TGAlertsBot

Каналингиз репостлари ва эсловлари ҳақида хабар беради.

SearcheeBot

Telegram-каналлар оламидаги сизнинг йўлбошчингиз.

Telegram Analytics

TGStat хизмати янгиликларидан бохабар бўлиш учун обуна бўл!

TGStat Bot

Telegram'дан чиқмай туриб каналлар статистикасини олиш

Statistika Saralanganlar

1N73LL1G3NC3

Kanal geosi va tili: ko‘rsatilmagan, Inglizcha

Toifa: Darknet

Any misuse of this info will not be the responsibility of the author, educational purposes only.
Admin: @X0red

Связанные каналы | Похожие каналы

Kanal geosi va tili

ko‘rsatilmagan, Inglizcha

Toifa

Darknet

Statistika

Postlar filtri

O‘chirilganlarni yashirish

Repostlarni yashirish

1N73LL1G3NC3

14 Jun, 18:06

CVE-2024-28995: High-Severity Directory Traversal Vulnerability affecting SolarWinds Serv-U.

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.

POC: https://github.com/rapid7/metasploit-framework/pull/19255

Query:
Hunter: protocol.banner="Serv-U FTP"
FOFA: app="SolarWinds-Serv-U-FTP"
SHODAN: product:"Serv-U ftpd"

2.3k 1 58

1N73LL1G3NC3

14 Jun, 12:02

RdpStrike

Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP

The RdpStrike is basically a mini project I built to dive deep into Positional Independent Code (PIC) referring to a blog post , chained with RdpThief tool. The project aims to extract clear text passwords from mstsc.exe, and the shellcode uses Hardware Breakpoint to hook APIs. It is a complete positional independent code, and when the shellcode injects into the mstsc.exe process, it is going to put Hardware Breakpoint onto three different APIs (SspiPrepareForCredRead, CryptProtectMemory, and CredIsMarshaledCredentialW), ultimately capturing any clear-text credentials and then saving them to a file. An aggressor script makes sure to monitor for new processes; if the process mstsc is spawned, it injects the shellcode into it.

1.2k 0 43

1N73LL1G3NC3

14 Jun, 07:13

00:08

Video oldindan ko‘rish uchun mavjud emas

Telegram'da ko‘rish

CVE-2024-29855 Veeam Recovery Orchestrator Authentication Bypass

Veeam Recovery Orchestrator is affected by an authentication bypass allowing an unauthenticated attacker to bypass the authentication and log in to the Veeam Recovery Orchestrator web UI with administrator privilges. the CVSS for this vulnerability is 9.0

Technical Analysis: https://summoning.team/blog/veeam-recovery-Orchestrator-auth-bypass-CVE-2024-29855/

1.3k 0 20

1N73LL1G3NC3

13 Jun, 18:13

Offensive Twitter dan repost

😈 [ 𝙻𝚊𝚠𝚛𝚎𝚗𝚌𝚎 @zux0x3a ]

Released .NET tool for extracting Windows Defender exclusions & ASR rules! 🌟

🔹 Works from low user context .
🔹 Supports local & remote queries
🔹 Extracts paths from Event ID 5007 and ASR from Event ID 1121 using regex
🔹 Enumerates ASR rules from MSFT_MpPreference WMI class(works perfectly from low user context as well).
🔹 Displays results in a clean, tabulated format
works smoothly with inline-assembly!

🔗 https://github.com/0xsp-SRD/MDE_Enum

🐥 [ tweet ]

1.2k 0 14

1N73LL1G3NC3

13 Jun, 14:43

CVE-2024-26229-BOF (Windows LPE)

Beacon Object File (BOF) implementations from NVISO of CVE-2024-26229 for Cobalt Strike and BruteRatel.

1.3k 0 30

1N73LL1G3NC3

11 Jun, 22:01

00:16

Video oldindan ko‘rish uchun mavjud emas

Telegram'da ko‘rish

Progressive Web Apps (PWAs) Phishing

More fake URL bars :)

A user lands on index.html and clicks the "Install Microsoft Application" button. The install app prompt appears and once it is installed by the user, the JavaScript embedded in index.html redirects the PWA window to the phishing page that hase a fake URL bar at the top (i.e. mrd0x.html). Ensure that you're testing this over HTTPS to avoid encountering issues.

POC: https://github.com/mrd0x/PWA-Phishing

1.7k 0 67

1N73LL1G3NC3

11 Jun, 12:10

CVE-2024-23692: Unauthenticated RCE Flaw in Rejetto HTTP File Server

It allows remote attackers to execute arbitrary code on affected servers without authentication, potentially leading to data breaches, ransomware attacks, and complete system compromise.

Blog: https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/

Query:
Hunter: /product.name="HTTP File Server" and web.body="Rejetto"
FOFA: product="HFS"
SHODAN: product:"HttpFileServer httpd"

1.7k 0 41

1N73LL1G3NC3

11 Jun, 10:24

CVE-2024-26229 Windows LPE (PoC)

Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code in the csc.sys driver

2.4k 0 65

1N73LL1G3NC3

10 Jun, 12:52

APT dan repost

🖥 Veeam Enterprise Manager Authentication Bypass

May 21st, Veeam published an advisory stating that all the versions BEFORE Veeam Backup Enterprise Manager 12.1.2.172 is affected by an authentication bypass allowing an unauthenticated attacker to bypass the authentication and log in to the Veeam Backup Enterprise Manager web interface as any user. , the CVSS for this vulnerability is 9.8.

🔗 Source:
https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/

🔗 PoC:
https://github.com/sinsinology/CVE-2024-29849

#veeam #authentication #bypass #cve

1.4k 0 23

1N73LL1G3NC3

10 Jun, 07:06

@0xcc00/bypassing-edr-ntds-dit-protection-using-blueteam-tools-1d161a554f9f' rel='nofollow'>Bypassing EDR NTDS.dit protection using BlueTeam tools.

During an internal penetration test, Cortex EDR was installed in the domain controller. After obtaining Domain Admin privileges on the network, the EDR blocked all known attempts to extract the NTDS hashes. In this article, I'll share a technique I used to bypass this obstacle.

1.8k 0 50

1N73LL1G3NC3

8 Jun, 11:56

Disable-TamperProtection

A POC to disable TamperProtection and other Defender / MDE components

It is possible to abuse SYSTEM / TrustedInstaller privileges to tamper or delete WdFilter settings (ALTITUDE regkey) and unload the kernel minidriver to disable Tamper protection and other Defender components. This also affects Microsoft's Defender for Endpoint (MDE), blinding MDE of telemetry and activity performed on a target.

An example, to use the POC is as follows:
1 — Unload WdFilter
2 — Disable Tamper Protection
3 — Disable Defender / MDE components
4 — Reinstate / restore the WdFilter

Blog: Breaking through Defender's Gates - Disabling Tamper Protection and other Defender components

POC Demo: https://youtu.be/MI6aVDHRix8

This vulnerability, during testing was found to affect the following versions of Windows:
• Windows Server 2022 until BuildLabEx Version: 20348.1.amd64fre.fe_release.210507-1500 (April 2024 update)
• Windows Server 2019
• Windows 10 until BuildLabEx Version: 19041.1.amd64fre.vb_release.191206-1406 (April 2024 update)
• Windows 11 until BuildLabEx Version: 22621.1.amd64fre.ni_release.220506-1250 (Sep 2023 update).

2.1k 0 41

1N73LL1G3NC3

7 Jun, 17:32

Two weeks before the launch of Rarecall on the new Copilot+ PCs on June 18, Recall was beaten and spat on. While everyone is looking forward to the release of this Spyware from Microsoft, here are some memes about the current situation.

1.8k 0 29

1N73LL1G3NC3

7 Jun, 13:23

CVE-2024-27348 Apache HugeGraph Server RCE Scanner

The Scanner will run 4 commands on the target (host,ping,curl,wget), As in case one of the utilities not found.

You can read the analysis for the vulnerability from here: https://blog.securelayer7.net/remote-code-execution-in-apache-hugegraph/

Query:
Hunter: /product.name="Apache HugeGraph"
FOFA: app="HugeGraph-Studio"
SHODAN: http.title:"HugeGraph"

1.9k 0 35

1N73LL1G3NC3

7 Jun, 12:41

00:08

Video oldindan ko‘rish uchun mavjud emas

Telegram'da ko‘rish

PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC

This vulnerability affects all versions of PHP installed on the Windows operating system:
PHP 8.3 < 8.3.8
PHP 8.2 < 8.2.20
PHP 8.1 < 8.1.29

2.2k 0 47

1N73LL1G3NC3

7 Jun, 12:03

CVE-2024-4577 Yet Another PHP RCE (Argument Injection in PHP-CGI)

PHP overlooked the Best-Fit character conversion feature in Windows during its design. When PHP-CGI runs on the Windows platform and uses specific code pages (Simplified Chinese 936, Traditional Chinese 950, Japanese 932, etc.), attackers can craft malicious requests to bypass the CVE-2012-1823 patch. This allows them to execute arbitrary PHP code without the need for authentication.

Query:
Hunter: header.server="PHP"
FOFA: app="XAMPP"
FOFA: server="PHP"
SHODAN: server: PHP

1.8k 0 56

1N73LL1G3NC3

7 Jun, 10:13

NetExec #335 Add Recall module for dumping all users Microsoft Recall DBs & screenshots

You can now remotely dump Recall data over the internet from Linux etc.

1.8k 0 42

1N73LL1G3NC3

6 Jun, 22:06

Passive Aggression

This repo contains test samples and proof-of-concept code for achieving passive persistence in Active Directory (AD) environments, even after remediation efforts. Some of these techniques may result in an eternal persistence scenario, where an attacker does not need to have access to domain controllers or domain joined machines, allowing them to continuously persist in the network without detection.

Blog:
• How to achieve eternal persistence in an Active Directory environment - Part 1
• How to Achieve Eternal Persistence Part 2: Outliving the Krbtgt Password Reset
• How to Achieve Eternal Persistence Part 3: How to access and recover replicated secrets

2k 0 76

1N73LL1G3NC3

6 Jun, 11:30

TotalRecall

This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.

2.1k 0 49

1N73LL1G3NC3

4 Jun, 13:01

Offensive Twitter dan repost

😈 [ Rémi GASCOU (Podalirius) @podalirius_ ]

smbclient-ng is finally out! 🥳

Discover lots of features, additional modules, autocompletion, recursive get and recursive put, colors and progress bars!

🔗 https://github.com/p0dalirius/smbclient-ng

🐥 [ tweet ]

1.8k 0 11

1N73LL1G3NC3

4 Jun, 08:26

Progress Telerik Report Server pre-authenticated RCE chain (CVE-2024-4358/CVE-2024-1800)

Technical Analysis: https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800/

The deserialization issue was discovered and reported by an anonymous researcher, but no PoC was published (until now) due to the complexity of the vulnerability, in this blog post I’ll detail the full chain pre-authenticated Remote Code Execution, first I’ll begin with explaining the entire internals of the Telerik Report Server Custom Serializer and how it’s possible to achieve arbitrary command execution by exploiting a very interesting flaw in the mechanics of the serializer, then I’ll continue to explain the authentication bypass that I’ve discovered that was overlooked by the initial researcher.

Query:
Hunter: /product.name="Telerik report server"
FOFA: app="Telerik-Report-Server"
SHODAN: http.title:"Telerik report server"

Molding lies into reality || Exploiting CVE-2024-4358

Progress Report Server Unauthenticated Remote Code Execution Chain

2.2k 0 26

20 ta oxirgi post ko‘rsatilgan.

6 525

obunachilar

Kanal statistikasi

Kanalda mashhur

Pwning the Domain: AD CS (Active Directory Certificate Services) Domain Escalation: • ESC 1 (...

CVE-2024-22120: Time Based SQL Injection in Zabbix Server Audit Log Zabbix server can perform co...

CookieKatz Dump cookies directly from Chrome, Edge, or Msedgewebview2 process memory. Chromium-b...

CVE-2024-21683 Authenticated Remote Code Execution in Atlassian Confluence Read: https://realalp...

TrollUAC • .NET library that serves as a UAC bypass for x64 • Any* process with the uiAccess f...