Exploiting Struts RCE on 2.5.26
for fix problem should upgrade to 2.5.30
https://mc0wn.blogspot.com/2021/04/exploiting-struts-rce-on-2526.html
for fix problem should upgrade to 2.5.30
https://mc0wn.blogspot.com/2021/04/exploiting-struts-rce-on-2526.html
Blogspot
Exploiting Struts RCE on 2.5.26
Exploiting Struts RCE on 2.5.26 Abstract Late last year, 2020, a fix for a remote code execution (RCE) vulnerability discovered by Alvaro Mu...
APT Cyber Tools Targeting ICS/SCADA Devices:
https://www.cisa.gov/uscert/ncas/alerts/aa22-103a
lateral movement and disrupt critical devices in ICS network:
https://github.com/stong/CVE-2020-15368
https://www.cisa.gov/uscert/ncas/alerts/aa22-103a
lateral movement and disrupt critical devices in ICS network:
https://github.com/stong/CVE-2020-15368
Now reFlutter not only allows you to monitor traffic, but also shows absolute offsets of the functions in the target Android or iOS application. Root is not required.
https://github.com/Impact-I/reFlutter
https://github.com/Impact-I/reFlutter
GitHub
GitHub - Impact-I/reFlutter: Flutter Reverse Engineering Framework
Flutter Reverse Engineering Framework. Contribute to Impact-I/reFlutter development by creating an account on GitHub.
This media is not supported in your browser
VIEW IN TELEGRAM
Microsoft Sharepoint RCE (CVE-2022-22005)
https://hnd3884.github.io/posts/cve-2022-22005-microsoft-sharepoint-RCE/
#sharepoint #rce
https://hnd3884.github.io/posts/cve-2022-22005-microsoft-sharepoint-RCE/
#sharepoint #rce
A proof-of-concept WordPress plugin fuzzer
https://github.com/kazet/wpgarlic#usage-cheatsheet
#wordpress #redteam #BugBounty
https://github.com/kazet/wpgarlic#usage-cheatsheet
#wordpress #redteam #BugBounty
GitHub
GitHub - kazet/wpgarlic: A proof-of-concept WordPress plugin fuzzer
A proof-of-concept WordPress plugin fuzzer. Contribute to kazet/wpgarlic development by creating an account on GitHub.
WatchGuard Pre-Auth RCE - CVE-2022-26318
https://blog.assetnote.io/2022/04/13/watchguard-firebox-rce/
#watchgaurd #rce
https://blog.assetnote.io/2022/04/13/watchguard-firebox-rce/
#watchgaurd #rce
cve-2022-29072
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.
https://github.com/kagancapar/CVE-2022-29072
#7zip #lpe
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.
https://github.com/kagancapar/CVE-2022-29072
#7zip #lpe
GitHub
GitHub - kagancapar/CVE-2022-29072: 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file…
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. - kagancapar/CVE-2022-29072
Use-After-Free Exploit in HackSysExtremeVulnerableDriver
https://sophieboyle.github.io/2022/04/09/HEVD-UAF-Exploit.html
https://github.com/hacksysteam/HackSysExtremeVulnerableDriver
#LPE
https://sophieboyle.github.io/2022/04/09/HEVD-UAF-Exploit.html
https://github.com/hacksysteam/HackSysExtremeVulnerableDriver
#LPE
A Python based gitleaks wrapped tool to enable scanning of multiple Gitlab repositories in parallel.
https://github.com/codekuu/Gitlab-Scanner
#Gitlab #scanner
https://github.com/codekuu/Gitlab-Scanner
#Gitlab #scanner
GitHub
GitHub - codekuu/Gitlab-Scanner: A Python based gitleaks wrapped tool to enable scanning of multiple Gitlab repositories in parallel.
A Python based gitleaks wrapped tool to enable scanning of multiple Gitlab repositories in parallel. - codekuu/Gitlab-Scanner
This media is not supported in your browser
VIEW IN TELEGRAM
Inspired by 7-Zip CVE-2022-29072 this vulnerability also exist in XVI32
by: will dormann
https://twitter.com/wdormann/status/1516217431437500419?s=21&t=f9YqLUEf65ykpDUdF5MCYw
7zip: https://news.1rj.ru/str/Peneter_Tools/305
by: will dormann
https://twitter.com/wdormann/status/1516217431437500419?s=21&t=f9YqLUEf65ykpDUdF5MCYw
7zip: https://news.1rj.ru/str/Peneter_Tools/305
Security Researcher Maddie stone from google’s Project Zero has published a blog to review in-the-wild 0-days exploits discovered in 2021:
I added Pocs or available exploits for easier access
Blog :
https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html
Exploits:
RCE in #Apache HTTP CVE-2021-41773
https://github.com/thehackersbrain/CVE-2021-41773
14 in Google #Chrome
6 JavaScript Engine - v8 (CVE-2021-21148, CVE-2021-30551, CVE-2021-30563, CVE-2021-30632, CVE-2021-37975, CVE-2021-38003)
https://github.com/xmzyshypnc/CVE-2021-30551
https://github.com/Phuong39/PoC-CVE-2021-30632
https://github.com/github/securitylab/tree/main/SecurityExploits/Chrome/v8/CVE-2021-37975
2 DOM Engine - Blink (CVE-2021-21193 & CVE-2021-21206)
1 WebGL (CVE-2021-30554)
1 IndexedDB (CVE-2021-30633)
1 webaudio (CVE-2021-21166)
1 Portals (CVE-2021-37973)
1 Android Intents (CVE-2021-38000)
1 Core (CVE-2021-37976)
7 in Webkit #safari
4 Javanoscript Engine - JavaScript Core (CVE-2021-1870, CVE-2021-1871, CVE-2021-30663, CVE-2021-30665)
1 IndexedDB (CVE-2021-30858)
1 Storage (CVE-2021-30661)
1 Plugins (CVE-2021-1879)
4 in #IE
MSHTML browser engine (CVE-2021-26411, CVE-2021-33742, CVE-2021-40444)
Javanoscript Engine - JScript9 (CVE-2021-34448)
10 in #Windows
2 Enhanced crypto provider (CVE-2021-31199, CVE-2021-31201)
2 NTOS kernel (CVE-2021-33771, CVE-2021-31979)
2 Win32k (CVE-2021-1732, CVE-2021-40449)
https://github.com/Al1ex/WindowsElevation/tree/master/CVE-2021-1732
https://github.com/Kristal-g/CVE-2021-40449_poc
1 Windows update medic (CVE-2021-36948)
1 SuperFetch (CVE-2021-31955)
https://github.com/freeide/CVE-2021-31955-POC
1 dwmcore.dll (CVE-2021-28310)
https://github.com/Rafael-Svechinskaya/IOC_for_CVE-2021-28310/blob/main/Malicious%20Payloads
1 ntfs.sys (CVE-2021-31956)
https://github.com/aazhuliang/CVE-2021-31956-EXP
5 in #iOS and #macOS
IOMobileFrameBuffer (CVE-2021-30807, CVE-2021-30883)
https://github.com/jsherman212/iomfb-exploit
XNU Kernel (CVE-2021-1782 & CVE-2021-30869)
https://github.com/synacktiv/CVE-2021-1782
CoreGraphics (CVE-2021-30860)
https://github.com/jeffssh/CVE-2021-30860
CommCenter (FORCEDENTRY sandbox escape - CVE requested, not yet assigned)
7 in #Android
Qualcomm Adreno GPU driver (CVE-2020-11261, CVE-2021-1905, CVE-2021-1906)
ARM Mali GPU driver (CVE-2021-28663, CVE-2021-28664)
Upstream Linux kernel (CVE-2021-1048, CVE-2021-0920)
5 in Microsoft #Exchange Server
(CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065)
https://github.com/0xAbdullah/CVE-2021-26855
https://github.com/sirpedrotavares/Proxylogon-exploit
https://github.com/hictf/CVE-2021-26855-CVE-2021-27065
(CVE-2021-42321)
https://github.com/DarkSprings/CVE-2021-42321
I added Pocs or available exploits for easier access
Blog :
https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html
Exploits:
RCE in #Apache HTTP CVE-2021-41773
https://github.com/thehackersbrain/CVE-2021-41773
14 in Google #Chrome
6 JavaScript Engine - v8 (CVE-2021-21148, CVE-2021-30551, CVE-2021-30563, CVE-2021-30632, CVE-2021-37975, CVE-2021-38003)
https://github.com/xmzyshypnc/CVE-2021-30551
https://github.com/Phuong39/PoC-CVE-2021-30632
https://github.com/github/securitylab/tree/main/SecurityExploits/Chrome/v8/CVE-2021-37975
2 DOM Engine - Blink (CVE-2021-21193 & CVE-2021-21206)
1 WebGL (CVE-2021-30554)
1 IndexedDB (CVE-2021-30633)
1 webaudio (CVE-2021-21166)
1 Portals (CVE-2021-37973)
1 Android Intents (CVE-2021-38000)
1 Core (CVE-2021-37976)
7 in Webkit #safari
4 Javanoscript Engine - JavaScript Core (CVE-2021-1870, CVE-2021-1871, CVE-2021-30663, CVE-2021-30665)
1 IndexedDB (CVE-2021-30858)
1 Storage (CVE-2021-30661)
1 Plugins (CVE-2021-1879)
4 in #IE
MSHTML browser engine (CVE-2021-26411, CVE-2021-33742, CVE-2021-40444)
Javanoscript Engine - JScript9 (CVE-2021-34448)
10 in #Windows
2 Enhanced crypto provider (CVE-2021-31199, CVE-2021-31201)
2 NTOS kernel (CVE-2021-33771, CVE-2021-31979)
2 Win32k (CVE-2021-1732, CVE-2021-40449)
https://github.com/Al1ex/WindowsElevation/tree/master/CVE-2021-1732
https://github.com/Kristal-g/CVE-2021-40449_poc
1 Windows update medic (CVE-2021-36948)
1 SuperFetch (CVE-2021-31955)
https://github.com/freeide/CVE-2021-31955-POC
1 dwmcore.dll (CVE-2021-28310)
https://github.com/Rafael-Svechinskaya/IOC_for_CVE-2021-28310/blob/main/Malicious%20Payloads
1 ntfs.sys (CVE-2021-31956)
https://github.com/aazhuliang/CVE-2021-31956-EXP
5 in #iOS and #macOS
IOMobileFrameBuffer (CVE-2021-30807, CVE-2021-30883)
https://github.com/jsherman212/iomfb-exploit
XNU Kernel (CVE-2021-1782 & CVE-2021-30869)
https://github.com/synacktiv/CVE-2021-1782
CoreGraphics (CVE-2021-30860)
https://github.com/jeffssh/CVE-2021-30860
CommCenter (FORCEDENTRY sandbox escape - CVE requested, not yet assigned)
7 in #Android
Qualcomm Adreno GPU driver (CVE-2020-11261, CVE-2021-1905, CVE-2021-1906)
ARM Mali GPU driver (CVE-2021-28663, CVE-2021-28664)
Upstream Linux kernel (CVE-2021-1048, CVE-2021-0920)
5 in Microsoft #Exchange Server
(CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065)
https://github.com/0xAbdullah/CVE-2021-26855
https://github.com/sirpedrotavares/Proxylogon-exploit
https://github.com/hictf/CVE-2021-26855-CVE-2021-27065
(CVE-2021-42321)
https://github.com/DarkSprings/CVE-2021-42321
Blogspot
The More You Know, The More You Know You Don’t Know
A Year in Review of 0-days Used In-the-Wild in 2021 Posted by Maddie Stone, Google Project Zero This is our third annual year in rev...
An open source, lightweight, fast, and cross-platform website vulnerability scanning tool that helps you quickly detect potential website security risks.
https://github.com/hktalent/scan4all
https://github.com/hktalent/scan4all
GitHub
GitHub - GhostTroops/scan4all: Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints;…
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)... - ...
MalSCCM
Tooling for red teams and attackers has long since shifted to .NET, however there are very few tools publicly available for abusing SCCM, making it an attack path that may not be explored as much.
https://labs.nettitude.com/blog/introducing-malsccm/
Tooling for red teams and attackers has long since shifted to .NET, however there are very few tools publicly available for abusing SCCM, making it an attack path that may not be explored as much.
https://labs.nettitude.com/blog/introducing-malsccm/
LRQA Nettitude Labs
Introducing MalSCCM
During red team operations the goal is often to compromise a system of high value. These systems will ideally be segmented from the wider network and locked down to prevent compromise. However, the organisation still needs to be able to manage these devices…
PoC for an NTLM relay attack dubbed DFSCoerce.
The method leverages the Distributed File System: Namespace Management Protocol (MS-DFSNM) to seize control of a Windows domain.
https://github.com/Wh04m1001/DFSCoerce
The method leverages the Distributed File System: Namespace Management Protocol (MS-DFSNM) to seize control of a Windows domain.
https://github.com/Wh04m1001/DFSCoerce
GitHub
GitHub - Wh04m1001/DFSCoerce
Contribute to Wh04m1001/DFSCoerce development by creating an account on GitHub.
It's a Docker Environment for pentesting which having all the required tool for VAPT.
https://github.com/RAJANAGORI/Nightingale
Tools List:
https://owasp.org/www-project-nightingale/
https://github.com/RAJANAGORI/Nightingale
Tools List:
https://owasp.org/www-project-nightingale/
GitHub
GitHub - RAJANAGORI/Nightingale: Nightingale Docker for Pentesters is a comprehensive Dockerized environment tailored for penetration…
Nightingale Docker for Pentesters is a comprehensive Dockerized environment tailored for penetration testing and vulnerability assessment. It comes preconfigured with all essential tools and utilit...
BadUSB cable based on Attiny85 microcontroller. Emulating keyboard and mouse actions, payloads can be completely customized and can be highly targeted. Undetectable by firewalls, AV software (depending on payload of course) or visual inspection
#redteam
https://github.com/joelsernamoreno/BadUSB-Cable
#redteam
https://github.com/joelsernamoreno/BadUSB-Cable
GitHub
GitHub - joelsernamoreno/BadUSB-Cable: BadUSB cable project
BadUSB cable project. Contribute to joelsernamoreno/BadUSB-Cable development by creating an account on GitHub.
JetBrains TeamCity - account takeover via CSRF in GitHub authentication (PoC)
https://github.com/yuriisanin/CVE-2022-24342
https://github.com/yuriisanin/CVE-2022-24342
GitHub
GitHub - yuriisanin/CVE-2022-24342: PoC for CVE-2022-24342: account takeover via CSRF in GitHub authentication
PoC for CVE-2022-24342: account takeover via CSRF in GitHub authentication - yuriisanin/CVE-2022-24342