z0rs

Red Teaming tool

• General usefull Powershell Scripts
• AMSI Bypass restriction Bypass
• Payload Hosting
• Network Share Scanner
• Lateral Movement
• Reverse Shellz
• POST Exploitation

z0rs

List of contents

• Active Directory Exploitation Cheat Sheet
  • Summary
  • Tools
  • Domain Enumeration
    • Using PowerView
    • Using AD Module
    • Using BloodHound
• Remote BloodHound

z0rs

list of contents

• Infrastructure
  • Redirectors
  • Domain fronting
• OpSec
  • Customer ID
• Payloads
  • DNS Beacon
• SMB Beacon

z0rs

list of contents

• General
• Domain Enumeration
  • Powerview Domain
  • Powerview Users, groups and computers
  • Powerview Shares
  • Powerview GPO
  • Powerview ACL
  • Powerview Domain Trust
• Misc

z0rs

Network Working Group                                         C. Huitema
Request for Comments: 4380                                     Microsoft
Category: Standards Track                                  February 2006


                    Teredo: Tunneling IPv6 over UDP
              through Network Address Translations (NATs)

Status of This Memo

z0rs

title	date
Server Side Template Injection via Twig Security Extension	2023-04-15

Overview:

Shopware is an e-commerce platform that is open source and built on the Symfony Framework and Vue.js. The default storefront of Shopware 6, called Shopware 6 Storefront, is based on Twig and Bootstrap. Users can customize the appearance of their storefront by using extensions (previously known as plugins) to override the default Twig template files. These custom themes can be enabled using the included Shopware 6 Administration panel.

Summary:

Please note that this is a bypass of CVE-2023-22731, which is being tracked as issue NEXT-24667 by Shopware.

z0rs

Vulnerability Assessment Report - CVE-2021-43062

Executive Summary:

I am happy to share vulnerability findings on Fortinet FortiMail, focusing on versions v7.0.1, v7.0.0, v6.4.5 & below, v6.3.7 & below, and v6.0.11 & below. During this assessment, I was able to identify an unpatched XSS (Cross-Site Scripting) vulnerability, tagged as CVE-2021-43062. The vulnerability allowed arbitrary code execution via a specially crafted HTTP GET request to the FortiGuard URI protection service.

Product	Fortinet FortiMail
Vendor	Fortinet
Severity	Medium
Affected Versions	v7.0.1, v7.0.0, v6.4.5 & below, v6.3.7 & below, v6.0.11 & below

z0rs

Serialization Saga CTF Challenge

• Challenge: Serialization Saga
• Points: 100
• Category: Insecure Deserialization

Challenge Description

This challenge is a CTF designed to test the ability to identify and exploit insecure deserialization vulnerabilities. Participants are required to perform certain functions by exploiting these vulnerabilities and obtaining flags as a result.

Steps

z0rs

Table of Contents

• Statement of Confidentiality
• Approach
• Scope
  • In Scope Assets
• Assessment Overview and Recommendations
• Detailed Walkthrough Informa
  • Scan Summary
  • Open Ports and Services
• Detailed Findings

z0rs

Incident Summary

This report outlines the compromise of a WordPress server exploited through a vulnerable plugin by a threat actor. The attack, simulated in HackTheBox's Sherlock: Ultimatum challenge, targeted a known vulnerability in the Ultimate Member plugin, enabling the attacker to create a backdoor admin account and gain full control over the server. This detailed report examines the attack timeline, indicators of compromise (IoCs), and post-exploitation activities.

---

1. Objective

The objective of this investigation was to analyze the compromise of a WordPress server suspected of being attacked via a vulnerable plugin. The aim was to identify the exploit, document the attacker's methods, and gather actionable intelligence for remediation.