0dayExploit

Damn nice upload, what was the vuln? ;) Server was rooted, drive completely wiped, they had most recent backup was January ;) Now that database is leaked, they have a backup LOL

Says in the title bro lol

Welp, I just released the database, now I'm releasing 5k cracked passwords I got already from rainbow tables. [hide]https://pastebin.com/h56EWG8j[/hide]

Requirements Chrome Version: 73.0.3683.86 OS: Windows 10 x64 Description Vulnerability allows you to remotely execute arbitrary code on the attacked system. On Thursday, April 4, Exodus Intelligence security researcher István Kurucsai published a PoC-exploit. Alongside a demo video for an unpatched vulnerability in Google Chrome. The vulnerability allows an attacker to remotely execute arbitrary code on the victim’s system. The problem has already been fixed in V8 (JavaScript browser engine). Although, the patch has not yet been added to Chrome 73, used on more than 1 billion devices. The reason why the researcher decided to publish the PoC-exploit before fixing the vulnerability is the desire to demonstrate flaws. According to Koruchaya, while Google is working on patches, attackers manage to create exploits and attack users. Delayed patches are related to Chrome’s supply chain, which involves importing and testing codes from various sources. In the case of a vulnerability in the V8 engine, the fix was ready on March 18. However, after which it became available in the project change log and the V8 source code. Therefore, the patch itself has not yet been added to the patch. Currently, the update goes through all the assembly steps, including integration with the Chromium project. Lastly, integration with the Chrome codebase, testing in Chrome Canary and Chrome Beta. That being said, only after that the patch will be added to the stable version of the browser. As a result, attackers have a “window” from several days to several weeks, when the details about the vulnerability are already known, but the stable version of Chrome has not yet received the update. The PoC-exploit published by the researcher in its current form is relatively harmless. Koruchay did not specifically add to it the ability to bypass the sandbox, which is necessary for executing the code. However, attackers can use it together with the old sandbox bypass vulnerabilities and execute code on the attacked system. PoC Video: https://www.youtube.com/watch?v=CqEEgIMePfg Download: [hide]EXP.HTML - https://defuse.ca/b/mkICKTrr EXP.JS - https://defuse.ca/b/52a3220qWsEQYVLMlXtGg4[/hide] Source: https://0dayexploits.net/2019/04/05/chrome-1-day-free-exploit-2019/

On the 12th of May 2019 the forum ogusers.com was breached 112,988 users were affected. I have uploaded the data from this database breach along with their website source files. Their hashing algorithm was the default salted MD5 [hide]https://anonfile.com/j701R6r5nd[/hide]

Resources Apache Video Guide Download Panel + Builder If you require any help or assistance please let me know :fiesta:

Definitely some easier methods to do this using tools in Kali , but great read none the less! Thank you for sharing.

I can give you some resources for this. I am new here, not aware of all the rules yet as to what can / can't be posted for links. If you need PM me I can send you some resources to learn from

The example script I gave above will work universal for all browsers- the one you are using in this video will not be as effective Not all browsers have javascript and a lot block javascript by default. Using PHP Header would be most efficient for spreading purposes

Agreed. I prefer Debian, by far the best

Thanks for sharing video example! People can also note if you want to embed some sort of payload, just put the directory in place of calc.exe

Hope you did not waste your money on something so simple.. http://pastebin.zone/i05JYaS4 Best of luck

For research purposes: CVE-2019-0541 In this guide you will learn how to create a .htm file which can execute arbitrary commands in the remote powershell. This is working on all Windows versions and exploits Internet Explorer / Microsoft Office. First of all, the MSHTML Engine is vulnerable due to improper validation of specially crafted web documents (html, xhtml, etc). In other words, the exploit is triggered when users “edit” the documents. These documents are containing a ‘meta’ HTML tag set to ‘ProgId’ and its content set to ‘ProgId’. In this example we use ‘HTAFILE’ to exploit MS IE Browser or MS Office. On patched systems, the file will always open in notepad for editing. First we will begin with a simple HTML document, opening the HTMl, HEAD and meta tag. As stated before, we are filling the content of the meta with ‘HTAFILE’, and the name as ‘ProgId’. [hide]http://pastebin.zone/3fuG1Ams[/hide] Next we will add some fail-safes in the event that a user does not open in Internet Explorer or MS Office. For example, if JavaScript is disabled we will leave an error message persuading to edit with Internet Explorer. [hide]http://pastebin.zone/uIEpKm6T[/hide] Now you have successfully made an exploited .htm file which executes the shell command to run calculator. You can edit this for any of your hacking needs. Happy hacking! Source: https://www.0dayexploits.net/2019/03/16/internet-explorer-zero-day-exploit-free/

Thank you :) Im gonna try it out my friend

Thank you for sharing! I will try it out