Great #patchtuesday Microsoft, but did you not forgot something for #printnightmare? 🤔
Still SYSTEM from standard user...
(I may have missed something, but #mimikatz🥝mimispool library still loads... 🤷♂️)
Con gran orgullos nos complace anunciar la obtención de su certificación OSCP a la integrante de nuestro equipo @n4t_cl . Felicitaciones máquina🦊🏴☠️ !!!
@KumaruSonna@cntr0llz I forgot to take notes, but basically you gotta use GetNPUsers from Impacket in conjunction with socat to solve part 1. As for part 2, it's the same idea but with GetUserSPNs and the credential you previously got.
Here's my #writeup of an #XXE bug, exploited in more than one way,
Really hope that this helps anyone!
https://t.co/m6WGv2nVA5
https://t.co/b4inGDLzot
Thanks to @cntr0llz, @stokfredrik, @fjv_cl, @Mataya_CL, and everyone who keeps crushing it!
#bugbounty
Presenting the least useful Pi Hat ever- the Raspberry Pi Zero RF Modulator. The answer to the question nobody was asking: “How can I display my raspberry Pi Zero on an antique TV?”
CVE-2020-8946 Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter. https://t.co/wKIsfyx0E6
CVE-2020-8438 Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring. https://t.co/4iBGJAO6NQ