SecList for CyberStudents
@SecListForCyberStudents
241 subscribers
598 photos
24 videos
211 files
909 links
Think outside the box
Download Telegram
About
Blog
Apps
Platform
Join
SecList for CyberStudents
241 subscribers
SecList for CyberStudents
https://github.com/ohpe/juicy-potato
GitHub
GitHub - ohpe/juicy-potato: A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool…
A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM. - GitHub - ohpe/juicy-potato: A suga...
92 views
SecList for CyberStudents
Forwarded from Whitehat Lab
watchTowr Labs
Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028)
As we pack our bags and prepare for the adult-er version of BlackHat (that apparently doesn’t require us to print out stolen mailspoolz to hand to people at their talks), we want to tell you about a recent adventure - a heist, if you will.

No heist story…
⚙️ CVE-2025-34028 - Commvault Pre-Authenticated RCE

Path traversal уязвимость приводящая к выполнению произвольного кода (RCE) без аутентификации

▪️Отправляется HTTP-запрос на /commandcenter/deloyWebpackage.do, в результате чего Commvault получит ZIP-файл с внешнего сервера
▪️Содержимое архива разгружается во временный каталог
▪️Параметр ServicePack для path traversal в предварительно аутентифицированный каталог на сервере, например ../../Reports/MetricsUpload/shell
▪️SSRF через /commandcenter/deployWebpackage.do
▪️RCE через /reports/MetricsUpload/shell/.tmp/dist-cc/dist-cc/shell.jsp

Рейтинг CVSS - 9.0

Уязвимость устранена в версии 11.38

➡️ Research
➡️ Vendor
💻 PoC

#cve #rce #poc

✈️ Whitehat Lab
Please open Telegram to view this post
VIEW IN TELEGRAM
105 views
SecList for CyberStudents
https://github.com/itm4n/PrintSpoofer
GitHub
GitHub - itm4n/PrintSpoofer: Abusing impersonation privileges through the "Printer Bug"
Abusing impersonation privileges through the "Printer Bug" - itm4n/PrintSpoofer
99 views
SecList for CyberStudents
https://github.com/antonioCoco/RoguePotato


Another Windows Local Privilege Escalation from Service Account to System
GitHub
GitHub - antonioCoco/RoguePotato: Another Windows Local Privilege Escalation from Service Account to System
Another Windows Local Privilege Escalation from Service Account to System - antonioCoco/RoguePotato
109 viewsedited  
SecList for CyberStudents
SecList for CyberStudents
https://github.com/itm4n/PrintSpoofer
https://itm4n.github.io/printspoofer-abusing-impersonate-privileges/
itm4n’s blog
PrintSpoofer - Abusing Impersonation Privileges on Windows 10 and Server 2019
Over the last few years, tools such as RottenPotato, RottenPotatoNG or Juicy Potato have made the exploitation of impersonation privileges on Windows very popular among the offensive security community. Though, recent changes to the operating system have…
124 views
SecList for CyberStudents
https://hackerone.com/reports/1066410
HackerOne
Clario disclosed on HackerOne: Google API key leaks and security...
## Summary:
Hello, when i search your targets and javascript files I found an googleapikey leaks in url =...
119 views
SecList for CyberStudents
https://hackerone.com/reports/3031518
94 views
SecList for CyberStudents
https://decoder.cloud/2018/02/02/getting-system/
Decoder's Blog
Getting SYSTEM
In your red teaming or pentesting activities escalating to  SYSTEM on a Windows box is always the desired objective. The SYSTEM user is a special operating system user with the highest privilege, m…
100 views
SecList for CyberStudents
https://x.com/offsectraining/status/1916848743359381751?t=FK_zWWN4O3IvIvUfvG5ddg&s=35
100 views
SecList for CyberStudents
https://dev-angelist.gitbook.io/crtp-notes

CRTP notes updated: 2025.4

Cheat sheet
dev-angelist.gitbook.io
Certified Red Team Professional (CRTP) - Notes
AS - Certified Red Team Professional (CRTP) - Notes
127 views
SecList for CyberStudents
image_2025-04-29_12-11-01.png
76.5 KB
image_2025-04-29_12-11-01.png
253.7 KB
Source: https://github.com/ElevenPaths/FOCA

#Pentest #Recon
🔥1
126 viewsedited  
SecList for CyberStudents
image_2025-04-29_12-50-39.png
269.8 KB
https://ss64.com/nt/syntax-security_groups.html
132 viewsedited  
SecList for CyberStudents
https://ss64.com/nt/syntax-security_groups.html

#AD
147 viewsedited  
SecList for CyberStudents
3.1 Shadow OSINT.pdf
5.3 MB
Information Leaks Users

#OSINT
125 viewsedited  
SecList for CyberStudents
Library of Leaks

Search by keyword (full name, email, company) in leaked documents, emails, tables, images and other files.

#OSINT
118 views
SecList for CyberStudents
https://notes.benheater.com/books/web/page/git-dumper

https://notes.benheater.com/books/web/page/mining-data-from-git-repos
126 viewsedited  
SecList for CyberStudents
https://github.com/giuliano108/SeBackupPrivilege

#Win #PrivEsc
124 views
SecList for CyberStudents
SecList for CyberStudents
https://github.com/giuliano108/SeBackupPrivilege #Win #PrivEsc
120 views
SecList for CyberStudents
SecList for CyberStudents
Photo
👀1
119 views
SecList for CyberStudents
Searching Security Logs Using wevtutil

PS: C:\logger> wevtutil qe Security /rd:true /f:text | Select-String "/user"



Searching Security Logs Using Get-WinEvent
Get-WinEvent -LogName security | where { $_.ID -eq 4688 -and $_.Properties[8].Value -like '*/user*'} | Select-Object @{name='CommandLine';expression={ $_.Properties[8].Value }}
146 views