{"uuid": "e4b31861-39a3-4970-ae1b-0b3723d96732", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-0796", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/259", "content": "#Tool \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\nConfuser\n\nA tool to detect Dependency Confusion vulnerabilities. It allows scanning packages.json files, generating and publishing payloads to the NPM repository, and finally aggregating the callbacks from vulnerable targets.\n\nhttps://github.com/doyensec/confuser\n\nDependency Confusion:\nhttps://blog.doyensec.com//2022/07/21/dependency-confusion.html\n\n\u200b\u200bNinjaDroid\n\nSimple tool to reverse engineering #Android APK packages.\n\nhttps://github.com/rovellipaolo/NinjaDroid\n\n\u200b\u200bSMBaloo\n\nA CVE-2020-0796 (aka \"SMBGhost\") exploit for Windows ARM64.\n\nhttps://github.com/msuiche/smbaloo\n\n#cve\n\n\u200b\u200bMerlin\n\nPost-exploit Command &amp; Control (C2) tool, also known as a Remote Access Tool (RAT), that communicates using the HTTP/1.1, HTTP/2, and HTTP/3 protocols. HTTP/3 is the combination of HTTP/2 over the Quick UDP Internet Connections (QUIC) protocol. \n\nThis tool was the result of my work evaluating HTTP/2 in a paper titled Practical Approach to Detecting and Preventing Web Application Attacks over HTTP/2. Merlin is also my first attempts at learning Golang.\n\nhttps://github.com/MythicAgents/merlin\n\nDocs:\nhttps://merlin-c2.readthedocs.io/en/latest/index.html\n\n#redteam\n\n\u200b\u200bysoserial.net\n\nA proof-of-concept tool for generating payloads that exploit unsafe .NET object deserialization.\n\nhttps://github.com/pwntester/ysoserial.net\n\n\u200b\u200bMsfMania\n\nCommand line tool developed in Python that is designed to bypass antivirus software on Windows and Linux/Mac in the future.\n\nhttps://github.com/G1ft3dC0d3/MsfMania\n\n\u200b\u200bInvoke-Obfuscation\n\nPowerShell v2.0+ compatible PowerShell command and script obfuscator.\n\nhttps://github.com/danielbohannon/Invoke-Obfuscation\n\nCode #obfuscation through Mixed Boolean-Arithmetic expressions.\n\nhttps://github.com/arnaugamez/talks/tree/master/2021/00_intent\n\n\u200b\u200bHook\n\nHook exploits a parameter injection vulnerability in the WatchGuard SSH interface. The vulnerability allows a low privileged user to exfiltrate arbitrary system files to an attacker controlled FTP server. \n\nFortunately, there is a builtin low privileged user named status that this script defaults to. It isn't unreasonable to assume that the status user will use a password of readonly, but it isn't required.\n\nhttps://github.com/jbaines-r7/hook\n\nOffensive-Carbon\n\nWeaponizing Carbon Lang for #RedTeam operation\n\nhttps://github.com/ArchonLabs/Offensive-Carbon\n\n\u200b\u200bpivotnacci\n\nPivot into the internal network by deploying HTTP agents. Pivotnacci allows you to create a socks server which communicates with HTTP agents. The architecture looks like the following:\n\nThis tool was inspired by the great reGeorg. However, it includes some improvements:\n\n\u25ab\ufe0f Support for balanced servers\n\u25ab\ufe0f Customizable polling interval, useful to reduce detection rates\n\u25ab\ufe0f Auto drop connections closed by a server\n\u25ab\ufe0f Modular and cleaner code\n\u25ab\ufe0f Installation through pip\n\u25ab\ufe0f Password-protected agents\n\nhttps://github.com/blackarrowsec/pivotnacci\n\n\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\nwww.ghostclan.org", "creation_timestamp": "2022-12-27T09:59:54.000000Z"}