Ralf Hacker Channel

CVE-2024-30088: Windows LPE

PATCHED: June 11, 2024

https://github.com/tykawaii98/CVE-2024-30088

P.S. Протестил на Win11, работает

P.P.S. @Acrono: Протестил на Win10 22H2 (19045) и на Win Server 2019, полет нормальный!

#git #exploit #lpe #pentest #redteam

🔥44👍15

33K viewsRalf Hacker, edited 08:34

Ralf Hacker Channel

APT

🖼️ RegreSSHion — OpenSSH Unauthenticated RCE The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387.…

cve-2024-6387-poc.zip

21.1 KB

Эх... дропнули с гита poc

#git #poc #rce

👍43🔥15🙏6😁5

20.9K viewsRalf Hacker, 12:18

Ralf Hacker Channel

Уже не новость, что Notion уходит, вот альтернатива)

https://github.com/toeverything/AFFiNE

Кто пользуется, накидайте фидбек в комменты))

#notes #git #soft

GitHub

GitHub - toeverything/AFFiNE: There can be more than Notion and Miro. AFFiNE(pronounced [ə‘fain]) is a next-gen knowledge base…

There can be more than Notion and Miro. AFFiNE(pronounced [ə‘fain]) is a next-gen knowledge base that brings planning, sorting and creating all together. Privacy first, open-source, customizable an...

🔥18👍10

15.3K viewsRalf Hacker, 10:14

Ralf Hacker Channel

CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177: Linux OpenPrinting CUPS RCE

blog: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/

PoC: https://github.com/RickdeJager/cupshax

patch:

sudo systemctl stop cups-browsed
sudo systemctl disable cups-browsed

#exploit #git #pentest #redteam

evilsocket

Attacking UNIX Systems via CUPS, Part I

Hello friends, this is the first of two, possibly three (if and when I have time to finish the Windows research) writeups. We will start with targeting GNU/Linux systems with an RCE. As someone who’s

🔥30😁11👍7

19.3K viewsRalf Hacker, 10:56

Ralf Hacker Channel

Попалась на глаза python версия шарповой утилиты Seatbelt

https://github.com/0xthirteen/Carseat

#git #pentest #ad

GitHub

GitHub - 0xthirteen/Carseat: Python implementation of GhostPack's Seatbelt situational awareness tool

Python implementation of GhostPack's Seatbelt situational awareness tool - 0xthirteen/Carseat

🔥16👍10😱4

17K viewsRalf Hacker, 09:45

Ralf Hacker Channel

CVE-2024-38193: Windows LPE

PATCHED: August 13, 2024

~~https://github.com/Nephster/CVE-2024-38193~~

Upd.: https://github.com/killvxk/CVE-2024-38193-Nephster

P.S. Протестил на Win11, работает

#git #exploit #lpe #pentest #redteam

🔥41👍11😁6🙏1

18.6K viewsRalf Hacker, edited 22:20

Ralf Hacker Channel

GodPotato на Rust нужен кому-нибудь?))

https://github.com/safedv/RustPotato

Пусть будет...

#potato #pentest #redteam #git

GitHub

GitHub - safedv/RustPotato: A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP…

A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP-based reverse shell and indirect NTAPI for various operations. - safedv/RustPotato

😁23👍8🔥3🙏1

17.9K viewsRalf Hacker, 12:58

Ralf Hacker Channel

CVE-2024-49138: Windows LPE in CLFS.sys

PATCHED: Dec 10, 2024

https://github.com/MrAle98/CVE-2024-49138-POC

Tested on Windows 11 23h2

UPD. Ждем ресерч...

#git #exploit #lpe #pentest #redteam

🔥21👍9

14.9K viewsRalf Hacker, edited 08:45

Ralf Hacker Channel

CVE-2024-43468: ConfigMgr/SCCM 2403 Unauth SQLi to RCE

PATCHED: Oct 8, 2024

Exploit: https://github.com/synacktiv/CVE-2024-43468

Blog: https://www.synacktiv.com/advisories/microsoft-configuration-manager-configmgr-2403-unauthenticated-sql-injections

#git #exploit #ad #rce #sccm #pentest #redteam

GitHub

GitHub - synacktiv/CVE-2024-43468

Contribute to synacktiv/CVE-2024-43468 development by creating an account on GitHub.

🔥15👍7🤯3

21.7K viewsRalf Hacker, 22:15

Ralf Hacker Channel

Интересный проект

https://github.com/airbus-seclab/soxy

soxy is a modular tool to interact with several VDIs that operates over RDP, such as VMware Horizon, Citrix and native Windows RDP. It supports useful debug services (e.g. clipboard, console/shell, sharing, FTP server, SOCKS5 proxy).

#git #tools #pentest #redteam

GitHub

GitHub - airbus-seclab/soxy: A suite of services (SOCKS, FTP, shell, etc.) over Citrix, VMware Horizon and native Windows RDP virtual…

A suite of services (SOCKS, FTP, shell, etc.) over Citrix, VMware Horizon and native Windows RDP virtual channels. - airbus-seclab/soxy

🔥17👍3

15.2K viewsRalf Hacker, 21:30

Ralf Hacker Channel

CVE-2025-21420: Windows LPE (cleanmgr.exe DLL sideload)

PoC: https://github.com/Network-Sec/CVE-2025-21420-PoC

P.S. LPE такая себе конечно, но sideload отметим)

#lpe #git #exploit #pentest #redteam

🔥26👍6😁5

16.1K viewsRalf Hacker, 12:28

Ralf Hacker Channel

CVE-2025-49113: Roundcube (1.6.10) Auth RCE

blog: https://fearsoff.org/research/roundcube

PoC: https://github.com/fearsoff-org/CVE-2025-49113

#exploit #git #pentest #redteam

fearsoff.org

Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization [CVE-2025-49113]

A deep technical breakdown of CVE-2025-49113, a critical Roundcube vulnerability involving PHP session serialization. Learn how the bug was discovered, exploited, and responsibly disclosed with full PoC and recommendations for defenders and developers. Kirill…

🔥16👍7🤯3🥰1😁1

12.2K viewsRalf Hacker, 18:21

Ralf Hacker Channel

CVE-2025-32756: Fortinet UnAuth RCE

PoC: https://github.com/kn0x0x/CVE-2025-32756-POC