lisenMiller

ÕªÒª£º File Inclusion vulnerability In the PHP Configuration,"allow_url_include" wrapper by-default set to "Off" which instruct PHP not ot load remote HTTP o ÔĶÁÈ«ÎÄ

ÕªÒª£º ThemeBleed exploit Windows run the Theme.exe which occupy the 445 port.We need to open the services interface and stop the service. 1.Generate the The ÔĶÁÈ«ÎÄ

ÕªÒª£º CONNECT between windows and linux Bloodhound Collection Grab the latest copy of SharpHound.exe from the Bloodhound repo,upload it to Outdated,working ÔĶÁÈ«ÎÄ

ÕªÒª£º Åö´ÉÀàÐÍ X-Frame-Options ·çÏÕÃû³Æ µã»÷½Ù³Ö£ºX-Frame-OptionsÏìӦͷ¶ªÊ§ ·çÏÕ¼¶±ð ÖзçÏÕ ·çÏÕÃèÊö ·µ»ØµÄÏìӦͷÐÅÏ¢ÖÐûÓаüº¬x-frame-optionsÍ·ÐÅÏ¢ÉèÖ㬵ã»÷½Ù³Ö(ClickJacking)ÔÊÐí¹¥»÷ÕßʹÓÃÒ»¸ö͸Ã÷µÄiframe£¬¸²¸ÇÔÚÒ»¸öÍøÒ³ÉÏ£¬È»ºóÓÕʹ ÔĶÁÈ«ÎÄ

ÕªÒª£º PyWhisker If we use pyWhisker,we need to have credential. With creds,I can try to remotely run PyWhisker.It fails: python3 /opt/pywhisker/pywisker.py ÔĶÁÈ«ÎÄ

ÕªÒª£º Briefly Microsoft ensure that a new local escalate loophole. This loophole allow low permission user access the system file of Windows. The user which ÔĶÁÈ«ÎÄ

ÕªÒª£º WSUS Introduction WSUS is a Microsoft solution for administrators to deploy Microsoft product updates and patches across an environment in a scalable ÔĶÁÈ«ÎÄ

ÕªÒª£º RECON TLS certificate openssl s_client -showcerts -connect 10.10.11.202:3269 | openssl x509 -noout -text- "openssl s_client" initiates an SSL/TLS conn ÔĶÁÈ«ÎÄ

ÕªÒª£º ESC1 utilization conditions: ESC1 needs to meet following requirements to use successfully 1.Have permission to accquire certificate 2.the value of pk ÔĶÁÈ«ÎÄ

ÕªÒª£º BRIEF ADCS£¨Active Directory certificate service).There are a lot enterpirse CA set up to issue certificates using certificate template definitions,whi ÔĶÁÈ«ÎÄ