CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177: Linux OpenPrinting CUPS RCE
blog: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
PoC: https://github.com/RickdeJager/cupshax
patch:
sudo systemctl stop cups-browsed
sudo systemctl disable cups-browsed
blog: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
PoC: https://github.com/RickdeJager/cupshax
patch:
sudo systemctl stop cups-browsed
sudo systemctl disable cups-browsed
evilsocket
Attacking UNIX Systems via CUPS, Part I
👍4
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine
Part 1
https://www.ambionics.io/blog/iconv-cve-2024-2961-p1
Part 2
https://www.ambionics.io/blog/iconv-cve-2024-2961-p2
Part 3
https://www.ambionics.io/blog/iconv-cve-2024-2961-p3
Part 1
https://www.ambionics.io/blog/iconv-cve-2024-2961-p1
Part 2
https://www.ambionics.io/blog/iconv-cve-2024-2961-p2
Part 3
https://www.ambionics.io/blog/iconv-cve-2024-2961-p3
Ambionics
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)
A few months ago, I stumbled upon a 24 years old buffer overflow in the glibc, the base library for linux programs. Despite being reachable in multiple well-known libraries or executables, it proved rarely exploitable — while it didn't provide much leeway…
👍3❤1
CVE-2024-7479 & CVE-2024-7481: TeamViewer User to Kernel LPE
PoC: https://youtu.be/lUkAMAK-TPI
exploit: https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481
PoC: https://youtu.be/lUkAMAK-TPI
exploit: https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481
YouTube
TeamViewer User to Kernel Privilege Escalation PoC - CVE-2024-7479 & CVE-2024-7481 - Short Demo
https://www.cve.org/CVERecord?id=CVE-2024-7479
https://www.cve.org/CVERecord?id=CVE-2024-7481
https://www.zerodayinitiative.com/advisories/ZDI-24-1289/
https://www.zerodayinitiative.com/advisories/ZDI-24-1290/
https://www.teamviewer.com/en/resources/trust…
https://www.cve.org/CVERecord?id=CVE-2024-7481
https://www.zerodayinitiative.com/advisories/ZDI-24-1289/
https://www.zerodayinitiative.com/advisories/ZDI-24-1290/
https://www.teamviewer.com/en/resources/trust…
🔥4👌1
Bounty Security Releases GBounty: Our Web Scanning Tools Are Now Open Source
https://bountysecurity.ai/blogs/news/bounty-security-releases-gbounty-our-web-scanning-tools-are-now-open-source
https://bountysecurity.ai/blogs/news/bounty-security-releases-gbounty-our-web-scanning-tools-are-now-open-source
Bounty Security
Bounty Security Releases GBounty: Our Web Scanning Tool is Now Open Source
Bounty Security is thrilled to announce that we have open-sourced several of our flagship tools under the MIT license. This move is our way of giving back to the community that has supported us, allowing everyone to benefit from and contribute to these powerful…
👍4😍2
SIMurai is software that emulates a SIM card, which helps in fuzzing modem firmware for vulnerabilities or testing SIM spyware
Github: https://github.com/tomasz-lisowski/simurai
Paper: https://www.usenix.org/system/files/usenixsecurity24-lisowski.pdf
Presentation: https://www.usenix.org/system/files/usenixsecurity24_slides-lisowski.pdf
Github: https://github.com/tomasz-lisowski/simurai
Paper: https://www.usenix.org/system/files/usenixsecurity24-lisowski.pdf
Presentation: https://www.usenix.org/system/files/usenixsecurity24_slides-lisowski.pdf
GitHub
GitHub - tomasz-lisowski/simurai
Contribute to tomasz-lisowski/simurai development by creating an account on GitHub.
👍2
Finding #TeamViewer 0days
Part 1 - The story begins
https://pgj11.com/posts/Finding-TeamViewer-0days-Part-1
Part 2 - Reversing the Authentication Protocol
https://pgj11.com/posts/Finding-TeamViewer-0days-Part-2
Part 3 - Putting it all together. PARTY TIME
https://pgj11.com/posts/Finding-TeamViewer-0days-Part-3
Part 1 - The story begins
https://pgj11.com/posts/Finding-TeamViewer-0days-Part-1
Part 2 - Reversing the Authentication Protocol
https://pgj11.com/posts/Finding-TeamViewer-0days-Part-2
Part 3 - Putting it all together. PARTY TIME
https://pgj11.com/posts/Finding-TeamViewer-0days-Part-3
Peter Gabaldon
Finding TeamViewer 0days - Part I
Finding TeamViewer 0days. Part 1: The story begins
👍4
Silently Install Chrome Extension For Persistence
https://syntax-err0r.github.io/Silently_Install_Chrome_Extension.html
https://syntax-err0r.github.io/Silently_Install_Chrome_Extension.html
Streaming vulnerabilities from Windows Kernel - Proxying to Kernel
Part 1 (CVE-2024-30084, CVE-2024-35250):
https://devco.re/blog/2024/08/23/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part1-en
Part 2 (CVE-2024-30090):
https://devco.re/blog/2024/10/05/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part2-en
https://github.com/Dor00tkit/CVE-2024-30090
Part 1 (CVE-2024-30084, CVE-2024-35250):
https://devco.re/blog/2024/08/23/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part1-en
Part 2 (CVE-2024-30090):
https://devco.re/blog/2024/10/05/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part2-en
https://github.com/Dor00tkit/CVE-2024-30090
DEVCORE 戴夫寇爾
Streaming vulnerabilities from Windows Kernel - Proxying to Kernel - Part I | DEVCORE 戴夫寇爾
This research will discuss an overlooked attack surface that allowed us to find more than ten vulnerabilities within two months. Additionally, we will delve into a proxy-based logical vulnerability type that allows us to bypass most validations, enabling…
🔥4
GAI_for_pentest.pdf
821.3 KB
#Offensive_security
"Generative AI for pentesting: the good, the bad, the ugly", 2024.
https://github.com/TheR1D/shell_gpt
https://github.com/morpheuslord/GPT_Vuln-analyzer
"Generative AI for pentesting: the good, the bad, the ugly", 2024.
https://github.com/TheR1D/shell_gpt
https://github.com/morpheuslord/GPT_Vuln-analyzer
ChatGPT-4o Guardrail Jailbreak:
Hex Encoding for Writing CVE Exploits
https://0din.ai/blog/chatgpt-4o-guardrail-jailbreak-hex-encoding-for-writing-cve-exploits
Hex Encoding for Writing CVE Exploits
https://0din.ai/blog/chatgpt-4o-guardrail-jailbreak-hex-encoding-for-writing-cve-exploits
0din.ai
ChatGPT-4o Guardrail Jailbreak: Hex Encoding for Writing CVE Exploits
0DIN researchers have uncovered an encoding technique that allows ChatGPT-4o and other popular AI models to bypass safety mechanisms and generate exploit code.
Analysis of CVE-2024-26926
A Linux kernel bug in the Binder component primarily affecting Android devices labeled as EoP
https://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf
A Linux kernel bug in the Binder component primarily affecting Android devices labeled as EoP
https://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf
GitHub
LinuxKernel-nday/CVE-2024-26926/CVE_2024_26926_Analysis.pdf at main · MaherAzzouzi/LinuxKernel-nday
Linux Kernel N-day Exploit/Analysis. Contribute to MaherAzzouzi/LinuxKernel-nday development by creating an account on GitHub.
❤3
Frida Script Runner - Versatile web-based tool designed for Android and iOS penetration testing purposes
https://github.com/z3n70/Frida-Script-Runner
https://github.com/z3n70/Frida-Script-Runner
🔥3
Frida Script Runner is a versatile web-based tool designed for Android and iOS penetration testing purposes.
https://github.com/z3n70/Frida-Script-Runner
https://github.com/z3n70/Frida-Script-Runner
GitHub
GitHub - z3n70/Frida-Script-Runner: Web-based Frida framework and toolkit for Android & iOS penetration testing, mobile security…
Web-based Frida framework and toolkit for Android & iOS penetration testing, mobile security, and dynamic analysis, featuring AI-assisted Frida script generation. - z3n70/Frida-Script-Runner
👍3
Python implementation of GhostPack's Seatbelt situational awareness tool
https://github.com/0xthirteen/Carseat
https://github.com/0xthirteen/Carseat
GitHub
GitHub - 0xthirteen/Carseat: Python implementation of GhostPack's Seatbelt situational awareness tool
Python implementation of GhostPack's Seatbelt situational awareness tool - 0xthirteen/Carseat
🔥3🤨2
#Fortinet FortiManager Unauthenticated RCE (CVE-2024-47575)
The remote code execution vulnerability in FortiManager allows attackers to perform arbitrary operations by exploiting commands via the FGFM protocol, circumventing authentication. Referred to as FortiJump, this vulnerability provides unauthorized access to FortiManager, enabling control over FortiGate devices by taking advantage of insufficient security in command handling and device registration processes.
Affected Versions:
FortiManager 7.6.0
FortiManager 7.4.0 through 7.4.4
FortiManager 7.2.0 through 7.2.7
FortiManager 7.0.0 through 7.0.12
FortiManager 6.4.0 through 6.4.14
FortiManager 6.2.0 through 6.2.12
FortiManager Cloud 7.4.1 through 7.4.4
FortiManager Cloud 7.2.1 through 7.2.7
FortiManager Cloud 7.0.1 through 7.0.12
FortiManager Cloud 6.4
Research:
https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/
Source:
https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575
The remote code execution vulnerability in FortiManager allows attackers to perform arbitrary operations by exploiting commands via the FGFM protocol, circumventing authentication. Referred to as FortiJump, this vulnerability provides unauthorized access to FortiManager, enabling control over FortiGate devices by taking advantage of insufficient security in command handling and device registration processes.
Affected Versions:
FortiManager 7.6.0
FortiManager 7.4.0 through 7.4.4
FortiManager 7.2.0 through 7.2.7
FortiManager 7.0.0 through 7.0.12
FortiManager 6.4.0 through 6.4.14
FortiManager 6.2.0 through 6.2.12
FortiManager Cloud 7.4.1 through 7.4.4
FortiManager Cloud 7.2.1 through 7.2.7
FortiManager Cloud 7.0.1 through 7.0.12
FortiManager Cloud 6.4
Research:
https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/
Source:
https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575
watchTowr Labs
Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575
It’s been a tricky time for Fortinet (and their customers) lately - arguably, even more so than usual. Adding to the steady flow of vulnerabilities in appliances recently was a nasty CVSS 9.8 vulnerability in FortiManager, their tool for central management…
🔥5🤔2🤨2👀1
GPUAF - Two ways of Rooting All Qualcomm based Android phones
https://powerofcommunity.net/poc2024/Pan%20Zhenpeng%20&%20Jheng%20Bing%20Jhong,%20GPUAF%20-%20Two%20ways%20of%20rooting%20All%20Qualcomm%20based%20Android%20phones.pdf
https://powerofcommunity.net/poc2024/Pan%20Zhenpeng%20&%20Jheng%20Bing%20Jhong,%20GPUAF%20-%20Two%20ways%20of%20rooting%20All%20Qualcomm%20based%20Android%20phones.pdf
👍4
CVE-2024-48990: Linux LPE via needrestart
PATCHED: Nov 19, 2024
PoC: https://github.com/makuga01/CVE-2024-48990-PoC
Info: https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
PATCHED: Nov 19, 2024
PoC: https://github.com/makuga01/CVE-2024-48990-PoC
Info: https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
🔥5🤨2⚡1👍1👀1