{"uuid": "3c311a59-7a7f-4de9-8699-96e27ea2f29a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34265", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2463", "content": "#Tools \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\u200b\u200bBokuLoader\n\nCobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.\n\nhttps://github.com/xforcered/BokuLoader\n\n#loader #cs #evasion #av #cobalt\n\n\u200b\u200bSparrow-WiFi\n\nSparrow-wifi has been built from the ground up to be the next generation 2.4 GHz and 5 GHz Wifi spectral awareness tool. At its most basic it provides a more comprehensive GUI-based replacement for tools like inSSIDer and linssid that runs specifically on linux. \n\nIn its most comprehensive use cases, sparrow-wifi integrates wifi, software-defined radio (hackrf), advanced bluetooth tools (traditional and Ubertooth), traditional GPS (via gpsd), and drone/rover GPS via mavlink in one solution.\n\nhttps://github.com/ghostop14/sparrow-wifi\n\n\u200b\u200bReverseShell\n\nA reverseshell for Linux. Written In Python3. \n\nhttps://github.com/Keyj33k/ReverseShell\n\n\u200b\u200bGPU_ShellCode\n\ngpu poisoning; hide the payload inside the gpu memory.\n\nafter my older repo, in which i used the thread description to hide the payload, i wanted to find new way, so now im using nividia gpu memory using cuda api's to allocate, write, and free when there is no need for the payload to be found in memory.\n\nhttps://github.com/H1d3r/GPU_ShellCode\n\n\u200b\u200bPapaya\n\n#NoSQL Injection Tool to bypass login forms & extract usernames/passwords using regular expressions. \n\nPapaya is a tool to test if a #MongoDB/NoSQL-based web application is vulnerable to a basic NoSQL injection on POST login forms, including tests for password and username extraction.\n\nhttps://github.com/eversinc33/Papaya\n\n\u200b\u200bSecurity Bugs\n\nFull disclosures for CVE ids, proofs of concept, exploits, 0day bugs and so on.  Microsoft Internet Explorer 11 (protected mode off) & Adobe Acrobat Reader DC ActiveX\n\nhttps://github.com/j00sean/SecBugs\n\nCVE-2022-34265\n\nPoC verification of Django vulnerability \n\nA vulnerability (CVE-2022-34265) in Django was disclosed on July 5, 2022 (US time). This article describes our discussion of this vulnerability and the results of our verification.\n\nhttps://github.com/aeyesec/CVE-2022-34265\n\n\u200b\u200bCrackQL\n\nA GraphQL password brute-force and fuzzing utility.\n\nCrackQL is a versatile GraphQL penetration testing tool that exploits poor rate-limit and cost analysis controls to brute-force credentials and fuzz operations.\n\nhttps://github.com/nicholasaleks/CrackQL\n\n\u200b\u200bAwesome-web3-Security\n\nA curated list of web3 Security materials and resources For Pentesters and Bug Hunters.\n\nhttps://github.com/Anugrahsr/Awesome-web3-Security\n\n\u200b\u200bGadgetToJScript\n\nA tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA scripts.\n\nThe current gadget triggers a call to Activator.CreateInstance() when deserialized using BinaryFormatter from jscript/vbscript/vba, this means it can be used to trigger execution of your .NET assembly of choice via the default/public constructor.\n\nThe tool was created mainly for automating WSH scripts weaponization for RT engagements (Initial Access, Lateral Movement, Persistence), the shellcode loader which was used for PoC is removed and replaced by an example assembly implemented in the TestAssembly project.\n\nhttps://github.com/med0x2e/GadgetToJScript\n\nBTC:\nbc1q62lwma4r3w3klq4mcn5hys9nps5h40qmafrc8e\n\n\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-03-13T07:34:06.000000Z"}