{"uuid": "138d923e-a4f0-4a4f-afe6-677653b054c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-21931", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2889", "content": "Tools - Hackers Factory\n\u200b\u200bCVE-2023-21931\n\nWeblogic CVE-2023-21931 vulnerability exploration technique: post-deserialization exploitation.\n\nhttps://github.com/gobysec/Weblogic\n\n\u200b\u200bmisp-galaxy\n\nClusters and elements to attach to MISP events or attributes (like threat actors).\n\nhttps://github.com/MISP/misp-galaxy\n\n\u200b\u200bSandbox Escape in vm2@3.9.15\n\nThere exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException() and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context.\n\nhttps://gist.github.com/leesh3288/f05730165799bf56d70391f3d9ea187c\n\n\u200b\u200bNetlas dorks\n\nIn this document, you will find dorks for the Netlas.io search engine. They are divided into several categories, each dork also has a link by which you can immediately go to the query results. The dork list from RedTeamGuide was taken as a basis, and processed in accordance with our syntax. If you find any inaccuracies, please feel free to send pull requests or write Issues.\n\nhttps://github.com/netlas-io/netlas-dorks\n\n\u200b\u200bDefault Credentials Cheat Sheet\n\nOne place for all the default credentials to assist pentesters during an engagement, this document has several products default login/password gathered from multiple sources.\n\nhttps://github.com/ihebski/DefaultCreds-cheat-sheet\n\n\u200b\u200bLinkedInDumper\n\nPython 3 script to dump company employees from #LinkedIn API.\n\nhttps://github.com/l4rm4nd/LinkedInDumper\n\n\u200b\u200bFoundry PoC Template\n\nThis is a foundry template to run quick and easy Proof of Concept (PoC) fork tests. It is intended to be used as a starting point for writing PoCs tests for vulnerabilities on any EVM compatible network. It is not intended to be used as a final PoC.\n\nhttps://github.com/Elpacos/quickfork\n\n\u200b\u200bPhishpedia \n\nA Hybrid Deep Learning Based Approach to Visually Identify Phishing Webpages.\n\nhttps://github.com/lindsey98/Phishpedia\n\n\u200b\u200bswagroutes\n\nA command-line tool that extracts and lists API routes from Swagger files in YAML or JSON format. It simplifies the process of fetching the routes provided by an API and supports processing multiple files or directories at once.\n\nhttps://github.com/amalmurali47/swagroutes\n\n\u200b\u200bMischief-DLL-Stager\n\nReasonably undetected shellcode stager and executer. This is a very simple shellcode stager that as of right now moderately undetected. I chose to legitimately load functions and then dynamically load others to be less immedialtely suspicious.\n\nhttps://github.com/MitchHS/Mischief-DLL-Stager\n\n\u200b\u200bGC2\n\nCommand and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.\n\nhttps://github.com/looCiprian/GC2-sheet\n\n\u200b\u200bAwesome EDR Bypass\n\nhttps://github.com/tkmru/awesome-edr-bypass\n\n\u200b\u200bSubGPT\n\nSubGPT looks at subdomains you have already discovered for a domain and uses BingGPT to predict and find more. Best part? It's free!\n\nhttps://github.com/s0md3v/SubGPT\n\n\u200b\u200bGpuDecryptShellcode\n\nXOR-decrypting shellcode on the GPU using OpenCL.\n\nhttps://github.com/eversinc33/GpuDecryptShellcode\n\n\u200b\u200bEDR Telemetry\n\nThis project aims to compare and evaluate the telemetry of various EDR products.\n\nhttps://github.com/tsale/EDR-Telemetry\n\n\u200b\u200bgh-action-pip-audit\n\nA GitHub Action that uses pip-audit to scan Python dependencies for known vulnerabilities.\n\nhttps://github.com/pypa/gh-action-pip-audit\n\n\u200b\u200bCVE-2023-25136\n\nOpenSSH Pre-Auth Double Free CVE-2023-25136 POC\n\nhttps://github.com/adhikara13/CVE-2023-25136\n\n\u200b\u200bMalSeclogon\n\nA little tool to play with the Seclogon service.\n\nhttps://github.com/antonioCoco/MalSeclogon\n\nFull technical details at:\n\u2022 https://splintercod3.blogspot.com/p/the-hidden-side-of-seclogon-part-2.html\n\u2022 https://splintercod3.blogspot.com/p/the-hidden-side-of-seclogon-part-3.html\n\n#infosec #cybersec \n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-04-21T07:55:20.000000Z"}