{"uuid": "525c4336-fa76-4673-8bd8-32956569836b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38766", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2152", "content": "Drone Hacking Tool\n\nA GUI tool that works with a USB Wifi adapter and HackRF One for hacking drones.\n\nDrones, as a high mobility item that can be carried around easily and launched, are becoming cheaper and more popular among the public, they can be seen almost anywhere nowadays.\n\nHowever, the drone built-in flying cameras could use for illegal usage like candid photos on private property. This shows drones clearly present risks to public safety and personal privacy.\n\nTherefore, we are working on using wireless connection methods (Wi-Fi, GPS) to hack it and take over. In this project, our goal is to capture drones to stop users with malicious intent for proof of concept and a sense of accomplishment.\n\nhttps://github.com/HKSSY/Drone-Hacking-Tool\n\nzyxel ipc camera pwn\n\nThis is a minimal proof of concept to remotely open a root shell on a Zyxel IP enabled camera. Known vulnerable models are:\n\n\u25ab\ufe0f Zyxel IPC-3605N\n\u25ab\ufe0f Zyxel IPC-4605N\n\nhttps://github.com/hydrogen18/zyxel_ipc_camera_pwn\n\nRFID Gooseneck\n\nTraditional RFID badge cloning methods require you to be within 3 feet of your target, so how can you conduct a socially distanced physical penetration test and clone a badge if you must stay at least 6 feet from a person? Since 2020, companies have increasingly adopted a hybrid work environment, allowing employees to partially work remotely which has decreased the amount of foot traffic in and out of a building at any given time. \n\nSo after throwing around some ideas I thought, why not create a mobile long-range reader device that we could deploy early in the morning at a client site and let it do all the work for us. This project guide contains an entry-level hardware design that you can build in a day and deploy in the field in order to increase your chances of remotely cloning an RFID badge.\n\nHere's the full build guide for making your own RFID Goosneck Long Range Reader!\n\nhttps://github.com/sh0ckSec/RFID-Gooseneck\n\nExchangeFinder\n\nA simple and open-source tool that tries to find Micrsoft Exchange instance for a given domain based on the top common DNS names for Microsoft Exchange.\n\nhttps://github.com/mhaskar/ExchangeFinder\n\nCVE-2022-24637\n\nOpen Web Analytics (OWA) before 1.7.4 allows an UNAUTHENTICATED remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '", "creation_timestamp": "2022-12-19T00:22:37.000000Z"}