{"uuid": "b8e12978-def8-4b12-a955-13fbcfdd0a7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2007-1860", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2387", "content": "#Tools \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\ntomcatWarDeployer\n\nApache Tomcat auto WAR deployment & pwning penetration testing tool.\n\nThis is a penetration testing tool intended to leverage Apache Tomcat credentials in order to automatically generate and deploy JSP Backdoor, as well as invoke it afterwards and provide nice shell (either via web gui, listening port binded on remote machine or as a reverse tcp payload connecting back to the adversary).\n\nIn practice, it generates JSP backdoor WAR package on-the-fly and deploys it at the Apache Tomcat Manager Application, using valid HTTP Authentication credentials that pentester provided (or custom ones, in the end, we all love tomcat:tomcat ).\n\nThe tool offers couple of handy features - like manager's panel lookup logic, support for CVE-2007-1860 double encoding issue, CSRF handling in newer Tomcat's.\n \nhttps://github.com/mgeeky/tomcatWarDeployer\n\nCloudBrute\n\nA tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike.\n\nFeatures:\n\u25ab\ufe0f Cloud detection (IPINFO API and Source Code)\n\u25ab\ufe0f Supports all major providers\n\u25ab\ufe0f Black-Box (unauthenticated)\n\u25ab\ufe0f Fast (concurrent)\n\u25ab\ufe0f Modular and easily customizable\n\u25ab\ufe0f Cross Platform (windows, linux, mac)\n\u25ab\ufe0f User-Agent Randomization\n\u25ab\ufe0f Proxy Randomization (HTTP, Socks5)\n\u25ab\ufe0f Supported Cloud Providers\n\nhttps://github.com/0xsha/CloudBrute\n\nResearch:\nhttps://0xsha.io/blog/introducing-cloudbrute-wild-hunt-on-the-clouds\n\nEkko\n\nA small sleep obfuscation technique that uses CreateTimerQueueTimer to queue up the ROP chain that performs Sleep obfuscation\n\nhttps://github.com/Cracked5pider/Ekko\n\nAlternative Code Execution\n\nAccording to Microsoft, a callback function is code within a managed application that helps an unmanaged DLL function complete a task. \n\nCalls to a callback function pass indirectly from a managed application, through a DLL function, and back to the managed implementation. \n\nhttps://github.com/aahmad097/AlternativeShellcodeExec\n\nliffy\n\nA little python tool to perform Local file inclusion.\n\nFeature:\n\u25ab\ufe0f data:// for code execution\n\u25ab\ufe0f expect:// for code execution\n\u25ab\ufe0f input:// for code execution\n\u25ab\ufe0f filter:// for arbitrary file reads\n\u25ab\ufe0f /proc/self/environ for code execution in CGI mode\n\u25ab\ufe0f Apache access.log poisoning\n\u25ab\ufe0f Linux auth.log SSH poisoning\n\u25ab\ufe0f Direct payload delivery with no stager\n\u25ab\ufe0f Support for absolute and relative path traversal\n\u25ab\ufe0f Support for cookies for authentication\n\nhttps://github.com/mzfr/liffy\n\nGVNG Search\n\nCommand line toolkit for gathering information about person (nickname search, validate email, geolocate ip) and domain (traceroute, dns lookup, tcp port scan etc).\n\nhttps://github.com/ByDog3r/GvngSearch\n\nGliding Sword\n\nA full fledged exploitation framework written in pure python3.\n\nhttps://github.com/MrSharkSpamBot/GlidingSword\n\nunsubscan\n\nA tool to help you find unsubscribe links in your emails\n\nI created unsubscan because I think that anyone should be able to quickly and easily look at their emails and:\n\u25ab\ufe0f Unsubscribe from whatever they want\n\u25ab\ufe0f Unsubscribe whenever they want\n\u25ab\ufe0f Unsubscribe for free\n\u25ab\ufe0f Unsubscribe without yet another subscription service\n\u25ab\ufe0f Unsubscribe without having to give another company access to their emails\n\u25ab\ufe0f Unsubscribe without having to forward emails to other companies\n\nhttps://github.com/LGUG2Z/unsubscan\n\nRed-Teaming-TTPs\n\nFree Resources to Practice\n\nhttps://github.com/RoseSecurity/Red-Teaming-TTPs\n\n\nBTC:\nbc1q62lwma4r3w3klq4mcn5hys9nps5h40qmafrc8e\n\n\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-03-06T07:21:51.000000Z"}