Ralf Hacker Channel
27.8K subscribers
455 photos
16 videos
503 files
567 links
Download Telegram
Forwarded from APT
This media is not supported in your browser
VIEW IN TELEGRAM
🔥 VMware vRealize Network Insight — Pre-authenticated RCE (CVE-2023-20887)

This post will examine the exploitation process of CVE-2023-20887 in VMware Aria Operations for Networks (formerly known as vRealize Network Insight). This vulnerability comprises a chain of two issues leading to Remote Code Execution (RCE) that can be exploited by unauthenticated attackers.

Exploit:
https://github.com/sinsinology/CVE-2023-20887

Research:
https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/

#VMware #vRealize #rce #cve
👍15
Forwarded from SHADOW:Group
​​💻Что поискать на сайте с IIS?

1. Используем shortscan, для поиска коротких (а по возможности и полных) имен файлов и расширений.

2. Проверяем наличие реверс прокси и пробуем directory traversal:
/backend/ -> 10.0.0.1/api/
/backend/..%2Ftest -> 10.0.0.1/test
Подробнее можно почитать тут.

3. Когда удастся получить раскрытие файлов, смотрим ключи в web.conf и пробуем получить RCE через дисериализацию. Почитать об этом тут.

4. Пробуем грузить файлы .asp, .aspx, .ashx и тд (полный список тут)

#web #iis #rce
Please open Telegram to view this post
VIEW IN TELEGRAM
👍38🔥13
Forwarded from APT
🖼️ RegreSSHion — OpenSSH Unauthenticated RCE

The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387.

The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems.

🔗 Research:
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server

🔗 PoC:
https://github.com/7etsuo/cve-2024-6387-poc

#openssh #glibc #rce #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
👍22🔥13
Forwarded from APT
Please open Telegram to view this post
VIEW IN TELEGRAM
👍11🔥10
CVE-2024-38077: Windows Remote Desktop Licensing Service RCE

https://github.com/CloudCrowSec001/CVE-2024-38077-POC

Запатчено 9 июля

#exploit #ad #rce #pentest #redteam
👍17🔥6😁5
Forwarded from APT
👩‍💻 Nagios XI — RCE

Nagios XI 2024R1.01 has a vulnerability in the monitoringwizard.php component, allowing authenticated SQL injection (CVE-2024-24401) that lets attackers create an admin account and remote code execution.

🔗 Source:
https://github.com/MAWK0235/CVE-2024-24401

#nagios #sql #rce #privesc #poc #exploit
Please open Telegram to view this post
VIEW IN TELEGRAM
👍25🔥11
Forwarded from APT
🚨 Fortinet FortiManager Unauthenticated RCE (CVE-2024-47575)

The remote code execution vulnerability in FortiManager allows attackers to perform arbitrary operations by exploiting commands via the FGFM protocol, circumventing authentication. Referred to as FortiJump, this vulnerability provides unauthorized access to FortiManager, enabling control over FortiGate devices by taking advantage of insufficient security in command handling and device registration processes.

🛠 Affected Versions:
FortiManager 7.6.0
FortiManager 7.4.0 through 7.4.4
FortiManager 7.2.0 through 7.2.7
FortiManager 7.0.0 through 7.0.12
FortiManager 6.4.0 through 6.4.14
FortiManager 6.2.0 through 6.2.12
FortiManager Cloud 7.4.1 through 7.4.4
FortiManager Cloud 7.2.1 through 7.2.7
FortiManager Cloud 7.0.1 through 7.0.12
FortiManager Cloud 6.4


🔗 Research:
https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/

🔗 Source:
https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575

#fortinet #fortimanager #fgfm #unauth #rce
1🔥20👍7
CVE-2025-23120: Domain-Level RCE in Veeam Backup & Replication

https://labs.watchtowr.com/by-executive-order-we-are-banning-blacklists-domain-level-rce-in-veeam-backup-replication-cve-2025-23120/

Affected Product:
Veeam Backup & Replication 12.3.0.310 and all earlier version 12 builds.

Patched: March 19, 2025

#ad #pentest #redteam #rce
🔥17👍7🤯3
Вчера пошумел IngressNightmare: Unauth RCE в Ingress NGINX Controller, что может привести к захвату кластера Kubernetes.

Patched: Feb 7, 2025

Blog: https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities

PoC: https://github.com/sandumjacob/IngressNightmare-POCs

А вас тоже расстраивают ресерчи без кода PoC??


#rce #kuber #pentest #exploit
👍30🔥7😱6🙏1
Ralf Hacker Channel
CVE-2025-33073: Reflective Kerberos Relay (LPE) Blog: https://blog.redteam-pentesting.de/2025/reflective-kerberos-relay-attack/ Patched: June 10, 2025 Интересная LPE с релеем на себя... Даже CVE есть) #lpe #ad #relay #pentest #redteam
В продолжение все той же темы CVE-2025-33073...

https://www.synacktiv.com/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025

Еще один ресерч, на это раз от Synactiv. Вот только у них не LPE, а Auth RCE от имени SYSTEM (если подпись SMB на машине не требуется).

Even though CVE-2025-33073 is referred by Microsoft as an elevation of privilege, it is actually an authenticated remote command execution as SYSTEM on any machine which does not enforce SMB signing.


#rce #lpe #ad #relay #pentest #redteam
🔥16👍10😱1
CVE-2025-25257: Pre-Auth SQLi to RCE - Fortinet FortiWeb

PoC: https://github.com/watchtowrlabs/watchTowr-vs-FortiWeb-CVE-2025-25257

Blog: https://labs.watchtowr.com/pre-auth-sql-injection-to-rce-fortinet-fortiweb-fabric-connector-cve-2025-25257/

Affected:
7.6.0 through 7.6.3
7.4.0 through 7.4.7
7.2.0 through 7.2.10
7.0.0 through 7.0.10

#rce #pentest #redteam #fortinet #cve
🔥28😁11👍5🤯2😱2