Remote Code Execution in cdnjs of CloudFlare
https://blog.ryotak.me/post/cdnjs-remote-code-execution-en/
#RCE #cdnjs #cloudflare
https://blog.ryotak.me/post/cdnjs-remote-code-execution-en/
#RCE #cdnjs #cloudflare
blog.ryotak.net
Remote code execution in cdnjs of Cloudflare
Preface
(日本語版も公開されています。)
Cloudflare, which runs cdnjs, is running a “Vulnerability Disclosure Program” on HackerOne, which allows hackers to perform vulnerability assessments.
This article describes vulnerabilities reported through this program and published…
(日本語版も公開されています。)
Cloudflare, which runs cdnjs, is running a “Vulnerability Disclosure Program” on HackerOne, which allows hackers to perform vulnerability assessments.
This article describes vulnerabilities reported through this program and published…
#BurpHacksForBounties - Day 15/30
Macros in Burp Suite by akshita_infosec. I could not have explained it better than she did. Nice work :)
https://akshita-infosec.medium.com/burp-macros-what-why-how-151df8901641
#infosec #appsec #bugbounties #bugbountytips #burp
Macros in Burp Suite by akshita_infosec. I could not have explained it better than she did. Nice work :)
https://akshita-infosec.medium.com/burp-macros-what-why-how-151df8901641
#infosec #appsec #bugbounties #bugbountytips #burp
WiFiDemon
iOS WiFi RCE 0-Day Vulnerability & a 'Zero-Click' Vulnerability That was Silently Patched
https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/
#0day #ios #rce
iOS WiFi RCE 0-Day Vulnerability & a 'Zero-Click' Vulnerability That was Silently Patched
https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/
#0day #ios #rce
Jamf
Jamf Threat Labs | Blog
Nim on the Attack
Process Injection Using Nim and the Windows API
https://huskyhacks.dev/2021/07/17/nim-exploit-dev/
#redteam #winapi #injection #nim
Process Injection Using Nim and the Windows API
https://huskyhacks.dev/2021/07/17/nim-exploit-dev/
#redteam #winapi #injection #nim
Reconflow
This is all in one tool for gathering reconnaissance information about a target without the hassle of installing multiple tools and their dependencies & also presents you the results to your telegram chat.
https://github.com/adarshshetty18/reconflow
#recon #bugbounty #telegram
This is all in one tool for gathering reconnaissance information about a target without the hassle of installing multiple tools and their dependencies & also presents you the results to your telegram chat.
https://github.com/adarshshetty18/reconflow
#recon #bugbounty #telegram
GitHub
GitHub - adarshshetty18/reconflow: Reconflow is all in one tool for gathering reconnaissance information about a target in a penetration…
Reconflow is all in one tool for gathering reconnaissance information about a target in a penetration test - adarshshetty18/reconflow
#BurpHacksForBounties - Tip 16/30
Host Header Hacks with Burp Suite's repeater. For webserver, serving requests through reverse proxy, don't forget to try this technique out. Learnt from @lbinowax
Quick read and How to 👇🏼
#infosec #appsec #burp #bugbounties #bugbountytips
Host Header Hacks with Burp Suite's repeater. For webserver, serving requests through reverse proxy, don't forget to try this technique out. Learnt from @lbinowax
Quick read and How to 👇🏼
#infosec #appsec #burp #bugbounties #bugbountytips
Let see this for blogspot.com, this is a reverse proxy setting that checks subdomains and routes them accordingly, now let's change the host for it.
IMG 1 : Target = Host
IMG 2 : Target != Host, but still the request is routed through the host.
IMG 1 : Target = Host
IMG 2 : Target != Host, but still the request is routed through the host.
PetitPotam
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw function.
https://github.com/topotam/PetitPotam
#pentest #PetitPotam #rcp
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw function.
https://github.com/topotam/PetitPotam
#pentest #PetitPotam #rcp
GitHub
GitHub - topotam/PetitPotam: PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw…
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions. - topotam/PetitPotam
#BurpHacksForBounties - Day 18/30
Do you want to filter the responses in Burp Suite Intruder? And only show the ones which have specific pattern present in response?
If yes try this 👇🏻 🧵
#appsec #infosec #bugbountytips #bugbountytip #burp
Do you want to filter the responses in Burp Suite Intruder? And only show the ones which have specific pattern present in response?
If yes try this 👇🏻 🧵
#appsec #infosec #bugbountytips #bugbountytip #burp
1. Create a filter for intruder response.
2. Start the payload
3. If the response contains the string you entered in "grep" that will show up in an extra column.
-> You can only focus on the response you are looking for.
2. Start the payload
3. If the response contains the string you entered in "grep" that will show up in an extra column.
-> You can only focus on the response you are looking for.
Burp Suite - ninja tricks
https://owasp.org/www-chapter-norway/assets/files/Burp%20suite%20ninja%20moves.pdf
#burp #tricks #BugBounty
https://owasp.org/www-chapter-norway/assets/files/Burp%20suite%20ninja%20moves.pdf
#burp #tricks #BugBounty
🔥 HiveNightmare 🔥
Exploit allowing you to read registry hives and SAM data (sensitive) in Windows 10, as well as the SYSTEM and SECURITY hives as non-admin.
This exploit uses VSC to extract the SAM, SYSTEM, and SECURITY hives even when in use, and saves them in current directory as HIVENAME-haxx, for use with whatever cracking tools, or whatever, you want.
https://github.com/GossiTheDog/HiveNightmare
#redteam #pentest #vuln #nightmare
Exploit allowing you to read registry hives and SAM data (sensitive) in Windows 10, as well as the SYSTEM and SECURITY hives as non-admin.
This exploit uses VSC to extract the SAM, SYSTEM, and SECURITY hives even when in use, and saves them in current directory as HIVENAME-haxx, for use with whatever cracking tools, or whatever, you want.
https://github.com/GossiTheDog/HiveNightmare
#redteam #pentest #vuln #nightmare
GitHub
GitHub - GossiTheDog/HiveNightmare: Exploit allowing you to read registry hives as non-admin on Windows 10 and 11
Exploit allowing you to read registry hives as non-admin on Windows 10 and 11 - GossiTheDog/HiveNightmare
#BurpHacksForBounties - Tip 19/30
Adding your own scan rules to Burp Suite active/passive scanner. Include custom checks in scanner for #bugbounties without writing a single line of code.
Using a plugin developed by @BurpBounty @egarme
#infosec #appsec #burp #bugbountytips
Adding your own scan rules to Burp Suite active/passive scanner. Include custom checks in scanner for #bugbounties without writing a single line of code.
Using a plugin developed by @BurpBounty @egarme
#infosec #appsec #burp #bugbountytips
Plugin name: BurpBounty Scan Check Builder.
It is fairly easy-to-use plugin. Install from BApp Store, create a check with simple name. Give it a severity, check enter the req/res you want to perform/check and enable it. ❤️
It is fairly easy-to-use plugin. Install from BApp Store, create a check with simple name. Give it a severity, check enter the req/res you want to perform/check and enable it. ❤️