█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 46 | Month: November | Year: 2016 | Release Date: 18/11/2016 | Edition: #144 ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that's really worth your time! URL: https://github.com/samyk/poisontap Description: When a RPi0/Node.js is plugged into a protected computer. 😈 URL: https://github.com/b3rito/yodo Description: Sudo permissions nightmare or dirtyc0w FTW! ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: https://gist.github.com/x-42/3d822d85e6b547e7018c919c6d657e8e Blog: http://x42.obscurechannel.com/?p=335 Description: .desktop file payload dropper (SE vector for linux targets). URL: https://github.com/danigargu/urlfuzz Description: Another web fuzzer written in NodeJS. URL: https://github.com/Neohapsis/bbqsql Description: A Blind SQL Injection Exploitation Tool. URL: https://github.com/attackercan/regexp-security-cheatsheet Description: Regexp Security Cheatsheet. URL: https://kimiyuki.net/blog/2016/09/16/one-gadget-rce-ubuntu-1604/ Description: One-gadget RCE in Ubuntu 16.04 libc. URL: https://sourceforge.net/projects/vbscan/ Description: OWASP VBScan (short for [VB]ulletin Vulnerability [Scan]ner). URL: https://github.com/dzonerzy/PyJFuzz Burp Plugin: https://github.com/dzonerzy/Burp-PyJFuzz Blog: https://www.dzonerzy.net/post/pyjfuzz-to-the-next-level Description: Trivial python JSON object fuzzer. URL: https://gallery.technet.microsoft.com/Net-Cease-Blocking-Net-1e8dcb5b Description: Net Cease - Hardening Net Session Enumeration. URL: https://github.com/google/fuzzer-test-suite Description: Set of tests for fuzzing engines. URL: https://www.poweradmin.com/paexec/ Description: Launch Remote Windows Apps. ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues. URL: http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html Description: Cryptsetup Initrd root Shell (CVE-2016-4484). URL: http://d3adend.org/blog/?p=851 Description: Maxthon Browser Arbitrary File Write, Login Page UXSS, and SQLi. URL: https://goo.gl/eWXUvR (+) Description: Risky design decisions in Chrome and Fedora enable drive-by downloads. URL: https://sethsec.blogspot.pt/2016/11/exploiting-python-code-injection-in-web.html Description: Exploiting Python Code Injection in Web Applications. URL: https://goo.gl/lR1WeY (+) Description: A single byte write opened a root execution exploit ChromeOS Pwn. URL: https://woumn.wordpress.com/2016/09/24/smashing-the-stack-into-a-reverse-shell/ Description: Smashing the Stack into a Reverse Shell. URL: http://www.ioactive.com/Arnaboldi-XML-Schema-Vulnerabilities.pdf Description: Assessing and Exploiting XML Schema's Vulnerabilities. URL: http://www.davidlitchfield.com/BypassingXSSFiltersusingXMLInternalEntities.pdf Description: Bypassing Chrome's and IE's XSS Filters using XML Internal Entities. URL: https://goo.gl/gme14H (+) Description: Linq Injection – From Attacking Filters to Code Execution. URL: http://zseano.com/tut/4.html Description: XSS and getting the alert. ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time? URL: https://github.com/mattrajca/sudo-touchid Description: A fork of `sudo` with Touch ID support. URL: https://sidbala.com/h-264-is-magic/ Description: H.264 is Magic. URL: https://yifan.lu/2016/11/01/taihen-cfw-framework-for-ps-vita/ Description: taiHEN - CFW Framework for PS Vita. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d http://pathonproject.com/zb/?103de910455256cf#6fjuQJ/2YJQ1QPIDU7k0wVTxEI7WKB/+Zh0UksyelvI=