1N73LL1G3NC3


Kanal geosi va tili: ko‘rsatilmagan, Inglizcha
Toifa: Darknet


Any misuse of this info will not be the responsibility of the author, educational purposes only.
Admin: @X0red

Связанные каналы  |  Похожие каналы

Kanal geosi va tili
ko‘rsatilmagan, Inglizcha
Toifa
Darknet
Statistika
Postlar filtri


CVE-2024-28995: High-Severity Directory Traversal Vulnerability affecting SolarWinds Serv-U.

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.

POC: https://github.com/rapid7/metasploit-framework/pull/19255

Query:
Hunter: protocol.banner="Serv-U FTP"
FOFA: app="SolarWinds-Serv-U-FTP"
SHODAN: product:"Serv-U ftpd"


RdpStrike

Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP

The RdpStrike is basically a mini project I built to dive deep into Positional Independent Code (PIC) referring to a blog post, chained with RdpThief tool. The project aims to extract clear text passwords from mstsc.exe, and the shellcode uses Hardware Breakpoint to hook APIs. It is a complete positional independent code, and when the shellcode injects into the mstsc.exe process, it is going to put Hardware Breakpoint onto three different APIs (SspiPrepareForCredRead, CryptProtectMemory, and CredIsMarshaledCredentialW), ultimately capturing any clear-text credentials and then saving them to a file. An aggressor script makes sure to monitor for new processes; if the process mstsc is spawned, it injects the shellcode into it.


Video oldindan ko‘rish uchun mavjud emas
Telegram'da ko‘rish
CVE-2024-29855 Veeam Recovery Orchestrator Authentication Bypass

Veeam Recovery Orchestrator is affected by an authentication bypass allowing an unauthenticated attacker to bypass the authentication and log in to the Veeam Recovery Orchestrator web UI with administrator privilges. the CVSS for this vulnerability is 9.0

Technical Analysis: https://summoning.team/blog/veeam-recovery-Orchestrator-auth-bypass-CVE-2024-29855/


Offensive Twitter dan repost
😈 [ 𝙻𝚊𝚠𝚛𝚎𝚗𝚌𝚎 @zux0x3a ]

Released .NET tool for extracting Windows Defender exclusions & ASR rules! 🌟

🔹 Works from low user context .
🔹 Supports local & remote queries
🔹 Extracts paths from Event ID 5007 and ASR from Event ID 1121 using regex
🔹 Enumerates ASR rules from MSFT_MpPreference WMI class(works perfectly from low user context as well).
🔹 Displays results in a clean, tabulated format
works smoothly with inline-assembly!

🔗 https://github.com/0xsp-SRD/MDE_Enum

🐥 [ tweet ]


CVE-2024-26229-BOF (Windows LPE)

Beacon Object File (BOF) implementations from NVISO of CVE-2024-26229 for Cobalt Strike and BruteRatel.


Video oldindan ko‘rish uchun mavjud emas
Telegram'da ko‘rish
Progressive Web Apps (PWAs) Phishing

More fake URL bars :)

A user lands on index.html and clicks the "Install Microsoft Application" button. The install app prompt appears and once it is installed by the user, the JavaScript embedded in index.html redirects the PWA window to the phishing page that hase a fake URL bar at the top (i.e. mrd0x.html). Ensure that you're testing this over HTTPS to avoid encountering issues.

POC: https://github.com/mrd0x/PWA-Phishing


CVE-2024-23692: Unauthenticated RCE Flaw in Rejetto HTTP File Server

It allows remote attackers to execute arbitrary code on affected servers without authentication, potentially leading to data breaches, ransomware attacks, and complete system compromise.

Blog: https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/

Query:
Hunter: /product.name="HTTP File Server" and web.body="Rejetto"
FOFA: product="HFS"
SHODAN: product:"HttpFileServer httpd"


CVE-2024-26229 Windows LPE (PoC)

Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code in the csc.sys driver


APT dan repost
🖥 Veeam Enterprise Manager Authentication Bypass

May 21st, Veeam published an advisory stating that all the versions BEFORE Veeam Backup Enterprise Manager 12.1.2.172 is affected by an authentication bypass allowing an unauthenticated attacker to bypass the authentication and log in to the Veeam Backup Enterprise Manager web interface as any user. , the CVSS for this vulnerability is 9.8.

🔗 Source:
https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/

🔗 PoC:
https://github.com/sinsinology/CVE-2024-29849

#veeam #authentication #bypass #cve


@0xcc00/bypassing-edr-ntds-dit-protection-using-blueteam-tools-1d161a554f9f' rel='nofollow'>Bypassing EDR NTDS.dit protection using BlueTeam tools.

During an internal penetration test, Cortex EDR was installed in the domain controller. After obtaining Domain Admin privileges on the network, the EDR blocked all known attempts to extract the NTDS hashes. In this article, I'll share a technique I used to bypass this obstacle.


Disable-TamperProtection

A POC to disable TamperProtection and other Defender / MDE components

It is possible to abuse SYSTEM / TrustedInstaller privileges to tamper or delete WdFilter settings (ALTITUDE regkey) and unload the kernel minidriver to disable Tamper protection and other Defender components. This also affects Microsoft's Defender for Endpoint (MDE), blinding MDE of telemetry and activity performed on a target.

An example, to use the POC is as follows:
1 — Unload WdFilter
2 — Disable Tamper Protection
3 — Disable Defender / MDE components
4 — Reinstate / restore the WdFilter

Blog: Breaking through Defender's Gates - Disabling Tamper Protection and other Defender components

POC Demo: https://youtu.be/MI6aVDHRix8

This vulnerability, during testing was found to affect the following versions of Windows:
• Windows Server 2022 until BuildLabEx Version: 20348.1.amd64fre.fe_release.210507-1500 (April 2024 update)
• Windows Server 2019
• Windows 10 until BuildLabEx Version: 19041.1.amd64fre.vb_release.191206-1406 (April 2024 update)
• Windows 11 until BuildLabEx Version: 22621.1.amd64fre.ni_release.220506-1250 (Sep 2023 update).


Two weeks before the launch of Rarecall on the new Copilot+ PCs on June 18, Recall was beaten and spat on. While everyone is looking forward to the release of this Spyware from Microsoft, here are some memes about the current situation.


CVE-2024-27348 Apache HugeGraph Server RCE Scanner

The Scanner will run 4 commands on the target (host,ping,curl,wget), As in case one of the utilities not found.

You can read the analysis for the vulnerability from here: https://blog.securelayer7.net/remote-code-execution-in-apache-hugegraph/

Query:
Hunter: /product.name="Apache HugeGraph"
FOFA: app="HugeGraph-Studio"
SHODAN: http.title:"HugeGraph"


Video oldindan ko‘rish uchun mavjud emas
Telegram'da ko‘rish
PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC

This vulnerability affects all versions of PHP installed on the Windows operating system:
PHP 8.3 < 8.3.8
PHP 8.2 < 8.2.20
PHP 8.1 < 8.1.29


CVE-2024-4577 Yet Another PHP RCE (Argument Injection in PHP-CGI)

PHP overlooked the Best-Fit character conversion feature in Windows during its design. When PHP-CGI runs on the Windows platform and uses specific code pages (Simplified Chinese 936, Traditional Chinese 950, Japanese 932, etc.), attackers can craft malicious requests to bypass the CVE-2012-1823 patch. This allows them to execute arbitrary PHP code without the need for authentication.

Query:
Hunter: header.server="PHP"
FOFA: app="XAMPP"
FOFA: server="PHP"
SHODAN: server: PHP


NetExec #335 Add Recall module for dumping all users Microsoft Recall DBs & screenshots

You can now remotely dump Recall data over the internet from Linux etc.


Passive Aggression

This repo contains test samples and proof-of-concept code for achieving passive persistence in Active Directory (AD) environments, even after remediation efforts. Some of these techniques may result in an eternal persistence scenario, where an attacker does not need to have access to domain controllers or domain joined machines, allowing them to continuously persist in the network without detection.

Blog:
• How to achieve eternal persistence in an Active Directory environment - Part 1
• How to Achieve Eternal Persistence Part 2: Outliving the Krbtgt Password Reset
• How to Achieve Eternal Persistence Part 3: How to access and recover replicated secrets


TotalRecall

This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.


Offensive Twitter dan repost
😈 [ Rémi GASCOU (Podalirius) @podalirius_ ]

smbclient-ng is finally out! 🥳

Discover lots of features, additional modules, autocompletion, recursive get and recursive put, colors and progress bars!

🔗 https://github.com/p0dalirius/smbclient-ng

🐥 [ tweet ]


Progress Telerik Report Server pre-authenticated RCE chain (CVE-2024-4358/CVE-2024-1800)

Technical Analysis: https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800/

The deserialization issue was discovered and reported by an anonymous researcher, but no PoC was published (until now) due to the complexity of the vulnerability, in this blog post I’ll detail the full chain pre-authenticated Remote Code Execution, first I’ll begin with explaining the entire internals of the Telerik Report Server Custom Serializer and how it’s possible to achieve arbitrary command execution by exploiting a very interesting flaw in the mechanics of the serializer, then I’ll continue to explain the authentication bypass that I’ve discovered that was overlooked by the initial researcher.

Query:
Hunter: /product.name="Telerik report server"
FOFA: app="Telerik-Report-Server"
SHODAN: http.title:"Telerik report server"

20 ta oxirgi post ko‘rsatilgan.