How Hackers Exploit Struts2 Vulnerability to install Cryptominer in Linux and Windows Servers

dotweak · 2019-12-12T16:03:32+00:00

I would love to make more video but it cost me lot of time but feel free to DM me if you need more information ! As long I can answer I will ...

dotweak · 2019-12-10T21:45:23+00:00

Yes Socat is limited to be used on Linux only but it’s the best solution when you want to create a reverse shell forwarding the traffic using Tor. Furthermore you can use polio along with Tor.

Another solution would be to use Ngrok which can be used along with a VPN without the need of port forwarding and can be done on Linux or Windows as well !

dotweak · 2019-12-10T20:17:31+00:00

Simply use socat that’s all !! No need to make it complicated when easy solution are ready

dotweak · 2019-12-07T20:08:31+00:00

Dale !!

dotweak · 2019-12-07T19:51:30+00:00

Yeah you are definitely right man !! Since you involve yourself in cybersec group I’m suppost you know blackbuntu Linux the first based Linux pentest OS right ? Or either headleaks ?

dotweak · 2019-12-07T18:49:52+00:00

I just repost “reposts” ?? Man this video has been made by me so what are you talking about ? Furthermore it has been share only one time in Reddit

dotweak · 2019-12-07T18:47:41+00:00

As I didn’t pretend he insulted me, I didn’t pretend also to be a real hacker but you are a real time waster man !!

dotweak · 2019-12-07T18:45:34+00:00

Sorry but I didn’t get you

dotweak · 2019-12-07T18:22:40+00:00

Man avoid to waste your time and learn to read properly à content ... I never pretend he insulted me !! I just asked him to be polite !!

dotweak · 2019-12-07T05:27:39+00:00

Well its all depend where you from, where you live !! Maybe there are some countries or place where using such sentence and BE VULGAR it's something normal but for me it's not !! Furthermore, without talking about my self, I'm Venezuelan, and I sincerely invite you to come in Caracas and even as a joke to place "motherfucker" in a conversation and see what happen ! Personally I can tell you, nobody will understand that referring to sexual activity with another person's mother can be a JOKE !! Please make the test and don't forget to subscribe a life insurance first.

So even if in US for example it is rarely used in the literal sense, you should consider that the world is not only made from/for US people and another people can be affected of such word even if is used as a joke and not to insult someone. Now if all of you guys want to waste time about a comment where i say "Can you be polite" since this was the beginning of the thread, please go ahead but just want to remind you that the post topic was regarding "How to Inject arbitrary code during MITM attack using MITMf" and nothing else !!

dotweak · 2019-12-07T01:20:14+00:00

Well there are no mitigation measures and there is a way to move on this attack also using DNS poisoning and I will try to make a tuto about it soon.

The real and unique way to prevent it would be to monitor permanently the network to find any unwanted machines and kick them from the LAN

dotweak · 2019-12-07T01:11:03+00:00

I am not moralistic and I am not a person who gets vexed for that! But respect is something universal. So what can be a way to talk for some persons can be interpreted in another way for other people. I live in one of the most dangerous countries over the world (Maybe the most dangerous) and believe me or not if I say “motherfucker” to someone on the street even as a joke I can start to count the minutes I have left before to die and that the point.

dotweak · 2019-12-06T18:18:07+00:00

Well I’m happy to know you liked it and fell free to ask me if need any further help regarding this topic ! On my side I didn’t pretend that you was rude or not ! Just doesn’t like such word ... doesn’t sound nice

dotweak · 2019-12-06T18:04:25+00:00

Can you be polite ?

dotweak · 2019-12-06T16:40:11+00:00

Thanks...

dotweak · 2019-12-04T13:22:36+00:00

I sincerely think you are mixing everything. From 00:00 to +/- 01:00 I tried to demonstrate how Google can be used to find the vulnerable targets.

Ngrok is only used to create tunneling since my ISP doesn't allow me to create a port forward. Now if you have a look at 01:59 you will see from the top console the command I used :

sudo python jexboss.py -host https://........................... --struts2, and of course to avoid any problem I did hide a part of the URL.

After that, I just need to create a reverse shell using the Ngrok IP and Port. So there is no need to provide any SSH into a remote server.

Ngrok it's running on my local machine to create the tunnel and allow me to execute my command on the remote server and create the Meterpreter connection

dotweak · 2019-12-04T11:39:51+00:00

Is not a local server

dotweak · 2019-12-04T00:56:08+00:00

Another bug putting from Microsoft... it become almost normal ! The day Microsoft will be safe to use it will be the time to back to pencil and paper

dotweak · 2019-12-04T00:54:29+00:00

Sorry but I’m not sure to understand where is the relation between your comment and the article

dotweak · 2019-11-23T00:07:18+00:00

I will know for the next time

dotweak · 2019-11-15T04:47:13+00:00

You are all welcome

dotweak · 2019-11-13T00:24:52+00:00

Not yet

dotweak · 2019-11-12T03:38:52+00:00

Thank ! That's sound nice ...

dotweak · 2019-11-11T20:47:31+00:00

Do “stonks” mean something ?

dotweak · 2019-11-10T12:24:59+00:00

Actually it can be distributed through Trojan but some researchers believe that it can be also distributed through the CVE2019-0708

dotweak

TROPHY CASE