Hacking Brasil
CVE-2023-22515 Exploit Script🔐 This script is designed to exploit the CVE-2023-22515 vulnerability in Confluence, which allows for unauthorized access to Confluence Server and Confluence Data Center instances. The script will provide information about the…
CVE-2023-22515 : Broken Access Control Vulnerability in Confluence Data Center and Server
#FOFA
Query: icon_hash="-305179312"
Query: app="ATLASSIAN-Confluence"
#SHODAN
Query: http.favicon.hash:-305179312
#HUNTER.HOW
Query: product.name="Confluence"
#FOFA
Query: icon_hash="-305179312"
Query: app="ATLASSIAN-Confluence"
#SHODAN
Query: http.favicon.hash:-305179312
#HUNTER.HOW
Query: product.name="Confluence"
1. CVE-2023-26369:
Adobe PDF Reader RCE when processing TTF fonts
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-26369.html
2. CVE-2023-2729:
Synology NAS DSM Account Takeover
https://claroty.com/team82/research/synology-nas-dsm-account-takeover-when-random-is-not-secure
3. CVE-2021-44168:
Download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS <7.0.3
https://github.com/0xhaggis/CVE-2021-44168
Adobe PDF Reader RCE when processing TTF fonts
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-26369.html
2. CVE-2023-2729:
Synology NAS DSM Account Takeover
https://claroty.com/team82/research/synology-nas-dsm-account-takeover-when-random-is-not-secure
3. CVE-2021-44168:
Download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS <7.0.3
https://github.com/0xhaggis/CVE-2021-44168
Claroty
Synology NAS DSM Account Takeover: When Random is not Secure
Claroty discovers the use of a weak random number generator in Synology’s DiskStation Manager (DSM) Linux-based operating system. Learn more.
Stealth redirector for red team operation security
https://github.com/D00Movenok/BounceBack
Collection of OPSEC Tradecraft/TTPs for Red Team Ops
https://github.com/WesleyWong420/OPSEC-Tradecraft
https://github.com/D00Movenok/BounceBack
Collection of OPSEC Tradecraft/TTPs for Red Team Ops
https://github.com/WesleyWong420/OPSEC-Tradecraft
CVE-2023-36745: Microsoft Exchange Server RCE
#CVE-2023-36745
https://securityonline.info/microsoft-exchange-server-rce-cve-2023-36745-flaw-gets-poc-exploit/
PoC: https://github.com/N1k0la-T/CVE-2023-36745
#CVE-2023-36745
https://securityonline.info/microsoft-exchange-server-rce-cve-2023-36745-flaw-gets-poc-exploit/
PoC: https://github.com/N1k0la-T/CVE-2023-36745
VirusTotal é subsidiária da Chronicle Security, que é uma empresa do Google. Jamais sejam tão idiotas ao ponto de escrever seus malwares e uparem lá para testes de detecção. Todas essas informações de malwares são vendidas para empresas de AV, EDR, IDS e etc.
[EN]
VirusTotal is a subsidiary of Chronicle Security, which is a Google company. Never be so stupid as to write your malware and upload it there for detection tests. All this malware information is sold to AV, EDR, IDS companies.
[EN]
VirusTotal is a subsidiary of Chronicle Security, which is a Google company. Never be so stupid as to write your malware and upload it there for detection tests. All this malware information is sold to AV, EDR, IDS companies.
Em breve farei upload de mais materiais, essas ultimas semanas meu tempo foi muito ocupado.
Google: YouTube lento para todos que bloqueiam anúncios de publicidade
▶️Os usuários do Reddit descobriram que o Google fez alterações no código do YouTube, fazendo com que os vídeos da plataforma carregassem mais lentamente em navegadores com bloqueadores de anúncios ativos.
▶️O problema foi percebido pela primeira vez no Firefox, onde o YouTube começou a carregar 5 segundos mais lento que no Chrome.
▶️Os usuários da extensão uBlock Origin desenvolveram um filtro especial que permite contornar o carregamento lento de vídeos no YouTube.
#Google #YouTube #AdBlockers
▶️Os usuários do Reddit descobriram que o Google fez alterações no código do YouTube, fazendo com que os vídeos da plataforma carregassem mais lentamente em navegadores com bloqueadores de anúncios ativos.
▶️O problema foi percebido pela primeira vez no Firefox, onde o YouTube começou a carregar 5 segundos mais lento que no Chrome.
▶️Os usuários da extensão uBlock Origin desenvolveram um filtro especial que permite contornar o carregamento lento de vídeos no YouTube.
#Google #YouTube #AdBlockers
This media is not supported in your browser
VIEW IN TELEGRAM
Leaking ASCII Kernel Data
SLAM exploits unmasked gadgets to let a userland process leak arbitrary ASCII kernel data. In the demo below, we leak the root password hash within half a minute on a last-generation Ubuntu system, where we emulate the upcoming Intel LAM feature.
Code and data:
https://github.com/vusec/slam
SLAM exploits unmasked gadgets to let a userland process leak arbitrary ASCII kernel data. In the demo below, we leak the root password hash within half a minute on a last-generation Ubuntu system, where we emulate the upcoming Intel LAM feature.
Code and data:
https://github.com/vusec/slam
Reflective DLL and its very personal Injector
https://oldboy21.github.io/posts/2023/12/all-i-want-for-christmas-is-reflective-dll-injection/
https://github.com/oldboy21/RflDllOb
https://oldboy21.github.io/posts/2023/12/all-i-want-for-christmas-is-reflective-dll-injection/
https://github.com/oldboy21/RflDllOb
oldboy21.github.io
All I Want for Christmas is Reflective DLL Injection
Reflective DLL After some time spent on implementing a Reflective DLL and its beloved Loader/Injector I thought that it could have been a very great first topic for what it might become a long-ish series of blog posts about security, but mostly struggles…
Writing a Debugger
Part 1 - Attaching to a Process
https://www.timdbg.com/posts/writing-a-debugger-from-scratch-part-1
Part 2 - Register State and Stepping
https://www.timdbg.com/posts/writing-a-debugger-from-scratch-part-2
Part 3 - Reading Memory
https://www.timdbg.com/posts/writing-a-debugger-from-scratch-part-3
Part 4 - Exports and Private Symbols
https://www.timdbg.com/posts/writing-a-debugger-from-scratch-part-4
Part 5 - Breakpoints
https://www.timdbg.com/posts/writing-a-debugger-from-scratch-part-5
Part 6 - Stacks
https://www.timdbg.com/posts/writing-a-debugger-from-scratch-part-6
Part 1 - Attaching to a Process
https://www.timdbg.com/posts/writing-a-debugger-from-scratch-part-1
Part 2 - Register State and Stepping
https://www.timdbg.com/posts/writing-a-debugger-from-scratch-part-2
Part 3 - Reading Memory
https://www.timdbg.com/posts/writing-a-debugger-from-scratch-part-3
Part 4 - Exports and Private Symbols
https://www.timdbg.com/posts/writing-a-debugger-from-scratch-part-4
Part 5 - Breakpoints
https://www.timdbg.com/posts/writing-a-debugger-from-scratch-part-5
Part 6 - Stacks
https://www.timdbg.com/posts/writing-a-debugger-from-scratch-part-6
GTFONow
Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
#exploit
1. CVE-2023-40713:
Exploiting GOG Galaxy XPC service for privilege escalation in macOS
https://securityintelligence.com/x-force/exploiting-gog-galaxy-xpc-service-privilege-escalation-macos
2. CVE-2023-6560:
io_uring_io_uaddr_map() Dangerous Multi-Page Handling
https://packetstormsecurity.com/files/176405/io_uring-__io_uaddr_map-Dangerous-Multi-Page-Handling.html
3. CVE-2022-36267:
Airspan AirSpot 5410 - Unauth Remote CI
https://github.com/0xNslabs/CVE-2022-36267-PoC
1. CVE-2023-40713:
Exploiting GOG Galaxy XPC service for privilege escalation in macOS
https://securityintelligence.com/x-force/exploiting-gog-galaxy-xpc-service-privilege-escalation-macos
2. CVE-2023-6560:
io_uring_io_uaddr_map() Dangerous Multi-Page Handling
https://packetstormsecurity.com/files/176405/io_uring-__io_uaddr_map-Dangerous-Multi-Page-Handling.html
3. CVE-2022-36267:
Airspan AirSpot 5410 - Unauth Remote CI
https://github.com/0xNslabs/CVE-2022-36267-PoC
This media is not supported in your browser
VIEW IN TELEGRAM
CVE-2023-36003
Windows LPE XAML diagnostics API
Blog: https://m417z.com/Privilege-escalation-using-the-XAML-diagnostics-API-CVE-2023-36003/
Windows LPE XAML diagnostics API
Blog: https://m417z.com/Privilege-escalation-using-the-XAML-diagnostics-API-CVE-2023-36003/
CVE-2024-20656
PoC for Local Privilege Escalation in the VSStandardCollectorService150 Service
Blog: https://www.mdsec.co.uk/2024/01/cve-2024-20656-local-privilege-escalation-in-vsstandardcollectorservice150-service/
During this blog post we will explore the VSStandardCollectorService150 service which used for diagnostic purposes by Visual Studio and is running in NT AUTHORITY\SYSTEM context, and how it can be abused to perform arbitrary file DACL reset in order to escalate privileges.
PoC for Local Privilege Escalation in the VSStandardCollectorService150 Service
Blog: https://www.mdsec.co.uk/2024/01/cve-2024-20656-local-privilege-escalation-in-vsstandardcollectorservice150-service/
During this blog post we will explore the VSStandardCollectorService150 service which used for diagnostic purposes by Visual Studio and is running in NT AUTHORITY\SYSTEM context, and how it can be abused to perform arbitrary file DACL reset in order to escalate privileges.
Ataque DDoS em um site a partir de um smartphone🗄
Um ataque DDoS a um site usando falhas de segurança e uma ferramenta chamada Hunner para detectar essas mesmas falhas.
Instalação:
$ pkg install git
$ pkg python
$ git clone https://github.com/b3-v3r/hunner
$ cd hunner
$ apt install repo-root
$ apt install hping3
Uso:
$ python hunner.py
Você verá um menu onde poderá selecionar funções para ataque. Se quiser realizar o mais comum, pressione “3” e depois “1”.
Um ataque DDoS a um site usando falhas de segurança e uma ferramenta chamada Hunner para detectar essas mesmas falhas.
Instalação:
$ pkg install git
$ pkg python
$ git clone https://github.com/b3-v3r/hunner
$ cd hunner
$ apt install repo-root
$ apt install hping3
Uso:
$ python hunner.py
Você verá um menu onde poderá selecionar funções para ataque. Se quiser realizar o mais comum, pressione “3” e depois “1”.