what you don't know can hurt you
Showing 1 - 25 of 28 RSS Feed

Files from Haboob Team

First Active2018-03-26
Last Active2021-04-15
Nagios XI Remote Code Execution
Posted Apr 15, 2021
Authored by Haboob Team, Erik Wynter | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in the /admin/monitoringplugins.php page of Nagios XI versions prior to 5.8.0 when uploading plugins. Successful exploitation allows an authenticated admin user to achieve remote code execution as the apache user by uploading a malicious plugin. Valid credentials for a Nagios XI admin user are required. This module has been successfully tested against Nagios versions XI 5.3.0 and 5.7.5, both running on CentOS 7.

tags | exploit, remote, php, code execution
systems | linux, osx, centos
advisories | CVE-2020-35578
MD5 | 91ac1437912ce19fca5580399b1f6625
Nagios XI 5.7.x Remote Code Execution
Posted Jan 14, 2021
Authored by Haboob Team

Nagios XI version 5.7.x authenticated remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2020-35578
MD5 | f073a75639db0a35ee5dc80c46f26db4
A Purple Team Study Into PowerLessShell Tool
Posted Nov 24, 2020
Authored by Haboob Team

Whitepaper called A Purple Team Study Into "PowerLessShell" Tool.

tags | paper
MD5 | 0d3f770f7c45da82e85c26f04679ca64
Packet Reassembly And Overlapping IP Fragments
Posted Oct 7, 2020
Authored by Haboob Team

This paper discusses how intrusion detection systems work. After getting a solid understanding of the working mechanism of IDS, they discuss how packet reassembly works and then moves forward to look into different policy implemented for packet reassembly where it is dependent on the operating system implementation of the RFC.

tags | paper
MD5 | 4560c10a59bfed2734bbd165d32220ff
Spraying OWA And Abusing MSSQL
Posted Sep 30, 2020
Authored by Haboob Team

Whitepaper that goes over a full attack scenario by getting a foothold through Microsoft Exchange OWA Portal to discover and abuse MSSQL.

tags | paper
MD5 | f741488af943c9146c71ec2735f7f3c3
Abusing COM And DCOM Objects
Posted Aug 26, 2020
Authored by Haboob Team

Whitepaper called Abusing COM and DCOM Objects.

tags | paper
MD5 | 042053ba0081dd7b678508670edd4d6a
Abusing Windows Data Protection API
Posted Jun 16, 2020
Authored by Haboob Team

Whitepaper called Abusing Windows Data Protection API.

tags | paper
systems | windows
MD5 | eee4d970a48308caa8af0670aeea2989
OAuth 2.0 Implementation And Security
Posted May 21, 2020
Authored by Haboob Team

Whitepaper called OAuth 2.0 Implementation and Security.

tags | paper
MD5 | a294cb726f90f642c711278a697e63d8
Hunting Red Team Activities With Forensics Artifacts
Posted May 21, 2020
Authored by Haboob Team

Whitepaper called Hunting Red Team Activities with Forensics Artifacts.

tags | paper
MD5 | 052010f0eb75a3b84fd5b85efbeb2cbb
Kerberos: Achieving Command Execution Using Silver Tickets
Posted May 12, 2020
Authored by Haboob Team

Whitepaper called Kerberos: Achieving Command Execution Using Silver Tickets.

tags | paper
MD5 | b6af3918f35480e03b99a605d40c2ec1
Azure Cloud Penetration Testing
Posted Apr 10, 2020
Authored by Haboob Team

Whitepaper called Azure Cloud Penetration Testing.

tags | paper
MD5 | 48e67e2b65632432bba8e735f1d5fce5
Active Directory DCSync
Posted Apr 6, 2020
Authored by Haboob Team

This is a whitepaper that discusses using DCSync to pull password hashes from a domain controller.

tags | paper
MD5 | 360035b1cfe528f9ba2b3eab8d471d54
From Zero Credentials To Full Domain Compromise
Posted Apr 3, 2020
Authored by Haboob Team

Whitepaper called From Zero Credentials to Full Domain Compromise. This paper covers techniques penetration testers can use in order to accomplish an initial foothold on target networks and achieve full domain compromise without executing third party applications or reusing clear text credentials.

tags | paper
MD5 | 1ff5ec3e70d3db856604bdc2d5d41811
Active Directory Enumeration With PowerShell
Posted Jun 14, 2019
Authored by Haboob Team

Whitepaper called Active Directory Enumeration with PowerShell.

tags | paper
MD5 | 9749bf4f1c728d560b607f1e3a15b07e
Joomla 3.9.4 Arbitrary File Deletion / Directory Traversal
Posted Apr 16, 2019
Authored by Haboob Team

Joomla versions 1.5.0 through 3.9.4 suffer from arbitrary file deletion and directory traversal vulnerabilities.

tags | exploit, arbitrary, vulnerability, file inclusion
advisories | CVE-2019-10945
MD5 | 8cd07fef6144f3579e25aa9810aebe07
Windows Privilege Escalation
Posted Jan 14, 2019
Authored by Haboob Team

Whitepaper called Windows Privilege Escalation.

tags | paper
systems | windows
MD5 | 1ee7e7e4abde2c7223d25de4e533d2af
Joomla CW Article Attachments 1.0.6 SQL Injection
Posted Sep 24, 2018
Authored by Haboob Team

Joomla CW Article Attachments extension version 1.0.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-14592
MD5 | 9064ff839a119963e17ec2fc83861fac
XXE Explanation And Exploitation
Posted Sep 12, 2018
Authored by Haboob Team

Whitepaper explaining the consequences of XML eXternal Entity injection and basic to advanced exploitation.

tags | paper
MD5 | cbd4da4e6abe36a624d54fe7edf72aba
LiteCart 2.1.2 Arbitrary File Upload
Posted Aug 27, 2018
Authored by Haboob Team

LiteCart version 2.1.2 suffers from a remote file upload vulnerability.

tags | exploit, remote, file upload
advisories | CVE-2018-12256
MD5 | 44fd0ea7d19bec8cfb7f443bc7ae5960
File Upload Restrictions Bypass
Posted Jul 23, 2018
Authored by Haboob Team

Whitepaper called File Upload Restrictions Bypass.

tags | paper, file upload
MD5 | 9d615f9f2d0f44874ac4900c33b860ef
Protecting Apps Against Jailbreaking And Rooting
Posted Jul 23, 2018
Authored by Haboob Team

Whitepaper called Protecting Apps Against Jailbreaking And Rooting. Written in Arabic.

tags | paper, root
MD5 | d3a4658f89d1a4cec29023fc05fc7223
VLAN Hopping Attack
Posted Jul 18, 2018
Authored by Haboob Team

Whitepaper called VLAN Hopping Attack.

tags | paper
MD5 | 5e2517d456e1c2bcc968d64f8f21223c
Abusing Kerberos: Kerberoasting
Posted Jul 18, 2018
Authored by Haboob Team

Whitepaper called Abusing Kerberos: Kerberoasting.

tags | paper
MD5 | 8c413012e885065de8ecd743e14a240e
EggHunter Buffer Overflow For Windows
Posted Jun 14, 2018
Authored by Haboob Team

Whitepaper called EggHunter Buffer Overflow for Windows. Written in Arabic.

tags | paper, overflow
systems | windows
MD5 | 7530d81f5ea60524126e7b277d92327b
Lateral Movement Using WinRM
Posted Jun 14, 2018
Authored by Haboob Team

Whitepaper called Lateral Movement using WinRM. Written in Arabic.

tags | paper
MD5 | ae51d28d40ed1f07fccc954c21dc8733
Page 1 of 2
Back12Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    2 Files
  • 13
    Jun 13th
    1 Files
  • 14
    Jun 14th
    32 Files
  • 15
    Jun 15th
    34 Files
  • 16
    Jun 16th
    9 Files
  • 17
    Jun 17th
    33 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close