Questions tagged [exploit]
An exploit is a way of using a vulnerability to do something ordinarily impossible and/or forbidden.
41
questions
1
vote
1
answer
415
views
I think I got the “!want_to_cry.txt” (WannaCry?) virus on my Samba server. Was this inevitable?
Update: I have checked my note app where I opened the ransome note and the recent open files tab shows me the name of the text file I opened originally. I don't have the contents but the file was ...
2
votes
1
answer
328
views
Vulnerability / exploit MSDT (CVE-2022-30190) | Is renaming the registry key "ms-msdt" enough for the workaround?
Microsoft publishes a workaround for the msdt exploit (Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability)
The suggested way is to delete the key Computer\HKEY_CLASSES_ROOT\ms-...
- 3,004
0
votes
1
answer
2k
views
What is the process to get a new modules into metasploit framework (msf6)?
Im interested to know how a new module or exploit gets into Metasploit Framework? I can see the new PrintNightmare vulnerability being worked on/ finished, so I ran an update on Kali, but it didn't ...
- 49
0
votes
1
answer
110
views
Possible detection of CVE: 2021-04-23 logged in event viewer (23/04/2021 @15:54:16)
A Possible detection of CVE: 2021-04-23 logged in event viewer (23/04/2021 @15:54:16)
I am currently scanning my machine, but will Win Defender be able to remove the infection?
Randomly I've been ...
-1
votes
1
answer
1k
views
Is it safe to use SMBv1 client/server after patching it, on Windows 10?
As you may know, after numerous ransomware attacks, Microsoft decided to disable SMBv1 by default on Windows OS's.
However despite releasing a patch (MS17-010) to address those attacks, it seems that ...
- 219
3
votes
1
answer
145
views
attack via executable line after plus sign in email address
I operate my own mail server and from time to time, people send spam or mysterious stuff to the root account. Recently, I got an empty mail, which was addressed to:
root+${run{x2Fbinx2Fsht-...
- 43
0
votes
1
answer
4k
views
Exploit Guard blocking Chrome making calls Win32k.sys
I am in the process of implementing Exploit Guard in our W10 corporate image.
I configured it using the GPO "Use a common set of exploit protection settings" that makes use of a XML file. ...
- 103
2
votes
1
answer
6k
views
Unwanted & invalid Bluetooth connection request on iMac
I have the same issue as Martin did from Mar 6 '18 at 15:07 on this list. No working answer was provided for him. His link: [Unwanted macOS connection requests Also, adelejjeh asked on Oct 8 '16 at 15:...
- 21
1
vote
2
answers
112
views
How dangerous it is to download a file, even for anti-virus scanning
Can anti-virus to run the malware in the file while checking the file (for example, the technology of buffer overflow)? If can, how then to check files for malware that you want to download from the ...
3
votes
1
answer
8k
views
How to disable NX on Linux
I'm learning stack buffer overflow exploitation, and I later posted question Shellcode segmentation fault. about that executing shellcode from test program, or when injected to vulnerable program, ...
- 39
0
votes
1
answer
645
views
How to copy BS character (0x08) to input for buffer overflow in GDB?
I need to overflow a buffer with a specific value that contains 0x08. If I use echo -ne "AA\x08A", the output is AA, as the backspace character and one A are removed.
How do I copy this value into ...
- 123
3
votes
2
answers
1k
views
Is the PS/2 connector really safer than USB?
Is it possible to exploit the PS/2 connector like the USB (for example with something like a Rubber Ducky)?
In term of security reasons, theoretically, it should be possible to virtualize the PS/2 ...
- 334
2
votes
2
answers
11k
views
Escalating from www-data to root
One week ago I follow this procedure Creating SFTP server with isolated directory access ,I edit the sshd_config but then I can't access anymore in ssh mode and consequently I can't change to root by ...
- 21
0
votes
0
answers
253
views
How to put specific hex characters in terminal to exploit the script
I try to exploit a simple vulnerability in the following code, but I'm not successful, because I can't put the specific characters in the terminal by hand. For e.g. if the application read a character ...
user104787
8
votes
1
answer
3k
views
VPS compromised? Configured wrong?
I've been renting a VPS for half a year now (educational purposes) and I've been trying to learn as much as possible about keeping it secure.
Recently, it was compromised and I suspect that it has ...
electricity256