. CVE-2023-0179:
Linux kernel stack buffer overflow in nftables
https://seclists.org/oss-sec/2023/q1/20
2. Security Audit of Git:
CVE-2022-23521:
Truncated Allocation Leading to Out of Bounds Write Via Large Number of Attributes
CVE-2022-41903:
Out of Bounds Memory Write in Log Formatting
https://x41-dsec.de/security/research/news/2023/01/17/git-security-audit-ostif
seclists.org
oss-sec: CVE-2023-0179: Linux kernel stack buffer overflow in nftables: PoC and writeup
Forwarded from Deadly malware xp
sudo_CVE.pdf
291 KB
#exploit
1. CVE-2022-47966:
RCE vulnerability in multiple ManageEngine (Apache Santuario (xmlsec) <=1.4.1) products
https://github.com/horizon3ai/CVE-2022-47966
]-> https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive
2. CVE-2022-39955:
Charset confusion + WAF bypasses via 0days
https://terjanq.medium.com/waf-bypasses-via-0days-d4ef1f212ec
3. Microsoft Teams RCE
https://blog.pksecurity.io/2023/01/16/2022-microsoft-teams-rce.html
1. CVE-2022-47966:
RCE vulnerability in multiple ManageEngine (Apache Santuario (xmlsec) <=1.4.1) products
https://github.com/horizon3ai/CVE-2022-47966
]-> https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive
2. CVE-2022-39955:
Charset confusion + WAF bypasses via 0days
https://terjanq.medium.com/waf-bypasses-via-0days-d4ef1f212ec
3. Microsoft Teams RCE
https://blog.pksecurity.io/2023/01/16/2022-microsoft-teams-rce.html
#exploit
1. CVE-2022-41033:
Type confusion in Windows COM+ Event System Service
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-41033.html
2. CVE-2022-34718:
Dissecting and Exploiting TCP/IP RCE Vulnerability "EvilESP"
https://securityintelligence.com/posts/dissecting-exploiting-tcp-ip-rce-vulnerability-evilesp
3. CVE-2023-0297:
Pre-auth RCE in pyLoad
https://github.com/bAuh0lz/CVE-2023-0297_Pre-auth_RCE_in_pyLoad
1. CVE-2022-41033:
Type confusion in Windows COM+ Event System Service
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-41033.html
2. CVE-2022-34718:
Dissecting and Exploiting TCP/IP RCE Vulnerability "EvilESP"
https://securityintelligence.com/posts/dissecting-exploiting-tcp-ip-rce-vulnerability-evilesp
3. CVE-2023-0297:
Pre-auth RCE in pyLoad
https://github.com/bAuh0lz/CVE-2023-0297_Pre-auth_RCE_in_pyLoad
#exploit
1. CVE-2022-42864:
Concurrent Execution using Shared Resource with Improper Synchronization ("Race Condition")
https://muirey03.blogspot.com/2023/01/cve-2022-42864-diabolical-cookies.html
2. CVE-2022-25637:
Multiple TOCTOU vulns in peripheral devices (Razer, EVGA, MSI, AMI)
https://www.cyberark.com/resources/threat-research-blog/inglourious-drivers-a-journey-of-finding-vulnerabilities-in-drivers
1. CVE-2022-42864:
Concurrent Execution using Shared Resource with Improper Synchronization ("Race Condition")
https://muirey03.blogspot.com/2023/01/cve-2022-42864-diabolical-cookies.html
2. CVE-2022-25637:
Multiple TOCTOU vulns in peripheral devices (Razer, EVGA, MSI, AMI)
https://www.cyberark.com/resources/threat-research-blog/inglourious-drivers-a-journey-of-finding-vulnerabilities-in-drivers
#exploit
1. A Step-By-Step Introduction To The Use Of ROP Gadgets To Bypass DEP
https://cybergeeks.tech/a-step-by-step-introduction-to-the-use-of-rop-gadgets-to-bypass-dep
2. b3typer - Simple typer bug
https://blog.bi0s.in/2023/01/23/Pwn/bi0sCTF22-b3typer
3. CVE-2022-2347:
U-Boot - Unchecked Download Size/Direction in USB DFU
https://research.nccgroup.com/2023/01/20/technical-advisory-u-boot-unchecked-download-size-and-direction-in-usb-dfu-cve-2022-2347
1. A Step-By-Step Introduction To The Use Of ROP Gadgets To Bypass DEP
https://cybergeeks.tech/a-step-by-step-introduction-to-the-use-of-rop-gadgets-to-bypass-dep
2. b3typer - Simple typer bug
https://blog.bi0s.in/2023/01/23/Pwn/bi0sCTF22-b3typer
3. CVE-2022-2347:
U-Boot - Unchecked Download Size/Direction in USB DFU
https://research.nccgroup.com/2023/01/20/technical-advisory-u-boot-unchecked-download-size-and-direction-in-usb-dfu-cve-2022-2347
#exploit
1. CVE-2022-37987:
A New Vector for Activation Context Cache Poisoning: Exploiting CSRSS for Privilege Escalation
https://www.zerodayinitiative.com/blog/2023/1/23/activation-context-cache-poisoning-exploiting-csrss-for-privilege-escalation
2. A NETGEAR WAN Command Injection
https://research.nccgroup.com/2022/12/22/puckungfu-a-netgear-wan-command-injection
3. Bypassing the Embedded Web Server's credential brute force prevention mechanism (PoC for CVE-2023-22960)
https://github.com/t3l3machus/CVE-2023-22960
// >60 Lexmark printer models
1. CVE-2022-37987:
A New Vector for Activation Context Cache Poisoning: Exploiting CSRSS for Privilege Escalation
https://www.zerodayinitiative.com/blog/2023/1/23/activation-context-cache-poisoning-exploiting-csrss-for-privilege-escalation
2. A NETGEAR WAN Command Injection
https://research.nccgroup.com/2022/12/22/puckungfu-a-netgear-wan-command-injection
3. Bypassing the Embedded Web Server's credential brute force prevention mechanism (PoC for CVE-2023-22960)
https://github.com/t3l3machus/CVE-2023-22960
// >60 Lexmark printer models
#exploit
1. CVE-2022-38181:
Vulnerability in the Arm Mali GPU
https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug
2. CVE-2023-0210:
Linux Kernel Unauthenticated Remote Heap Overflow Within KSMBD
https://sysdig.com/blog/cve-2023-0210-linux-kernel-unauthenticated-remote-heap-overflow
1. CVE-2022-38181:
Vulnerability in the Arm Mali GPU
https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug
2. CVE-2023-0210:
Linux Kernel Unauthenticated Remote Heap Overflow Within KSMBD
https://sysdig.com/blog/cve-2023-0210-linux-kernel-unauthenticated-remote-heap-overflow
#exploit
1. CVE-2023-23504:
XNU Heap Underwrite in dlil.c
https://adamdoupe.com/blog/2023/01/23/cve-2023-23504-xnu-heap-underwrite-in-dlil-dot-c
2. CVE-2023-24055:
KeePass 2.5x PoC
https://github.com/alt3kx/CVE-2023-24055_PoC
3. CVE-2022-34689:
CryptoAPI spoofing vulnerability
https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689
1. CVE-2023-23504:
XNU Heap Underwrite in dlil.c
https://adamdoupe.com/blog/2023/01/23/cve-2023-23504-xnu-heap-underwrite-in-dlil-dot-c
2. CVE-2023-24055:
KeePass 2.5x PoC
https://github.com/alt3kx/CVE-2023-24055_PoC
3. CVE-2022-34689:
CryptoAPI spoofing vulnerability
https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689
gg's hacker's ( I love you —❤️
‼️Here we go again
here we go again 🎉
#OSINT
1₾ Visual Ping web page monitoring service,
helps to track of changes on any particular website.
( hourly/everyday )
2₾ All the internet combines results from
different search engines and social media.
3₾ izito searches and combines all Search Engines!
Yahoo, Microsoft Bing, YouTube, Wikipedia, Entireweb etc...
#exploit
1. CVE-2023-1586:
Avast Anti-Virus privileged arbitrary file create on virus restore
and as always #hacker_bano_chutiya_nhe 😍😍
‼️Here we go again
here we go again 🎉
#OSINT
1₾ Visual Ping web page monitoring service,
helps to track of changes on any particular website.
( hourly/everyday )
2₾ All the internet combines results from
different search engines and social media.
3₾ izito searches and combines all Search Engines!
Yahoo, Microsoft Bing, YouTube, Wikipedia, Entireweb etc...
#exploit
1. CVE-2023-1586:
Avast Anti-Virus privileged arbitrary file create on virus restore
and as always #hacker_bano_chutiya_nhe 😍😍