Forwarded from Caster
Caster - MikroTik Nightmare (LIVE SET)
Genre: Offensive
Subgenre: Security Issues, Penetration Testing, Pivoting, Experimental, Post-Exploitation
Label: OFFZONE 2023
Release Date: 24 August 2023
https://www.youtube.com/watch?v=hkl1arlmedw
Genre: Offensive
Subgenre: Security Issues, Penetration Testing, Pivoting, Experimental, Post-Exploitation
Label: OFFZONE 2023
Release Date: 24 August 2023
https://www.youtube.com/watch?v=hkl1arlmedw
YouTube
Caster . MikroTik Nightmare
MikroTik Nightmare
Caster
Эксперт по сетевой безопасности
Авторское исследование о безопасности оборудования MikroTik в жанре offensive. Будут рассмотрены недостатки безопасности RouterOS, техники пивотинга, постэксплуатации, MitM‑атак, угона трафика, а…
Caster
Эксперт по сетевой безопасности
Авторское исследование о безопасности оборудования MikroTik в жанре offensive. Будут рассмотрены недостатки безопасности RouterOS, техники пивотинга, постэксплуатации, MitM‑атак, угона трафика, а…
😭1
Forwarded from OFFZONE
Привет. Спишь?)
А мы тут записи докладов и презентации к ним выложили:
— Track 1,
— Track 2,
— Community Track,
— AppSec.Zone,
— AntiFraud.Zone,
— CTF.Zone.
Сохраняйте себе и делитесь с друзьями!®️
А мы тут записи докладов и презентации к ним выложили:
— Track 1,
— Track 2,
— Community Track,
— AppSec.Zone,
— AntiFraud.Zone,
— CTF.Zone.
Сохраняйте себе и делитесь с друзьями!
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
Омар Ганиев . Взломать По‑старому Нельзя Взломать По‑новому
Взломать По‑старому Нельзя Взломать По‑новому
Омар Ганиев
Основатель, DeteAct
Кибербезопасность — производная от технологий. Новые технологии создают новые угрозы и новые векторы атак.
Этот итеративный прогресс часто происходит незаметно от нас. Оглянувшись…
Омар Ганиев
Основатель, DeteAct
Кибербезопасность — производная от технологий. Новые технологии создают новые угрозы и новые векторы атак.
Этот итеративный прогресс часто происходит незаметно от нас. Оглянувшись…
👍1
Forwarded from Волосатый бублик
[ GITLAB ]
CVE-2023-5009 (CVSS v3.1 score: 9.6)https://www.bleepingcomputer.com/news/security/gitlab-urges-users-to-install-security-updates-for-critical-pipeline-flaw/
Forwarded from Pwn3rzs
Acunetix v23.8.230905089 - 05 Sep 2023
Windows:
See
Enjoy!
NOTE:
The issue "job_not_found" seemed to be caused by Defender in place, since the binary is packed to avoid leechers / skids.
You should add it to exceptions (best solution) or disable AV (not really good)
Changelog:
Too long for post, refer here:
Windows:
https://ponies.cloud/scanner_web/acunetix/Acunetix-v23.8-Windows-Pwn3rzs-CyberArsenal.rar
Password: Pwn3rzs
Setup:See
README.txt Enjoy!
NOTE:
The issue "job_not_found" seemed to be caused by Defender in place, since the binary is packed to avoid leechers / skids.
You should add it to exceptions (best solution) or disable AV (not really good)
Changelog:
Too long for post, refer here:
https://www.acunetix.com/changelogs/acunetix-premium/v23-8-230905089-5-september-2023/Forwarded from C.I.T. Security
Github dorks
https://github.com/techgaun/github-dorks
https://github.com/jcesarstef/ghhdb-Github-Hacking-Database
https://github.com/H4CK3RT3CH/github-dorks
https://github.com/Vaidik-pandya/Github_recon_dorks/blob/main/gitdork.txt (for finding files)
Shodan dorks
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/1-part-100-article/google/Shodan%20Queries.txt
https://github.com/humblelad/Shodan-Dorks
https://github.com/AustrianEnergyCERT/ICS_IoT_Shodan_Dorks
https://github.com/lothos612/shodan
https://github.com/jakejarvis/awesome-shodan-queries
https://github.com/IFLinfosec/shodan-dorks
https://www.osintme.com/index.php/2021/01/16/ultimate-osint-with-shodan-100-great-shodan-queries/
Netlas dorks
https://github.com/netlas-io/netlas-dorks
Censys dorks
https://github.com/thehappydinoa/awesome-censys-queries
Virus Total dorks
https://github.com/Neo23x0/vti-dorks
Binary Edge + Shodan + Google
https://github.com/iGotRootSRC/Dorkers
Google, Bing, Ecosia, Yahoo or Yandex
https://github.com/Zarcolio/sitedorks
Google dorks
https://github.com/BullsEye0/google_dork_list
https://github.com/sushiwushi/bug-bounty-dorks
https://github.com/rootac355/SQL-injection-dorks-list
https://github.com/unexpectedBy/SQLi-Dork-Repository
https://github.com/thomasdesr/Google-dorks
https://github.com/arimogi/Google-Dorks
https://github.com/aleedhillon/7000-Google-Dork-List
Onion dorks
Dorks for searching .onion sites saved in oniline proxies services https://github.com/cipher387/Dorks-collections-list/blob/main/onion.txt
CCTV dorks
Dorks for search CCTV cams admin panels https://github.com/cipher387/Dorks-collections-list/blob/main/cctv.txt
Camera dorks from @tru_1veresk https://github.com/iveresk/camera_dorks/blob/main/dorks.json
Google Dorks of Live Webcams, CCTV etc. (from d4msec) https://d4msec.wordpress.com/2015/09/05/google-dorks-of-live-webcams-cctv-etc-google-unsecured-ip-cameras/
Backlink dorks
List https://github.com/alfazzafashion/Backlink-dorks
Explanation https://www.techywebtech.com/2021/08/backlink-dorks.html
1150 dorks for forum hunting https://www.blackhatworld.com/seo/get-backlinks-yourself-1150-dorks-for-forum-hunting.380843/
Token dorks
Discord Bots Tokens https://github.com/traumatism/get-discord-bots-tokens-with-google
Hidden files dorks
Universal for Google, Bing etc
https://github.com/0xAbbarhSF/Info-Sec-Dork-List/blob/main/hidden_files_dork.txt
Admin panel dorks
https://github.com/cyberm0n/admin-panel-dorks/blob/main/dorks.txt
SQL injection dorks
SQL injection dorks for goverment sites https://github.com/readloud/Google-Hacking-Database-GHDB/blob/main/sql_gov_dorks.txt
SQL injection dorks 2019 https://github.com/readloud/Google-Hacking-Database-GHDB/blob/main/sqli_dork_2019.txt
Linkedin dorks (Google X-Ray search for Linkedin)
Linkedin X-Ray search queries and tools https://github.com/krlabs/linkedin-dorks
Carding dorks
1170 carding dorks https://pastebin.com/GYXLqgU0
17K carding dorks 2019 https://pastebin.com/fgdZxy74
Gaming dorks
7K Gaming Dorks From My Shop https://pastebin.com/ajuixpY2
Minecraft https://pastebin.com/ssNgdTkC
Shopping dorks
10k Amazon dorks https://pastebin.com/1HrmzFre
820 shopping Dorks for SQLi https://pastebin.com/1kED1FDX
Cryptocurrency dorks
15K dorks to find vulnerable pages related to cryptocurrency exchanges, cryptocurrency payments, etc. https://www.scribd.com/document/384770530/15k-Btc-Dorks
18K Bitcoin and other cryptocurency related dorks https://pdfcoffee.com/18k-bitcoin-dorks-list--3-pdf-free.html
Bug Bounty Dorks
https://github.com/hackingbharat/bug-bounty-dorks-archive/blob/main/bbdorks
https://github.com/Vinod-1122/bug-bounty-dorks/blob/main/Dorks.txt
GIT files Dorks
https://github.com/Proviesec/google-dorks/blob/main/google-dorks-for-git-files.txt
Log files Dorks
https://github.com/Proviesec/google-dorks/blob/main/google-dorks-best-log.txt
CMS Dorks
Wordpress https://pastebin.com/A9dsmgHQ
Magento https://pastebin.com/k75Y2QhF
Joomla https://pastebin.com/vVQFTzVC
Cloud instance dorks
https://github.com/techgaun/github-dorks
https://github.com/jcesarstef/ghhdb-Github-Hacking-Database
https://github.com/H4CK3RT3CH/github-dorks
https://github.com/Vaidik-pandya/Github_recon_dorks/blob/main/gitdork.txt (for finding files)
Shodan dorks
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/1-part-100-article/google/Shodan%20Queries.txt
https://github.com/humblelad/Shodan-Dorks
https://github.com/AustrianEnergyCERT/ICS_IoT_Shodan_Dorks
https://github.com/lothos612/shodan
https://github.com/jakejarvis/awesome-shodan-queries
https://github.com/IFLinfosec/shodan-dorks
https://www.osintme.com/index.php/2021/01/16/ultimate-osint-with-shodan-100-great-shodan-queries/
Netlas dorks
https://github.com/netlas-io/netlas-dorks
Censys dorks
https://github.com/thehappydinoa/awesome-censys-queries
Virus Total dorks
https://github.com/Neo23x0/vti-dorks
Binary Edge + Shodan + Google
https://github.com/iGotRootSRC/Dorkers
Google, Bing, Ecosia, Yahoo or Yandex
https://github.com/Zarcolio/sitedorks
Google dorks
https://github.com/BullsEye0/google_dork_list
https://github.com/sushiwushi/bug-bounty-dorks
https://github.com/rootac355/SQL-injection-dorks-list
https://github.com/unexpectedBy/SQLi-Dork-Repository
https://github.com/thomasdesr/Google-dorks
https://github.com/arimogi/Google-Dorks
https://github.com/aleedhillon/7000-Google-Dork-List
Onion dorks
Dorks for searching .onion sites saved in oniline proxies services https://github.com/cipher387/Dorks-collections-list/blob/main/onion.txt
CCTV dorks
Dorks for search CCTV cams admin panels https://github.com/cipher387/Dorks-collections-list/blob/main/cctv.txt
Camera dorks from @tru_1veresk https://github.com/iveresk/camera_dorks/blob/main/dorks.json
Google Dorks of Live Webcams, CCTV etc. (from d4msec) https://d4msec.wordpress.com/2015/09/05/google-dorks-of-live-webcams-cctv-etc-google-unsecured-ip-cameras/
Backlink dorks
List https://github.com/alfazzafashion/Backlink-dorks
Explanation https://www.techywebtech.com/2021/08/backlink-dorks.html
1150 dorks for forum hunting https://www.blackhatworld.com/seo/get-backlinks-yourself-1150-dorks-for-forum-hunting.380843/
Token dorks
Discord Bots Tokens https://github.com/traumatism/get-discord-bots-tokens-with-google
Hidden files dorks
Universal for Google, Bing etc
https://github.com/0xAbbarhSF/Info-Sec-Dork-List/blob/main/hidden_files_dork.txt
Admin panel dorks
https://github.com/cyberm0n/admin-panel-dorks/blob/main/dorks.txt
SQL injection dorks
SQL injection dorks for goverment sites https://github.com/readloud/Google-Hacking-Database-GHDB/blob/main/sql_gov_dorks.txt
SQL injection dorks 2019 https://github.com/readloud/Google-Hacking-Database-GHDB/blob/main/sqli_dork_2019.txt
Linkedin dorks (Google X-Ray search for Linkedin)
Linkedin X-Ray search queries and tools https://github.com/krlabs/linkedin-dorks
Carding dorks
1170 carding dorks https://pastebin.com/GYXLqgU0
17K carding dorks 2019 https://pastebin.com/fgdZxy74
Gaming dorks
7K Gaming Dorks From My Shop https://pastebin.com/ajuixpY2
Minecraft https://pastebin.com/ssNgdTkC
Shopping dorks
10k Amazon dorks https://pastebin.com/1HrmzFre
820 shopping Dorks for SQLi https://pastebin.com/1kED1FDX
Cryptocurrency dorks
15K dorks to find vulnerable pages related to cryptocurrency exchanges, cryptocurrency payments, etc. https://www.scribd.com/document/384770530/15k-Btc-Dorks
18K Bitcoin and other cryptocurency related dorks https://pdfcoffee.com/18k-bitcoin-dorks-list--3-pdf-free.html
Bug Bounty Dorks
https://github.com/hackingbharat/bug-bounty-dorks-archive/blob/main/bbdorks
https://github.com/Vinod-1122/bug-bounty-dorks/blob/main/Dorks.txt
GIT files Dorks
https://github.com/Proviesec/google-dorks/blob/main/google-dorks-for-git-files.txt
Log files Dorks
https://github.com/Proviesec/google-dorks/blob/main/google-dorks-best-log.txt
CMS Dorks
Wordpress https://pastebin.com/A9dsmgHQ
Magento https://pastebin.com/k75Y2QhF
Joomla https://pastebin.com/vVQFTzVC
Cloud instance dorks
GitHub
GitHub - techgaun/github-dorks: Find leaked secrets via github search
Find leaked secrets via github search. Contribute to techgaun/github-dorks development by creating an account on GitHub.
Forwarded from Кавычка (Bo0oM)
#bitrix 🚨 🚨 🚨
Уязвимость модуля landing системы управления содержимым сайтов (CMS) 1С-Битрикс: Управление, позволяющая нарушителю выполнить команды ОС на уязвимом узле, получить контроль над ресурсами и проникнуть во внутреннюю сеть.
Bitrix > 23.850.0
RCE, CVSS 10/10
Удаляем модуль landing, если не используется. Обновляем до версии 23.850.0 и выше, если используется.
BDU:2023-05857
Че, пацаны, анимэ?
Уязвимость модуля landing системы управления содержимым сайтов (CMS) 1С-Битрикс: Управление, позволяющая нарушителю выполнить команды ОС на уязвимом узле, получить контроль над ресурсами и проникнуть во внутреннюю сеть.
Bitrix > 23.850.0
RCE, CVSS 10/10
Удаляем модуль landing, если не используется. Обновляем до версии 23.850.0 и выше, если используется.
BDU:2023-05857
Че, пацаны, анимэ?
Please open Telegram to view this post
VIEW IN TELEGRAM
🤯2👾1
#pentest #web
В свете последних событий, вдруг кто-то собирается удивить нас новыми уязвимостями в Битриксе, держите исходники
https://gitlab.com/alexprowars/bitrix/-/tree/master
В свете последних событий, вдруг кто-то собирается удивить нас новыми уязвимостями в Битриксе, держите исходники
https://gitlab.com/alexprowars/bitrix/-/tree/master
GitLab
Files · master · Aleksey Bobkov / bitrix · GitLab
История версий 1С-Битрикс
#pentest #web
It uses massdns, a powerful stub DNS resolver, to perform bulk lookups. With the proper bandwidth and a good list of public resolvers, it can resolve millions of queries in just a few minutes. Unfortunately, the results from massdns are only as good as the answers provided by the public resolvers. The results are often polluted by wrong DNS answers and false positives from wildcard subdomains.
Examples of usage:
purednspuredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.
It uses massdns, a powerful stub DNS resolver, to perform bulk lookups. With the proper bandwidth and a good list of public resolvers, it can resolve millions of queries in just a few minutes. Unfortunately, the results from massdns are only as good as the answers provided by the public resolvers. The results are often polluted by wrong DNS answers and false positives from wildcard subdomains.
Examples of usage:
puredns resolve domains.txt
puredns bruteforce wordlist.txt domain.com --resolvers public.txt
cat domains.txt | puredns resolve
GithubGitHub
GitHub - d3mondev/puredns: Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard…
Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries. - d3mondev/puredns
^ Как однажды писал @RalfHackerChannel
1) Собрать публичные резолверы через dnsvalidator
3) Пустить
Получится шикарный инструмент для сбора поддоменов!
1) Собрать публичные резолверы через dnsvalidator
(dnsvalidator -tL https://public-dns.info/nameservers.txt -threads 100 -o resolvers.txt)
2) Взять какой-нибудь большой словарик отсюда3) Пустить
puredns bruteforce wordlist.txt domain (резолверы с файла resolvers.txt тулза подтянет автоматически)Получится шикарный инструмент для сбора поддоменов!
Forwarded from PT SWARM
This media is not supported in your browser
VIEW IN TELEGRAM
🔥 We have reproduced the fresh CVE-2023-42793 in JetBrains TeamCity.
Authentication bypass allows an external attacker to gain administrative access to the server and execute any commands on it.
Update your software ASAP!
Authentication bypass allows an external attacker to gain administrative access to the server and execute any commands on it.
Update your software ASAP!
🔥1
Forwarded from SHADOW:Group
💻 Что поискать на сайте с IIS?
1. Используем shortscan, для поиска коротких (а по возможности и полных) имен файлов и расширений.
2. Проверяем наличие реверс прокси и пробуем directory traversal:
Подробнее можно почитать тут.
3. Когда удастся получить раскрытие файлов, смотрим ключи в
4. Пробуем грузить файлы
#web #iis #rce
1. Используем shortscan, для поиска коротких (а по возможности и полных) имен файлов и расширений.
2. Проверяем наличие реверс прокси и пробуем directory traversal:
/backend/ -> 10.0.0.1/api//backend/..%2Ftest -> 10.0.0.1/testПодробнее можно почитать тут.
3. Когда удастся получить раскрытие файлов, смотрим ключи в
web.conf и пробуем получить RCE через дисериализацию. Почитать об этом тут.4. Пробуем грузить файлы
.asp, .aspx, .ashx и тд (полный список тут)#web #iis #rce
Please open Telegram to view this post
VIEW IN TELEGRAM
