RTU NEWS


Гео и язык канала: не указан, не указан
Категория: не указана



Гео и язык канала
не указан, не указан
Категория
не указана
Статистика
Фильтр публикаций








WordPress EC2 Instance: A Step-by-Step Guide

Step 1: Identify a Vulnerable Plugin
🕵️‍♀️ Vulnerability Discovery:

Research: Use vulnerability databases like CVE Details or exploit databases to find known vulnerabilities in popular WordPress plugins.
Plugin Scanning: Employ vulnerability scanners or manual techniques to identify outdated or vulnerable plugins on the target WordPress site.
Step 2: Exploit the Vulnerability
🥷 Exploitation:

Unauthenticated Privilege Escalation:
If you've found a plugin like "Essential Addons for Elementor" with known vulnerabilities, exploit it to gain unauthorized access to the WordPress admin panel.
This could involve sending crafted HTTP requests or exploiting insecure input validation and sanitization.
Step 3: Upload a Web Shell
🛡 Payload Delivery:

Web Shell Upload:
Once you have gained access to the WordPress admin panel, upload a malicious PHP file (e.g., b374k shell) to the server.
This shell will provide a backdoor for remote code execution.
Step 4: Access AWS Metadata Service (IMDSv2)
🔑 Credential Retrieval:

Leverage Instance Metadata:
Use the uploaded web shell to access the AWS Instance Metadata Service (IMDSv2).
This service provides information about the EC2 instance, including IAM roles and security credentials.
Step 5: Configure a Profile
⚙️ Profile Configuration:

Create a New Profile:
Use the retrieved credentials to create a new AWS profile.
This profile will allow you to access other AWS services associated with the EC2 instance.
Step 6: Retrieve the Flag from S3 Bucket
🏆 Flag Retrieval:

Access S3 Bucket:
Use the newly created AWS profile to access the S3 bucket where the flag is stored.
Download the flag file and analyze its contents.








🛡️ Palo Alto PAN-OS Pre-Auth RCE Chain (CVE-2024-0012 & CVE-2024-9474)

A critical vulnerability chain in Palo Alto PAN-OS, combining an authentication bypass (CVE-2024-0012) and a command injection flaw (CVE-2024-9474) in the management web interface, allows unauthenticated attackers to execute arbitrary code with root privileges.

🛠 Affected Versions:
— PAN-OS 11.2 (up to and including 11.2.4-h1)
— PAN-OS 11.1 (up to and including 11.1.5-h1)
— PAN-OS 11.0 (up to and including 11.0.6-h1)
— PAN-OS 10.2 (up to and including 10.2.12-h2)

🔗 Research:
https://labs.watchtowr.com/pots-and-pans-ssl-vpn-palo-alto-pan-os-cve-2024-0012-cve-2024-9474/

🔗 PoC:
https://github.com/watchtowrlabs/palo-alto-panos-cve-2024-0012


EmbedPayloadInPng

Embed a payload within a PNG file by splitting the payload across multiple IDAT sections. Each section is encrypted individually using its own 16-byte key with the RC4 encryption algorithm.




SCCMVNC

A tool to modify SCCM remote control settings on the client machine, enabling remote control without permission prompts or notifications. This can be done without requiring access to SCCM server.

Blog: Abuse SCCM Remote Control as Native VNC

P.S. This technique could then be useful for lateral movement or shadow monitoring through ports 135 and 2701.


Psudohash

A password list generator for orchestrating brute force attacks and cracking hashes. It imitates certain password creation patterns commonly used by humans, like substituting a word's letters with symbols or numbers (leet), using char-case variations, adding a common padding before or after the main passphrase and more. It is keyword-based and highly customizable. Generates millions of keyword-based password mutations in seconds.


Black Hat Purple Teaming

Download : https://teraboxapp.com/s/12HJlVI2zVCaW4gi-J2YADw


SANS 565 - Red Team Operations and Adversary Emulation 2023

https://teraboxapp.com/s/1LZdZ0qdUdhd8Kt8lmAxOFA


Pentester Academy - Windows Forensics

https://teraboxapp.com/s/1lRJ31zJIyn4XGBqwp0VlFw


Wifi Hacking Series For Red Teamers & Pentesters

https://teraboxapp.com/s/1PiG9qi5qwvwZ23SS8hBEmw


SEC560: Enterprise Penetration Testing

https://teraboxapp.com/s/1_X-Q1PqvKtrv5bp19T18TQ


MalTraK Academy - In-Dept
Red Teaming: APT & Adversary Simulation(2023)

Download: https://teraboxapp.com/s/1MMrM4KJFTX6eKocnFupScw


OffSec OSEP- Certified Experienced Pentester Training Bundle 2023 PDF+VIDEO+EXAM Report

Download: https://teraboxapp.com/s/1aXdqTciXqHu5LzQiPm3b7Q



Показано 20 последних публикаций.