exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

Files from Haboob Team

First Active2018-03-26
Last Active2021-04-15
Nagios XI Remote Code Execution
Posted Apr 15, 2021
Authored by Haboob Team, Erik Wynter | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in the /admin/monitoringplugins.php page of Nagios XI versions prior to 5.8.0 when uploading plugins. Successful exploitation allows an authenticated admin user to achieve remote code execution as the apache user by uploading a malicious plugin. Valid credentials for a Nagios XI admin user are required. This module has been successfully tested against Nagios versions XI 5.3.0 and 5.7.5, both running on CentOS 7.

tags | exploit, remote, php, code execution
systems | linux, osx, centos
advisories | CVE-2020-35578
SHA-256 | 1c6d22c62a86e7b5f3dedccebd30589cc4a30d490a6e2f222d47174bbda1bf57
Nagios XI 5.7.x Remote Code Execution
Posted Jan 14, 2021
Authored by Haboob Team

Nagios XI version 5.7.x authenticated remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2020-35578
SHA-256 | a119b58a59d4b77e207cb105c66e07013d9044d73c89ebfb091d7bd8b48bda06
A Purple Team Study Into PowerLessShell Tool
Posted Nov 24, 2020
Authored by Haboob Team

Whitepaper called A Purple Team Study Into "PowerLessShell" Tool.

tags | paper
SHA-256 | 3cc365767082e583a3456113fff6269c2543bcfaf65e3309eec06360d2795c24
Packet Reassembly And Overlapping IP Fragments
Posted Oct 7, 2020
Authored by Haboob Team

This paper discusses how intrusion detection systems work. After getting a solid understanding of the working mechanism of IDS, they discuss how packet reassembly works and then moves forward to look into different policy implemented for packet reassembly where it is dependent on the operating system implementation of the RFC.

tags | paper
SHA-256 | e80ccbaa83ffad3bf1cde6de0396cae423f3afd12c0a5a44cb9a16f8090938f4
Spraying OWA And Abusing MSSQL
Posted Sep 30, 2020
Authored by Haboob Team

Whitepaper that goes over a full attack scenario by getting a foothold through Microsoft Exchange OWA Portal to discover and abuse MSSQL.

tags | paper
SHA-256 | 1e359078a38e5ef9da11966368cd8309e0715ec901171b245500b208e0b296e2
Abusing COM And DCOM Objects
Posted Aug 26, 2020
Authored by Haboob Team

Whitepaper called Abusing COM and DCOM Objects.

tags | paper
SHA-256 | 5fd1de5a2df55fca764f1fb18fe5f7e5b49b94117032c4e071b37fcbeb66bcd5
Abusing Windows Data Protection API
Posted Jun 16, 2020
Authored by Haboob Team

Whitepaper called Abusing Windows Data Protection API.

tags | paper
systems | windows
SHA-256 | 773a6f1530d77d0420be2e70d5bd4c5c42a05dd949691ff60a9439f5d56f0977
OAuth 2.0 Implementation And Security
Posted May 21, 2020
Authored by Haboob Team

Whitepaper called OAuth 2.0 Implementation and Security.

tags | paper
SHA-256 | 51889b9cb5896e34189c448f717b7809247336b04dd3ebd03675f4128321eeee
Hunting Red Team Activities With Forensics Artifacts
Posted May 21, 2020
Authored by Haboob Team

Whitepaper called Hunting Red Team Activities with Forensics Artifacts.

tags | paper
SHA-256 | 36c6a099b355717d492a8ce32ba064c4db6bb7183d16c52762e1fda45ae671c4
Kerberos: Achieving Command Execution Using Silver Tickets
Posted May 12, 2020
Authored by Haboob Team

Whitepaper called Kerberos: Achieving Command Execution Using Silver Tickets.

tags | paper
SHA-256 | 83cd3b8ff1c0604296dc343f1d6082284f701d9ad005d072d420258dfcc14ab5
Azure Cloud Penetration Testing
Posted Apr 10, 2020
Authored by Haboob Team

Whitepaper called Azure Cloud Penetration Testing.

tags | paper
SHA-256 | 010abdb9fb0aade0f3069233123a715c500ef8109672854c0e91782317bdfff1
Active Directory DCSync
Posted Apr 6, 2020
Authored by Haboob Team

This is a whitepaper that discusses using DCSync to pull password hashes from a domain controller.

tags | paper
SHA-256 | e14b464d7c303fba5728ee884839d733cf9da1cb6bbb6f3af26614652cc21681
From Zero Credentials To Full Domain Compromise
Posted Apr 3, 2020
Authored by Haboob Team

Whitepaper called From Zero Credentials to Full Domain Compromise. This paper covers techniques penetration testers can use in order to accomplish an initial foothold on target networks and achieve full domain compromise without executing third party applications or reusing clear text credentials.

tags | paper
SHA-256 | d144ad77a37772ef7438ee197b5897733e66ad7a5604341fd7ff544e87768022
Active Directory Enumeration With PowerShell
Posted Jun 14, 2019
Authored by Haboob Team

Whitepaper called Active Directory Enumeration with PowerShell.

tags | paper
SHA-256 | fffbc506324136811bf2f295f04bd4158eff596137de87f5ffc17f656996a8e4
Joomla 3.9.4 Arbitrary File Deletion / Directory Traversal
Posted Apr 16, 2019
Authored by Haboob Team

Joomla versions 1.5.0 through 3.9.4 suffer from arbitrary file deletion and directory traversal vulnerabilities.

tags | exploit, arbitrary, vulnerability, file inclusion
advisories | CVE-2019-10945
SHA-256 | 53b8b3b18868765214204a82f2af5d3caa0c20dbe06f39856c11642e46e530b9
Windows Privilege Escalation
Posted Jan 14, 2019
Authored by Haboob Team

Whitepaper called Windows Privilege Escalation.

tags | paper
systems | windows
SHA-256 | 10db37c396add01464021e2f2a09c672ffb62d7ce83d2fff079b70964abf8c91
Joomla CW Article Attachments 1.0.6 SQL Injection
Posted Sep 24, 2018
Authored by Haboob Team

Joomla CW Article Attachments extension version 1.0.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-14592
SHA-256 | 95468dbea961116803f77bc5134ea076b566d29ebb8b80e3a671bf40ab74c484
XXE Explanation And Exploitation
Posted Sep 12, 2018
Authored by Haboob Team

Whitepaper explaining the consequences of XML eXternal Entity injection and basic to advanced exploitation.

tags | paper
SHA-256 | b59f215626effafd3b75833196163d72155af32bcf297ac1aa8b944e18d90442
LiteCart 2.1.2 Arbitrary File Upload
Posted Aug 27, 2018
Authored by Haboob Team

LiteCart version 2.1.2 suffers from a remote file upload vulnerability.

tags | exploit, remote, file upload
advisories | CVE-2018-12256
SHA-256 | ed1e12bce52186df2f795ae04cadc87331293500e61d16468839c9658b1cf156
File Upload Restrictions Bypass
Posted Jul 23, 2018
Authored by Haboob Team

Whitepaper called File Upload Restrictions Bypass.

tags | paper, file upload
SHA-256 | ecdc7e311c189addfccc427be028ffc44cae8e359d45a96d8cb873b10efe1626
Protecting Apps Against Jailbreaking And Rooting
Posted Jul 23, 2018
Authored by Haboob Team

Whitepaper called Protecting Apps Against Jailbreaking And Rooting. Written in Arabic.

tags | paper, root
SHA-256 | a8328bd85768b6fd09641ed177fbcc166a7c93147dd6e340ecd03511dc10b4d1
VLAN Hopping Attack
Posted Jul 18, 2018
Authored by Haboob Team

Whitepaper called VLAN Hopping Attack.

tags | paper
SHA-256 | a4ee8de88105ca564a8ae64d14c9f45a720753fc1ea57f3fdf05e620dacf3d2d
Abusing Kerberos: Kerberoasting
Posted Jul 18, 2018
Authored by Haboob Team

Whitepaper called Abusing Kerberos: Kerberoasting.

tags | paper
SHA-256 | 90e5ba64d14b541cd45c26d45a5af701af4e2a7945959b2f554231973affcdff
EggHunter Buffer Overflow For Windows
Posted Jun 14, 2018
Authored by Haboob Team

Whitepaper called EggHunter Buffer Overflow for Windows. Written in Arabic.

tags | paper, overflow
systems | windows
SHA-256 | 2bfed292e02018566ece557c276b5957224e44b1fd1f1b4fdb9981a2795a6c06
Lateral Movement Using WinRM
Posted Jun 14, 2018
Authored by Haboob Team

Whitepaper called Lateral Movement using WinRM. Written in Arabic.

tags | paper
SHA-256 | f4c899e0fb64fffc6ec0c49647494076b523743696280a7f539e095362ea70b2
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close