HACKING RCE VULN in APACHE OFBiz DEMO

Подписаться 12 тыс.

50% 1

In this episode, I will show you how I got a reverse shell by ex ploiting CVE-2024-38856 that affects Apache OFBiz versions 18.12.14 and below.
A HUGE THANKS to the amazing work by the researchers over at SonicWall! You can check out their blog post here ... blog.sonicwall...
Here is a link to the PoC that helped make this possible... github.com/Mr-...
For those interested in Dencode...dencode.com/en/
Here's a link to a the python reverse shell (and many other reverse shells)...www.revshells....
#cybersecurity #cyber #informationsecurity #infosec #infosecurity #hacking #hacker #ethicalhacker #ethicalhackers #ethicalhacking #redteam #redteaming #blueteam #cyberdefense #penetrationtesting #pentesting #pentester #webapplicationsecurity #kalilinux #apache

Опубликовано:

9 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 8

@naviya98 26 дней назад

I will share your video on my website and among my University friends. This is a really valuable video. ❤❤

@daniellowrie 25 дней назад

Thanks for watching! This comment made my day 😊

@firosiam7786 Месяц назад

Hey welcome back again😂 ur here one moment next your gone for months anyways glad to see videos come out instead of not posting for years like some other youtubers. Hey could u maybe do some more of the evasion malware videos u did earlier like i think its been almost a year since u did a video like payload creation obfuscation evasion stuff like that

@daniellowrie Месяц назад

LOL yeah, I tend to be a bit sporadic with the content 😁, but I try to make unique content (which is probably why I only have 11k subs after 3 years 🤣). If you're looking for good av/edr evasion videos, I would hop over to the Red Siege channel and watch their "Adventures in Shellcode Obfuscation" with Mike Saunders. Mike is a friend of mine and my dude is super smart. Here' s the link to the playlist ru-vid.com/group/PLT3EmOikjcyY2t6zVJT7rSB1sqK2IMq4e Cheers and thanks for being such a loyal subscriber!

@firosiam7786 Месяц назад

@@daniellowrie yeah im already following it thats a cool series learned many tactics so far from it hoping to see some cool stuff from you also sadly i wasnt able to join the evasion course u had on ACi learning platform but will learns tons from here

@goxsec7105 Месяц назад

OF (OPEN FOR )

@daniellowrie Месяц назад

This unfortunate software, which has been around since the early 2000's, will now and forever have its name uttered with a slight chuckle as each of us manifests our inner Beavis and/or Butthead for just a brief moment in time. 😁

@goxsec7105 Месяц назад

@@daniellowrie TRUE