Hi all..

I'm using HP ProBook with Kubuntu 14.04 but my WiFi keep dropping connection.
I have to reboot laptop to connect WiFi again.

I use this command to fix my WiFi problem and it's working fine.


echo "options rtl8723be fwlps=N ips=N" | sudo tee /etc/modprobe.d/rtl8723be.conf
Anyway my chipset is Realtek Semiconductor Co., Ltd. RTL8723BE PCIe Wireless Network Adapter.

This setting can be different depens on your chipset.
To see your chipset, you can use this command.

lspci

I hope this can usefull for you to!



./NoGe


Here is some Indonesian Bank that still vulnerable to Poodle attack.
I'm using SSL/TLS Security Test by High-Tech Bridge and manual scan using nmap.

>> https://iperson.bankjatim.co.id

SSL/TLS Security Test


Script scan nmap



>> https://netbank.jtrustbank.co.id

SSL/TLS Security Test


Script scan nmap



>> https://cib.qnb.co.id

SSL/TLS Security Test


Script scan nmap



>> https://www.tunaiku.amarbank.co.id

SSL/TLS Security Test


Script scan nmap



>> https://www.nobuwwwbanking.com

SSL/TLS Security Test


Script scan nmap


Happy hunting guys!

Updated.
Some bank has been notified about this vulnerability.


./NoGe

Based on thatchrisecker. exploit at Exploit-DB.
I run this exploit on Cisco UCS Manager version 2.1(3e) and it's successfully reverse a bash shell.


Run the netcut on my machine


Run the Cisco UCS Manager Shellshock Exploit


Bash shell on Cisco UCS Manager Machine





Happy hunting guys! :)



./NoGe

This bug found by Michael "Artsploit" Stepankin. It's been reported and fixed by PayPal.







Full Proof of Concept go here.





./NoGe

First of all connect to access point that you want to sniff.

Open ettercap.


Click "Sniff => Unified Sniffing"


Choose your interface. In this case i use "en0"


Now we scan all hosts in the network with shortcut "ctrl+s" or click "Hosts => Scan fot hosts"


Look at the box below, it will show you alive hosts.


Now show the hosts list by click "Hosts => Hosts list" or just press "H".


Add the gateway into Target 1. In this case the gateway is 192.168.0.1.
Select gateway IP address and click "Add to Target 1".
As you can see below 192.168.0.1 has been added to TARGET1


Add the rest of the clients to Target 2.
Block all clients and click "Add to Target 2"


Now start the MITM attack (ARP Poisoning).


Thick the option "Sniff remote connections" and click OK.


Start the sniffing by clicking "Start => Start sniffing".


Open wireshark to capture packet.


Click "Interface List" to choose your interface.
My interface is "en0" and click "Start".


Let wireshark capture packet a while.
Filter packet with "http.cookie" to see clients cookies.


I have clients who open instagram app using iPhone.
I can see the username igfl=blablabla (the one that i blured).
As we can see, we got instagram cookie now.


In order to paste this cookie into browser, you need to install Greasemonkey plugin + Cookie injector in firefox (right corner).


Right on the "Request URI", choose "Copy => Value" and paste it into firefox.


The page will be like this coz you not logged in ({"status":"fail","message":"login_required"}).


When i open the target instagram on my phone, the user is private.



Now copy the instagram cookie on wireshark.
Right click on "Cookie:", choose "Copy => Bytes => Printable Text Only".


Paste "Wireshark Cookie Dump" on firefox by press "alt+c".


Refresh the page and you will see like a line of code but it's not. It's the instagram users.
We are now logged in to instagram.


Here is the profile page. As you can see on the right profile, i now have access to her instagram.


Happy sniffing guys.. :))

Well since my office use Avid system as their broadcast system, i try to hack into the system and it works. Actually this vulnerability is not in Avid system but in Elasticsearch (CVE-2014-3120). This vulnerability affected Avid system and this is a high risk vulnerability. Avid still use vulnerable Elasticsearch application.

Here is the proof of concept.

Attacker can execute command to read files on server.


Here is the exploit to read files on servers.


Here is the metasploit screenshot how i got shell on Avid servers using ElasticSearch Dynamic Script Arbitrary Java Execution module.


Pwnd. :)



If people from Avid see this post, please fix this vulnerability ASAP. This system cost a lot of money.

Thank You!

/eof


This is video tutorial about uploading PHP Shell to target using php://input parameter.
An old video but still works untill now.

Tools needed for this trick is Live HTTP Header and Tamper Data from Mozilla Addons.
You can download the video here.

Thanks for download and watching.. :)