Discover and read the best of Twitter Threads about #RCE

Most recents (7)

Want to find RCE on Web Applications? 🚀

Here are some ways to escalate or direct RCEs in Bug Bounties

A thread🧵

#bugbounty #bugbounties #wapt #rce #zeroday
1. LFI with Log Poisoning :
➼ Apache Log: hackingarticles.in/apache-log-poi…
➼ SSH Log:hackingarticles.in/rce-with-lfi-a…
➼ SMTP Log:liberty-shell.com/sec/2018/05/19…
➼ FTP Log: secnhack.in/ftp-log-poison…

(2/n)
2. Via File Upload :
➼ Upload .php reverse shell
➼ If not, Bypass Restrictions :
(a) Double Extension
(b) Random Upper & Lower Case Names
(c) Changing Mime Type
(d) Null Byte
(e) Magic Byte
➼ If image allowed, use ExifTool and add PHP reverse shell in comment metadata
(3/n)
Read 7 tweets
1/ Thread about file upload exploitation
you have a file upload resource where you managed to upload arbitrary files, however failed to find where they got uploaded and you think there go my chances of #RCE. Hold your breath you might still get it:
2/ At this point you don’t know - if ever - where the file might potentially get executed, could be on a different server than the original web app with different tech.
Approach:
1. Make sure you have a sniffer always running on a VPS of yours ->
3/
2. Create at least 3 shells, one in PHP, one in JSP, one in C#.
3. In the payload, get the shell to execute a bunch of commands both for Windows and Linux OS, like: whoami, uname, pwd.
4. Code the shell to use at least 3 different ways to send outgoing http requests ->
Read 5 tweets
#ICS Advisory (ICSA-20-203-01) - #Wibu-Systems #CodeMeter

* Affected? Multiple #KRITIS sectors worldwide!
* CVSSv3 score? 10.0!
* Exploitable remotely? With low skill level to exploit!
#RCE 1/3
us-cert.cisa.gov/ics/advisories…
Risk Evaluation?
#exploitation of #vulnerabilities could allow an attacker to alter & forge a license file, cause a DoS condition, potentially attain remote code execution #RCE, read heap data, and prevent normal operation of third-party software dependent on the #CodeMeter! 2/3
Vulnerabilities?
Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification of Cryptographic Signature, Improper Resource Shutdown or Release! 3/3
Read 3 tweets
Vamos a usar este tweet para publicar #Dorks de todo tipo, empecemos con este:

inurl:wp-config.php intext:DB_PASSWORD -stackoverflow -wpbeginner -foro -forum -topic -blog -about -docs -articles

#CyberSecurity #dork #BugBounty
intext:"pass" ! "usuario" | "user" | "contraseña" filetype:sql -github
Este es muy bueno, nos permite hacer uploads, ha sido probado con imágenes .jpeg

intitle:"FCKeditor - Uploaders Tests"
Read 63 tweets
#Cisco Small Business Routers still vulnerable to remote code execution & configuration export due to incomplete patch 🚨 #RCE #RV320 #RV325 New advisories: buff.ly/2HIZCV2 buff.ly/2U2DKdR buff.ly/2WmcCD2
this should be @TheHackersNews of course 😉
Read 3 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!