Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

All Activity

This stream auto-updates

  1. Past hour
  2. Today
  3. Yesterday
  4. You can search game you want ..Like Mortal Kombat,Injustice,STAR WARS etc.. Also account:password is above like in the picture Don't Leach <3 ENJOY !! [hide][Hidden Content]]
  5. Don't Leach ❤️ [hide][Hidden Content]]
  6. Don't Leach <3 ENJOY !! [hide][Hidden Content]]
  7. 🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript) 🔓 Unauthenticated Peering Leading to Code Execution (Using HID Keyboard) Introduction 📢 BlueDucky is a powerful tool for exploiting a vulnerability in Bluetooth devices. By running this script, you can: 📡 Load saved Bluetooth devices that are no longer visible but have Bluetooth still enabled. 📂 Automatically save any devices you scan. 💌 Send messages via ducky script format to interact with devices. I've successfully run this on a Raspberry Pi 4 using the default Bluetooth module. It works against various phones, with an interesting exception for a New Zealand brand, Vodafone. Installation and Usage 🛠️ Setup Instructions # update apt sudo apt-get update sudo apt-get -y upgrade # install dependencies from apt sudo apt install -y bluez-tools bluez-hcidump libbluetooth-dev \ git gcc python3-pip python3-setuptools \ python3-pydbus # install pybluez from source git clone [Hidden Content] cd pybluez sudo python3 setup.py install # build bdaddr from the bluez source cd ~/ git clone --depth=1 [Hidden Content] gcc -o bdaddr ~/bluez/tools/bdaddr.c ~/bluez/src/oui.c -I ~/bluez -lbluetooth sudo cp bdaddr /usr/local/bin/ Running BlueDucky [Hidden Content] Operational Steps 🕹️ On running, it prompts for the target MAC address. Pressing nothing triggers an automatic scan for devices. Devices previously found are stored in known_devices.txt. If known_devices.txt exists, it checks this file before scanning. Executes using payload.txt file. Successful execution will result in automatic connection and script running. Download: [hide][Hidden Content]] Mirror: [hide][Hidden Content]]
  8. This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote command execution vulnerability patched in May of 2023. The authentication bypass allows attackers to impersonate the Sharepoint Admin user. This vulnerability stems from the signature validation check used to verify JSON Web Tokens (JWTs) used for OAuth authentication. If the signing algorithm of the user-provided JWT is set to none, SharePoint skips the signature validation step due to a logic flaw in the ReadTokenCore() method. After impersonating the administrator user, the attacker has access to the Sharepoint API and is able to exploit CVE-2023-24955. This authenticated remote command execution vulnerability leverages the impersonated privileged account to replace the /BusinessDataMetadataCatalog/BDCMetadata.bdcm file in the webroot directory with a payload. The payload is then compiled and executed by Sharepoint allowing attackers to remotely execute commands via the API.View the full article
  9. This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions 1.9.6 and below for WordPress. The vulnerability allows attackers to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and exploit the eval() function usage within the theme. Successful exploitation allows for full control of the affected WordPress site. It is recommended to upgrade to version 1.9.6.1 or higher.View the full article
  10. A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user.View the full article
  11. Payload-Based Approach (GitHub Project): There’s a GitHub project called Bypass-G-Protect that aims to bypass Google Play Protect. The steps involve building an Android payload, installing it (even if Play Protect detects it as unsafe), deleting the payload, changing the Target Sdk to ‘39’ or above using an Android editor app, and then reinstalling the payload .
  12. View File Desbloquear y Extraer Datos | Forensic | Android, iPhone and Computer Download: Free download for users PRIV8 Submitter dEEpEst Submitted 03/27/2024 Category Online Book Password ********  
  13. 0 downloads

    Download: Free download for users PRIV8
    From $110 PRIV8
  14. Last week
  15. Bludit version 3.13.0 suffers from a cross site scripting vulnerability.View the full article
  16. Insurance Management System PHP and MySQL version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.View the full article
  17. Craft CMS version 4.4.14 suffers from an unauthenticated remote code execution vulnerability.View the full article
  18. LimeSurvey Community version 5.3.32 suffers from a persistent cross site scripting vulnerability.View the full article
  19. Orange Station version 1.0 suffers from a remote shell upload vulnerability.View the full article
  20. Nagios XI versions 2024R1.01 suffers from a remote SQL injection vulnerability.View the full article
  21. MobileShop Master version 1.0 suffers from a remote SQL injection vulnerability.View the full article
  22. LBT-T300-mini1 suffers from a remote buffer overflow vulnerability.View the full article
  1. Load more activity
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.