{"uuid": "621d5c8e-7f08-4d06-92f4-e434bf8852ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-34721", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2750", "content": "#Tools -\u00a0 \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\u200b\u200bC_SYSCALLS\n\nSingle stub direct and indirect syscalling with runtime SSN resolving for windows.\n\nFeatures:\n\u25ab\ufe0f Single stub\n\u25ab\ufe0f One single line for all your syscalls\n\u25ab\ufe0f Direct or indirect sycalls\n\u25ab\ufe0f x86_64, WOW64 and x86 native support\n\nhttps://github.com/janoglezcampos/c_syscalls\n\n\u200b\u200bMango\n\nAn user interactive Powershell program to search for possible privilege escalation vectors on windows. \n\nhttps://github.com/SxNade/Mango\n\n\u200b\u200bJuicy-Potato\n\nA Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\\SYSTEM.\n\nhttps://github.com/k4sth4/Juicy-Potato\n\n\u200b\u200bSpoolTrigger\n\nWeaponizing for privileged file writes bugs with PrintNotify Service.\n\nhttps://github.com/sailay1996/SpoolTrigger\n\n\u200b\u200bContainerSSH \n\nAn SSH Server that Launches Containers in Kubernetes and Docker.\n\nhttps://github.com/ContainerSSH/ContainerSSH\n\n#remote\n\n\u200b\u200bCloudFox \n\nIt\u2019s an open source CLI tool created to help pentester's and other offensive security professionals find exploitable attack paths in cloud infrastructure.\n\nhttps://github.com/BishopFox/cloudfox\n\n\u200b\u200bRevSuit\n\nA Flexible and Powerful #Reverse #Connection Platform\n\nRevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration. It currently supports HTTP, DNS, RMI, MySQL and FTP protocols.\n\nhttps://github.com/Li4n0/revsuit\n\n\u200b\u200bJoern\n\nOpen-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs.\n\nhttps://github.com/joernio/joern\n\n\u200b\u200bCVE-2022-34721 \n\nWindows Internet Key Exchange (IKE) Protocol Extension Remote Code Execution\n\nhttps://github.com/78ResearchLab/PoC/tree/main/CVE-2022-34721\n\n#cve\n\n\u200b\u200bCodecepticon\n\nCodecepticon is a .NET application that allows you to obfuscate C#, VBA/VB6 (macros), and PowerShell source code, and is developed for offensive security engagements such as Red/Purple Teams. \n\nhttps://github.com/Accenture/Codecepticon\n\n\u200b\u200bGPUSleep\n\nMove CS beacon to GPU memory when sleeping.\n\nGPUSleep moves the beacon image to GPU memory before the beacon sleeps, and move it back to main memory after sleeping.\n\nThe idea is to hook HeapAlloc and Sleep. Encrypt (XOR) the heap allocated by the beacon and move all PE sections + heap segments to GPU memory using nvcuda.dll imports.\n\nhttps://github.com/oXis/GPUSleep\n\nDetails:\nhttps://oxis.github.io/GPUSleep/\n\n\u200b\u200bSniffle\n\nA Sniffer For Bluetooth 5 And 4.X LE.\n\nSniffle is a sniffer for Bluetooth 5 and 4.x (LE) using TI CC1352/CC26x2 hardware.\n\nFeatures:\n\u25ab\ufe0f Support for BT5/4.2 extended length advertisement and data packets\n\u25ab\ufe0f Support for BT5 Channel Selection Algorithms #1 and #2\n\u25ab\ufe0f Support for all BT5 PHY modes (regular 1M, 2M, and coded modes)\n\u25ab\ufe0f Support for sniffing only advertisements and ignoring connections\n\u25ab\ufe0f Support for channel map, connection parameter, and PHY change operations\n\u25ab\ufe0f Support for advertisement filtering by MAC address and RSSI\n\u25ab\ufe0f Support for BT5 extended advertising (non-periodic)\n\u25ab\ufe0f Support for capturing advertisements from a target MAC on all three primary advertising channels using a single sniffer. This makes connection detection nearly 3x more reliable than most other sniffers that only sniff one advertising channel.\n\u25ab\ufe0f Easy to extend host-side software written in Python\n\u25ab\ufe0f PCAP export compatible with the Ubertooth\n\nhttps://github.com/nccgroup/Sniffle\n\n\u200b\u200bAll in One Recon Tool\n\nA easy-to-use python tool to perform dns recon, subdomain enumeration and much more\n\nhttps://github.com/D3Ext/AOAOR\n\nThis is a PoC to invesitgate WMI process execution technique. Using WMI functionallity, we can spawn any process as a child process of WmiPrvSE.exe. This tool supports not only local machine's process execution but also remote machine's process execution.\n\nhttps://github.com/daem0nc0re/TangledWinExec/tree/main/WmiSpawn\n\nhttps://github.com/thiagopeixoto/massayo\n\nJoin:\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory\n\nWebsite:\nwww.ghostclan.org\n\n#InsoSec #cybersec \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06", "creation_timestamp": "2023-03-28T08:55:04.000000Z"}