Una nueva #vulnerabilidad crítica de #SAP #NetWeaver está siendo explotada para cargar #webshell a través de #BruteRatel Framework
https://blogs.masterhacks.net/noticias/hacking-y-ciberdelitos/nueva-vulnerabilidad-critica-de-sap-netweaver-esta-siendo-explotada-para-cargar-web-shell-a-traves-de-brute-ratel-framework/
#WebShell
found this malware on my friend's site. checking on it and the original file looks so messy. vim can do `gg=G` to forcing re-indentation of the messed php file with html inside it >.<
#webshell
#webshell #opendir #netsupport #rat at:
https://appointedtimeagriculture\.com/wp-includes/blocks/post-content/
GatewayAddress=95.179.158.213:443
RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA
2024-12-04 (Wednesday): Casual review of my most recent Apache web server access logs shows what looks like an attempt to get a PHP #webshell on my web server.
URL for the PHP webshell is hxxp://1.14.123[.]164/ote.txt
Actief misbruik van zimbra-kwetsbaarheid cve-2024-45519: wat u moet weten https://www.trendingtech.news/trending-news/2024/10/41625/actief-misbruik-van-zimbra-kwetsbaarheid-cve-2024-45519-wat-u-moet-weten #Zimbra #kwetsbaarheid #CVE-2024-45519 #beveiliging #webshell #Trending #News #Nieuws
Jak przejąć sieć operatora telekomunikacyjnego oraz dane jego klientów poprzez upload favicona?
Niedawno wykryto kampanię hackerską celującą w amerykańskich dostawców sieci (zainfekowano w ten sposób minimum czterech ISP). W tym celu wykorzystano podatność w rozwiązaniu SD-WAN firmy Versa Networks. Podatność występuje w mechanizmie uploadu favicona w aplikacji webowej. Ale zamiast favicona można zuploadować webshella w Javie… Upload favicona wymaga jednak posiadania dostępu...
Podatności o niskim ryzyku, a jednak dały RCE – zobacz wektor ataku jaki odnaleźliśmy z naszego ostatniego pentestu
W pracy pentestera bardzo często spotykamy się z podatnościami, które same w sobie niosą niskie lub średnie ryzyko. Ich wykorzystanie do niecnych celów przez atakującego wymaga spełnienia szeregu warunków, nierzadko bardzo trudnych do osiągnięcia – na przykład kliknięcie przez użytkownika w spreparowany i podesłany mu link. Im bardziej wyśrubowane warunki,...
#Aktualności #Cve #Lfd #Pentesty #Rce #SQLInjection #Webshell
[Перевод] Перевод статьи «Injecting Java in-memory payloads for post-exploitation»
В марте Synacktiv описали способы эксплуатации небезопасной десериализации в приложениях, написанных на Java. Позже, команда красных автора столкнулась с Java-приложениями, в которых были обнаружены другие уязвимости, приводящие к исполнению кода. А уже в этой статье автор представил несколько приемов, которые использовались для внедрения полезной нагрузки в память на примере широко известных приложений. Ну а мы, авторы telegram-канала AUTHORITY , перевели эту статью на русский.
https://habr.com/ru/articles/833262/
#Java #tomcat #jenkins #bitbucket #confluence #pentest #inmemory #exploit #webshell
Как защититься от «бестелесных» веб-шеллов
В сегодняшней статье эксперты Сайбер ОК проведут вас за руку по лабиринту хакерских уловок и на пальцах объяснят, что такое "бестелесные" веб-шеллы и как защитить от них свои ресурсы.
https://habr.com/ru/companies/cyberok/articles/787320/
#webshell #вебшелл #fileless_webshell #php #rce #cve #edr #soldr
"🚨 Ivanti VPN Zero-Day Exploits Unleash Global Cyber Onslaught 🚨"
🔒 Two zero-day vulnerabilities in Ivanti's Connect Secure VPN and Policy Secure network access control (NAC) appliances are facing mass exploitation. Discovered by Volexity, the CVE-2023-46805 and CVE-2024-21887 vulnerabilities enable widespread attacks, impacting businesses of all sizes worldwide, including Fortune 500 companies. The GIFTEDVISITOR webshell variant is used to backdoor systems, indicating a serious threat level.
Ivanti hasn't released patches yet. Administrators are advised to apply vendor-provided mitigation measures and use Ivanti's Integrity Checker Tool. All data on compromised ICS VPN appliances should be considered at risk. Amid these attacks, suspected Chinese state-backed actors (UTA0178 or UNC5221) are notably active, with Mandiant identifying five custom malware strains targeting breached systems.
These include Zipline Passive Backdoor, Thinspool Dropper, Wirefire and Lightwire web shells, Warpwire harvester, PySoxy tunneler, BusyBox, and Thinspool utility. Particularly alarming is Zipline, which intercepts network traffic and supports various malicious activities.
Stay vigilant and prioritize immediate protective actions!
🔗 Source: BleepingComputer - Sergiu Gatlan
Tags: #CyberSecurity #ZeroDay #IvantiVPN #CVE202346805 #CVE202421887 #APT #UTA0178 #UNC5221 #Malware #Webshell #Volexity #Mandiant #NetworkSecurity #InfoSec🛡️🌍👾
🏴☠️ Navigate the cyber seas! Explore the mysterious HrServ web shell in our latest post: 'Web Shell on the Horizon'. Dive in: https://cybercorsair.blogspot.com/2023/11/from-crows-nest-web-shell-on-horizon.html #CyberSecurity #DigitalPirates #webshell
This novel web shell “hijacks the underlying Apache Tomcat webserver and silently inserts itself between Confluence and Tomcat–making itself available on every webpage ...”
Interesting CVE-2023-22515 post-exploit behavior discovered by Aon's Stroz Friedberg Incident Response practice.
“… patching Confluence to address CVE-2023-22515 and CVE-2023-22518 will not remediate the web shell if it has been deployed.”
See the blog post for insights on identification of this web shell on your #Confluence server.
Backlink slot gacor di web2 pemerintah/kampus tidak semudah itu bakal hilang soale banyak yang jual dan banyak juga yang mau beli akses webshell/cpanel domain .go.id dan .ac.id 😑
"⚠️ #Updated: Citrix CVE-2023-3519 Exploitation - Webshells Implanted! ⚠️"
Initial Release Date: July 20, 2023
The CISA has updated the alarm on CVE-2023-3519, a severe RCE vulnerability in NetScaler (Citrix) ADC & Gateway. In June 2023, threat actors exploited this as a zero-day, compromising a critical infrastructure organization. They planted a webshell, enabling AD reconnaissance & data exfiltration. Thankfully, network-segmentation controls halted their lateral movement. Citrix has since released a patch. Stay vigilant!
Summary:
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding the exploitation of CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. Threat actors exploited this vulnerability as a zero-day in June 2023, compromising a critical infrastructure organization's non-production environment NetScaler ADC appliance. The attackers planted a webshell, enabling them to perform Active Directory (AD) reconnaissance and data exfiltration. Although they attempted lateral movement to a domain controller, network-segmentation controls prevented their progress. Citrix released a patch on July 18, 2023.
Technical Details:
- CVE-2023-3519: This unauthenticated RCE vulnerability impacts various versions of NetScaler ADC and NetScaler Gateway. The affected appliance must be configured as a Gateway or for authentication, authorization, and auditing (AAA) to be exploited.
Threat Actor Activity (Victim 1):
- Initial exploit chain involved uploading a TGZ file containing a webshell, discovery script, and setuid binary.
- The webshell was used for AD enumeration and data exfiltration.
- NetScaler configuration files and decryption keys were accessed.
- Actors queried AD data and encrypted discovery data for exfiltration.
- Attempts to move laterally and delete artifacts were blocked by network-segmentation controls.
Update September 6, 2023: Victim 2:
- Actors uploaded a PHP webshell, gained root access, and conducted AD queries.
- Exfiltrated data and deleted files and logs.
- Used compromised pfSense devices for command and control (C2).
Additional Observed Activity:
- Actors leveraged open source webshells and tools for various purposes, including exfiltration, persistence, and tampering with monitoring tools.
- Modified open-source tools to capture and exfiltrate credentials.
- Deployed tunnellers for encrypted reverse TCP/TLS connections.
- Employed Sysinternals ADExplorer for AD reconnaissance.
Update September 6, 2023:
The advisory was updated with additional techniques, including infrastructure compromise, tool acquisition, scripting interpreter usage, autostart execution, multi-hop proxying, file deobfuscation, permissions modification, defense impairment, indicator removal, masquerading, data staging, and protocol tunneling.
Organizations are urged to apply the provided patches by Citrix and implement the detection guidance to identify potential system compromises. Incident response recommendations are included in the advisory for confirmed compromises, while vigilant monitoring and security measures are advised to prevent further exploitation.
Source: CISA Advisory - AA23-201A
Tags: #Cybersecurity #Citrix #CVE20233519 #NetScaler #ZeroDay #Webshell #DataExfiltration #PatchNow #StaySafe
Nano & Ninja - webshell w 35 i 93 bajtach ( https://nfsec.pl/hacks/6219 ) #php #webshell #security #backdoor #twittermigration
CISA Cybersecurity Advisory on threat actors exploiting CVE-2023-3519, an unauthenticated remote code
execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller
(ADC) and NetScaler Gateway: https://www.cisa.gov/sites/default/files/2023-07/aa23-201a_csa_threat_actors_exploiting_citrix-cve-2023-3519_to_implant_webshells.pdf
#webshell #vulnerability #NetscalerADC #NetscalerGateway #cve20233519
Ukryty webshell w PHP ( https://nfsec.pl/1line/6124 ) #php #webshell #penstest #twittermigration
:hacker_z: :hacker_o: :hacker_d: :hacker_s: :hacker_e: :hacker_c: 0xD :verified:zodmagus@infosec.exchange
2023-06-09Popping webshells and slashers #hackingandhorrormovies #hacking #hacker #Metasploit #metasploitable2 #webshell #php #z0ds3c #horror #80shorror #halloween4
According to @virustotal, Indonesian gov website is the most abused government infrastructure.
Read the report here
https://blog.virustotal.com/2022/11/deception-at-scale-how-attackers-abuse.html
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst