Exploiting Outlook Zero-Day Vulnerability (CVE-2023-23397) โœ‰๏ธ

Overview CVE-2023-23397 is a critical vulnerability in Microsoft Outlook that is triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB (TCP 445) share on a threat actor-controlled server on an untrusted network. No user interaction is required. The threat actor is using a connection to the remote SMB server sends the userโ€™s NTLM negotiation message, which the attacker can then relay for authentication against other systems that support NTLM authentication - MSRC.
Read more โ†’

Spring4Shell ๐Ÿƒ

A new zero-day vulnerability in the Spring Core Java framework called ‘Spring4Shell’ has been publicly disclosed, allowing unauthenticated remote code execution on applications. Spring is a very popular application framework that allows software developers to quickly and easily develop Java applications with enterprise-level features. These applications can then be deployed on servers, such as Apache Tomcat, as stand-alone packages with all the required dependencies. Today, an exploit for this zero-day vulnerability was briefly leaked and then removed but not before cybersecurity researchers could download the code.
Read more โ†’

eJPT Cheatsheet ๐ŸŽ“

This post contains commands to prepare for eLearnSecurity eJPT exam. nmap hosts discovery nmap: nmap -sn > hosts.txt nmap -sn -T4 -oG - | awk '/Up$/{print $2}' open ports scan (save to file): nmap -Pn -sV -T4 -A -oN ports.txt -p- -iL hosts.txt --open UDP port scan: nmap -sU -sV nmap vuln scan example: nmap --script vuln --script-args=unsafe=1 -iL hosts.txt nmap SYN flood example: watch -n 10 "nmap -e wlan0 -Pn -T5 -S 192.
Read more โ†’

Steel Mountain ๐Ÿ”

In this blog you will learn to enumerate a Windows machine, gain initial access with Metasploit, use Powershell to further enumerate the machine and escalate your privileges to Administrator. Nmap nmap -sC -sV -Pn 130 โจฏ Starting Nmap 7.92 ( https://nmap.org ) at 2022-01-24 23:29 EST Nmap scan report for Host is up (0.21s latency). Not shown: 988 closed tcp ports (reset) PORT STATE SERVICE VERSION 80/tcp open http Microsoft IIS httpd 8.
Read more โ†’

Active Directory Pentesting Resources ๐Ÿ“š

This post contains Active Directory Pentesting resources to prepare for new OSCP (2022) exam. Youtube/Twitch Videos Active Directory madness and the Esoteric Cult of Domain Admin! - alh4zr3d TryHackMe - Advent of Cyber + Active Directory - tib3rius Common Active Directory Attacks: Back to the Basics of Security Practices - TrustedSec How to build an Active Directory Lab - The Cyber Mentor Zero to Hero (Episode 8,9,10) - The Cyber Mentor
Read more โ†’

Introduction to Azure Pentesting โ˜๏ธ

More than 95 percent of Fortune 500 companies use Azure! Azure AD is one of world’s largest web-based identity provider. Having the ability to understand and hack (thus securing) Azure is a skill that is in huge demand. This blog covers the lab work done in Introduction to Azure Penetration Testing labs & training provided by Nikhil Mittal and Altered Security. Course Video : https://youtu.be/5dVSHuCEG2w Free Labs: https://azure.enterprisesecurity.io Discovery We just know the name of the target organization - EvilCorp.
Read more โ†’

Boom Bashed ๐Ÿงจ๐Ÿ’ฅ

Bashed is a retired HackTheBox machine, rated easy and rightfully. We’ll start by finding a hidden web shell to quickly gaining root level access due to misconfigured permissions to users. Reconnaissance nmap scan Starting the reconnaissance with an initial Nmap scan. nmap -sC -sV -oA nmap/bashed -sC: run default nmap scripts -sV: detect service version -oA: output all formats and store in file nmap/bashed Nmap scan report for Host is up (0.
Read more โ†’

Bash and the Shellshock โšก๏ธ

Introduction to ShellShock ShellShock Vulnerability [CVE-2014-6271], also known as Bashdoor, is a family of security bugs in the Unix Bash shell, the first of which was disclosed on 24 September 2014. Shellshock could enable an attacker to cause Bash to execute arbitrary commands and gain unauthorized access to many Internet-facing services, such as web servers, that use Bash to process requests. Shellshock is a privilege escalation vulnerability that offers a way for users of a system to execute commands that should be unavailable to them.
Read more โ†’

FreeFloat FTP Buffer Overflow ๐Ÿชฃ๐Ÿ’ฆ

In this writeup i’ll demonstrate how to exploit Buffer Overflow in FreeFloat FTP Server on windows. The vulnerable application is can be downloaded from Here. The Freefloat FTP Server has many vulnerable parameters which can be useful to practice and we will choose one of them here to do a full exercise. ย Lab details Victim Machine: Windows XP SP1 x64 2003 Application: FreeFloat Ftp Server (Version 1.00) Attacker Machine: Kali Linux 2021.
Read more โ†’

Exploiting PHP deserialization ๐Ÿ”

Intro to Insecure deserialization Serialization is when an object in a programming language (say, a Java or PHP object) is converted into a format that can be stored or transferred. Whereas deserialization refers to the opposite: itโ€™s when the serialized object is read from a file or the network and converted back into an object. Insecure deserialization vulnerabilities happen when applications deserialize objects without proper sanitization. An attacker can then manipulate serialized objects to change the programโ€™s flow.
Read more โ†’

From MSSQL to RCE ๐Ÿš€

Microsoft SQL Server is a relational database management system developed by Microsoft. As a database server, it is a software product with the primary function of storing and retrieving data as requested by other software applicationsโ€”which may run either on the same computer or on another computer across a network (including the Internet). In this blog we’ll try to get remote code execution by exploiting MSSQL. Enumeration Nmap Scan nmap -sC -sV -oA nmap/archetype 10.
Read more โ†’

Steganography for beginners ๐Ÿ”

Steganography is the technique of hiding secret data within an ordinary, non-secret, file or message in order to avoid detection; the secret data is then extracted at its destination. … The word steganography is derived from the Greek words steganos (meaning hidden or covered) and the Greek root graph (meaning to write) - Wikipedia. In this post, we are going to describe solutions to the KRACK-JIIT CTF 2019 Organized by JIIT Open Dev Circle (jodc).
Read more โ†’

Mass Printer Hacking Case Study ๐Ÿ–จ

Introduction to battle for getting YouTube crown. A battle for who owns the YouTube crown for top channel has been waged over the past few months between fans of Swedish video game commentary celebrity Felix Kjellberg โ€œPewDiePieโ€ and of the Bollywood label T-Series. As The Hacker News reports, TheHackerGiraffe hacked printers worldwide to print pro-PewDiePie propaganda. Here are some images showing the message that printers were forced to spit out:
Read more โ†’