AttackerKB

print("Hello, World") With hundreds of community-driven assessments of vulnerabilities and threats, AttackerKB offers a platform for analysis and discussion. Interested in contributing? Want to learn more about the latest vulnerabilities? Join us: attackerkb.com

I examined the Zyxel firewall "authentication bypass" for @AttackerKb. CVE-2022-0342 just looks like a 2fa bypass to me. An explanation and proof of concept exploit can be found here: attackerkb.com/assessments/7e…

I put together a short @AttackerKb for the Sophos Firewall CVE-2022-1040 issue. A test of sorts: curl --insecure -H "X-Requested-With: XMLHttpRequest" -X POST 'https://10.0.0.12/userportal/Controller?mode=8700&operation=1&datagrid=179&json=\{"🦞":"test"\}'

I've got a few @AttackerKb write-ups in the backlog for vulnerabilities I couldn't find. I've very much not enjoyed that 😅 But hopefully the extra information will help someone else. First up, Apex Central's CVE-2022-26871: attackerkb.com/assessments/21…

I put together an @AttackerKb for Spring4Shell. There isn't a whole lot of new stuff to say at this point. I mostly focused on the original exploit. It's a simple and known technique, but not clearly stated anywhere, I thought. 🤷‍♂️ Happy hacking! attackerkb.com/topics/xtgLfwQ…

Rapid7 analysis for #Spring4Shell CVE-2022-22965 in AttackerKB via @Junior_Baines attackerkb.com/topics/xtgLfwQ…

New assessments of CVE-2020-15099 and CVE-2022-21999 in AttackerKB via community contributor noraj and @SpaceySpacek attackerkb.com

Metasploit module available in today's release.

Analysis of "Dirty Pipe" CVE-2022-0847 via @SpaceySpacek, including patch info and PoC attackerkb.com/topics/UwW7SVP…

Here is the @AttackerKb analysis for CVE-2021-36260, unauthenticated command injection on Hikvision cameras. It includes a snippet of the vulnerable code, a potential way to discover compromise, and a link to pcaps. attackerkb.com/topics/mb8q72U…

I wrote up CVE-2021-1585 for @AttackerKb. This unpatched vulnerability is in Cisco's ASDM, a thick client for managing Cisco ASA and the like. A MITM or an evil endpoint can execute arbitrary code on the victim host. PoC included. attackerkb.com/topics/0vIso8f…

Technical analysis of CVE-2021-1585 in Cisco ASDM, which allows for person-in-the-middle attacks. Disclosed in July 2021, unpatched in latest version, public exploits available. PoC and IOCs in AttackerKB. attackerkb.com/topics/0vIso8f…

To follow up on yesterday's tweet about PetitPotam/KB5009763, I added some notes to @AttackerKb and created a video demonstrating the failure and a patch to resolve it. attackerkb.com/topics/TEBmUAf… share.vidyard.com/watch/s12ar9ni…

Technical analysis for Zoho ManageEngine Desktop Central (and MSP) CVE-2021-44515, including PoC. Credit to @wvuuuuuuuuuuuuu attackerkb.com/topics/rJw4DFI…

A handful of fresh vuln assessments for January Patch Tuesday bugs in AttackerKB this week courtesy of @tekwizz123. High-volume advisory dump, but at first glance, no easily exploitable CVEs that are *also* super useful attack targets. attackerkb.com

Kibana CVE-2019-7609 and Oracle WebLogic Server CVE-2019-2725 have been reported as exploited in the wild per CISA. attackerkb.com

My favorite is CVE-2021-20038, an unauthenticated stack-based buffer overflow in the web server. I wrote a fairly detailed @AttackerKb entry detailing the challenges of landing an exploit. (2/6) attackerkb.com/topics/QyXRC1w…

Today, @rapid7 disclosed five zero-day vulnerabilities in SonicWall SMA 100 series devices. Technical analysis for CVE-2021-20038 (unauth stack-based buffer overflow) and CVE-2021-20039 (auth command injection) now in AttackerKB via @Junior_Baines. attackerkb.com/topics/9szJhq4…

We've updated the log4j @AttackerKb Rapid7 analysis to include a VMWare Horizon proof of concept. Thanks to @rwincey for help on that! We also noted that @1ZRR4H tweeted about seeing this one in the wild. attackerkb.com/topics/in9sPR2…

11 product-specific analyses Log4j vulnerability now in AttackerKB. Latest addition is PoC (and how to find IOCs) for MobileIron, which is trivially exploitable. attackerkb.com/topics/in9sPR2…

Recent additions to #Log4Shell analysis: - Apache JSPWiki, OFBiz, Druid vulnerable to CVE-2021-44228. PoCs and IOCs in write-up. - Our testing was unable to confirm exploitability for ManageEngine, VMware Horizon, WebLogic. attackerkb.com/topics/in9sPR2…