Innehållsförteckning för March 2023 från Hackercool Magazine

TheHackernews reported that multiple hacking attacks are active in wild that are exploiting the recently discovered (and hopefully patched by many) vulnerability in Zoho ManageEngine products. Most notable among them is an alleged cyber espionage operation which according to BitDefender used built in utilities in Windows to download malicious payloads to gain access and establish persistence on the exploited target. Other threat actors are exploiting the vulnerability to install payloads like netcat, CobaltStrike beacon and even AnyDesk software which is used for remote access. A few cases have even seen installing a Windows version of Buhti ransomware. But what is this vulnerability in Zoho that is being used so vividly? Intro Zoho corporation is an Indian MNC, that makes complex software and web based business tools. One of its popular…

Check whether your email is a part of any data breach https://haveibeenpwned.com Set the LHOST and session ID and use check command to see if the target is vulnerable. The target is indeed vulnerable. After all the options are set, execute the module. Since 2022, Trojanized installers of TOR anonymity browser are being used to spread clipper malware. As readers can see, we have a new Meterpreter session but with “root” privileges. For this module to work, we need an external exploit the source of which can be downloaded from the link given in our Downloads section (CVE_2022_22242_dc.c). Download this script and place it in/usr/share/Metasploit/namework/external/source/exploit/CVE_2022_22942/directory. CVE_2022_1043 Linux Priv Esc Module. TARGET: Linuxkernel 5.12-rc3 to 5.14-rc7 MODULE: PE TYPE: Local ANTI-MALWARE: NA This privilege escalation module exploits a vulnerability in io_uring…

On March 23, 2023, users using 3CX app started discussing about a false positive detection by their Antivirus of 3CX app on their systems. Cybersecurity researchers at Sophos found malicious activity on their own customer’s systems from 3CX Desktop App. By March 29 2023. 3CX is a Voice Over Internet Protocol (VOIP) IPBX software development company and its 3CX phone systems are used by more than 6,00,000 companies and over 12 million users worldwide. The companies that use 3CX software include American Express, BMW, Mercedes. Benz, Coca-Cola, McDonalds, Honda, Toyota, IKEA etc. 3CX software app works on Window, Linux, MacOS X etc. If the reports from Sophos and CrowdStrike are to be believed, the attackers are targeting Windows and MacOS targets of 3CX customers. As researchers dug deep, they detected…

Welcome to Metasploit This Month. Let us learn about the latest exploit modules of Metasploit and how they fare in our tests. DBeaver Password Gather Module TARGET: DBeaver MODULE: POST TYPE: Local ANTI-MALWARE: OFF DBeaver is a universal database administration tool that can be used to manage all kinds of relational & NOSQL databases that can be installed on Windows, Linux, MacOSX. This module will determine if the target system has DBeaver installed and then it will dump all the saved session information from the target system. It will then decrypt passwords for these saved sessions. We have tested this module on the latest version of DBeaver installed on Windows 10. We will connect to a MariaDB database using DBeaver to have some sessions. The download information of both DBeaver…

The first of release of Kali Linux this year, the Kali Linux 2023 has been released this month. The release date marks the 10th anniversary of Kali and the makers have definitely added some special things to this release. Let’s see what are they. New Themes & Wallpapers The first thing you will notice as you install and boot up this release of Kali is their new themes and wallpapers. Although makers of Kali have been releasing new themes in their first release of the year, this special update includes new wallpapers for boot, login and Desktop displays. Considering that it is their 10-year anniversary, the new themes are a nod to where Kali Linux started its journey from. It means the makers have designed their backgrounds as a direct…

1. Installing and Configuring vulnerable Zoho Service Desk The download information of ManageEngine Service Desk is given in our Downloads section. Download and click on the executable. This installation starts as shown below. Select “Standard Edition” and click on “Next”. Select “Free Version” and click on “Next”. Select “Skip”. The installation will progress. Wait until the Server starts. To successfully exploit the vulnerability, the target needs to have Single Sign-ON (SSO) enabled on the target system (SAML enable). Get a Mock SAML from the link given in our Downloads Section. Copy the content of the certificate, paste it in a text document and save it with any name but with. crt extension. Also note the SSO URL. Once you finish doing this, go to the web interface of Service Desk…