PT SWARM
This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting
Community chat: https://t.me/hamster_kombat_chat_2
Twitter: x.com/hamster_kombat
YouTube: https://www.youtube.com/@HamsterKombat_Official
Bot: https://t.me/hamster_kombat_bot
Game: https://t.me/hamster_kombat_bot/
Last updated 4 weeks ago
Your easy, fun crypto trading app for buying and trading any crypto on the market
Last updated 3 weeks ago
Turn your endless taps into a financial tool.
Join @tapswap_bot
Collaboration - @taping_Guru
Last updated 1 week ago
? Our researcher Arseniy Sharoglazov has discovered two unauthenticated RCE vulnerabilities in Xerox WorkCentre!
Read more: https://swarm.ptsecurity.com/inside-xerox-workcentre-two-unauthenticated-rces/
PT SWARM
Inside Xerox WorkCentre: Two Unauthenticated RCEs
Every organization has printers. In this writeup, I will cover two unauthenticated RCE vulnerabilities that I discovered in Xerox WorkCentre.
? Simple way to bypass a WAF in Command Injections!
Also helps with length restrictions! ?
✅ Did you know that XSLT injection can lead to file creation?
Check the tip!
High resolution tip and the .xsl file
? We're live at GISEC2024 in Dubai, UAE!
Join PT SWARM for a master class on soldering your smart ? opener or enjoy our ATM hacking contest! ?
Catch us until April 25 at 5 PM! ??
CVE-2024-3400 - Technical Analysis
? by Rapid7
Rapid7’sanalysis of this vulnerability has identified that the exploit is in fact an exploit chain, consisting of two distinct vulnerabilities: an arbitrary file creation vulnerability in the GlobalProtect web server, for which no discrete CVE has been assigned, and a command injection vulnerability in the device telemetry feature, designated as CVE-2024-3400.
If device telemetry is disabled, it is still possible to leverage the file creation vulnerability; at time of writing, however, Rapid7 has not identified an alternative way to leverage the file creation vulnerability for successful exploitation.
? Contents:
● Overview
● Analysis
• Rooting the Device
• Diffing the Patch
• Arbitrary File Creation
• Command Injection Exploitation
● IOCs
● Remediation
https://attackerkb.com/topics/SSTk336Tmf/cve-2024-3400/rapid7-analysis
? We've tested the new RCE in Microsoft Outlook (CVE-2024-21378) in a production environment and confirm it works well!
A brief instruction for red teams:
- Compile our enhanced DLL;
- Use NetSPI's ruler and wait!
No back connect required!
? ??
PortSwigger's Top 10 web hacking techniques of 2023!Welcome to the Top 10 Web Hacking Techniques of 2023, community-powered effort to identify the most important and innovative web security research published in the last year.
? Smashing the state machine: the true potential of web race conditions? Exploiting Hardened .NET Deserialization? SMTP Smuggling - Spoofing E-Mails Worldwide4️⃣ PHP filter chains: file read from error-based oracle5️⃣ Exploiting HTTP Parsers Inconsistencies6️⃣ HTTP Request Splitting vulnerabilities exploitation7️⃣ How I Hacked Microsoft Teams and got $150,000 in Pwn2Own8️⃣ From Akamai to F5 to NTLM... with love9️⃣ Cookie Crumbles: Breaking and Fixing Web Session Integrity? can I speak to your manager? hacking root EPP servers to take control of zonesThe entire nomination list you can find here: https://portswigger.net/research/top-10-web-hacking-techniques-of-2023-nominations-open
? New article by our researcher Nikita Sveshnikov: "Bypassing browser tracking protection for CORS misconfiguration abuse."
Read the blog post to learn how certain misconfigurations can be exploited despite the built-in anti-tracking mechanisms.
https://swarm.ptsecurity.com/bypassing-browser-tracking-protection-for-cors-misconfiguration-abuse/
PT SWARM
Bypassing browser tracking protection for CORS misconfiguration abuse
Cross-Origin Resource Sharing (CORS) is a web protocol that outlines how a web application on one domain can access resources from a server on a different domain. By default, web browsers have a Same-Origin Policy (SOP) that blocks these cross-origin requests…
Atlassian Confluence - Remote Code Execution (CVE-2023-22527)? by Rahul Maini & Harsh JaiswalCVE-2023-22527 is a critical vulnerability within Atlassian's Confluence Server and Data Center. This vulnerability has the potential to permit unauthenticated attackers to inject OGNL expressions into the Confluence Instance, thereby enabling the execution of arbitrary code and system commands.
? Contents:
● Technical Details
• Initial Analysis
• Identifying the Unauthenticated Attack Surface
● OGNL Expression Evaluation
● Remote Code Execution via OGNL Injection
https://blog.projectdiscovery.io/atlassian-confluence-ssti-remote-code-execution/
Introducing wrapwrap: using PHP filters to wrap a file with a prefix and suffix? by Charles Folwrapwrap marks another improvement to the PHP filter exploitation saga. Adding arbitrary prefixes to resources using php://filter is nice, but you can now add an arbitrary suffix as well, allowing you to wrap PHP resources into any structure. This beats code like:
$data = file\_get\_contents($\_POST['url']);
$data = json\_decode($data);
echo $data\->message;
or:
```
$config = parse_ini_file($_POST['config']);
echo $config["config_value"];
```
? Contents:
● Abstract
● Introduction
● Building wrapwrap
• Adding a prefix
• Fuzzing to no effect
• Not so random trimming
• The main idea
• Where is the end?
• Real suffix control: removing digits
● Using wrapwrap
● Conclusion
Community chat: https://t.me/hamster_kombat_chat_2
Twitter: x.com/hamster_kombat
YouTube: https://www.youtube.com/@HamsterKombat_Official
Bot: https://t.me/hamster_kombat_bot
Game: https://t.me/hamster_kombat_bot/
Last updated 4 weeks ago
Your easy, fun crypto trading app for buying and trading any crypto on the market
Last updated 3 weeks ago
Turn your endless taps into a financial tool.
Join @tapswap_bot
Collaboration - @taping_Guru
Last updated 1 week ago