Hackercool Magazine December 2021

RTF Template Injection is very easy and simple. Apart from this, the inability of public antivirus engines failing to detect this injection is the reason for hackers increasingly using this injection technique. In this month's issue of Real World Hacking, we bring our readers how to perform this injection. For this tutorial we will be using a Ubuntu system as our Landing system or attacker system. On our attacker system, we create a new directory named RTF_T_I (in fact you can name it whatever you like) to save all the files. The reason we chose Ubuntu as our base system is it has a word processor installed by default. So I open LibreOffice and create a new word file as shown below (In Real world, the text here contains the…

The final release of Kali Linux for year 2021 has been released by their makers. In What's New of this month's Issue, readers will see the updates added in the release. So let's go right away. 1. Updates to Desktop With this release the makers of Kali Linux updated all the three desktop environments: Gnome, KDE and Xfce. The GNOME Desktop has been updated to the latest release of Gnome, the Gnome 41. Even the KDE desktop has been updated to the latest release KDE 5.23. The changes it brings is a new design for the Breeze theme to improve the look with glossiness and style. In Xfce, 2 new widgets have been added to the panel layout. These are the CPU usage widget and the VPN IP widget. Although…

Welcome to Metasploit This Month. Let us learn about the latest exploit modules of Metasploit and how they fare in our tests. Git LFS CVE-2021-21300 RCE Module TARGET: Git <v2.17.6, <v2.18.5, <v2.19.6, <v2.20.5, <v2.21.4, <v2.22.5, <v2.23.4 <v2.24.4, <v2.25.5, <v2.26.3, <v2.27.1, <v2.28.1, <v2.29.3, <v2.30.2 TYPE: Local MODULE: Exploit ANTI-MALWARE: NA This module exploits CVE-2021-21300 vulnerability. This vulnerability is present in the above mentioned versions of Git clients. Note that the above mentioned versions should support delay-capable clean / smudge filters and symbolic links on case-insensitive file systems for this exploit to work. When Git LFS uses clean / smudge filters it changes the checkout orderof repository files which in turn enables a Git hook to be placed in the `.git/hooks` directory. By default, the payload created by this module is automatically…

When you enter your personal information or credit card number into a website, do you have a moment of hesitation? A nagging sense of vulnerability prompted by the parade of headlines about data breaches and hacks? If so, you probably push those feelings aside and hit the submit button, because, well, you need to shop, apply for that job, file that insurance claim, apply for that loan, or do any of the other sensitive activities that take place online these days. First, the bad news. If you regularly enter sensitive information online, chances are you’ve had some data stolen somewhere at some point. By one estimate, the average American had data stolen at least four times in 2019. And the hits keep coming. For instance, a data breach at the…

Facebook’s approach to users’ data has just been dealt a major blow from the European court of justice (ECJ). In an answer to a question from Germany’s highest court, the ECJ’s advocate general – whose opinion is not binding but is generally followed by the court – has made an essential clarification to Europe’s data protection law to confirm that consumer associations can bring actions on behalf of individuals. If followed by the ECJ, this will make it much easier for people to defend their rights against tech giants in future. Coming on the back of a decision by the European general court against Google several weeks ago for using its platform power to restrict competitors, it is the latest example of European regulators making the business climate increasingly chilly…

1. Apache Log4shell JNDI Exploit: https://github.com/black9/Log4shell_JNDIExploit 2. Kali Linux 2021.4: https://www.kali.org/get-kali/ 3. Git 2.28.0 for Windows: https://github.com/git-for-windows/git/releases/download/v2.28.0.windows.1/Git-2.28.0-64-bit.exe 4. Git 2.30.1 for Windows: https://github.com/git-for-windows/git/releases/download/v2.30.1.windows.1/Git-2.30.1-64-bit.exe 5. Linux elFinder: https://github.com/Studio-42/elFinder/archive/2.1.58.zip 6. CVE-2021-22555 exploit: https://github.com/bcoles/kernel-exploits/blob/master/CVE-2021-22555/exploit.c…