PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
https://github.com/hhlxf/PrintNightmare
#pentest
https://github.com/hhlxf/PrintNightmare
#pentest
🔥🔥🔥
Leveraging PrintNightmare to Abuse RBCD and DCSync the Domain
https://snovvcrash.github.io/2021/06/30/leveraging-printnightmare-to-abuse-rbcd.html
#pentest
Leveraging PrintNightmare to Abuse RBCD and DCSync the Domain
https://snovvcrash.github.io/2021/06/30/leveraging-printnightmare-to-abuse-rbcd.html
#pentest
snovvcrash@gh-pages:~$ _
Leveraging PrintNightmare to Abuse RBCD and DCSync the Domain
A relatively stealthy way to exploit PrintNightmare (CVE-2021-1675 / CVE-2021-34527) by configuring and abusing RBCD on a domain controller.
Microsoft warns of critical PowerShell 7 code execution vulnerability
https://www.bleepingcomputer.com/news/security/microsoft-warns-of-critical-powershell-7-code-execution-vulnerability/
#vulnerability
https://www.bleepingcomputer.com/news/security/microsoft-warns-of-critical-powershell-7-code-execution-vulnerability/
#vulnerability
BleepingComputer
Microsoft warns of critical PowerShell 7 code execution vulnerability
Microsoft warns of a critical .NET Core remote code execution vulnerability in PowerShell 7 caused by how text encoding is performed in in .NET 5 and .NET Core.
Privilege escalation with polkit
How to get root on Linux with a seven-year-old bug
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
#pentest
How to get root on Linux with a seven-year-old bug
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
#pentest
The GitHub Blog
Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug
polkit is a system service installed by default on many Linux distributions. It’s used by systemd, so any Linux distribution that uses systemd also uses polkit.
🚨🚨
I am starting the #BurpHacksForBounties series for 30 days, each day will share a Burp hack, which makes my working with Burp Suite easier.
Starting Monday. Stay tuned.
They will not be the ones you find on the internet 😉😉
#infosec #appsec #bugbounties #bugbountytips
I am starting the #BurpHacksForBounties series for 30 days, each day will share a Burp hack, which makes my working with Burp Suite easier.
Starting Monday. Stay tuned.
They will not be the ones you find on the internet 😉😉
#infosec #appsec #bugbounties #bugbountytips
#BurpHacksForBounties - Day 1/30
Turbo intruder: Power of Python with Burp Suite Intruder.
I use it to tailor my pen-testing for a specific target and targetted #bugbounty
#infosec #appsec #bugbountytips #bugbountytip #security
How to - 🧵🙃👇
Turbo intruder: Power of Python with Burp Suite Intruder.
I use it to tailor my pen-testing for a specific target and targetted #bugbounty
#infosec #appsec #bugbountytips #bugbountytip #security
How to - 🧵🙃👇
3/n
Details in comments.
Code: https://gist.github.com/r0hi7/47e3d47efaa1ee3df63a6e936dade787
Increase concurrency or can add pipeline.
Then click attack.
Details in comments.
Code: https://gist.github.com/r0hi7/47e3d47efaa1ee3df63a6e936dade787
Increase concurrency or can add pipeline.
Then click attack.
n/n
You can do almost anything with Python inside Burp.
Eg.
- Handle custom login
- Tailored testing
- Filter out requests on "interesting" responses
- Scale your testing
- Add rate limiting, pipeline, etc
This approach can overcome intruder multithreading deficiencies in CE.
You can do almost anything with Python inside Burp.
Eg.
- Handle custom login
- Tailored testing
- Filter out requests on "interesting" responses
- Scale your testing
- Add rate limiting, pipeline, etc
This approach can overcome intruder multithreading deficiencies in CE.
Snaffler
Snaffler - Gets a list of Windows computers from Active Directory, then spreads out its snaffly appendages to them all to figure out which ones have file shares, and whether you can read them
https://github.com/SnaffCon/Snaffler
#pentest
Snaffler - Gets a list of Windows computers from Active Directory, then spreads out its snaffly appendages to them all to figure out which ones have file shares, and whether you can read them
https://github.com/SnaffCon/Snaffler
#pentest
GitHub
GitHub - SnaffCon/Snaffler: a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax…
a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax ) - SnaffCon/Snaffler
#BurpHacksForBounties - Day 2/30
Effective usage of Match and Replace feature of Burp Suite
False2True Trick & Injecting all fields with polyglot payloads 😉😉
How to thread 🧵👇
#infosec #security #appsec #burp #bugbounty #bugbountytips
Effective usage of Match and Replace feature of Burp Suite
False2True Trick & Injecting all fields with polyglot payloads 😉😉
How to thread 🧵👇
#infosec #security #appsec #burp #bugbounty #bugbountytips
1/n False2True trick, when access to a resource for the user is unauthorized.
By changing server response body from F to T in burp response body match and replace, there are great chances it can un-hide client-side controls.
1. Add Match and replace.
2. Add shown replacement.
By changing server response body from F to T in burp response body match and replace, there are great chances it can un-hide client-side controls.
1. Add Match and replace.
2. Add shown replacement.