Dradis: Reporting and Collaboration Tool

Hello friends, today in this article we are going to familiarize you with one of the most vital tools of kali that everybody needs in today’s era. Eliminating bugs or finding any issue, is used to cover by everyone in their journey of pentesting. But apart from this one should also want to indulge ownself… Continue reading →
The post Dradis: Reporting and Collaboration Tool appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/dradis-reporting-and-collaboration-tool/

UPDATE: Nmap 7.80

PenTestIT RSS Feed
Good news guys! The Nmap 7.80 update is now available. We’ve had to wait for such a long time since the guys behind Nmap were extremely busy improving the Npcap raw packet capturing/sending driver. It now uses modern APIs and is more performant as well as more secure and more featureful than WinPcap. We allRead more about UPDATE: Nmap 7.80
The post UPDATE: Nmap 7.80 appeared first on PenTestIT.

Link: http://pentestit.com/nmap-7-80-update/

Osmedeus v1.5 – Fully Automated Offensive Security Framework For Reconnaissance And Vulnerability Scanning

Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target.Installationgit clone https://github.com/j3ssie/Osmedeuscd Osmedeus./install.shThis install only focus on Kali linux, check more install on Wiki pageHow to useIf you have no idea what are you doing just type the command below or check out the Advanced Usage./osmedeus.py -t example.comUsing DockerCheck out docker-osmedeus by mabnavarrete for docker installation and this wiki for more detail.FeaturesSubdomain Scan.Subdomain TakeOver Scan.Screenshot the target.Basic recon like Whois, Dig info.Web Technology detection.IP Discovery.CORS Scan.SSL Scan.Wayback Machine Discovery.URL Discovery.Headers Scan.Port Scan.Vulnerable Scan.Seperate workspaces to store all scan output and details logging.REST API.React Web UI.Support Continuous Scan.Slack notifications.Easily view report from commnad line.Check this Wiki page for more detail about each module.DemoExample Commands# normal routine./osmedeus.py -t example.com# normal routine but slow speed on subdomain module./osmedeus.py -t example.com –slow ‘subdomain’# direct mode examples./osmedeus.py -m portscan -i “1.2.3.4/24"./osmedeus.py -m portscan -I list_of_targets.txt -t result_folder./osmedeus.py -m "portscan,vulnscan" -i "1.2.3.4/24" -t result_folder./osmedeus.py -m "assets" -i "example.com"./osmedeus.py -m "assets,dirb" -i "example.com"# report mode./osemdeus.py -t example.com –report list./osemdeus.py -t example.com –report sum./osemdeus.py -t example.com -m subdomain –report short./osemdeus.py -t example.com -m "subdomain, portscan" –report fullMore optionsBasic Usage===========python3 osmedeus.py -t python3 osmedeus.py -T <list_of_targets>python3 osmedeus.py -m <module> [-i <input>|-I <input_file>] [-t workspace_name]python3 osmedeus.py –report <mode> -t <workspace> [-m <module>]Advanced Usage==============[*] List all modulepython3 osmedeus.py -M[*] List all report modepython3 osmedeus.py –report help[*] Running with specific modulepython3 osmedeus.py -t <result_folder> -m <module_name> -i <your_target>[*] Example commandpython3 osmedeus.py -m subdomain -t example.compython3 osmedeus.py -t example.com –slow "subdomain"python3 osmedeus.py -t sample2 -m vuln -i hosts.txtpython3 osmedeus.py -t sample2 -m dirb -i /tmp/list_of_hosts.txtRemote Options==============–remote REMOTE Remote address for API, (default: h ttps://127.0.0.1:5000)–auth AUTH Specify authentication e.g: –auth="username:password" See your config file for more detail (default: core/config.conf)–client just run client stuff in case you ran the flask server beforeMore options==============–update Update lastest from git-c CONFIG, –config CONFIG Specify config file (default: core/config.conf)-w WORKSPACE, –workspace WORKSPACE Custom workspace folder-f, –force force to run the module again if output exists-s, –slow "all" All module running as slow mode-s, –slow "subdomain" Only running slow mode in subdomain module–debug Just for debug purposeDisclaimerMost of this tool done by the authors of the tool that list in CREDITS.md. I’m just put all the pieces together, plus some extra magic.This tool is for educational purposes only. You are responsible for your own actions. If you mess something up or break any laws while using this software, it’s your fault, and your fault only.ContributePlease take a look at CONTRIBUTING.mdChangelogPlease take a look at CHANGELOG.mdCREDITSPlease take a look at CREDITS.mdContact@j3ssiejjjDownload Osmedeus

Link: http://www.kitploit.com/2019/08/osmedeus-v15-fully-automated-offensive.html

UPDATE: MITRE CALDERA 2.2.0

PenTestIT RSS Feed
If you remember, I wrote briefly about this automated adversary emulation system in my post titled – List of Adversary Emulation Tools.  Sometime back, an update – the MITRE CALDERA 2.2.0 was released. A lot of changes have been made to create this updated version and as always, this version discusses the different updates made toRead more about UPDATE: MITRE CALDERA 2.2.0
The post UPDATE: MITRE CALDERA 2.2.0 appeared first on PenTestIT.

Link: http://pentestit.com/update-mitre-caldera-2-2-0/

Commando VM v2.0 – The First Full Windows-based Penetration Testing Virtual Machine Distribution

Welcome to CommandoVM – a fully customizable, Windows-based security distribution for penetration testing and red teaming.For detailed install instructions or more information please see our blogInstallation (Install Script)RequirementsWindows 7 Service Pack 1 or Windows 1060 GB Hard Drive2 GB RAMRecommendedWindows 1080+ GB Hard Drive4+ GB RAM2 network adaptersEnable Virtualization support for VM REQUIRED FOR KALI OR DOCKERInstructionsStandard installCreate and configure a new Windows Virtual MachineEnsure VM is updated completely. You may have to check for updates, reboot, and check again until no more remainTake a snapshot of your machine!Download and copy install.ps1 on your newly configured machine.Open PowerShell as an AdministratorEnable script execution by running the following command: Set-ExecutionPolicy UnrestrictedFinally, execute the installer script as follows: .\install.ps1You can also pass your password as an argument: .\install.ps1 -password The script will set up the Boxstarter environment and proceed to download and install the Commando VM environment. You will be prompted for the administrator password in order to automate host restarts during installation. If you do not have a password set, hitting enter when prompted will also work.Custom installDownload the zip from https://github.com/fireeye/commando-vm into your Downloads folder.Decompress the zip and edit the ${Env:UserProfile}\Downloads\commando-vm-master\commando-vm-master\profile.json file by removing tools or adding tools in the “packages” section. Tools are available from our package list or from the chocolatey repository.Open an administrative PowerShell window and enable script execution. Set-ExecutionPolicy Unrestricted -fChange to the unzipped project directory. cd ${Env:UserProfile}\Downloads\commando-vm-master\commando-vm-master\Execute the install with the -profile_file argument. .\install.ps1 -profile_file .\profile.jsonFor more detailed instructions about custom installations, see our blogInstalling a new packageCommando VM uses the Chocolatey Windows package manager. It is easy to install a new package. For example, enter the following command as Administrator to deploy Github Desktop on your system:cinst githubStaying up to dateType the following command to update all of the packages to the most recent version:cup allInstalled ToolsActive Directory ToolsRemote Server Administration Tools (RSAT)SQL Server Command Line UtilitiesSysinternalsCommand & ControlCovenantPoshC2WMImplantWMIOpsDeveloper ToolsDepGitGoJavaPython 2Python 3 (default)RubyRuby DevkitVisual Studio 2017 Build Tools (Windows 10)Visual Studio CodeDockerAmassSpiderFootEvasionCheckPleaseDemiguiseDefenderCheckDotNetToJScriptInvoke-CradleCrafterInvoke-DOSfuscationInvoke-ObfuscationInvoke-Phant0mNot PowerShell (nps)PS>AttackPSAmsiPafishmacroPowerLessShellPowerShdllStarFightersExploitationADAPE-ScriptAPI MonitorCrackMapExecCrackMapExecWinDAMPEvilClippyExchange-AD-PrivescFuzzySec’s PowerShell-SuiteFuzzySec’s Sharp-SuiteGenerate-MacroGhostPack RubeusSafetyKatzSeatbeltSharpDPAPISharpDumpSharpRoastSharpUpSharpWMIGoFetchImpacketInvoke-ACLPwnInvoke-DCOMInvoke-PSImageInvoke-PowerThIEfJuicy PotatoKali Binaries for WindowsLuckyStrikeMetaTwinMetasploitMr. Unikod3r’s RedTeamPowershellScriptsNetshHelperBeaconNishangOrcaPSReflectPowerLurkPowerPrivPowerSploitPowerUpSQLPrivExchangeRottenPotatoNGRulerSharpClipHistorySharpExchangePrivSharpExecSpoolSampleSharpSploitUACMEimpacket-examples-windowsvssownVulcanInformation GatheringADACLScannerADExplorerADOfflineADReconBloodHounddnsreconFOCAGet-ReconInfoGoBusterGoWitnessNetRipperNmapPowerView Dev branch includedSharpHoundSharpViewSpoolerScannerWatsonKali Linuxkali-linux-defaultkali-linux-xfceVcXsrvNetworking ToolsCitrix ReceiverOpenVPNProxycapPuTTYTelnetVMWare Horizon ClientVMWare vSphere ClientVNC-ViewerWinSCPWindumpWiresharkPassword AttacksASREPRoastCredNinjaDomainPasswordSprayDSInternalsGet-LAPSPasswordsHashcatInternal-MonologueInveighInvoke-TheHashKeeFarceKeeThiefLAPSToolkitMailSniperMimikatzMimikittenzRiskySPNSessionGopherReverse EngineeringDNSpyFlare-FlossILSpyPEviewWindbgx64dbgUtilities7zipAdobe ReaderAutoITCmderCyberChefExplorer SuiteGimpGreenshotHashcheckHexchatHxDKeepassMobaXtermMozilla ThunderbirdNeo4j Community EditionNotepad++PidginProcess Hacker 2SQLite DB BrowserScreentogifShellcode LauncherSublime Text 3TortoiseSVNVLC Media PlayerWinraryEd Graph ToolVulnerability AnalysisAD Control PathsEgress-AssessGrouper2NtdsAuditPwndPasswordsNTLMzBangWeb ApplicationsBurp SuiteFiddlerFirefoxOWASP ZapSubdomain-BruteforceWfuzzWordlistsFuzzDBPayloadsAllTheThingsSecListsProbable-WordlistsRobotsDisallowedLegal NoticeThis download configuration script is provided to assist penetration testersin creating handy and versatile toolboxes for offensive engagements. It provides a convenient interface for them to obtain a useful set of pentesting Tools directly from their original sources. Installation and use of this script is subject to the Apache 2.0 License. You as a user of this script must review, accept and comply with the licenseterms of each downloaded/installed package listed below. By proceeding with theinstallation, you are accepting the license terms of each package, andacknowledging that your use of each package will be subject to its respectivelicense terms.List of package licenses:http://technet.microsoft.com/en-us/sysinternals/bb469936https://github.com/stufus/ADOffline/blob/master/LICENCE.mdhttps://github.com/HarmJ0y/ASREPRoast/blob/master/LICENSEhttps://github.com/BloodHoundAD/BloodHound/blo b/master/LICENSE.mdhttps://github.com/Arvanaghi/CheckPlease/blob/master/LICENSEhttps://github.com/cobbr/Covenant/blob/master/LICENSEhttps://github.com/byt3bl33d3r/CrackMapExec/blob/master/LICENSEhttps://github.com/Raikia/CredNinja/blob/master/LICENSEhttps://github.com/MichaelGrafnetter/DSInternals/blob/master/LICENSE.mdhttps://github.com/tyranid/DotNetToJScript/blob/master/LICENSEhttps://github.com/FortyNorthSecurity/Egress-Assess/blob/master/LICENSEhttps://github.com/cobbr/Elite/blob/master/LICENSEhttps://github.com/GoFetchAD/GoFetch/blob/master/LICENSE.mdhttp://www.gnu.org/licenses/gpl.htmlhttps://github.com/Kevin-Robertson/Inveigh/blob/master/LICENSE.mdhttps://github.com/danielbohannon/Invoke-CradleCrafter/blob/master/LICENSEhttps://github.com/rvrsh3ll/Misc-Powershell-Scripts/blob/master/LICENSEhttps://github.com/danielbohannon/Invoke-Obfuscation/blob/master/LICENSEhttps://github.com/Kevin-Robertson/Invoke -TheHash/blob/master/LICENSE.mdhttps://github.com/denandz/KeeFarce/blob/master/LICENSEhttps://github.com/HarmJ0y/KeeThief/blob/master/LICENSEhttps://github.com/gentilkiwi/mimikatzhttps://github.com/nettitude/PoshC2/blob/master/LICENSEhttps://github.com/Mr-Un1k0d3r/PowerLessShell/blob/master/LICENSE.mdhttps://github.com/G0ldenGunSec/PowerPriv/blob/master/LICENSEhttps://github.com/p3nt4/PowerShdll/blob/master/LICENSE.mdhttps://github.com/FuzzySecurity/PowerShell-Suite/blob/master/LICENSEhttps://github.com/PowerShellMafia/PowerSploit/blob/master/LICENSEhttps://github.com/PowerShellMafia/PowerSploit/blob/master/LICENSEhttps://github.com/dirkjanm/PrivExchange/blob/master/LICENSEhttps://github.com/Mr-Un1k0d3r/RedTeamPowershellScripts/blob/master/LICENSE.mdhttps://github.com/cyberark/RiskySPN/blob/master/LICENSE.mdhttps://github.com/GhostPack/Rubeus/blob/master/LICENSEhttps://github.com/GhostPack/SafetyKatz/blob/mas ter/LICENSEhttps://github.com/NickeManarin/ScreenToGif/blob/master/LICENSE.txthttps://github.com/GhostPack/Seatbelthttps://github.com/danielmiessler/SecLists/blob/master/LICENSEhttps://github.com/Arvanaghi/SessionGopherhttps://github.com/GhostPack/SharpDPAPI/blob/master/LICENSEhttps://github.com/GhostPack/SharpDump/blob/master/LICENSEhttps://github.com/tevora-threat/SharpView/blob/master/LICENSEhttps://github.com/GhostPack/SharpRoast/blob/master/LICENSEhttps://github.com/GhostPack/SharpUp/blob/master/LICENSEhttps://github.com/GhostPack/SharpWMI/blob/master/LICENSEhttps://github.com/leechristensen/SpoolSample/blob/master/LICENSEhttps://github.com/vletoux/SpoolerScanner/blob/master/LICENSEhttp://www.sublimetext.com/eulahttps://github.com/HarmJ0y/TrustVisualizer/blob/master/LICENSEhttps://github.com/hfiref0x/UACME/blob/master/LICENSE.mdhttps://github.com/FortyNorthSecurity/WMIOps/blob/master/LICENSEhtt ps://github.com/FortyNorthSecurity/WMImplant/blob/master/LICENSEhttp://www.adobe.com/products/eulas/pdfs/Reader10_combined-20100625_1419.pdfhttp://www.rohitab.com/apimonitorhttp://www.autoitscript.com/autoit3/docs/license.htmhttps://portswigger.net/burphttp://www.citrix.com/buy/licensing/agreements.htmlhttps://github.com/cmderdev/cmder/blob/master/LICENSEhttps://github.com/nccgroup/demiguise/blob/master/LICENSE.txthttp://www.telerik.com/purchase/license-agreement/fiddlerhttps://www.mozilla.org/en-US/MPL/2.0/https://github.com/fireeye/flare-flosshttps://github.com/fuzzdb-project/fuzzdb/blob/master/_copyright.txthttps://www.gimp.org/about/https://www.google.it/intl/en/chrome/browser/privacy/eula_text.htmlhttps://github.com/sensepost/gowitness/blob/master/LICENSE.txthttps://github.com/hashcat/hashcat/blob/master/docs/license.txthttps://www.gnu.org/licenses/gpl-2.0.htmlhttps://mh-nexus.de/en/hxd/license .phphttps://github.com/SecureAuthCorp/impacket/blob/master/LICENSEhttps://github.com/SecureAuthCorp/impacket/blob/master/LICENSEhttps://www.kali.org/about-us/http://keepass.info/help/v2/license.htmlhttps://github.com/putterpanda/mimikittenzhttp://mobaxterm.mobatek.net/license.htmlhttp://neo4j.com/open-source-project/https://github.com/samratashok/nishang/blob/master/LICENSEhttps://svn.nmap.org/nmap/COPYINGhttps://github.com/Ben0xA/nps/blob/master/LICENSEhttps://openvpn.net/index.php/license.htmlhttps://www.microsoft.com/en-us/servicesagreement/https://github.com/joesecurity/pafishmacro/blob/master/LICENSEhttps://hg.pidgin.im/pidgin/main/file/f02ebb71b5e3/COPYINGhttp://www.proxycap.com/eula.pdfhttp://www.chiark.greenend.org.uk/~sgtatham/putty/licence.htmlhttps://support.microsoft.com/en-us/gp/mats_eulahttps://raw.githubusercontent.com/sqlitebrowser/sqlitebrowser/master/LICENSEhttp://technet .microsoft.com/en-us/sysinternals/bb469936http://www.mozilla.org/en-US/legal/eula/thunderbird.htmlhttp://www.videolan.org/legal.htmlhttp://www.vmware.com/download/eula/universal_eula.htmlhttps://www.vmware.com/help/legal.htmlhttps://www.realvnc.com/legal/https://code.visualstudio.com/Licensehttp://go.microsoft.com/fwlink/?LinkID=251960http://opensource.org/licenses/BSD-3-Clausehttps://winscp.net/docs/licensehttp://www.gnu.org/copyleft/gpl.htmlhttps://github.com/x64dbg/x64dbg/blob/development/LICENSEhttps://www.yworks.com/products/yed/license.htmlhttp://www.apache.org/licenses/LICENSE-2.0https://github.com/Dionach/NtdsAudit/blob/master/LICENSEhttps://github.com/ANSSI-FR/AD-control-paths/blob/master/LICENSE.txthttps://github.com/OJ/gobuster/blob/master/LICENSEhttps://github.com/xmendez/wfuzz/blob/master/LICENSEhttps://github.com/dafthack/DomainPasswordSpray/blob/master/LICENSEhttps://github. com/nettitude/PoshC2_Python/blob/master/LICENSEhttps://github.com/ElevenPaths/FOCA/blob/master/LICENSE.txthttps://github.com/ohpe/juicy-potato/blob/master/LICENSEhttps://github.com/NytroRST/NetRipper/blob/master/LICENSE.TXThttps://github.com/unixrox/prebellico/blob/master/LICENSE.mdhttps://github.com/rasta-mouse/Watson/blob/master/LICENSE.txthttps://github.com/berzerk0/Probable-Wordlists/blob/master/License.txthttps://github.com/cobbr/SharpSploit/blob/master/LICENSEDownload Commando-Vm

Link: http://feedproxy.google.com/~r/PentestTools/~3/qfDDkq3fmTU/commando-vm-v20-first-full-windows.html

SET v8.0.1 – The Social-Engineer Toolkit

Copyright 2019 The Social-Engineer Toolkit (SET)Written by: David Kennedy (ReL1K)Company: TrustedSecDISCLAIMER: This is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes, period.Please read the LICENSE under readme/LICENSE for the licensing of SET.SET TutorialFor a full document on how to use SET, visit the SET user manual.FeaturesThe Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec, LLC – an information security consulting firm located in Cleveland, Ohio.Bugs and enhancementsFor bug reports or enhancements, please open an issue here.Supported platformsLinuxMac OS XInstallationResolve dependenciesUbuntu/Debian SystemLinuxMac OS X (experimental)InstallationInstall via requirements.txt$ pip install -r requirements.txtInstall SETAll OSs$ git clone https://github.com/trustedsec/social-engineer-toolkit/ set/$ cd set$ pip install -r requirements.txtDownload Social-Engineer-Toolkit

Link: http://feedproxy.google.com/~r/PentestTools/~3/w4tiBuIcrYw/set-v801-social-engineer-toolkit.html

Buster – Find Emails Of A Person And Return Info Associated With Them

Buster is a simple OSINT tool used to:Get social accounts from various sources(gravatar,about.me,myspace,skype,github,linkedin,avast)Get links to where the email was found using google,twitter,darksearch and paste sitesGet domains registered with an email (reverse whois)Generate possible emails and usernames of a personFind the email of a social media accountFind emails from a usernameFind the work email of a person using hunter.ioInstallationclone the repository:$ git clone git://github.com/sham00n/busterOnce you have a copy of the source, you can install it with:$ cd buster/$ python3 setup.py install$ buster -hAPI keysThis project uses hunter.io to get information from company emails,the first couple “company email" searches dont require a key,if you have an interest in company emails i recommend that you sign up for an account on hunter.io.Once you get an API key, add it to the file "api-keys.yaml" and rerun the command:$ python setup.py installUsageusage: buster [-h] [-e EMAIL] [-f FIRST] [-m MIDDLE] [-l LAST] [-b BIRTHDATE] [-a ADDINFO [ADDINFO …]] [-u USERNAME] [-c COMPANY] [-p PROVIDERS [PROVIDERS …]] [-o OUTPUT] [-v] [–list LIST]Buster is an OSINT tool used to generate and verify emails and returninformation associated with themoptional arguments: -h, –help show this help message and exit -e EMAIL, –email EMAIL email adress or email pattern -f FIRST, –first FIRST first name -m MIDDLE, –middle MIDDLE middle name -l LAST, –last LAST last name -b BIRTHDATE, –birthdate BIRTHDATE birthdate in ddmmyyyy format,type * if you dont know(ex:****1967,3104****) -a ADDINFO [ADDINFO …], –addinfo ADDINFO [ADDINFO …] additional info to help guessing the email(ex:king,345981) -u USERNAME, –username USERNAME checks 100+ email providers for the availability of username@provider.com -c COMPANY, –company COMPANY company domain -p PROVIDERS [PROVIDERS …], –providers PROVIDERS [PROVIDERS …] email provider domains -o OUTPUT, –output OUTPUT output to a file -v, –validate check which emails are valid and returns information of each one –list LIST file containing list of emailsUsage examplesGet info of a single email(exists or not,social media where email was used,data breaches,pastes and links to where it was found)$ buster -e target@example.comQuery for list of emails`$ buster –list emails.txtGenerate emails that matches the pattern and checks if they exist or not(use the -a argument if you have more info to add(ex: -a nickname fav_color phone #)$ buster -e j********9@g****.com -f john -l doe -b ****1989Generate usernames (use with -o option and input the file to recon-ng’s profiler module)$ buster -f john -m james -l doe -b 13071989 Generate emails (use -v if you want to validate and get info of each email)$ buster -f john -m james -l doe -b 13071989 -p gmail.com yahoo.comGenerate 100+ emails in the format username@provider.com and returns the valid ones(use -p if you dont want all 100+)$ buster -u johndoeGenerate a company email and returns info associated with it$ buster -f john -l doe -c company.comTipsYou get 200 email validations/day,use them wisely!When using the -a option,avoid using small words(ex:j,3,66),the shorter the words are the bigger the email list is and therefore more validations are neededwhen adding an email pattern make sure the service providing the pattern displays it with the right size(facebook,twitter,instagram do…others might not)I dont recommend using with Tor as haveibeenpwnd.com,hunter.io and google wont function properlyThanksemailrep.io for being developer friendlykhast3x,developer of h8mail which was used as a reference for this README fileThe OSINT community for being awesome!NotesMy Code is ugly,i know…if you know how to do things better let me know!If you have any suggestions or improvements email me at sham00n at protonmail dot comDownload Buster

Link: http://www.kitploit.com/2019/07/buster-find-emails-of-person-and-return.html

Comprehensive Guide to Steghide Tool

In this article, we’ll learn about Steghide. There are various steganography tools available but the part that differentiates it is that it uses a variety of algorithms to encrypt the data. Moreover, Steghide supports to hide data behind any image(jpg/jpeg/png/gif/bmp), audio (mp3/wav), excel, etc. Table of Content Introduction to Steganography Introduction to Steghide Features Installation… Continue reading →
The post Comprehensive Guide to Steghide Tool appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/comprehensive-guide-to-steghide-tool/

Drupal (SA-CORE-2019-008) Wordspaces Extension Access Bypass PoC

PenTestIT RSS Feed
Last week, an advisory (SA-CORE-2019-008) addressing a Drupal access bypass vulnerability was made public. MITRE assigned CVE-2019-6342 to this critical vulnerability. This is post to document the steps I took to create a PoC for SA-CORE-2019-008. Last such post on this blog was about Apache JMeter RMI Code Execution PoC (CVE-2018-1297). Interesting part about thisRead more about Drupal (SA-CORE-2019-008) Wordspaces Extension Access Bypass PoC
The post Drupal (SA-CORE-2019-008) Wordspaces Extension Access Bypass PoC appeared first on PenTestIT.

Link: http://feedproxy.google.com/~r/PenTestIT/~3/nZAe1zqs1RU/