| github | https://github.com/hackerschoice/ |
| github | https://github.com/vanhauser-thc/ |
❤️RELEASE: The TEAM-TESO cvs:
Exploits, advisories, teso-informational (never released), burneye ELF crypter, bscan mass scanner, …plus some rare pictures.
Which 7350 exploit was your favourite?
Enjoy & Keep hacking,
Yours Sincerely,
Team-Teso (via THC’s bsky account).
@fwaggle on my Ubuntu 22.0 and 24.0 the ed25519 host public key is not in PEM but in the <type> <key> format (no <comment> section).
What distro uses PEM? I can try to convert it to the type-format and see if the daemon blindly accepts it.
THC Release 💥: The world’s largest IP<>Domain database: https://ip.thc.org
All forward and reverse IPs, all CNAMES and all subdomains of every domain. For free.
Updated monthly.
Try: curl https://ip.thc.org/1.1.1.1
Raw data: https://ip.thc.org/docs/bulk-data-access
(The fine work of messede 👌)
What does everyone think? Need feedback before release tomorrow :)
@agowa338 Can't see how rhost is better. rhosts-trick requires the attacker to drop at least 2 new files to the target and change at least 1 line in the sshd_config (HostbasedAuthentication; a line that raises a red flag).
Our trick adds no new file to the system and only needs 1 line to the config (without raising a red flag).
Please explain if I got this wrong.
Can anyone test my *SMALLEST* SSHD backdoor?
- Survives updates.
- Does not use ~/.ssh/authorized_keys or PAM modules.
- Does not create any new file.
Just SSHD trickery.
Source at https://thc.org/tips
Stealth died 😢 A member of Team-Teso, Phrack staff, and many other groups. A true hacker—perhaps as true as a hacker can ever be. WE MISS YOU. 🩷
More: https://thc.org/404
<stealth> we had joy we had fun we had a rootshell on a sun.
