主题
-
获取当前机器的明文密码在导出域hash之前,我们可以先尝试导出当前机器的本地的hash密码,如果域用户之前在这台机器上进行登陆操作的话,可以直接获取到域用户甚至域管理员的账号。 在Windows操作系统上,sam数据库(C:\Windows\System32\config\sam)里保存着本地用户的hash。 在本地认证的流程中,作为本地安全权限服务进程lsass.exe也会把用户密码缓存在内存中(dmp文件)。 因此,在这里我们可以考虑两种方式进行抓取当前机器的hash:在线工具提取,离线分析提取。 注意:在windows 10\ 2012r2之后的系统版本中,默认情况下已禁用在内存缓存中存系统用户明文密码,此时再直接使用mimikatz去抓明文,肯定是抓不到的。密码字段位会直接显示为null。 这里我们手动修改注册表让其保存明文,方便我们进行抓取。(修改后需要注销用户再登陆) reg add HKLM\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest /v UseLogonCredential /t REG\_DWORD /d 1 /f mimikatzmimikatz是法国人benjamin开发的一款功能强大的轻量级调试工具,本意是用来个人测试,但由于其功能强大,能够直接读取WindowsXP-2012等操作系统的明文密码而闻名于渗透测试,可以说是渗透必备工具。 下载地址:https://github.com/gentilkiwi/mimikatz 1.通…
-
Ubuntu: USN-7263-1 (CVE-2025-1009): Firefox vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/04/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2025-1009 CVE - 2025-1009 USN-7263-1
-
Debian: CVE-2024-36933: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/30/2024 Created 06/04/2024 Added 06/04/2024 Modified 07/03/2024 Description In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). syzbot triggered various splats (see [0] and links) by a crafted GSO packet of VIRTIO_NET_HDR_GSO_UDP layering the following protocols: ETH_P_8021AD + ETH_P_NSH + ETH_P_IPV6 + IPPROTO_UDP NSH can encapsulate IPv4, IPv6, Ethernet, NSH, and MPLS.As the inner protocol can be Ethernet, NSH GSO handler, nsh_gso_segme…
-
Ubuntu: USN-6067-1 (CVE-2022-3277): OpenStack Neutron vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 03/06/2023 Created 05/11/2023 Added 05/11/2023 Modified 01/30/2025 Description An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service. Solution(s) ubuntu-upgrade-python-neutron ubuntu-upgrade-python3-neutron …
-
Microsoft Windows: CVE-2023-24906: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 03/14/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5023713 microsoft-windows-windows_10-1607-kb5023697 microsoft-windows-windows_10-1809-kb5023702 microsoft-windows-windows_10-20h2-kb5023696 microsoft-windows-windows_10-21h2-kb5023696 microsoft-windows-windows_10-22h2-kb5023696 microsoft-windows-w…
-
Red Hat: CVE-2024-38600: kernel: ALSA: Fix deadlocks with kctl removals at disconnection (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 06/19/2024 Created 12/06/2024 Added 12/05/2024 Modified 12/05/2024 Description In the Linux kernel, the following vulnerability has been resolved: ALSA: Fix deadlocks with kctl removals at disconnection In snd_card_disconnect(), we set card->shutdown flag at the beginning, call callbacks and do sync for card->power_ref_sleep waiters at the end.The callback may delete a kctl element, and this can lead to a deadlock when the device was in the suspended state.Namely: * A process…
-
Red Hat: CVE-2024-36472: gnome-shell: code execution in portal helper (Multiple Advisories) Severity 7 CVSS (AV:A/AC:H/Au:N/C:C/I:C/A:C) Published 05/28/2024 Created 09/14/2024 Added 09/13/2024 Modified 11/27/2024 Description In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code's behavior. Solution(s) redhat-upgrade-gnome-classic-session …
-
这次的目标是个购物站点,希望发现更多的漏洞,最好是能拿到shell。 一些常见的漏洞都存在,比如任意修改他人密码、修改商品金额等逻辑漏洞都是存在的。但这里就不提这些逻辑漏洞了,这里说一说ssrf。 注册会员后,前台很多上传点,但是均无法上传shell。 通过nmap扫描端口发现对外开放了3306端口,也就是mysql数据库端口。 然后在一处下载文件的地方,看到了个可疑的url。 通过dnslog测试,发现是个ssrf漏洞。 尝试访问百度,得到出是完全回显的ssrf漏洞。 尝试这个ssrf是否支持其他协议,发现支持file协议,完全回显,又可以读文件,真舒服。 那么现在只需要让网站报错 爆出绝对路径,或者尝试去读取一些配置文件看看能否找到网站的绝对路径,最终读取到网站数据库的配置文件,那么就可以连接上数据库就可以拿到管理员账号密码了。 读取到 /etc/httpd/conf/httpd.conf 这个文件,发现网站路径为 /var/www/html 。 于是准备尝试去读取index.php发现居然没有内容,最后各种测试,各种组合,都没任何关于网站的回显,自闭了。 没办法,那就只有想办法让网站报错,看看路径对不对。 终于找到了个点让网站报错,发现之前的路径不对。 最终经过翻代码,找到了数据库配置文件,成功的找到了数据库账号密码。 成功连上了数据库。 最终成功进了后台。 后台还有个这个功能…… 嗯…… 非常好 over…… Uploading Attachment...
-
Ubuntu: (CVE-2023-52800): linux vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/21/2024 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix htt pktlog locking The ath11k active pdevs are protected by RCU but the htt pktlog handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section. Mark the code in question as an RCU read-side critical section to avoid any potential use-after-free issues. Compile tested only. Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-aw…
-
Ubuntu: (Multiple Advisories) (CVE-2024-35833): Linux kernel vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/17/2024 Created 07/15/2024 Added 07/15/2024 Modified 08/06/2024 Description In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA This dma_alloc_coherent() is undone neither in the remove function, nor in the error handling path of fsl_qdma_probe(). Switch to the managed version to fix both issues. Solution(s) ubuntu-upgrade-linux-image-6-5-0-1017-starfive ubuntu-upgrade-linux-image-6-5-0-1020-raspi ubuntu-upgrad…
-
-
FreeBSD: (Multiple Advisories) (CVE-2024-9122): electron31 -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/25/2024 Created 10/03/2024 Added 10/02/2024 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-electron31 freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2024-9122
-
将对应 gcc.exe 和 go.exe 的路径替换成你自己的,然后重启主程序就可以使用了。 从20231208版本以后,你可以自己选择c编译器:tdm-gcc或者tcc。tcc生成的体积更小(实测7kb,使用upx可以压到5kb以内),但是不支持自定义程序图标。 生成路径中不要包含中文和空格,否则会生成失败! 针对Cobalt Strike,不要选择生成Windows分阶段木马、Windows无阶段木马,而是生成payload,最终是一个payload.c文件。 下载之后本地打开:(记得关闭杀软) 2. 环境配置 安装环境:Windows10虚拟机 在这里新版本掩日采用了gcc环境和go环境,在作者的项目介绍中,对其都有要求,我们按照要求分别安装gcc和go的环境: gcc安装 gcc --version go安装 go version 3. 环境 在作者的介绍中,针对Cobalt Strike生成的木马要求: 针对Cobalt Strike,不要选择生成Windows分阶段木马、Windows无阶段木马,而是生成payload,最终是一个payload.c文件。 因此在这里我们使用最常用的CS的木马来进行操作。 3.1 环境准备 在本地启动一个CS,服务端: sudo ./teamserver 10.30.1.147 123 启用客户端,并新增监听,在这里使用作者建议的HTTPS方式: 然后生成一个payload.c文件: 3.2 测试环境 测试机: Windows10 360主动防御 Windows7 火绒主动防御 W…
-
Oracle Linux: CVE-2024-46800: ELSA-2024-12813: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:S/C:P/I:P/A:C) Published 09/18/2024 Created 11/23/2024 Added 11/21/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: sch/netem: fix use after free in netem_dequeue If netem_dequeue() enqueues packet to inner qdisc and that qdisc returns __NET_XMIT_STOLEN. The packet is dropped but qdisc_tree_reduce_backlog() is not called to update the parent's q.qlen, leading to the similar use-after-free as Commit e04991a48dbaf382 ("netem…
-
SUSE: CVE-2024-36944: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/30/2024 Created 06/14/2024 Added 06/13/2024 Modified 08/28/2024 Description In the Linux kernel, the following vulnerability has been resolved: Reapply "drm/qxl: simplify qxl_fence_wait" This reverts commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea. Stephen Rostedt reports: "I went to run my tests on my VMs and the tests hung on boot up. Unfortunately, the most I ever got out was: [ 93.607888] Testing event system initcall: OK [ 93.667730] Running tests on all trace events: [ 93.669757] Testing all events: OK [ 95.631064] ------------[ …
-
Huawei EulerOS: CVE-2022-48767: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/20/2024 Created 10/10/2024 Added 10/09/2024 Modified 10/09/2024 Description In the Linux kernel, the following vulnerability has been resolved: ceph: properly put ceph_string reference after async create attempt The reference acquired by try_prep_async_create is currently leaked. Ensure we put it. Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp12-upgrade-kernel-tools huawei-euleros-2_0_sp12-upgrade-ker…
-
Red Hat: CVE-2024-47176: cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 09/27/2024 Created 09/28/2024 Added 09/27/2024 Modified 10/28/2024 Description CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When com…
-
FreeBSD: VID-4B7ED61F-7BBF-11EF-9369-2CF05DA270F3 (CVE-2024-4278): Gitlab -- vulnerabilities Severity 3 CVSS (AV:N/AC:L/Au:M/C:P/I:N/A:N) Published 09/25/2024 Created 09/28/2024 Added 09/27/2024 Modified 01/28/2025 Description An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting. Solution(s) freebsd-upgrade-package-gitlab-ce freebsd-upgrade-package-gitlab-ee References CVE-2024-4278
-
Moodle: Uncontrolled Recursion (CVE-2021-36395) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/06/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/30/2025 Description In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. Solution(s) moodle-upgrade-3_10_5 moodle-upgrade-3_11_1 moodle-upgrade-3_9_8 References https://attackerkb.com/topics/cve-2021-36395 CVE - 2021-36395 https://moodle.org/mod/forum/discuss.php?d=424801
-
Debian: CVE-2024-46726: linux, linux-6.1 -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/18/2024 Created 10/08/2024 Added 10/07/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Ensure index calculation will not overflow [WHY & HOW] Make sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will never overflow and exceess array size. This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity. Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-20…
-
SUSE: CVE-2024-9121: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/25/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/28/2025 Description Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2024-9121 CVE - 2024-9121
-
VMware Photon OS: CVE-2023-0845 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 03/09/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-0845 CVE - 2023-0845
-
VMware Photon OS: CVE-2023-1264 Severity 6 CVSS (AV:L/AC:L/Au:N/C:P/I:P/A:C) Published 03/07/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-1264 CVE - 2023-1264
-
Oracle Linux: CVE-2024-46739: ELSA-2024-12813: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/18/2024 Created 11/23/2024 Added 11/21/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind For primary VM Bus channels, primary_channel pointer is always NULL. This pointer is valid only for the secondary channels. Also, rescind callback is meant for primary channels only. Fix NULL pointer dereference by retrieving the device_obj from the parent f…
-
Cisco XE: CVE-2024-20433: Cisco IOS and IOS XE Software Resource Reservation Protocol Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/25/2024 Created 09/27/2024 Added 09/26/2024 Modified 02/11/2025 Description A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow when processing crafted RSVP packets. An attacker could exploit this vulnerability by se…
文件
-
-
- 5 资源中心
-
- 28 资源中心
-
- 9 资源中心
-
- 3 资源中心
-
- 26 资源中心
-
- 4 资源中心
-
- 2 资源中心
-
- 6 资源中心
-
- 41 资源中心
-
- 12 资源中心
-
- 7 资源中心