{"uuid": "dea1e5ca-8584-4f03-a9fd-77e492e746a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-21036", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2895", "content": "kAFL\n\nA fuzzer for full VM kernel/driver targets.\n\nhttps://github.com/IntelLabs/kAFL\n\n#cybersecurity #infosec #linux\n\n\u200b\u200bfavfound (criminalip api)\n\nThis code was made to extract the fabicon hash from your desired IP address or URL. You can also see all the IP addresses that are associated with the fabicon hash value. I used an OSINT search engine similar to Shodan and Censys called CriminalIP and the API from their free service.\n\nhttps://github.com/elihypoo414/favfound\n\n#cybersecurity #infosec\n\n\u200b\u200bmssql-spider\n\nAutomated exploitation of MSSQL user impersonation and linked instances.\n\nhttps://github.com/dadevel/mssql-spider\n\n#infosec #pentesting #redteam\n\n\u200b\u200bdontgo403\n\nTool to bypass 40X response codes.\n\nhttps://github.com/devploit/dontgo403\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bWeb application pentesting checklist\n\nA OWASP Based Checklist With 500+ Test Cases.\n\nhttps://github.com/Hari-prasaanth/Web-App-Pentest-Checklist\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bsonos/amlogic haxx\n\nhere you will find some exploit & tool code that was part of my presentation about the Sonos One @ Hack in the Box amsterdam 2023. the EL3 exploit can be used to dump your OTP/eFUSE data. sonostool can be used to get decryption keys for Sonos LUKS volumes as well as fetch and decrypt OTA updates without using a sonos device as an oracle.\n\nhttps://github.com/blasty/sonos\n\n#cybersecurity #infosec #exploit\n\n\u200b\u200baCropalypse gif\n\naCropalypse CVE-2023-21036 related GIF PoC. The aCropalypse reported affects PNG, but a similar exploit exists in GIF images.\n\nhttps://github.com/heriet/acropalypse-gif\n\n#infosec #cve #poc\n\n\u200b\u200budpx\n\nFast and lightweight, UDPX is a single-packet UDP scanner written in Go that supports the discovery of over 45 services with the ability to add custom ones. It is easy to use and portable, and can be run on Linux, Mac OS, and Windows. Unlike internet-wide scanners like zgrab2 and zmap, UDPX is designed for portability and ease of use.\n\nhttps://github.com/nullt3r/udpx\n\n#pentesting #infosec #redteam\n\n\u200b\u200bSQLRecon\n\nA C# MS-SQL toolkit designed for offensive reconnaissance and post-exploitation. For detailed usage information on each technique, refer to the wiki.\n\nhttps://github.com/xforcered/SQLRecon\n\nDetails:\nhttps://github.com/skahwah/Conference-Talks/tree/main/2022-Way-West-Hackin-Fest\n\n#infosec #pentesting #redteam\n\n\u200b\u200bTeamFiltration\n\nTeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts.\n\nhttps://github.com/Flangvik/TeamFiltration\n\n#infosec #cybersec \n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory\n\n2/2", "creation_timestamp": "2023-04-24T14:53:17.000000Z"}