mpgn

@mpgn_x64

Flibustier du net ̿ ̿̿'̿'\̵͇̿̿\=(•̪●)=/̵͇̿̿/'̿̿ ̿ ̿ ̿

Vrijeme pridruživanja: listopad 2013.

Tweetovi

Blokirali ste korisnika/cu @mpgn_x64

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @mpgn_x64

  1. Prikvačeni tweet
    13. sij

    Update CVE-2019-19781 You can exploit the vulnerability without the file and only use the file ! You can inject your payload inside the name of the XML file and fire the command execution ! 🔥💪

    Prikaži ovu nit
    Poništi
  2. 1. velj

    This can also help you to determine quickly a Hashcat mask linked to a specific domain 🤫 No excuse for the next internal pentest 🔥

    Prikaži ovu nit
    Poništi
  3. 1. velj

    Indexing leaked database in ElasticSearch😍 Small example using data from the BreachCompilation and the dashboard you can come up with in Kibana🛠️

    Prikaži ovu nit
    Poništi
  4. 27. sij

    Using SharpRDP and the UAC bypass you can now execute command as local administrator even with RID != 500 using a CLI and of course with a high integrity process 👑 For the curious ones, follow the rabbit 🐰 3/3

    Prikaži ovu nit
    Poništi
  5. 27. sij

    What are the implications ? Actually, if you are a local administrator with RID != 500 you cannot psexec (or use CLI) and you're forced to use the RDP GUI to exec command 🥴(LocalAccountTokenFilterPolicy) This topic is covered in this post 2/3 ⬇️⬇️⬇️

    Prikaži ovu nit
    Poništi
  6. 27. sij

    Using SharpRDP for lateral movement but blocked with a medium integrity process (UAC) 🛂 ? Well ... not a problem anymore ! 😁 Just updated SharpRDP with the option 'privileged' allowing you to run a process with High integrity (if your user is local admin) ! 🔥 1/3 ⬇️⬇️⬇️

    Prikaži ovu nit
    Poništi
  7. 24. sij

    Quickly identify users / groups / password policy of the domain with prettyloot after dumping domain info using ntlmrelayx ! The script reads all files from the loot directory and prints information like a classic enum4linux output 😊

    Poništi
  8. 22. sij

    CVE-2019-19781 - Quick check on how they fixed ! 1⃣ Path traversal no longer works ✅ 2⃣ Unrestricted File Upload no longer works ✅ 3⃣ Template Injection through Template Toolkit is still working but it's "by design" and not fixable 🥴 Tested on Citrix ADC version 12.0.63.13

    Poništi
  9. proslijedio/la je Tweet
    17. sij

    If you have AppLocker deployed, be aware that most times when Windows 10 is updated/upgraded, it creates a TASKS_MIGRATED folder under C:\windows\system32 that has the CREATOR OWNER, meaning that users can create and execute files from the folder and bypassing AppLocker 😱

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet

    FASCINATING data here about , the No. 1 trend in the United States right now. The top three tweets about the hashtag in the world⁠—⁠from , , ⁠—all denounce people using it. The algorithm is generating an opposite reality.

    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    14. sij

    With all the fun around Citrix Netscalers here's how to decrypt encrypted values from the config file (like bind dn passwords)

    Poništi
  12. proslijedio/la je Tweet
    14. sij

    Support added to crack Citrix NetScaler (SHA512) hashes with hashcat 6.0.0:

    Prikaži ovu nit
    Poništi
  13. 13. sij

    As mentioned by , the fact that I'm able to not use '../' is probably related to the Citrix ADC installed using Amazon AMI. This is a default installation. I'm curious if it's the same with azure 🧐

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    13. sij

    CVE-2019-19781 post-exploitation notes: If you are seeing attackers reading your /flash/nsconfig/ns.conf file then you need to change all passwords. The SHA512 passwords are easily crackable with hashcat.

    Prikaži ovu nit
    Poništi
  15. 13. sij

    What about no directory traversal at all on CVE-2019-19781 ? 😨 GET /vpns/portal/scripts/picktheme.pl POST /vpns/portal/scripts/rmbm.pl POST /vpns/portal/scripts/newbm.pl

    Prikaži ovu nit
    Poništi
  16. 13. sij

    Oh boy, there is more ! You can also exploit CVE-2019-19781 using the file ! 🧐 The exploit can be done using only two GET requests and not one POST & one GET 🥴

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    12. sij

    Just posted Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2. Using a payload containing three different programming languages :)

    Poništi
  18. 11. sij
    Prikaži ovu nit
    Poništi
  19. 11. sij

    6/ Now the attacker can put this payload in the XLM using the script with a POST request (check step before) 🛂 At the time the issue didn't exist on github so props to the ones who found the RCE without this 💪 Next => check step 7 🔥

    Prikaži ovu nit
    Poništi
  20. 11. sij

    6/ Now exploit can be found on github I will explain step 6 ! By checking on the Github of Template Toolkit there is an issue about a command execution : [% ({ 'BLOCK' => 'print "pwn"; die' }) %] ⬇️⬇️⬇️

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·