Leaderboard

Synopsis: Following the wrong link could allow remote attackers to control your WiFi router, Google Home, Roku, Sonos speakers, home thermostats and more. Link: https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325 Stiu ca e destul de "fumat" subiectul, dar mi s-a parut interesant articolul.

Nu permitem lucruri ilegale pe forum, gen sa se obtina acces la anumite site-uri sau pagini/profiluri de Facebook. In plus, hackforums e o mizerie.

Title: Analysing RPC With Ghidra and Neo4j Synopsis: Hunting for new lateral movement techniques or interesting ways to execute code can be a nice way to sink some free time. With Windows spawning numerous RPC services on boot, finding unusual execution techniques is sometimes as simple as scratching just below the surface. And often the payoff far outweighs the time to discovery, with SOC or EDR vendors focusing on the more common published techniques, identifying a new way to introduce code execution on a host can throw a spanner in the works of the investigating team. In previous posts I've tried to look at different ways to mix up common attack signatures. Since working on posts exploring Mimikatz and lsass internals, I've had a few requests for information on how the demonstrated lsass DLL loading techniques were found, and how it may be possible to identify others. So in this post I wanted to present a workflow which I have found to be a useful when looking at Windows RPC method internals, and walk through some of the techniques I've used to minimise the grinding required to hunt for interesting vectors. Source: https://blog.xpnsec.com/analysing-rpc-with-ghidra-neo4j/ Via:

https://resources.infosecinstitute.com/use-firefox-browser-as-a-penetration-testing-tool-with-these-add-ons/#gref

@fallen_angel

BeRoot is a post-exploitation tool to check for common misconfigurations which can allow an attacker to escalate their privileges. The main goal of BeRoot is to print only the information that has been found as a possible way for privilege escalation rather than a configuration assessment of the host by listing all services, all processes, all network connection, etc. This project works on Windows, Linux, and Mac OS. But in this demonstration, we will be working on Ubuntu Desktop. Downloading BeRoot It can be downloaded in the Kali Linux with the following command; git clone https://github.com/AlessandroZ/BeRoot.git Once the download completes, make sure you have python3 installed as it is a pre-requisite for running it. You need to navigate to its downloaded directory to run it; Running BeRoot We will first look for the help file; python3 beroot.py -h So it seems that this is a type of tool which directly runs with no necessary information in the help option. So I will run directly in the host’s shell. python3 beroot.py -h Now, it will try to analyze all the possible loopholes which could lead to the escalation of privileges using SUID bins, checking file permissions, sudo rules, NFS squashing, docker, and kernel exploits. As you observe now that it is showing the output of the configurations that could lead to the exploitation of privilege. So far I will check with one of the commands which the BeRoot had shown in the results if it is working or not; It worked successfully, it will also show another output command and exploits according to the operating system in the results. Sursa: https://latesthackingnews.com/2019/08/02/beroot-a-post-exploitation-privilege-escalation-tool/

Link: https://github.com/Kevin-Robertson/InveighZero Source:

Suntem pe un forum de hacking si nici macar nu este sectiunea - Requests for Hacking Creati un meniu si cu Python, Java cele mai folosite limbaje de programare Website and Forum Hacking Facebook hacking.