GHSA-F9JP-856V-8642 PocketMine-MP: Player entities can still die and drop items in flaggedForDespawn state

Summary When an entity dies, the entity is flagged for despawn, but remains in the World's entity table, meaning it's still accessible by doing World-getEntity$entityId and other methods. The same is true of a player when quitting the server. When a network packet arrives from a client to attack ...

PocketMine-MP: Player entities can still die and drop items in flaggedForDespawn state

Summary When an entity dies, the entity is flagged for despawn, but remains in the World's entity table, meaning it's still accessible by doing World-getEntity$entityId and other methods. The same is true of a player when quitting the server. When a network packet arrives from a client to attack ...

SSH Key Persistence

This module will add an SSH key to a specified user or all, to allow remote login via SSH at any time. No payload is required for this module to work. If an SSH key is not provided, a new 4096 bit RSA keypair will be generated. The private key will be stored as loot for later use. Module Options...

SSH Key Persistence

This Metasploit module will add an SSH key to a specified user or all, to allow remote login via SSH at any time. No payload is required for this module to work. If an SSH key is not provided, a new 4096 bit RSA keypair will be generated. The private key will be stored as loot for later use...

Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users

Mobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named Rocinante. "This malware family is capable of performing keylogging using the Accessibility Service, and is also able to steal PII from its victims using phishing screens posing as...

Apache Flink JobManager Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Flink JobManager Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in Apache Flink...

HardHatC2 - A C# Command And Control Framework

A cross-platform, collaborative, Command & Control framework written in C, designed for red teaming and ease of use. HardHat is a multiplayer C .NET-based command and control framework. Designed to aid in red team engagements and penetration testing. HardHat aims to improve the quality of life...

North Korea Is Now Mining Crypto to Launder Its Stolen Loot

A spy group working for the Kim regime has been feeding stolen coins into crypto mining services in an effort to throw tracers off their trail...

VMware vCenter Secrets Dump

Grab secrets and keys from the vCenter server and add them to loot. This module is tested against the vCenter appliance only; it will not work on Windows vCenter instances. It is intended to be run after successfully acquiring root access on a vCenter appliance and is useful for penetrating furth...

Autodeauth - A Tool Built To Automatically Deauth Local Networks

A tool built to automatically deauth local networks Tested on Raspberry Pi OS and Kali Linux Setup $ chmod +x setup.sh $ sudo ./setup.sh Reading package lists... Done Building dependency tree... Done Reading state information... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded...

Nimc2 - A C2 Fully Written In Nim

nimc2 is a very lightweight C2 written fully in nim implant & server. If you want to give it a try check out the wiki to learn how to install and use nimc2. It's features include: Windows & Linux implant generation TCP socket communication with HTTP communication coming soon Ability to create as...

Safari Credential Gatherer

This module searches for Safari credentials on a Windows host. Module Options msf use post/windows/gather/credentials/safari msf postsafari show actions ...actions... msf postsafari set ACTION msf postsafari show options ...show and set options... msf postsafari run This module requires Metasploi...

Multiplatform Installed Software Version Enumerator

This module, when run against a compromised machine, will gather details on all installed software, including their versions and if available, when they were installed, and will save it into a loot file for later use. Users can then use this loot file to determine what additional vulnerabilites m...

Six Xmas Gifts for the Pentester in your Life

Some of my best friends are ethical hackers. With the holidays approaching, these special people in my life will need special presents. Whether they are bounty hunting, pentesting as a part of a consulting project, doing security research to advance the field or working on a Red Team, they will...

Open Source Static Code Analyser: StaCoAn

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications. This tool will look for interesting lines in the code which can contain: Hardcoded credentials API keys URL’s of API’s Decryption keys Major coding...

NIS ypserv Map Dumper

This module dumps the specified map from NIS ypserv. The following examples are from ypcat -x: Use "ethers" for map "ethers.byname" Use "aliases" for map "mail.aliases" Use "services" for map "services.byname" Use "protocols" for map "protocols.bynumber" Use "hosts" for map "hosts.byname" Use...

demo.loot.co.za XSS vulnerability

Vulnerable URL: https://demo.loot.co.za/search/%3C/script%3E%3Csvg%20onload=alert%22OPENBUGBOUNTY%22%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 10.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP...

Jenkins Credential Collector

This module can be used to extract saved Jenkins credentials, user tokens, SSH keys, and secrets. Interesting files will be stored in loot along with combined csv output. require 'nokogiri' require 'base64' require 'digest' require 'openssl' require 'sshkey' class MetasploitModule 'Jenkins...

Riverbed SteelHead VCX File Read

This module exploits an authenticated arbitrary file read in the log module's filter engine. SteelHead VCX VCX255U version 9.6.0a was confirmed as vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

Dungeon Loot - dungeon crawler - Dynamic Code Loading, External URLs, Possible privilege escalation vulnerabilities

HackApp vulnerability scanner discovered that application Dungeon Loot - dungeon crawler published at the 'play' market has multiple vulnerabilities...