#Caixa #RCE #Exploit
Remote Command Execution on Jboss - Banking hacking - Caixa
Basicamente a vulnerabilidade é um RCE que se encontra no sistema GRF Recursal da Caixa, onde é possivel executar códigos maliciosos de forma remota dentro do servidor. GRF ou Guia de Recolhimento do FGTS é a guia de recolhimento com código de barras para recolhimento regular do FGTS, sendo gerada logo após a transmissão do arquivo SEFIP.
http://lab.insightsecurity.com.br/remote-command-execution-on-jboss-banking-hacking-caixa/
🌐 @PR1V8
Remote Command Execution on Jboss - Banking hacking - Caixa
Basicamente a vulnerabilidade é um RCE que se encontra no sistema GRF Recursal da Caixa, onde é possivel executar códigos maliciosos de forma remota dentro do servidor. GRF ou Guia de Recolhimento do FGTS é a guia de recolhimento com código de barras para recolhimento regular do FGTS, sendo gerada logo após a transmissão do arquivo SEFIP.
http://lab.insightsecurity.com.br/remote-command-execution-on-jboss-banking-hacking-caixa/
🌐 @PR1V8
#samba #pr1v8 #old #exploit
7-Year-Old Samba Flaw Lets Hackers Access Thousands of Linux PCs Remotely
> http://thehackernews.com/2017/05/samba-rce-exploit.html
Exploit: https://www.exploit-db.com/exploits/42060/
🌐 @PR1V8
7-Year-Old Samba Flaw Lets Hackers Access Thousands of Linux PCs Remotely
> http://thehackernews.com/2017/05/samba-rce-exploit.html
Exploit: https://www.exploit-db.com/exploits/42060/
🌐 @PR1V8
#Exploit #Windows #RDP #EsteemAudit
WannaCry novamente? Exploit Windows RDP 'EsteemAudit' ainda sem patch
Com mais de 24.000 PCs ainda vulneráveis:
EsteemAudit desenvolvimento-NSA é outra perigosa ferramenta de hacking do Windows vazado pelo Shadow Brokers que explora o serviço RDP (porta 3389) em máquinas Microsoft Windows Server 2003 / Windows XP.
» http://thehackernews.com/2017/05/esteemaudit-windows-hacking.html
🌐 @PR1V8
WannaCry novamente? Exploit Windows RDP 'EsteemAudit' ainda sem patch
Com mais de 24.000 PCs ainda vulneráveis:
EsteemAudit desenvolvimento-NSA é outra perigosa ferramenta de hacking do Windows vazado pelo Shadow Brokers que explora o serviço RDP (porta 3389) em máquinas Microsoft Windows Server 2003 / Windows XP.
» http://thehackernews.com/2017/05/esteemaudit-windows-hacking.html
🌐 @PR1V8
#exploit #hacking
Executando powershell no rundll32
http://www.hacking.land/2017/06/powershdll-ejecuta-powershell-con.html?utm_source=dlvr.it&utm_medium=facebook&m=1
@PR1V8
Executando powershell no rundll32
http://www.hacking.land/2017/06/powershdll-ejecuta-powershell-con.html?utm_source=dlvr.it&utm_medium=facebook&m=1
@PR1V8
www.hacking.land
PowerShdll: Ejecuta PowerShell con rundll32
En un test de intrusión algunas veces (aunque desgraciadamente pocas) existen restricciones que permiten ejecutar powershell. Por ejempl...
#nsa #pr1v8 #shadowbrokers #exploit #windows
🇺🇸 Microsoft Releases Patches for 3 Remaining NSA Windows Exploits
> http://thehackernews.com/2017/06/important-windows-updates.html
🌐 @PR1V8
🇺🇸 Microsoft Releases Patches for 3 Remaining NSA Windows Exploits
> http://thehackernews.com/2017/06/important-windows-updates.html
🌐 @PR1V8
The Hacker News
Microsoft Releases Patches for 3 Remaining NSA Windows Exploits
Microsoft has released security updates for three remaining unpatched NSA Windows Exploits — EsteemAudit, ExplodingCan, and EnglishmanDentist
#exploit #linux #bsd #vul
🇬🇧 Vulnerabilidade de escalação de privilégios em sistemas gnu /Linux e bsds
http://thehackernews.com/2017/06/linux-root-privilege-escalation.html?m=1
🌐 @PR1V8
🇬🇧 Vulnerabilidade de escalação de privilégios em sistemas gnu /Linux e bsds
http://thehackernews.com/2017/06/linux-root-privilege-escalation.html?m=1
🌐 @PR1V8
The Hacker News
A Decade Old Unix/Linux/BSD Root Privilege-Escalation Bug Discovered
Critical Stack Clash Vulnerability Found In Unix/Linux/BSD Allows Local-to-Root Privilege Escalation
#struts #pr1v8 #exploit #db #kopimi
Apache Struts 2.5 - Remote Code Execution
exploit: https://www.exploit-db.com/exploits/42627/
noticia: https://latesthackingnews.com/2017/09/05/critical-remote-code-execution-vulnerability-in-apache/
🌐 @PR1V8
Apache Struts 2.5 - Remote Code Execution
exploit: https://www.exploit-db.com/exploits/42627/
noticia: https://latesthackingnews.com/2017/09/05/critical-remote-code-execution-vulnerability-in-apache/
🌐 @PR1V8
Latest Hacking News
Critical remote code execution vulnerability in Apache
Security researchers from lgtm.com have found a significant remote code execution security flaw (CVE-2017-9805) in Apache Struts, which is a popular open-source framework created to develop web applications in the Java programming language, which supports…
#deserialization #java #pr1v8 #exploit #entendendo #kopimi
Entendendo & praticando java deserialization exploits
// Understanding & practicing java deserialization exploits
https://diablohorn.com/2017/09/09/understanding-practicing-java-deserialization-exploits/amp/
🌐 @PR1V8
Entendendo & praticando java deserialization exploits
// Understanding & practicing java deserialization exploits
https://diablohorn.com/2017/09/09/understanding-practicing-java-deserialization-exploits/amp/
🌐 @PR1V8
DiabloHorn
Understanding & practicing java deserialization exploits
A good periodic reminder when attempting to learn things is that reading about the subject is not the same as actually practicing the subject you read about. That is why it’s always a good th…
#meltdown #pr1v8 #medium #kopimi #exploit #pr1v8
🇺🇸 Time-travelling exploits with Meltdown
https://medium.com/@pwnallthethings/time-travelling-exploits-with-meltdown-1189548f1e1d
🌐 @PR1V8
🇺🇸 Time-travelling exploits with Meltdown
https://medium.com/@pwnallthethings/time-travelling-exploits-with-meltdown-1189548f1e1d
🌐 @PR1V8
Medium
Time-travelling exploits with Meltdown
This past week there’s been a lot of speculation over two new processor vulnerabilities called Meltdown and Spectre. In this post I’ll talk…
#reverseng #pr1v8 #vault7 #analysis #exploit #kopimi
Reverse engineering of Mikrotik exploit from Vault 7 CIA Leaks
https://github.com/BigNerd95/Chimay-Red
🌐 @PR1V8
Reverse engineering of Mikrotik exploit from Vault 7 CIA Leaks
https://github.com/BigNerd95/Chimay-Red
🌐 @PR1V8
GitHub
GitHub - BigNerd95/Chimay-Red: Working POC of Mikrotik exploit from Vault 7 CIA Leaks
Working POC of Mikrotik exploit from Vault 7 CIA Leaks - BigNerd95/Chimay-Red
#ssrf #php #pr1v8 #exploit #kopimi
PHP SSRF Techniques
How to bypass filter_var(), preg_match() and parse_url()
https://medium.com/secjuice/php-ssrf-techniques-9d422cb28d51
🌐 @PR1V8
PHP SSRF Techniques
How to bypass filter_var(), preg_match() and parse_url()
https://medium.com/secjuice/php-ssrf-techniques-9d422cb28d51
🌐 @PR1V8
Medium
PHP SSRF Techniques
How to bypass filter_var(), preg_match() and parse_url()
#cisco #exploit #pr1v8 #learn #development #kopimi
1-day exploit development for Cisco IOS
https://media.ccc.de/v/34c3-8936-1-day_exploit_development_for_cisco_ios
🌐 @PR1V8
1-day exploit development for Cisco IOS
https://media.ccc.de/v/34c3-8936-1-day_exploit_development_for_cisco_ios
🌐 @PR1V8
media.ccc.de
1-day exploit development for Cisco IOS
Year 2017 was rich in vulnerabilities discovered for Cisco networking devices. At least 3 vulnerabilities leading to a remote code execut...
#openssh #exploit #enum #kopimi #ssh #cve
a new exploit for CVE-2018-15473 OpenSSH Username Enumeration
https://github.com/Rhynorater/CVE-2018-15473-Exploit
🌐 @PR1V8
a new exploit for CVE-2018-15473 OpenSSH Username Enumeration
https://github.com/Rhynorater/CVE-2018-15473-Exploit
🌐 @PR1V8
GitHub
GitHub - Rhynorater/CVE-2018-15473-Exploit: Exploit written in Python for CVE-2018-15473 with threading and export formats
Exploit written in Python for CVE-2018-15473 with threading and export formats - Rhynorater/CVE-2018-15473-Exploit
#exploit #database #search #hacking #infosec #kopimi #tools #toolist
Sploitus | Exploits & Tools Search Engine
https://sploitus.com/
🌐 @PR1V8
Sploitus | Exploits & Tools Search Engine
https://sploitus.com/
🌐 @PR1V8
Sploitus
💀 Sploitus | Exploits & Tools Search Engine
Sploitus is a convenient central place for identifying the newest exploits and finding attacks that exploit known vulnerabilities. The search engine is also a good resource for finding security and vulnerability discovery tools.
#exploit #osint #bruteforce #inteligence #operations #OWASP
OWASP D4N155 - It's an information security audit tool that creates intelligent wordlists based on the content of the target page and Google hacking attack
https://github.com/OWASP/D4N155
OWASP D4N155 - It's an information security audit tool that creates intelligent wordlists based on the content of the target page and Google hacking attack
https://github.com/OWASP/D4N155
GitHub
GitHub - OWASP/D4N155: OWASP D4N155 - Intelligent and dynamic wordlist using OSINT
OWASP D4N155 - Intelligent and dynamic wordlist using OSINT - OWASP/D4N155