Forwarded from Cybred
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
Fedora 37 и 38, Ubuntu 22.04 и 23.04, Debian 12 и 13, и все остальные дистрибутивы, использующие Glibc.
Проверить у себя
Fedora 37 и 38, Ubuntu 22.04 и 23.04, Debian 12 и 13, и все остальные дистрибутивы, использующие Glibc.
Проверить у себя
env -i "GLIBC_TUNABLES=glibc.malloc.mxfast=glibc.malloc.mxfast=A" "Z=`printf '%08192x' 1`" /usr/bin/su --help
Forwarded from Cybred
CVE-2023-36845
Fileless Remote Code Execution on Juniper Firewalls
Blog: https://vulncheck.com/blog/juniper-cve-2023-36845
PoC: https://github.com/kljunowsky/CVE-2023-36845
Shodan:
CVE-2023-36845 represents a notable PHP environment variable manipulation vulnerability that impacts Juniper SRX firewalls and EX switches. While Juniper has categorized this vulnerability as being of medium severity, in this article, we will elucidate how this singular vulnerability can be leveraged for remote, unauthenticated code execution.
Fileless Remote Code Execution on Juniper Firewalls
Blog: https://vulncheck.com/blog/juniper-cve-2023-36845
PoC: https://github.com/kljunowsky/CVE-2023-36845
Shodan:
title:"Juniper" http.favicon.hash:2141724739CVE-2023-36845 represents a notable PHP environment variable manipulation vulnerability that impacts Juniper SRX firewalls and EX switches. While Juniper has categorized this vulnerability as being of medium severity, in this article, we will elucidate how this singular vulnerability can be leveraged for remote, unauthenticated code execution.
VulnCheck
VulnCheck - Outpace Adversaries
Vulnerability intelligence that predicts avenues of attack with speed and accuracy.
Cybred
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt Fedora 37 и 38, Ubuntu 22.04 и 23.04, Debian 12 и 13, и все остальные дистрибутивы, использующие Glibc. Проверить у себя env -i "GLIBC_TUNABLES=gl…
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - leesh3288/CVE-2023-4911: PoC for CVE-2023-4911
PoC for CVE-2023-4911. Contribute to leesh3288/CVE-2023-4911 development by creating an account on GitHub.
Forwarded from Pwn3rzs
Acunetix Windows v23.9 - 28 Sep 2023
Download:
Password:
Setup:
See README.txt
Enjoy!
NOTE:
The job _not_found issue seems to be fixed.
Practically it was caused by the telemetry multiple fails to reach destination (since we've set it to localhost) and was restarting the whole server.
To fix you set any IP that will answer on port 443 with any status code and any ssl cert.
No need to be 200 or whatever, just to be alive and reachable.
We've set the IP to Google's ones, but you can change it to whatever you'd like.
We've tested the solution with long scans , and the issue never happened once.
Changelog:
Too long for a post, refer here:
Download:
https://ponies.cloud/scanner_web/acunetix/Acunetix-v23.9-Windows-Pwn3rzs-CyberArsenal.7zPassword:
Pwn3rzsSetup:
See README.txt
Enjoy!
NOTE:
The job _not_found issue seems to be fixed.
Practically it was caused by the telemetry multiple fails to reach destination (since we've set it to localhost) and was restarting the whole server.
To fix you set any IP that will answer on port 443 with any status code and any ssl cert.
No need to be 200 or whatever, just to be alive and reachable.
We've set the IP to Google's ones, but you can change it to whatever you'd like.
We've tested the solution with long scans , and the issue never happened once.
Changelog:
Too long for a post, refer here:
https://www.acunetix.com/changelogs/acunetix-premium/v23-9-28-september-2023/Forwarded from APT
🥔 Coerced Potato
New tool for local privilege escalation on a Windows machine, from a service account to NT SYSTEM. Should work on any recent versions of Windows.
⚙️ Tool:
https://github.com/hackvens/CoercedPotato
📝 Research:
https://blog.hackvens.fr/articles/CoercedPotato.html
#windows #lpe #seimpersonateprivilege #potato
New tool for local privilege escalation on a Windows machine, from a service account to NT SYSTEM. Should work on any recent versions of Windows.
⚙️ Tool:
https://github.com/hackvens/CoercedPotato
📝 Research:
https://blog.hackvens.fr/articles/CoercedPotato.html
#windows #lpe #seimpersonateprivilege #potato
Forwarded from #Arm1tage
Принтеры с моразмом
А ты знал, что наличие принтера в твоей сети или сети компании, которую ты тестишь, может принести нихеровый такой профит?
Есть целый список язв, которые могут возникнуть при эксплуатации принтера, такие как:
1. Вывод из строя путем DOS;
2. Эскалация привелегий;
3. Доступ к памяти и файловой системы принтера;
4. Выполнение произвольного кода;
5. И конечно же возможность напечатать всем в компании какой ты крутой пенистестер можешь поломать всех
Идентифицировать принтеры в сети можно с помощью нмапа: обычно - это 9100 порт, но тут можно посмотреть и другие порты.
Для облегчения себе жизни в эксплуатации используем популярный скрипт Printer Exploitation Toolkit (PRET), который имеет все необходимые команды для проблем выше.
Команда для подключения:
А ты знал, что наличие принтера в твоей сети или сети компании, которую ты тестишь, может принести нихеровый такой профит?
Есть целый список язв, которые могут возникнуть при эксплуатации принтера, такие как:
1. Вывод из строя путем DOS;
2. Эскалация привелегий;
3. Доступ к памяти и файловой системы принтера;
4. Выполнение произвольного кода;
5. И конечно же возможность напечатать всем в компании какой ты крутой пенистестер можешь поломать всех
Идентифицировать принтеры в сети можно с помощью нмапа: обычно - это 9100 порт, но тут можно посмотреть и другие порты.
Для облегчения себе жизни в эксплуатации используем популярный скрипт Printer Exploitation Toolkit (PRET), который имеет все необходимые команды для проблем выше.
Команда для подключения:
python3 pret.py 192.168.0.101 psТолько в образовательных целях.
Forwarded from 1N73LL1G3NC3
CVE-2023-22515 Exploit Script 🔐
This script is designed to exploit the CVE-2023-22515 vulnerability in Confluence, which allows for unauthorized access to Confluence Server and Confluence Data Center instances.
The script will provide information about the exploitation process, such as whether the vulnerability was successfully triggered, whether a new administrator was created, and whether authentication was successful.
This script is designed to exploit the CVE-2023-22515 vulnerability in Confluence, which allows for unauthorized access to Confluence Server and Confluence Data Center instances.
The script will provide information about the exploitation process, such as whether the vulnerability was successfully triggered, whether a new administrator was created, and whether authentication was successful.
GitHub
GitHub - Chocapikk/CVE-2023-22515: CVE-2023-22515: Confluence Broken Access Control Exploit
CVE-2023-22515: Confluence Broken Access Control Exploit - Chocapikk/CVE-2023-22515
Forwarded from APT
🔐 Crack.sh is dead, Long Live Shuck.sh
Recently, many of you might've noticed that Crack.sh is currently unavailable. While it's been an invaluable tool in our arsenal, the landscape is ever-changing, and we need to pivot. Meet Shuck.sh, an emerging service that offers similar capabilities, leveraging the extensive Have I Been Pwned (HIBP) database.
🚀 Key Features:
— Shuck It: Instantly shuck NetNTLMv1, PPTP VPN, and WPA-Enterprise MSCHAPv2 challenges against HIBP's NT-hash database.
— Tech Insight: Efficient binary search for DES-keys collisions from a subset of the HIBP database.
— Fast & Free: Got around 100 NetNTLMv1 challenges? Extract their corresponding NT-Hashes in roughly 10 seconds.
One significant advantage of Shuck.sh over other tools is its ability to be deployed locally. For those concerned about security and privacy, you can set up Shuck.sh on your own environment using its script from the GitHub repository.
🔗 Shuck.sh
🔗 GitHub Repository
🔗 Pwned Passwords Version 8 (Torrent)
#ntlmv1 #des #mschapv2 #bruteforce
Recently, many of you might've noticed that Crack.sh is currently unavailable. While it's been an invaluable tool in our arsenal, the landscape is ever-changing, and we need to pivot. Meet Shuck.sh, an emerging service that offers similar capabilities, leveraging the extensive Have I Been Pwned (HIBP) database.
🚀 Key Features:
— Shuck It: Instantly shuck NetNTLMv1, PPTP VPN, and WPA-Enterprise MSCHAPv2 challenges against HIBP's NT-hash database.
— Tech Insight: Efficient binary search for DES-keys collisions from a subset of the HIBP database.
— Fast & Free: Got around 100 NetNTLMv1 challenges? Extract their corresponding NT-Hashes in roughly 10 seconds.
One significant advantage of Shuck.sh over other tools is its ability to be deployed locally. For those concerned about security and privacy, you can set up Shuck.sh on your own environment using its script from the GitHub repository.
🔗 Shuck.sh
🔗 GitHub Repository
🔗 Pwned Passwords Version 8 (Torrent)
#ntlmv1 #des #mschapv2 #bruteforce
Forwarded from Golden HackSpace | Hacker notes
🔥Exploitation
Часто бывает нужным найти эксплоит под конкретную CVE или продукт. В таких случаях не стоит ограничивать себя поиском только по exploit-db.
Список баз данных, которые агрегируют в себе эксплоиты.
https://www.exploitalert.com/browse-exploit.html
https://cxsecurity.com/
https://packetstormsecurity.com/files/tags/exploit/
https://0day.today/
https://www.exploit-db.com/
https://cvexploits.io/
Репозитории, которые агрегируют PoC для различных CVE.
https://github.com/tg12/PoC_CVEs
https://github.com/nu11secur1ty/CVE-mitre
https://github.com/trickest/cve
Ресурсы, на которых можно получить информацию по конкретной CVE или уязвимостям продукта.
https://attackerkb.com/
https://cve.mitre.org/cve/
https://security.snyk.io/
https://vuldb.com/
https://www.opencve.io/
Поиск по версии продукта:
https://nvd.nist.gov/
https://www.cvedetails.com/cve/
https://vulners.com/
Также не стоит забывать про дорки:
Часто бывает нужным найти эксплоит под конкретную CVE или продукт. В таких случаях не стоит ограничивать себя поиском только по exploit-db.
Список баз данных, которые агрегируют в себе эксплоиты.
https://www.exploitalert.com/browse-exploit.html
https://cxsecurity.com/
https://packetstormsecurity.com/files/tags/exploit/
https://0day.today/
https://www.exploit-db.com/
https://cvexploits.io/
Репозитории, которые агрегируют PoC для различных CVE.
https://github.com/tg12/PoC_CVEs
https://github.com/nu11secur1ty/CVE-mitre
https://github.com/trickest/cve
Ресурсы, на которых можно получить информацию по конкретной CVE или уязвимостям продукта.
https://attackerkb.com/
https://cve.mitre.org/cve/
https://security.snyk.io/
https://vuldb.com/
https://www.opencve.io/
Поиск по версии продукта:
https://nvd.nist.gov/
https://www.cvedetails.com/cve/
https://vulners.com/
Также не стоит забывать про дорки:
CVE-2021-44228 site:github.com
#exploit #CVEForwarded from Похек (Sergey Zybnev)
#подборка #awesome
NetworkChuck
John Hammond
STÖK
LiveOverflow
The XSS rat
Sathvik Techtuber
Guided Hacking
Grant Collins
Positive Events
OFFZONE MOSCOW
PwnFunction
DEFCONConference
David Bombal
HackTricks
PayloadsAllTheThings
Xakep
Poxek
PortSwigger
SecurityLab
Codeby
Awesome DevSecOps
iOS Security Awesome
Android Security Awesome
Personal Security Checklist
RedTeam Tools
OWASP Cheat Sheet Series
six2dez pentest-book
Awesome Bugbounty Writeups
Blog INTIGRITI
PentesterLand Writeups
Pentesting AD mindmap
Conference slides
TryHackMe
HackTheBox
VulnHub
GoAD
Exploit-DB
PortSwigger Academy
bWAPP
WebGoat
OWASP Juice Shop
FVWA
Root-Me
OverTheWire
Crackmes
Atomic Red Team
Standoff КиберПолигон
HH
Хабр Карьера
BI.ZONE Bug Bounty
StandOff Bug Bounty
Yandex Bug Bounty
BUG BOUNTY RU
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1