Happy Hacking8

干净的信息流推送工具,偏向安全圈的点点滴滴,为安全研究人员每日发现优质内容。

每日更新
时间节点
2021-09-20 23:20:28Sploitus.com Exploits RSS Feed
2021-09-20 23:20:28Sploitus.com Exploits RSS Feed
2021-09-20 23:20:28Sploitus.com Exploits RSS Feed
2021-09-20 23:20:28Sploitus.com Exploits RSS Feed
2021-09-20 23:18:21daily-swig
Abuse of flaw could give attackers greater access to devices even than its owner
2021-09-20 23:17:46hackone最新公开漏洞
影响厂商:HackerOne(https://hackerone.com/security) 
通过 UpdateInvitationPreferencesMutation GraphQL 操作,黑客可以绕过“邀请偏好”设置中的最小赏金数量限制
2021-09-20 22:58:49来自Phithon推荐
2021-09-20 22:58:49来自Phithon推荐
2021-09-20 21:20:45Exploit-DB.com RSS Feed
T-Soft E-Commerce 4 - change 'admin credentials' Cross-Site Request Forgery (CSRF)
2021-09-20 21:20:45Exploit-DB.com RSS Feed
Church Management System 1.0 - 'search' SQL Injection (Unauthenticated)
2021-09-20 21:20:45Exploit-DB.com RSS Feed
WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated)
2021-09-20 21:20:45Exploit-DB.com RSS Feed
Online Food Ordering System 2.0 - Remote Code Execution (RCE) (Unauthenticated)
2021-09-20 21:20:45Exploit-DB.com RSS Feed
Church Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
2021-09-20 21:20:45Exploit-DB.com RSS Feed
Budget and Expense Tracker System 1.0 - Authenticated Bypass
2021-09-20 21:18:20daily-swig
Vulnerability has now been addressed in the Microsoft Teams add-on
2021-09-20 20:38:46来自Phithon推荐
2021-09-20 20:38:46来自Phithon推荐
2021-09-20 19:38:1452破解论坛
2021-09-20 19:18:19daily-swig
Disclosure comes two years after privacy-busting flaw was discovered
2021-09-20 17:20:10Security Boulevard
It will be one year since NIST released their final version of SP800-53 Revision 5 on September 23, 2020.  As a quick reminder SP800-53 is the document issued by NIST that specifies the Security and Privacy Controls that need to be used by agencies of the Federal government.
The post NIST SP800-53 Revision 5, One Year Later appeared first on K2io.
The post NIST SP800-53 Revision 5, One Year Later appeared first on Security Boulevard.
2021-09-20 17:20:10Security Boulevard
The month of September is designated “National Insider Threat Awareness Month,” and based on the number of cybersecurity incidents that involve employees, perhaps every month should be insider threat awareness month. Insider Risk Summit This week at the Insider Risk Summit, industry experts shared their thoughts on how to mitigate insider risks with discussions about..
The post Perceptions of Insider Risk 2021 appeared first on Security Boulevard.
2021-09-20 16:58:23T00ls论坛
2021-09-20 15:21:58来自Freebuf
TIGMINT是一款功能强大的开源情报GUI软件框架,该工具针对Twitter、Instagram和地理标记应用设计。
2021-09-20 15:20:06Security Boulevard
Cybersecurity has become a critical concern in every business sector nowadays due to organizations’ growing dependency on technologies. Research by Immersive Lab reported that in 2019 there were more than 20,000 new vulnerabilities. Not only that, TechRepublic reported that global companies experienced a 148% spike in ransomware attacks after COVID-19 hit the world. So, for […]… Read More
The post Everything You Need to Know about Cyber Crisis Tabletop Exercises appeared first on The State of Security.
The post Everything You Need to Know about Cyber Crisis Tabletop Exercises appeared first on Security Boulevard.
2021-09-20 15:20:06Security Boulevard
In 2021, there are two words that can send a cold chill down the spine of any Cybersecurity professional and business leader; Phishing and Ransomware. Research carried out by the Data Analytics and training company CybSafe, identified that 22% of all cyber incidents reported in the first quarter of 2021 were ransomware attacks. According to […]… Read More
The post The Digital Pandemic – Ransomware appeared first on The State of Security.
The post The Digital Pandemic – Ransomware appeared first on Security Boulevard.
2021-09-20 15:20:06Security Boulevard
Cybercriminals attacked with gusto in the first half of 2021 and attacks show no signs of slowing down. In just the first half of the year, malicious actors exploited dangerous vulnerabilities across different types of devices and operating systems, leading to major attacks that shut down fuel networks and extracted millions from enterprises. These were..
The post Ransomware Attacks Growing More Sophisticated appeared first on Security Boulevard.
2021-09-20 15:20:06Security Boulevard
September 2021 marks the third year of National Insider Threat Awareness Month (NITAM), which, according to the NITAM website, aims to help prevent “exploitation of authorized access to cause harm to an organization or its resources.” The acting director of the National Counterintelligence and Security Center, Michael J. Orlando, recently recognized this month of data..
The post Protecting Data From Insider Threats appeared first on Security Boulevard.
2021-09-20 13:58:18T00ls论坛
2021-09-20 13:58:18T00ls论坛
2021-09-20 13:22:55知识星球
#内网渗透 pentestlab.blog上面的文章一直以来都比较实用易懂 PetitPo...
2021-09-20 13:22:55知识星球
快速发现域内有没有证书服务 certutil.exe
2021-09-20 13:22:02来自Freebuf
该活动始于2021年7月25日,攻击者使用了大量开源工具来避免检测,难以确定攻击的归因。
2021-09-20 13:20:10Security Boulevard
The latest on the iMessage Zero-Click exploit that affects Apple iOS, MacOS and WatchOS devices (update your Apple devices now!), the names and home addresses of 111,000 British firearm owners have been dumped online, and details on over 60 million fitness tracking records exposed via an unsecured database. ** Links mentioned on the show ** […]
The post iMessage Zero-Click Exploit, Leaked Guntrader Firearms Data, 60 Million Fitness Tracking Records Exposed appeared first on The Shared Security Show.
The post iMessage Zero-Click Exploit, Leaked Guntrader Firearms Data, 60 Million Fitness Tracking Records Exposed appeared first on Security Boulevard.
2021-09-20 11:21:49来自Freebuf
Paradise 勒索软件源码在 XSS.IS 黑客论坛上被泄露。
2021-09-20 11:18:16三好学生
0x00 前言
在之前的文章《域渗透——DCSync》曾系统的整理过DCSync的利用方法,本文将要针对利用DCSync导出域内所有用户hash这一方法进行详细介绍,分析不同环境下的利用思路,给出防御建议。
0x01 简介
本文将要介绍以下内容:
利用条件
利用工具
利用思路
防御建议
0x02 利用条件
获得以下任一用户的权限:
Administrators组内的用户
Domain Admins组内的用户
Enterprise Admins组内的用户
域控制器的计算机帐户
0x03 利用工具
1.C实现(mimikatz)
实现代码:
https://github.com/gentilkiwi/mimikatz/blob/master/mimikatz/modules/lsadump/kuhl_m_lsadump_dc.c#L27
示例命令:
(1)导出域内所有用户的hash
mimikatz.exe "lsadump::dcsync /domain:test.com /all /csv" exit
(2)导出域内administrator帐户的hash
mimikatz.exe "lsadump::dcsync /domain:test.com /user:administrator /csv" exit
2.Python实现(secretsdump.py)
示例命令:
python secretsdump.py test/Administrator:DomainAdmin123!@192.168.1.1
3.Powershell实现(MakeMeEnterpriseAdmin)
核心代码使用C Sharp实现,支持以下三个功能:
通过DCSync导出krbtgt用户的hash
使用krbtgt用户的hash生成Golden ticket
导入Golden ticket
注:
我在测试环境下实验结果显示,生成Golden ticket的功能存在bug,导入Golden ticket后无法获得对应的权限
4.C Sharp实现
我在(MakeMeEnterpriseAdmin)的基础上做了以下修改:
支持导出所有用户hash
导出域sid
导出所有域用户sid
代码已上传至github,地址如下:
https://github.com/3gstudent/Homework-of-C-Sharp/blob/mas
2021-09-20 11:18:15三好学生
0x00 前言
MailEnable提供端到端的解决方案,用于提供安全的电子邮件和协作服务。引用自官方网站的说法:最近的一项独立调查报告称MailEnable是世界上最受欢迎的Windows邮件服务器平台。 对于MailEnable的开发者API,我在官方网站上只找到了AJAX API的说明文档,所以本文将要尝试编写Python脚本,实现对MailEnable邮件的访问,记录开发细节,开源代码。
0x01 简介
本文将要介绍以下内容:
环境搭建
开发细节
开源代码MailEnableManage.py
0x02 环境搭建
1.安装
安装前需要安装IIS服务和.Net 3.5,否则无法正常配置Web访问
MailEnable下载地址:http://www.mailenable.com/download.asp
2.配置
启动MailEnableAdmin.msc,在MailEnable Management->Messaging Manager->Post Offices下配置邮件服务器信息
如下图
默认登录页面:
http://mewebmail.localhost/mewebmail/Mondo/lang/sys/login.aspx
3.开启Web管理页面
参考资料:
http://www.mailenable.com/kb/content/article.asp?ID=ME020132
启动MailEnableAdmin.msc,选择MailEnable Management->Servers->localhost->Services and Connectors->WebAdmin,右键单击并从弹出菜单中选择Properties,选择Configure...按钮,进行安装
如下图
启动MailEnableAdmin.msc,在MailEnable Management->Messaging Manager->Post Offices下选择已配置的Post Office,右键单击并从弹出菜单中选择Properties,切换到Web Admin标签,启用web administration
如下图
选择指定用户,将属性修改为管理员
默认管理页面:
http://mewebmail.localhost/meadmin/Mondo/lang/sys/login.aspx
注:
如果忘记了用户的明文口令,可以查看默
2021-09-20 11:13:21知识星球
FOFA 免费在线高级搜索小工具 本人之前发现的一个网站,现在开始限量了,但对于没...
2021-09-20 10:18:26来自Freebuf
今天会讲解到利用主从复制RCE、本地Redis主从复制RCE反弹shell、SSRF Redis 反弹shell、Redis知识拓展、Red...
2021-09-20 09:21:20Legal Hackers
Date: 2021-09-19 22:51 UTC
OS:
PHP Version: Irrelevant
Package: Website problem
Title: just a live bug test
2021-09-20 09:20:54f4d3.io [Bourne Again]
Summary
Hi !
Hope that everything’s doing good for everyone!
This weekend, with a couple of teammates, participated on the hacktivitycon 2021, organized by hackerone, pretty cool CTF, thanks to the organizers !
This was a chill CTF for us, so I spend many hours on a couple of pwnable challenges, so here’s the write up for them. Special thanks for dplastico, for the apañe ❤️
Summary
Sharp
Summary
Leak
Exploit
shellcoded
Shelle-2
Sharp
This was a kind of (not again) a note challenge.
Thanks to the author for not doing a note chall, lol :D
The main purpose of this binary is to create a very bad database written in C, allocating “names” for the entry of the db.
This Consist on one initial chunk, that will have a integer with the amount of entries, and an array of pointers to strings for the entries names.
The only main thing that was strange, was the use of the libc 2.31, at least, not safe linking yet.
binary
libc.so.6
Summary
The principal use of this binary, is to serve as a database written in C, so, the main
2021-09-20 09:20:19Security Boulevard
Our thanks to DEFCON for publishing their tremendous DEFCON Conference Cloud Village videos on the groups' YouTube channel.
Permalink
The post DEF CON 29 Cloud Village – Magno Logan’s ‘Workshop Kubernetes Security 101 Best Practices’ appeared first on Security Boulevard.
2021-09-20 09:18:45MaskRay
Branch target
Many architectures encode a branch/jump/call instruction with PC-relative addressing, i.e. the distance to the target is encoded in the instruction. In an executable or shared object (called a component in ELF), if the target is bound to the same component, the instruction has a fixed encoding at link time; otherwise the target is unknown at link time and there are two choices:
text relocation
indirection
In All about Global Offset Table, I mentioned that linker/loader developers often frowned upon text relocations because the text segment will be unshareable. In addition, the number of relocations would be dependent on the number of calls, which can be large.
1
2
3
4
5
6
7
8
9

call foo # R_X86_64_PC32
call foo # R_X86_64_PC32

=>

# The instructions are patched at runtime.
# On ELF x86-64, the R_X86_64_PC32 relocation type is used.
call ...
call ...

Therefore, the prevailing scheme is to add a level of indirection analogous to that provided by the Global Offset Table for data.
Procedure Linka
2021-09-20 09:17:5852破解论坛
2021-09-20 08:18:22来自Freebuf
各地民航纷纷开展了网络安全检查工作,通过检查发现民航的整体网络安全意识和重视程度显著提高。
2021-09-20 07:57:5652破解论坛
2021-09-20 03:19:58Security Boulevard
via the textual amusements of Thomas Gx, along with the Illustration talents of Etienne Issartia and superb translation skillset of Mark Nightingale - the creators of CommitStrip!
Permalink
The post CommitStrip ‘Coding Maturity’ appeared first on Security Boulevard.
2021-09-20 02:07:08知识星球
2021-09-20 01:37:58T00ls论坛
2021-09-20 01:20:15Security Boulevard
Our thanks to DEFCON for publishing their outstanding DEFCON Conference Blockchain Village Videos on the groups' YouTube channel.
Permalink
The post DEF CON 29 Blockchain Village – Yaz Khoury’s ‘Surviving 51 Percent Attacks’ appeared first on Security Boulevard.
2021-09-20 01:20:14SecWiki News
注入攻击新方式:通过DNS隧道传输恶意载荷 by ourren

更多最新文章,请访问SecWiki
2021-09-20 01:18:06T00ls论坛
2021-09-20 01:17:47hackone最新公开漏洞
影响厂商:XVIDEOS 奖励:100.0USD 危险等级:low
文本注入或内容欺骗的禁止页面
2021-09-20 00:18:13SecWiki周报
注入攻击新方式:通过DNS隧道传输恶意载荷 https://mp.weixin.qq.com/s/gyRxwCkeLlSRbbuPV4xziw
2021-09-19 23:57:4452破解论坛
2021-09-19 23:57:4452破解论坛
2021-09-19 23:57:4452破解论坛