Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption Exploit

Exploit Title: Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption Exploit Author: Tess Sluijter Vendor Homepage: https://www.tibco.com Version: 5.11x and before Tested on: MacOS, Linux, Windows Tibco password decryption exploit Background Tibco's documentation states that there are thre...

Tibco ObfuscationEngine 5.11 Fixed Key Password Decryption

Exploit Title: Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption Date: December 8th 2020 Exploit Author: Tess Sluijter Vendor Homepage: https://www.tibco.com Version: 5.11x and before Tested on: MacOS, Linux, Windows Tibco password decryption exploit Background Tibco's documentation...

SUSE SLED15 / SLES15 Security Update : python-cryptography (SUSE-SU-2020:3592-1)

This update for python-cryptography fixes the following issues : CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption bsc1178168. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...

SIEMENS SICAM A8000 RTUs SSL Configuration Insecurity Vulnerability

The SIEMENS SICAM A8000 RTUs Remote Terminal Units series is a modular device family for remote control and automation applications in all areas of energy supply. A security vulnerability exists in the SIEMENS SICAM A8000 RTUs. An attacker could exploit the vulnerability to decrypt communications...

多款Siemens产品安全漏洞

The SIEMENS SICAM A8000 RTUs Remote Terminal Units series is a modular device family for remote control and automation applications in all areas of energy supply. A security vulnerability exists in the SIEMENS SICAM A8000 RTUs. An attacker could exploit the vulnerability to decrypt communications...

Baphomet - Basic Concept Of How A Ransomware Works

This is a proof of concept of how a ransomware works, and some techniques that we usually use to hijack our files. This project is written in C using the net-core application framework 3.1.The main idea of the code is to make it as readable as possible so that people have an idea of how this type...

Karkinos - Penetration Testing And Hacking CTF's Swiss Army Knife With: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

Karkinos is a light-weight 'Swiss Army Knife' for penetration testing and/or hacking CTF's. Currently, Karkinos offers the following: Encoding/Decoding characters Encrypting/Decrypting text or files Reverse shell handling Cracking and generating hashes Dependancies Any server capable of hosting...

Information Disclosure

xrdp is vulnerable to information disclosure. The vulnerability exists in /.vnc/sesman$usernamepasswd due to the successful logging to RDP into an xrdp session,uses a known key to store session passwords in text files. Allows an attacker to decrypt the file and obtain a user password...

Buffer Overflow

ssldump is vulnerable to buffer overflow. When running in decryption mode an attacker may execute arbitrary code via a long RSA PreMasterSecret...

MTN Group: PHP Info Exposing Secrets at https://radio.mtn.bj/info

Summary: During recon I discovered a PHP Info file exposing environment variables such as; Laravel APPKEY, Database username/password, SMTP username/password, etc. Steps To Reproduce: Visit the following URL; https://radio.mtn.bj/info You will be presented with a PHP Info file exposing environmen...

SUSE-SU-2020:3592-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption bsc1178168...

Valvesoftware GameNetworkingSockets Buffer Error Vulnerability

Valvesoftware GameNetworkingSockets is a transport layer support software for games to pass data from Valvesoftware USA. A security vulnerability exists in Valve Game Networking Sockets versions prior to 1.2.0, which stems from the incorrect handling of long encrypted messages in...

IBM Cloud Pak for Security Weak Encryption Algorithm Vulnerability

IBM Cloud Pak for Security is an integrated security tool that uses a unified interface to provide deep insight into threats in hybrid multi-cloud environments. A weak cryptographic algorithm vulnerability exists in IBM Cloud Pak for Security 1.3.0.1. The vulnerability stems from the product usin...

GG-AESY - Hide Cool Stuff In Images

Blogpost: https://redteamer.tips/introducing-gg-aesy-a-stegocryptor/ WARNING: you might need to restore NuGet packages and restart visual studio before compiling. If anyone knows how I can get rid of this problem, DM me. Manual To start off, I highly recommend to always use GG-AESY using verbose...

CVE-2020-4624

IBM Cloud Pak for Security 1.3.0.1 CP4S uses weaker than expected cryptographic algorithms during negotiation could allow an attacker to decrypt sensitive information...

IBM Cloud Pak for Security 加密问题漏洞

IBM Cloud Pak for Security is an integrated security tool that uses a unified interface to provide deep insight into threats in hybrid multi-cloud environments. A weak cryptographic algorithm vulnerability exists in IBM Cloud Pak for Security 1.3.0.1. The vulnerability stems from the product usin...

Understanding Binary and Data Representation with CyberChef

A significant part of reverse engineering and attacking devices relies on viewing and recognising data in various forms and working out how to decode it. We typically use Linux tools and scripts to do this, but you can make the first few steps using a really neat online tool called CyberChef. Wha...

Updated python-cryptography packages fix security vulnerability

Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. An attacker could possibly use this issue to expose sensitive information CVE-2020-25659...

CVE-2020-4937

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814...

CVE-2020-28924

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...