Forwarded from APT
This media is not supported in your browser
VIEW IN TELEGRAM
🔥 VMware vRealize Network Insight — Pre-authenticated RCE (CVE-2023-20887)
This post will examine the exploitation process of CVE-2023-20887 in VMware Aria Operations for Networks (formerly known as vRealize Network Insight). This vulnerability comprises a chain of two issues leading to Remote Code Execution (RCE) that can be exploited by unauthenticated attackers.
Exploit:
https://github.com/sinsinology/CVE-2023-20887
Research:
https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/
#VMware #vRealize #rce #cve
This post will examine the exploitation process of CVE-2023-20887 in VMware Aria Operations for Networks (formerly known as vRealize Network Insight). This vulnerability comprises a chain of two issues leading to Remote Code Execution (RCE) that can be exploited by unauthenticated attackers.
Exploit:
https://github.com/sinsinology/CVE-2023-20887
Research:
https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/
#VMware #vRealize #rce #cve
👍15
Forwarded from SHADOW:Group
💻 Что поискать на сайте с IIS?
1. Используем shortscan, для поиска коротких (а по возможности и полных) имен файлов и расширений.
2. Проверяем наличие реверс прокси и пробуем directory traversal:
Подробнее можно почитать тут.
3. Когда удастся получить раскрытие файлов, смотрим ключи в
4. Пробуем грузить файлы
#web #iis #rce
1. Используем shortscan, для поиска коротких (а по возможности и полных) имен файлов и расширений.
2. Проверяем наличие реверс прокси и пробуем directory traversal:
/backend/ -> 10.0.0.1/api/
/backend/..%2Ftest -> 10.0.0.1/test
Подробнее можно почитать тут.
3. Когда удастся получить раскрытие файлов, смотрим ключи в
web.conf
и пробуем получить RCE через дисериализацию. Почитать об этом тут.4. Пробуем грузить файлы
.asp
, .aspx
, .ashx
и тд (полный список тут)#web #iis #rce
Please open Telegram to view this post
VIEW IN TELEGRAM
👍38🔥13
CVE-2024-4577: PHP CGI Argument Injection (RCE)
PoC: https://github.com/watchtowrlabs/CVE-2024-4577
Blog: blog1 & blog2
#exploit #rce
on Windows
PHP 8.3 < 8.3.8
PHP 8.2 < 8.2.20
PHP 8.1 < 8.1.29
PoC: https://github.com/watchtowrlabs/CVE-2024-4577
Blog: blog1 & blog2
#exploit #rce
GitHub
GitHub - watchtowrlabs/CVE-2024-4577: PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC
PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC - watchtowrlabs/CVE-2024-4577
🔥9👍2
Forwarded from APT
The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387.
The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems.
🔗 Research:
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
🔗 PoC:
https://github.com/7etsuo/cve-2024-6387-poc
#openssh #glibc #rce #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
👍22🔥13
APT
cve-2024-6387-poc.zip
21.1 KB
👍43🔥15🙏6😁5
Forwarded from APT
This media is not supported in your browser
VIEW IN TELEGRAM
PoC for:
— CVE-2024-38094
— CVE-2024-38024
— CVE-2024-38023
🔗 Source:
https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC
#sharepoint #poc #rce #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
👍11🔥10
Forwarded from APT
Nagios XI 2024R1.01 has a vulnerability in the
monitoringwizard.php
component, allowing authenticated SQL injection (CVE-2024-24401) that lets attackers create an admin account and remote code execution. 🔗 Source:
https://github.com/MAWK0235/CVE-2024-24401
#nagios #sql #rce #privesc #poc #exploit
Please open Telegram to view this post
VIEW IN TELEGRAM
👍25🔥11
Forwarded from APT
A critical deserialization vulnerability in .NET Remoting has been discovered in Veeam Backup & Replication, allowing unauthenticated remote code execution (RCE). The flaw affects versions
12.1.2.172
and earlier.🔗 Research:
https://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2/
🔗 Source:
https://github.com/watchtowrlabs/CVE-2024-40711
#veeam #backup #deserialization #unauth #rce
Please open Telegram to view this post
VIEW IN TELEGRAM
watchTowr Labs
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
Every sysadmin is familiar with Veeam’s enterprise-oriented backup solution, ‘Veeam Backup & Replication’. Unfortunately, so is every ransomware operator, given it's somewhat 'privileged position' in the storage world of most enterprise's networks. There's…
🔥21👍9🤯3
Forwarded from APT
🚨 Fortinet FortiManager Unauthenticated RCE (CVE-2024-47575)
The remote code execution vulnerability in FortiManager allows attackers to perform arbitrary operations by exploiting commands via the FGFM protocol, circumventing authentication. Referred to as FortiJump, this vulnerability provides unauthorized access to FortiManager, enabling control over FortiGate devices by taking advantage of insufficient security in command handling and device registration processes.
🛠 Affected Versions:
🔗 Research:
https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/
🔗 Source:
https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575
#fortinet #fortimanager #fgfm #unauth #rce
The remote code execution vulnerability in FortiManager allows attackers to perform arbitrary operations by exploiting commands via the FGFM protocol, circumventing authentication. Referred to as FortiJump, this vulnerability provides unauthorized access to FortiManager, enabling control over FortiGate devices by taking advantage of insufficient security in command handling and device registration processes.
🛠 Affected Versions:
FortiManager 7.6.0
FortiManager 7.4.0 through 7.4.4
FortiManager 7.2.0 through 7.2.7
FortiManager 7.0.0 through 7.0.12
FortiManager 6.4.0 through 6.4.14
FortiManager 6.2.0 through 6.2.12
FortiManager Cloud 7.4.1 through 7.4.4
FortiManager Cloud 7.2.1 through 7.2.7
FortiManager Cloud 7.0.1 through 7.0.12
FortiManager Cloud 6.4
🔗 Research:
https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/
🔗 Source:
https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575
#fortinet #fortimanager #fgfm #unauth #rce
1🔥20👍7
CVE-2024-43468: ConfigMgr/SCCM 2403 Unauth SQLi to RCE
PATCHED: Oct 8, 2024
Exploit: https://github.com/synacktiv/CVE-2024-43468
Blog: https://www.synacktiv.com/advisories/microsoft-configuration-manager-configmgr-2403-unauthenticated-sql-injections
#git #exploit #ad #rce #sccm #pentest #redteam
PATCHED: Oct 8, 2024
Exploit: https://github.com/synacktiv/CVE-2024-43468
Blog: https://www.synacktiv.com/advisories/microsoft-configuration-manager-configmgr-2403-unauthenticated-sql-injections
#git #exploit #ad #rce #sccm #pentest #redteam
GitHub
GitHub - synacktiv/CVE-2024-43468
Contribute to synacktiv/CVE-2024-43468 development by creating an account on GitHub.
🔥15👍7🤯3
CVE-2025-23120: Domain-Level RCE in Veeam Backup & Replication
https://labs.watchtowr.com/by-executive-order-we-are-banning-blacklists-domain-level-rce-in-veeam-backup-replication-cve-2025-23120/
Affected Product:
Veeam Backup & Replication 12.3.0.310 and all earlier version 12 builds.
Patched: March 19, 2025
#ad #pentest #redteam #rce
https://labs.watchtowr.com/by-executive-order-we-are-banning-blacklists-domain-level-rce-in-veeam-backup-replication-cve-2025-23120/
Affected Product:
Veeam Backup & Replication 12.3.0.310 and all earlier version 12 builds.
Patched: March 19, 2025
#ad #pentest #redteam #rce
🔥17👍7🤯3
Вчера пошумел IngressNightmare: Unauth RCE в Ingress NGINX Controller, что может привести к захвату кластера Kubernetes.
Patched: Feb 7, 2025
Blog: https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
PoC: https://github.com/sandumjacob/IngressNightmare-POCs
#rce #kuber #pentest #exploit
Patched: Feb 7, 2025
Blog: https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
PoC: https://github.com/sandumjacob/IngressNightmare-POCs
А вас тоже расстраивают ресерчи без кода PoC??
#rce #kuber #pentest #exploit
👍30🔥7😱6🙏1
Ralf Hacker Channel
CVE-2025-33073: Reflective Kerberos Relay (LPE) Blog: https://blog.redteam-pentesting.de/2025/reflective-kerberos-relay-attack/ Patched: June 10, 2025 Интересная LPE с релеем на себя... Даже CVE есть) #lpe #ad #relay #pentest #redteam
В продолжение все той же темы CVE-2025-33073...
https://www.synacktiv.com/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025
Еще один ресерч, на это раз от Synactiv. Вот только у них не LPE, а Auth RCE от имени SYSTEM (если подпись SMB на машине не требуется).
#rce #lpe #ad #relay #pentest #redteam
https://www.synacktiv.com/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025
Еще один ресерч, на это раз от Synactiv. Вот только у них не LPE, а Auth RCE от имени SYSTEM (если подпись SMB на машине не требуется).
Even though CVE-2025-33073 is referred by Microsoft as an elevation of privilege, it is actually an authenticated remote command execution as SYSTEM on any machine which does not enforce SMB signing.
#rce #lpe #ad #relay #pentest #redteam
Synacktiv
NTLM reflection is dead, long live NTLM reflection! – An in-depth analysis of CVE-2025-33073
🔥16👍10😱1
CVE-2025-25257: Pre-Auth SQLi to RCE - Fortinet FortiWeb
PoC: https://github.com/watchtowrlabs/watchTowr-vs-FortiWeb-CVE-2025-25257
Blog: https://labs.watchtowr.com/pre-auth-sql-injection-to-rce-fortinet-fortiweb-fabric-connector-cve-2025-25257/
#rce #pentest #redteam #fortinet #cve
PoC: https://github.com/watchtowrlabs/watchTowr-vs-FortiWeb-CVE-2025-25257
Blog: https://labs.watchtowr.com/pre-auth-sql-injection-to-rce-fortinet-fortiweb-fabric-connector-cve-2025-25257/
Affected:
7.6.0 through 7.6.3
7.4.0 through 7.4.7
7.2.0 through 7.2.10
7.0.0 through 7.0.10
#rce #pentest #redteam #fortinet #cve
🔥28😁11👍5🤯2😱2