exploit – iJoo

[CVE-2021-41773] Bug Apache 2.4.49-50

posted on October 11, 2021tagged as #ijootech, apache, exploit, linux, security

Apache merupakan software aplikasi yang biasa digunakan oleh webserver untuk menghosting sebuah website selain nginx. Akan tetapi akhir-akhir ini di hebohkan dengan sebuah penemuan bug sederhana yang mempunyai dampak besar.
Continue reading “[CVE-2021-41773] Bug Apache 2.4.49-50”

V3n0M-Scanner – Free and Open-source Vuln Scanner in Python

posted on June 17, 2021tagged as #ijootech, exploit, scanner

Popular Pentesting scanner in Python3.6 for SQLi/ XSS / LFI/ RFI and other Vulns.
Evolved from baltazar’s scanner, it has adapted several new features that improve functionality and usability. It is mostly experimental software .
This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and organizes the URLs it finds. Use at your own risk.
Continue reading “V3n0M-Scanner – Free and Open-source Vuln Scanner in Python”

MicroBackdoor:– Small and convenient C2 tool for Windows targets.

posted on June 15, 2021tagged as #ijootech, backdoor, exploit, tools

Micro Backdoor is C2 tool for Windows targets with easy customizable code base and small footprint. Micro Backdoor consists from server, client and dropper. It wasn’t designed as replacement for your favorite post-exploitation tools but rather as really minimalistic thing with all of the basic features in less than 5000 lines of code, client DLL size is less than 20Kb without compression.
Continue reading “MicroBackdoor:– Small and convenient C2 tool for Windows targets.”

[CVE-2021-3493] Ubuntu LPE OverlayFS PE Exploit

posted on May 5, 2021tagged as #ijootech, exploit, local, ubuntu

Masalah khusus Ubuntu dalam sistem file overlayfs di kernel Linux yang tidak memvalidasi aplikasi kapabilitas sistem file dengan benar sehubungan dengan ruang nama pengguna. Penyerang lokal dapat menggunakan ini untuk mendapatkan hak istimewa yang lebih tinggi, karena tambalan yang dilakukan di Ubuntu untuk memungkinkan pemasangan overlay tanpa hak istimewa. Continue reading “[CVE-2021-3493] Ubuntu LPE OverlayFS PE Exploit”

[CVE-2021-22986] Server ID banyak yang VULN

posted on April 28, 2021tagged as #ijootech, exploit, security, target

Kerentanan ini memungkinkan penyerang yang tidak diautentikasi dengan akses jaringan ke antarmuka REST iControl, melalui antarmuka manajemen BIG-IP dan alamat IP sendiri, untuk menjalankan perintah ssebagai administrator(root), membuat atau menghapus file, dan menonaktifkan layanan.
Continue reading “[CVE-2021-22986] Server ID banyak yang VULN”

E-Mail Security Virtual Appliance (ESVA) Remote Execution.

posted on August 10, 2012tagged as exploit

ESVA (E-Mail Security Virtual Appliance) is a pre-built and semi-configured email scanning appliance that will run on VMware Workstation, Server, Player or ESX Server.

-=+ Infected Files
…./cgi-bin/learn-msg.cgi
…./cgi-bin/release-msg.cgi
Not found any strips/filter to metacharacters..
Attacker can easily execute command..
Continue reading “E-Mail Security Virtual Appliance (ESVA) Remote Execution.”