PT SWARM

Description
Positive Technologies Offensive Team: twitter.com/ptswarm

This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting
Advertising
We recommend to visit

Community chat: https://t.me/hamster_kombat_chat_2

Twitter: x.com/hamster_kombat

YouTube: https://www.youtube.com/@HamsterKombat_Official

Bot: https://t.me/hamster_kombat_bot
Game: https://t.me/hamster_kombat_bot/

Last updated 3 months, 1 week ago

Your easy, fun crypto trading app for buying and trading any crypto on the market

Last updated 3 months ago

Turn your endless taps into a financial tool.
Join @tapswap_bot


Collaboration - @taping_Guru

Last updated 3 days, 5 hours ago

5 months, 3 weeks ago

? Our researcher Arseniy Sharoglazov has discovered two unauthenticated RCE vulnerabilities in Xerox WorkCentre!

Read more: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/

PT SWARM

Inside Xerox WorkCentre: Two Unauthenticated RCEs

Every organization has printers. In this writeup, I will cover two unauthenticated RCE vulnerabilities that I discovered in Xerox WorkCentre.

***?*** Our researcher Arseniy Sharoglazov has discovered two **unauthenticated** **RCE** vulnerabilities in **Xerox WorkCentre**!
6 months, 2 weeks ago
***?*** Simple way to **bypass** a …

? Simple way to bypass a WAF in Command Injections!

Also helps with length restrictions! ?

Source code

6 months, 3 weeks ago
***✅*** Did you know that XSLT …

Did you know that XSLT injection can lead to file creation?

Check the tip!

High resolution tip and the .xsl file

8 months ago
***?*** We're live at **GISEC2024** in …

? We're live at GISEC2024 in Dubai, UAE!

Join PT SWARM for a master class on soldering your smart ? opener or enjoy our ATM hacking contest! ?

Catch us until April 25 at 5 PM! ??

8 months, 1 week ago
**CVE-2024-3400** **- Technical Analysis**

CVE-2024-3400 - Technical Analysis

? by Rapid7

Rapid7’sanalysis of this vulnerability has identified that the exploit is in fact an exploit chain, consisting of two distinct vulnerabilities: an arbitrary file creation vulnerability in the GlobalProtect web server, for which no discrete CVE has been assigned, and a command injection vulnerability in the device telemetry feature, designated as CVE-2024-3400.

If device telemetry is disabled, it is still possible to leverage the file creation vulnerability; at time of writing, however, Rapid7 has not identified an alternative way to leverage the file creation vulnerability for successful exploitation.

? Contents:
● Overview
● Analysis
• Rooting the Device
• Diffing the Patch
• Arbitrary File Creation
• Command Injection Exploitation
● IOCs
● Remediation

https://attackerkb.com/topics/SSTk336Tmf/cve-2024-3400/rapid7-analysis

8 months, 2 weeks ago
***?*** We've tested the new **RCE** …

? We've tested the new RCE in Microsoft Outlook (CVE-2024-21378) in a production environment and confirm it works well!

A brief instruction for red teams:

  1. Compile our enhanced DLL;
  2. Use NetSPI's ruler and wait!

No back connect required!

? ??

11 months ago

? New article by our researcher Nikita Sveshnikov: "Bypassing browser tracking protection for CORS misconfiguration abuse."

Read the blog post to learn how certain misconfigurations can be exploited despite the built-in anti-tracking mechanisms.

https://swarm.ptsecurity.com/bypassing-browser-tracking-protection-for-cors-misconfiguration-abuse/

PT SWARM

Bypassing browser tracking protection for CORS misconfiguration abuse

Cross-Origin Resource Sharing (CORS) is a web protocol that outlines how a web application on one domain can access resources from a server on a different domain. By default, web browsers have a Same-Origin Policy (SOP) that blocks these cross-origin requests…

***?*** **New article** by our researcher Nikita Sveshnikov: "**Bypassing browser tracking protection for CORS misconfiguration abuse.**"
11 months ago
**Atlassian Confluence - Remote Code Execution …

Atlassian Confluence - Remote Code Execution (CVE-2023-22527)? by Rahul Maini & Harsh JaiswalCVE-2023-22527 is a critical vulnerability within Atlassian's Confluence Server and Data Center. This vulnerability has the potential to permit unauthenticated attackers to inject OGNL expressions into the Confluence Instance, thereby enabling the execution of arbitrary code and system commands.

? Contents:
● Technical Details
• Initial Analysis
• Identifying the Unauthenticated Attack Surface
● OGNL Expression Evaluation
● Remote Code Execution via OGNL Injection

https://blog.projectdiscovery.io/atlassian-confluence-ssti-remote-code-execution/

1 year ago
**Introducing wrapwrap: using PHP filters to …

Introducing wrapwrap: using PHP filters to wrap a file with a prefix and suffix? by Charles Folwrapwrap marks another improvement to the PHP filter exploitation saga. Adding arbitrary prefixes to resources using php://filter is nice, but you can now add an arbitrary suffix as well, allowing you to wrap PHP resources into any structure. This beats code like:

$data = file\_get\_contents($\_POST['url']); $data = json\_decode($data); echo $data\->message;

or:

```
$config = parse_ini_file($_POST['config']);

echo $config["config_value"];
```

? Contents:
● Abstract
● Introduction
● Building wrapwrap
• Adding a prefix
• Fuzzing to no effect
• Not so random trimming
• The main idea
• Where is the end?
• Real suffix control: removing digits
● Using wrapwrap
● Conclusion

https://www.ambionics.io/blog/wrapwrap-php-filters-suffix

We recommend to visit

Community chat: https://t.me/hamster_kombat_chat_2

Twitter: x.com/hamster_kombat

YouTube: https://www.youtube.com/@HamsterKombat_Official

Bot: https://t.me/hamster_kombat_bot
Game: https://t.me/hamster_kombat_bot/

Last updated 3 months, 1 week ago

Your easy, fun crypto trading app for buying and trading any crypto on the market

Last updated 3 months ago

Turn your endless taps into a financial tool.
Join @tapswap_bot


Collaboration - @taping_Guru

Last updated 3 days, 5 hours ago