Witcher TV Show Deepfake Puts Liam Hemsworth's Face On Henry Cavill
A VFX artist has created a fake trailer for Netflix's The Witcher season 4, which replaces Henry Cavill's Geralt of Rivia with his soon-to-be replacement, Liam Hemsworth.
The deepfake video was created by Matthew Anthony--via Eurogamer--and gives fans of the series a look at what Hemsworth could look like as the Butcher of Blavikin instead of Cavill, who has played the character for two seasons and a third yet to arrive. The two-minute deepfake depicts the actor's face digitally imposed over Cavill's in a variety of scenes taken from the Netflix series. For example, moments where he's simply talking and interacting with characters such as Jaskier and Ciri.
However, scenes with complicated fight scenes performed by Cavill are not featured in the deepfake, so fans won't know what Hemsworth could look like wielding a sword until season 4 eventually drops. The VFX artist has developed a collection of videos using deepfake technology, and even created a concept where Ben Affleck would play Geralt as well.
Fifteen years after the catastrophic event known as the "Apocalypse", the world is still in an era of great unrest. Even Astella, a harbour town far from the centre of the Vallois Empire, is no exception. Local gangs, slum dwellers, external forces, and secret societies - all these factions are clashing together over their own agenda and interests. Under such tension, the fragile peace here at Astella is on the verge of sliding back into all-out conflicts.
In the midst of this crisis, a young boy and a young girl crossed paths. In the nick of the time, Sid, facing his impending death as a result of a series of unfortunate events, was luckily saved by a girl, Torii, who wields a special power - Chrono.
In order to investigate an unusual crime, Sid and Torii together embark on a journey heading into the greater unknown. In this intricate intertwining of events, every decision made could shape the future of Astella.
This CTF challenge is another blackbox-style pentest where we don’t know anything about our target other than the IP address.
We will have to discover ports and services running on the server with our standard pentesting tools like nmap and dirb scan. We also don’t have any inside information about the backend of the target machine.
Let’s get started!
We’ll be testing out the website pentest.ws during today’s video walkthrough.
It is a site designed for pentesters to keep track of their enumeration and credentials. The paid version also helps pentesters create professional VAPT reports (vulnerability assessment and penetration testing reports).
At the end of this post, I will summarize my thoughts on using pentest.ws for the first time.
ENUMERATION/RECON
sudo nmap -A -oX nmap.txt $targetIP -p-
Today we are exporting our nmap results in XML format so that we can upload them to pentest.ws and have the site automatically parse our findings.
We’ll use the script console on Jenkins to spawn another revshell using groovy scripting language.
We’ll use ezpzshell and choose the Java code, because groovy is built on Java. This time when we catch it, we will be user jenkins.
Manually enumerating through the file system we stumble across a note.txt. Let’s check out the contents:
cat note.txt
Output:
Aubreanna, Will wanted these credentials secured behind the Jenkins container since we have several layers of defense here. Use them if you need access to the root user account. root:tr0ub13guM!@#123
Bingo! We found root user credentials!
SWITCH USERS TO ROOT
su root
root@internal:~# cat root.txt
THM{d—-omitted—3r}
FINAL THOUGHTS
I’m not convinced yet that pentest.ws will save me much time on my note taking. Maybe with time and experience it would help.
I think the report features that are available for paying subscribers might be just helpful enough to keep me using their platform.
However, I have concerns about security of their platform, as findings from pentesting can be sensitive and generally include login credentials and other passwords.
Overall, I enjoyed the challenge of this box, especially the part where we set up port forwarding via SSH login to expose the Jenkins login portal to our attack machine.
Cashback, Vorax AMA Stream, Yugi, Red Diamond Bundle
Romantic Cashback Sale
[www.indiegala.com] Share your love & hugs with your significant other. Even if you do not have one yet, please remember that you are significant to us, that's why we like giving back...cashback for every purchase for a limited time. You are all adorable, that's why we brought to you a FREEbie with your name on it.
[discord.gg] If you join the Vorax Discord Channel you may also join us for a Q&A at February 17, 2023 8:00 PM Rome Time in #ask-me-anything. ( on Saturday and Sunday same time)
Red Diamond Bundle | 12 Adult Steam Games | 91% OFF
[www.indiegala.com] Shining bright like a diamond, this adult 18+ collection filled with some hot indie gems are ready to be discovered.
This giveaway is on gog.com gog is a platform for games that is dedicated to drm-free games (those are games that do not require login or registration to play the game)
How to grab Biing Sex Intrigue and Scalpels - Go to the home page of https://www.gog.com/#giveaway - Login and Register - Go to the home page again - Wait for 10 seconds then start searching for Alien Breed Trilogy - on the home page look for "Deal of the Day" (above it there should be a banner) - on the banner there is a button "Yes, and claim the game" click it - That's it
After crash-landing on this shape-shifting world, Selene must search through the barren landscape of an ancient civilization for her escape. Isolated and alone, she finds herself fighting tooth and nail for survival. Again and again, she's defeated forced to restart her journey every time she dies.
Through relentless roguelike gameplay, you'll discover that just as the planet changes with every cycle, so do the items at your disposal. Every loop offers new combinations, forcing you to push your boundaries and approach combat with a different strategy each time.
Brought to life by stunning visual effects, the dark beauty of the decaying world around you is packed with explosive surprises. From high stakes, bullet hell-fuelled combat, to visceral twists and turns through stark and contrasting environments. You'll explore, discover and fight your way through an unforgiving journey, where mystery stalks your every move.
2022 is special ! This is the 25 years anniversary of Java Card as already reflected in a previous post where experts detail the history and the reasons of its success story. How the Java card technology is so pervasive in our lives ?
Target: gaining root access using a variety of different techniques
Highlight: Quickly gaining root access on a Linux computer in many different ways
Tags: privesc, linux, privilege escalation
BACKGROUND
Using different exploits to compromise operating systems can feel like magic (when they work!).
In this walkthrough, you will see various “magical” ways that Linux systems can be rooted. These methods rely on the Linux system having misconfigurations that allow various read/write/execute permissions on files that should be better protected. In this post, we will cover tasks 1-10.
TASK 1 Deploy the Vulnerable Debian VM
After connecting to our TryHackMe VPN, let’s start our notes.txt file and write down our IPs in an export fashion.
We’ll create a new file named rootbash that spawns a root shell. This box has the exploit preloaded, so all we have to do is cut and paste the commands from this section to try out the privesc.
In this task, we will change the root passwd in /etc/passwd. First we need to generate a new hashed password:
openssl passwd newpasswordhere
TASK 6 Sudo – Shell Escape Sequences
Let’s check our sudo privileges:
sudo -l
We can choose any of the many bin files that we have sudo permissions on, except for the apache2 bin that doesn’t have a sudo exploit listed on GTFObins
Today we’ll choose to run the exploit utilizing the more bin file.
In this task, we will root the Linux box by changing the file overwrite.sh that is scheduled to run automatically every minute on cron jobs.
Because we have to write file permissions on the file, we can change the contents to spawn a revshell that we can catch on a listener. The file is owned by root, so it will spawn a root shell.
This bash script will copy /bin/bash (the shell) to the tmp directory, then add execute privileges and an suid bit. After the overwrite.sh file runs, we can manually activate the root shell by running the new file “rootbash” with persistence mode.
In this exploit, we will use strange filenames to trick the system into thinking they are checkpoint flags on the tarball command which issue a command to run the elf shell to give us a root shell on our netcat listener.
Next, we’ll transfer the elf file to /home/usr on the target via a simple HTTP server. Finally, we need to create two empty files with the following names:
Magic isn’t actually needed to carry out any of the privesc methods outlined in this post.
As long as the target machine has a misconfiguration on password files (/etc/shadow and/or /etc/passwd), cron jobs are set to run files that we can modify or spoof, or a PATH variable that we can hijack with a spoof file, we can easily escalate privileges to the root user.
Thanks for reading this write-up, and be sure to check out part II for more “magical” privesc methods.
Thank you so much for heeding our call. We are in need of fresh soldiers to be dropped into the island to investigate strange anomalies coming from a strange patogen.
More Tools & Weapons In this vast and difficult land, you must survive through creative ways. Utilize the chainsaw, hatchet and bow and arrow to succeed.
Traps Incendiary, explosives, and tripwires have been added to your crafting arsenal as additional means of protection or for whichever purpose you may see fit.
Wood Piling and Crafting Wood is a vital component for protection and survival if used correctly. Cut, chop, farm, gather, all in the hopes to see another day. Our new improvements to wood piling should lend you a hand..
…And More We have added multiple features, monsters, and locations for exploration. If you would like more information about these updates please visit our Steam Page. Current version is 0.4.1069. Read more about our progress in our Dev Update Announcements.
You may even support the development via purchasing an early copy[vorax.indiegala.com].