An all-in-one hacking tool written in Python to remotely exploit Android devices using #ADB (Android Debug Bridge) and #Metasploit-Framework.

https://github.com/AzeemIdrisi/PhoneSploit-Pro

Awesome Free #ChatGPT

https://github.com/LiLittleCat/awesome-free-chatgpt

Exploit for CVE-2023-29360 targeting MSKSSRV.SYS driver

https://github.com/Nero22k/cve-2023-29360

Nightmangle is post-exploitation Telegram Command and Control (C2/C&C) Agent

https://github.com/1N73LL1G3NC3x/Nightmangle

Reprodução da CVE-2023–29357 e CVE-2023–24955 no Microsoft SharePoint.

A chain permite que usuários não autenticados executem comandos arbitrários no servidor.

Atualize seu software o mais rápido possível!

#ESP32-Sour-Apple
Crash IOS17 devices over bluetooth. https://github.com/RapierXbox/ESP32-Sour-Apple

■ Historic picture. Jewish refugees sailing to Palestine.

■ The placard says: "The Germans have annihilated our families, don't annihilate our last hope"...

■ The Palestinians didn't even think about how that would end for them...

■ Follow @UkraineHumanRightsAbuses

☠️Cache poisoning in Drupal core

According to the CVE-2023-5256 disclosure, you can cache admin session cookies by causing a 4xx response when visiting a crafted URL in JSON:API.

You can lure an admin using a link, steal his session cookies and gain administrative access to the website. In this way, an attacker can completely compromise the confidentiality, integrity and availability of the website.

PoC

/jsonapi/user/user?filter[a-labex][condition][path]=cachingyourcookie

#web #cve #cache #drupal

Extreme Privacy: Mobile Devices - Digital Edition (2023)

Version : 2023.06.18

Info : https://inteltechniques.com/book7a.html

@hackingbra

🛡️ Awesome EDR Bypass Resources For Ethical Hacking ⚔️

EDR bypass technology is not just for attackers. Many malware now have EDR bypass capabilities, knowledge that pentesters and incident responders should also be aware of. This repository is not intended to be used to escalate attacks. Use it for ethical hacking.

https://github.com/tkmru/awesome-edr-bypass

CVE-2023-22515 Exploit Script🔐

This script is designed to exploit the CVE-2023-22515 vulnerability in Confluence, which allows for unauthorized access to Confluence Server and Confluence Data Center instances.

The script will provide information about the exploitation process, such as whether the vulnerability was successfully triggered, whether a new administrator was created, and whether authentication was successful.

https://github.com/Chocapikk/CVE-2023-22515

🥔 Coerced Potato

New tool for local privilege escalation on a Windows machine, from a service account to NT SYSTEM. Should work on any recent versions of Windows.

⚙️ Tool:
https://github.com/hackvens/CoercedPotato

📝 Research:
https://blog.hackvens.fr/articles/CoercedPotato.html

CVE-2023-36723 Windows Container Manager Service Elevation of Privilege Vulnerability.

An attacker can abuse this vulnerability to execute code in process that is running with SYSTEM privileges by abusing SxS assembly loading.

@hackingbra

Local Privilege Escalation in the glibc's ld.so (CVE-2023-4911)

https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

POC: https://github.com/leesh3288/CVE-2023-4911

MS Office 365 Word - XSS
https://blog.pksecurity.io/2023/10/04/microsoft-office.html

MS Windows 11 apds.dll DLL Hijacking
https://packetstormsecurity.com/files/175006/Microsoft-Windows-11-apds.dll-DLL-Hijacking.html

CVE-2023-22515 : Broken Access Control Vulnerability in Confluence Data Center and Server

#FOFA
Query: icon_hash="-305179312"
Query: app="ATLASSIAN-Confluence"

#SHODAN
Query: http.favicon.hash:-305179312

#HUNTER.HOW
Query: product.name="Confluence"

1. CVE-2023-26369:
Adobe PDF Reader RCE when processing TTF fonts
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-26369.html

2. CVE-2023-2729:
Synology NAS DSM Account Takeover
https://claroty.com/team82/research/synology-nas-dsm-account-takeover-when-random-is-not-secure

3. CVE-2021-44168:
Download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS <7.0.3
https://github.com/0xhaggis/CVE-2021-44168