#exploit
1. CVE-2023-40713:
Exploiting GOG Galaxy XPC service for privilege escalation in macOS
https://securityintelligence.com/x-force/exploiting-gog-galaxy-xpc-service-privilege-escalation-macos
2. CVE-2023-6560:
io_uring_io_uaddr_map() Dangerous Multi-Page Handling
https://packetstormsecurity.com/files/176405/io_uring-__io_uaddr_map-Dangerous-Multi-Page-Handling.html
3. CVE-2022-36267:
Airspan AirSpot 5410 - Unauth Remote CI
https://github.com/0xNslabs/CVE-2022-36267-PoC
1. CVE-2023-40713:
Exploiting GOG Galaxy XPC service for privilege escalation in macOS
https://securityintelligence.com/x-force/exploiting-gog-galaxy-xpc-service-privilege-escalation-macos
2. CVE-2023-6560:
io_uring_io_uaddr_map() Dangerous Multi-Page Handling
https://packetstormsecurity.com/files/176405/io_uring-__io_uaddr_map-Dangerous-Multi-Page-Handling.html
3. CVE-2022-36267:
Airspan AirSpot 5410 - Unauth Remote CI
https://github.com/0xNslabs/CVE-2022-36267-PoC
This media is not supported in your browser
VIEW IN TELEGRAM
CVE-2023-36003
Windows LPE XAML diagnostics API
Blog: https://m417z.com/Privilege-escalation-using-the-XAML-diagnostics-API-CVE-2023-36003/
Windows LPE XAML diagnostics API
Blog: https://m417z.com/Privilege-escalation-using-the-XAML-diagnostics-API-CVE-2023-36003/
CVE-2024-20656
PoC for Local Privilege Escalation in the VSStandardCollectorService150 Service
Blog: https://www.mdsec.co.uk/2024/01/cve-2024-20656-local-privilege-escalation-in-vsstandardcollectorservice150-service/
During this blog post we will explore the VSStandardCollectorService150 service which used for diagnostic purposes by Visual Studio and is running in NT AUTHORITY\SYSTEM context, and how it can be abused to perform arbitrary file DACL reset in order to escalate privileges.
PoC for Local Privilege Escalation in the VSStandardCollectorService150 Service
Blog: https://www.mdsec.co.uk/2024/01/cve-2024-20656-local-privilege-escalation-in-vsstandardcollectorservice150-service/
During this blog post we will explore the VSStandardCollectorService150 service which used for diagnostic purposes by Visual Studio and is running in NT AUTHORITY\SYSTEM context, and how it can be abused to perform arbitrary file DACL reset in order to escalate privileges.
Ataque DDoS em um site a partir de um smartphone🗄
Um ataque DDoS a um site usando falhas de segurança e uma ferramenta chamada Hunner para detectar essas mesmas falhas.
Instalação:
$ pkg install git
$ pkg python
$ git clone https://github.com/b3-v3r/hunner
$ cd hunner
$ apt install repo-root
$ apt install hping3
Uso:
$ python hunner.py
Você verá um menu onde poderá selecionar funções para ataque. Se quiser realizar o mais comum, pressione “3” e depois “1”.
Um ataque DDoS a um site usando falhas de segurança e uma ferramenta chamada Hunner para detectar essas mesmas falhas.
Instalação:
$ pkg install git
$ pkg python
$ git clone https://github.com/b3-v3r/hunner
$ cd hunner
$ apt install repo-root
$ apt install hping3
Uso:
$ python hunner.py
Você verá um menu onde poderá selecionar funções para ataque. Se quiser realizar o mais comum, pressione “3” e depois “1”.
Privilege escalation using the XAML diagnostics API (CVE-2023-36003)
https://m417z.com/Privilege-escalation-using-the-XAML-diagnostics-API-CVE-2023-36003/
https://m417z.com/Privilege-escalation-using-the-XAML-diagnostics-API-CVE-2023-36003/
M417Z
Privilege escalation using the XAML diagnostics API (CVE-2023-36003)
This is a write-up of a vulnerability that I discovered in Windows. The vulnerability was patched in December’s Patch Tuesday, and the CVE assigned to it is CVE-2023-36003. The vulnerability allows a non-elevated process to inject a DLL into an elevated or…
Demonized Shell
Advanced Tool for persistence in linux.
https://github.com/MatheuZSecurity/D3m0n1z3dShell
Advanced Tool for persistence in linux.
https://github.com/MatheuZSecurity/D3m0n1z3dShell
Acunetix Linux v23.11.0 - 23 Nov 2023
Download:
Too long for a post, refer here:
Enjoy!
Download:
https://ponies.cloud/scanner_web/acunetix/Acunetix-v23.11.231123131-Linux-Pwn3rzs-CyberArsenal.7z
Password: Pwn3rzs
Changelog:Too long for a post, refer here:
https://www.acunetix.com/changelogs/acunetix-premium/v23-11-0-november-2023/
Enjoy!
Fortify SCA 23.2
Windows:
SCA:
Tools:
Mac:
SCA:
Tools:
Linux:
SCA:
Tools:
Crack & License file:
Rules:
Enjoy!
Windows:
SCA:
https://ponies.cloud/source_code_analysis/fortifySCA/win/Fortify_SCA_23.2.0_Windows.zip
Tools:
https://ponies.cloud/source_code_analysis/fortifySCA/win/Fortify_Tools_23.2.0_Windows.zip
Mac:
SCA:
https://ponies.cloud/source_code_analysis/fortifySCA/osx/Fortify_SCA_23.2.0_Mac.tar.gz
Tools:
https://ponies.cloud/source_code_analysis/fortifySCA/osx/Fortify_Tools_23.2.0_Mac.tar.gz
Linux:
SCA:
https://ponies.cloud/source_code_analysis/fortifySCA/lin/Fortify_SCA_23.2.0_Linux.tar.gz
Tools:
https://ponies.cloud/source_code_analysis/fortifySCA/lin/Fortify_Tools_23.2.0_Linux.tar.gz
Crack & License file:
https://ponies.cloud/source_code_analysis/fortifySCA/Fortify_SCA_23.2_Crack_pwn3rzs_cyberarsenal.7z
Rules:
https://ponies.cloud/source_code_analysis/fortifySCA/FortifyRules_2023.3.0.0006_en.zip
Password
:
Pwn3rzs
Read the README.txt file
Enjoy!
CVE-2023-21823:
Windows Graphics Component RCE
https://github.com/Elizarfish/CVE-2023-21823
CVE-2023-6875:
WordPress POST SMTP Mailer 2.8.7 Authorization Bypass / Cross Site Scripting
https://github.com/UlyssesSaicha/CVE-2023-6875
Windows Graphics Component RCE
https://github.com/Elizarfish/CVE-2023-21823
CVE-2023-6875:
WordPress POST SMTP Mailer 2.8.7 Authorization Bypass / Cross Site Scripting
https://github.com/UlyssesSaicha/CVE-2023-6875
(Remote Code Execution) Vulnerability In #Confluence Data Center and Confluence Server with #CVSS v3: 10/10
Severity:
Atlassian rates the severity level of this vulnerability as critical (10.0 with the following vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) per our internal assessment.
This is our assessment, and you should evaluate its applicability to your own IT environment.
Affected Versions:
This RCE (Remote Code Execution) vulnerability affects out-of-date Confluence Data Center and Server 8 versions released before Dec. 5, 2023 as well as 8.4.5 which no longer receives backported fixes in accordance with our Security Bug Fix Policy. Atlassian recommends patching to the latest version.
Note: 7.19.x LTS versions are not affected by this vulnerability
Product
Confluence Data Center and Server
Affected Versions
8.0.x
8.1.x
8.2.x
8.3.x
8.4.x
8.5.0-8.5.3
https://www.opencve.io/cve/CVE-2023-22527
https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html
PoC: https://github.com/Avento/CVE-2023-22527_Confluence_RCE
Severity:
Atlassian rates the severity level of this vulnerability as critical (10.0 with the following vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) per our internal assessment.
This is our assessment, and you should evaluate its applicability to your own IT environment.
Affected Versions:
This RCE (Remote Code Execution) vulnerability affects out-of-date Confluence Data Center and Server 8 versions released before Dec. 5, 2023 as well as 8.4.5 which no longer receives backported fixes in accordance with our Security Bug Fix Policy. Atlassian recommends patching to the latest version.
Note: 7.19.x LTS versions are not affected by this vulnerability
Product
Confluence Data Center and Server
Affected Versions
8.0.x
8.1.x
8.2.x
8.3.x
8.4.x
8.5.0-8.5.3
https://www.opencve.io/cve/CVE-2023-22527
https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html
PoC: https://github.com/Avento/CVE-2023-22527_Confluence_RCE
Acunetix Windows v24.1 - 11 Jan 2024
Download:
Too long for a post, refer here:
Enjoy!
Download:
https://ponies.cloud/scanner_web/acunetix/Acunetix-v24.1.240111130-Windows-Pwn3rzs-CyberArsenal.rar
Password: Pwn3rzs
Changelog:Too long for a post, refer here:
https://www.acunetix.com/changelogs/acunetix-premium/v24-1-11-january-2024/
Enjoy!
CVE-2024-20656: Windows LPE in the VSStandardCollectorService150 service
Blog: https://www.mdsec.co.uk/2024/01/cve-2024-20656-local-privilege-escalation-in-vsstandardcollectorservice150-service/
PoC: https://github.com/Wh04m1001/CVE-2024-20656
Blog: https://www.mdsec.co.uk/2024/01/cve-2024-20656-local-privilege-escalation-in-vsstandardcollectorservice150-service/
PoC: https://github.com/Wh04m1001/CVE-2024-20656
Forwarded from The Intercept BR
#QuemMatouMarielle: Ronnie Lessa delatou Domingos Brazão como mandante da morte de Marielle Franco
Por @TheInterceptBr
Por @TheInterceptBr
Intercept Brasil
Domingos Brazão é delatado como mandante da morte de Marielle
Ronnie Lessa, ex-PM preso pela execução, afirmou em delação que crime foi encomendado em março de 2018.
CVE-2023-46316:
Traceroute Privilege Escalation
https://packetstormsecurity.com/files/176660/Traceroute-2.1.2-Privilege-Escalation.html
Linux Kernel GSM Multiplexing Race Condition LPE Vulnerability
https://github.com/Nassim-Asrir/ZDI-24-020
]-> scripts for automatically extracting symbol offsets for Ubuntu/CentOS/RHEL kernels:
https://github.com/Nassim-Asrir/ZDI-24-020/tree/main/symbols
Traceroute Privilege Escalation
https://packetstormsecurity.com/files/176660/Traceroute-2.1.2-Privilege-Escalation.html
Linux Kernel GSM Multiplexing Race Condition LPE Vulnerability
https://github.com/Nassim-Asrir/ZDI-24-020
]-> scripts for automatically extracting symbol offsets for Ubuntu/CentOS/RHEL kernels:
https://github.com/Nassim-Asrir/ZDI-24-020/tree/main/symbols
Private Bug Hunting Methodology
https://github.com/WadQamar10/My-Hunting-Methodology-/tree/main
https://github.com/WadQamar10/My-Hunting-Methodology-/tree/main
GitHub
GitHub - wadgamaraldeen/My-Hunting-Methodology-: My Private Bug Hunting Methodology
My Private Bug Hunting Methodology . Contribute to wadgamaraldeen/My-Hunting-Methodology- development by creating an account on GitHub.
Forwarded from Sputnik Brasil
🚨📱Mídia: PF apreende celulares e notebooks pertencentes a Abin na casa do ex-diretor Ramagem
A Polícia Federal apreendeu seis celulares e quatro notebooks no apartamento funcional do deputado federal Alexandre Ramagem (PL-RJ), sendo que um notebook e um celular encontrados sob posse do parlamentar ainda pertencem à Agência Brasileira de Inteligência (Abin).
A informação foi noticiada pelo jornal O Globo nesta quinta-feira (25). Também foram apreendidos 20 pen-drives e documentos relacionados à agência na residência, além de computadores e documentos no gabinete do parlamentar que também é ex-diretor-geral da Abin.
Mas cedo, de acordo com a PF, também foram feitas buscas em domicílios de servidores suspeitos de envolvimento em atividades de espionagem ilegal. Ao todo foram cumpridas 21 mandados de busca e apreensão em Brasília-DF (18), Juiz de Fora-MG (1), São João Del Rei-MG (1) e Rio de Janeiro-RJ (1).
Siga a @sputnikbrasil no Telegram e tenha acesso a temas não abordados pela grande mídia brasileira
A Polícia Federal apreendeu seis celulares e quatro notebooks no apartamento funcional do deputado federal Alexandre Ramagem (PL-RJ), sendo que um notebook e um celular encontrados sob posse do parlamentar ainda pertencem à Agência Brasileira de Inteligência (Abin).
A informação foi noticiada pelo jornal O Globo nesta quinta-feira (25). Também foram apreendidos 20 pen-drives e documentos relacionados à agência na residência, além de computadores e documentos no gabinete do parlamentar que também é ex-diretor-geral da Abin.
Mas cedo, de acordo com a PF, também foram feitas buscas em domicílios de servidores suspeitos de envolvimento em atividades de espionagem ilegal. Ao todo foram cumpridas 21 mandados de busca e apreensão em Brasília-DF (18), Juiz de Fora-MG (1), São João Del Rei-MG (1) e Rio de Janeiro-RJ (1).
Siga a @sputnikbrasil no Telegram e tenha acesso a temas não abordados pela grande mídia brasileira