{"vulnerability": "CVE-2024-38100", "sightings": [{"uuid": "a6fa87af-e322-4fea-b739-f12e5700524f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38100", "type": "seen", "source": "https://bsky.app/profile/keesnk.bsky.social/post/3lgfemhr2q22u", "content": "", "creation_timestamp": "2025-01-23T07:34:47.045677Z"}, {"uuid": "4164a8f0-b416-4a9d-aa22-1c6ad188cf7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38100", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3lgezdf735k2l", "content": "", "creation_timestamp": "2025-01-23T04:12:57.574247Z"}, {"uuid": "1b9271b5-c6bb-4090-8521-a44dd6e20604", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38100", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3lgezdfcsmv2k", "content": "", "creation_timestamp": "2025-01-23T04:12:58.095522Z"}, {"uuid": "9468a81d-daf2-48b8-8cd3-eec4b1486fed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38100", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lj6s25q2mz2s", "content": "", "creation_timestamp": "2025-02-27T21:02:05.417355Z"}, {"uuid": "f7e51225-992a-463a-9c05-941deba90567", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38100", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-9d1c9d9f-675cdbc3d8f48478", "content": "", "creation_timestamp": "2025-03-01T00:19:16.600247Z"}, {"uuid": "1c25ace3-cbfe-4046-b1e8-fdd786a60810", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38100", "type": "published-proof-of-concept", "source": "https://t.me/hackingbra/196", "content": "Leaked Wallpaper\n\nThis is a privilege escalation tool (fixed with CVE-2024-38100 in KB5040434) that allows us to leak a user's NetNTLM hash from any session on the computer, even if we are working from a low-privileged user.\nhttps://github.com/MzHmO/LeakedWallpaper", "creation_timestamp": "2024-09-11T12:19:46.000000Z"}, {"uuid": "087ea671-7e46-4239-bf37-65f772052947", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38100", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8188", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-38100 Windows Leaked Wallpaper Escelation to RCE vulnerability\nURL\uff1ahttps://github.com/Florian-Hoth/CVE-2024-38100-RCE-POC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-06T18:28:13.000000Z"}, {"uuid": "a9887cb4-91d0-4941-9806-050a22b40518", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38100", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/8678", "content": "\u200aCVE-2024-38100: Leaked Wallpaper Exploit Exposes Windows Users to Privilege Escalation Attacks\n\nhttps://securityonline.info/cve-2024-38100-leaked-wallpaper-exploit-exposes-windows-users-to-privilege-escalation-attacks/", "creation_timestamp": "2024-08-05T11:10:43.000000Z"}, {"uuid": "248baafc-b1cd-4488-bf26-f53f5cbb968f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38100", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/2177", "content": "https://github.com/Florian-Hoth/CVE-2024-38100-RCE-POC", "creation_timestamp": "2024-08-07T20:11:17.000000Z"}, {"uuid": "85dde4bc-7a5d-4010-8974-2991772aab71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38100", "type": "seen", "source": "https://t.me/cvedetector/395", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-38100 - Windows File Explorer Elevation of Privilege Vulne\", \n  \"Content\": \"CVE ID : CVE-2024-38100 \nPublished : July 9, 2024, 5:15 p.m. | 27\u00a0minutes ago \nDescription : Windows File Explorer Elevation of Privilege Vulnerability \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-09T19:48:34.000000Z"}, {"uuid": "9a69c6fd-fd63-4328-af3a-f6f172fa10e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38100", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8479", "content": "Tools - Hackers Factory \n\nOffensive_security\n\n1. PANIX - Linux Persistence Tool\ngithub.com/Aegrah/PANIX\n\n2. RedGuard - C2 front flow control tool, can avoid Blue Teams, AVs, EDRs check\n\ngithub.com/wikiZ/RedGuard\n\nThis is a privilege escalation tool (fixed with CVE-2024-38100 in KB5040434) that allows us to leak a user's NetNTLM hash from any session on the computer, even if we are working from a low-privileged user.\n\nhttps://github.com/MzHmO/LeakedWallpaper\n\nLeaked-Credentials\n\nhttps://github.com/h4x0r-dz/Leaked-Credentials\n\nCVE-2024-22243: URL-parsing vulnerability in Java Spring Framework\n\nhttps://github.com/SeanPesce/CVE-2024-22243\n\nTool for monitor Active Directory changes in real time without getting all objects. Instead of this it use replication metadata and Update Sequence Number (USN) to filter current properties of objects.\n\nhttps://github.com/DrunkF0x/ADSpider/tree/main\n\nTorBot\n\nhttps://github.com/DedSecInside/TorBot\n\nCheck for the existence of an email on Google platforms\n\nhttps://github.com/ranlo/check-google-user\n\nADExplorerSnapshot-rs\n\nhttps://github.com/t94j0/adexplorersnapshot-rs\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-08-05T06:19:41.000000Z"}, {"uuid": "b7d361ec-76bf-4b24-905b-b95e810bf084", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38100", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/596", "content": "Tools - Hackers Factory \n\nOffensive_security\n\n1. PANIX - Linux Persistence Tool\ngithub.com/Aegrah/PANIX\n\n2. RedGuard - C2 front flow control tool, can avoid Blue Teams, AVs, EDRs check\n\ngithub.com/wikiZ/RedGuard\n\nThis is a privilege escalation tool (fixed with CVE-2024-38100 in KB5040434) that allows us to leak a user's NetNTLM hash from any session on the computer, even if we are working from a low-privileged user.\n\nhttps://github.com/MzHmO/LeakedWallpaper\n\nLeaked-Credentials\n\nhttps://github.com/h4x0r-dz/Leaked-Credentials\n\nCVE-2024-22243: URL-parsing vulnerability in Java Spring Framework\n\nhttps://github.com/SeanPesce/CVE-2024-22243\n\nTool for monitor Active Directory changes in real time without getting all objects. Instead of this it use replication metadata and Update Sequence Number (USN) to filter current properties of objects.\n\nhttps://github.com/DrunkF0x/ADSpider/tree/main\n\nTorBot\n\nhttps://github.com/DedSecInside/TorBot\n\nCheck for the existence of an email on Google platforms\n\nhttps://github.com/ranlo/check-google-user\n\nADExplorerSnapshot-rs\n\nhttps://github.com/t94j0/adexplorersnapshot-rs\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-08-05T06:19:15.000000Z"}, {"uuid": "db7110b9-bf30-407f-87ae-346b838e5d3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38100", "type": "published-proof-of-concept", "source": "https://t.me/dc_main/6319", "content": "FakePotato \u0437\u0430\u0440\u0435\u0433\u0435\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043e \u043a\u0430\u043a CVE-2024-38100. \u041e\u043f\u044f\u0442\u044c DCOM \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438... \n\nhttps://decoder.cloud/2024/08/02/the-fake-potato/\n\n\u041f\u043e\u043c\u0435\u0447\u0435\u043d\u043e \u043a\u0430\u043a \"Important LPE\", \u043d\u043e \u0437\u0430\u043f\u0430\u0442\u0447\u0435\u043d\u043e \u0432 \u0438\u044e\u043b\u0435...\n\n#pentest #redteam #lpe #ad", "creation_timestamp": "2024-08-08T13:55:57.000000Z"}, {"uuid": "ef17f49f-c5ad-4c4e-a5da-deb6896323f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38100", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7166", "content": "Tools - Hackers Factory \n\nOffensive_security\n\n1. PANIX - Linux Persistence Tool\ngithub.com/Aegrah/PANIX\n\n2. RedGuard - C2 front flow control tool, can avoid Blue Teams, AVs, EDRs check\n\ngithub.com/wikiZ/RedGuard\n\nThis is a privilege escalation tool (fixed with CVE-2024-38100 in KB5040434) that allows us to leak a user's NetNTLM hash from any session on the computer, even if we are working from a low-privileged user.\n\nhttps://github.com/MzHmO/LeakedWallpaper\n\nLeaked-Credentials\n\nhttps://github.com/h4x0r-dz/Leaked-Credentials\n\nCVE-2024-22243: URL-parsing vulnerability in Java Spring Framework\n\nhttps://github.com/SeanPesce/CVE-2024-22243\n\nTool for monitor Active Directory changes in real time without getting all objects. Instead of this it use replication metadata and Update Sequence Number (USN) to filter current properties of objects.\n\nhttps://github.com/DrunkF0x/ADSpider/tree/main\n\nTorBot\n\nhttps://github.com/DedSecInside/TorBot\n\nCheck for the existence of an email on Google platforms\n\nhttps://github.com/ranlo/check-google-user\n\nADExplorerSnapshot-rs\n\nhttps://github.com/t94j0/adexplorersnapshot-rs\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-08-05T06:19:41.000000Z"}, {"uuid": "275a6662-ab63-47bb-b035-711f88a56512", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38100", "type": "published-proof-of-concept", "source": "https://t.me/RalfHackerChannel/1514", "content": "FakePotato \u0437\u0430\u0440\u0435\u0433\u0435\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043e \u043a\u0430\u043a CVE-2024-38100. \u041e\u043f\u044f\u0442\u044c DCOM \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438... \n\nhttps://decoder.cloud/2024/08/02/the-fake-potato/\n\n\u041f\u043e\u043c\u0435\u0447\u0435\u043d\u043e \u043a\u0430\u043a \"Important LPE\", \u043d\u043e \u0437\u0430\u043f\u0430\u0442\u0447\u0435\u043d\u043e \u0432 \u0438\u044e\u043b\u0435... MS \u0442\u0430\u043a\u043e\u0439 MS \ud83d\ude05\ud83d\ude02\n\n#pentest #redteam #lpe #ad", "creation_timestamp": "2024-08-02T19:54:47.000000Z"}, {"uuid": "801c5ded-8e9f-4703-8093-2d9e45f7644a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38100", "type": "published-proof-of-concept", "source": "https://t.me/zer0day1ab/118", "content": "FakePotato \u0437\u0430\u0440\u0435\u0433\u0435\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043e \u043a\u0430\u043a CVE-2024-38100. \u041e\u043f\u044f\u0442\u044c DCOM \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438... \n\nhttps://decoder.cloud/2024/08/02/the-fake-potato/\n\n\u041f\u043e\u043c\u0435\u0447\u0435\u043d\u043e \u043a\u0430\u043a \"Important LPE\", \u043d\u043e \u0437\u0430\u043f\u0430\u0442\u0447\u0435\u043d\u043e \u0432 \u0438\u044e\u043b\u0435...\n\n#pentest #redteam #lpe #ad", "creation_timestamp": "2024-08-03T03:42:42.000000Z"}, {"uuid": "52c1bc84-79de-4258-92e8-5a0d7c8ae37a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-38100", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10917", "content": "#tools\n#Offensive_security\nDeadPotato Privilege Escalation Utility\n(CVE-2024-38100)\nhttps://github.com/lypd0/DeadPotato\n]-> https://github.com/MzHmO/LeakedWallpaper", "creation_timestamp": "2024-08-07T18:08:23.000000Z"}]}