APT China Compilation Explotation Tools
by teamkelvinsecteam - October 23, 2020 at 01:58 PM
#1
Exploit secure remote access: To gain access to networks, Chinese threat actors utilize seven different vulnerabilities, many of which also provide credentials that can be used to spread further on the network.
CVE-2019-11510
Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510)
https://github.com/projectzeroindia/CVE-2019-11510
CVE-2020-5902
exploit code for F5-Big-IP (CVE-2020-5902)
https://github.com/yasserjanah/CVE-2020-5902
CVE-2019-19781
A Citrix Application Delivery Controller (ADC) and Gateway directory traversal vulnerability, which can lead to remote code execution without credentials.
https://github.com/projectzeroindia/CVE-2019-19781
CVE-2020-8193-Citrix-Scanner
https://github.com/PR3R00T/CVE-2020-8193-Citrix-Scanner
citrix_adc_netscaler_lfi_scan
https://github.com/Zeop-CyberSec/citrix_...scaler_lfi
CVE-2019-0708
A remote code execution vulnerability exists in Remote Desktop Services
https://github.com/CVE-2019-0708/CVE-2019-0708
CVE-2020-15505
https://github.com/.../CVE.../tree/maste...2020-15505
Exploit Active Directory for Lateral Movement and Credential Access:
CVE-2020-1472
Checker & Exploit Code for CVE-2020-1472 aka Zerologon
https://github.com/VoidSec/CVE-2020-1472
CVE-2019-1040 scanner
Checks for CVE-2019-1040 vulnerability over SMB. The script will establish a connection to the target host(s) and send an invalid NTLM authentication.
https://github.com/fox-it/cve-2019-1040-scanner
Exploit public-facing servers: Attackers use these vulnerabilities to bypass authentication in web servers, email servers, or DNS to remotely execute commands on the internal network. For compromised web servers, attackers can utilize them in watering-hole attacks to target future visitors.
CVE-2020-1350
The Windows DNS server SigRed vulnerability allows attackers to spread laterally through a network.
https://github.com/ZephrFish/CVE-2020-1350
CVE-2018-6789
Exim CVE-2018-6789
PoC materials to exploit CVE-2018-6789.
https://github.com/synacktiv/Exim-CVE-2018-6789
CVE-2018-4939
https://nickbloor.co.uk/.../another-cold...ce-cve.../
Exploit internal servers: These vulnerabilities are used to spread laterally throughout a network and gain access to internal servers, where the attackers can steal valuable data.
CVE-2020-0688 - A Microsoft Exchange vulnerability that allows authenticated users to perform remote code execution
https://github.com/ravinacademy/CVE-2020-0688
CVE-2015-4852 - The WLS Security component in Oracle WebLogic15 Server allows remote attackers to execute arbitrary commands via a crafted serialized Java16 object.
https://github.com/roo7break/serialator
CVE-2020-2555 - A vulnerability exists in the Oracle® Coherence product of Oracle Fusion® Middleware. This easily exploitable
https://github.com/Y4er/CVE-2020-2555
CVE-2019-3396 - A server-side template injection vulnerability is present in the Widget Connector in Atlassian Confluence servers that allows remote attackers to perform remote code execution and path traversal.
https://github.com/jas502n/CVE-2019-3396
CVE-2019-11580 - Attackers who can send requests to an Atlassian® Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, permitting remote code execution. This vulnerability was used in GandCrab ransomware attacks in the past.
https://github.com/jas502n/CVE-2019-11580
CVE-2019-18935 - A vulnerability in Telerik 19 UI for ASP.NET AJAX can lead to remote code execution. It was seen used by a hacker group named 'Blue Mockingbird' to install Monero miners on vulnerable servers but could be used to spread laterally as well.
https://github.com/noperator/CVE-2019-18935
Reply
#2
Thanks bros. These are good resources to check
Reply
#3
9 are missing XD! Thanks for the share!
Reply
#4
Very nice share. Yes maybe APT exploit these vulns but I do not think they are using this exploit code. It would detect fast. I think they develop private exploit
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
CheeseTools: Self-developed tools for Lateral Movement/Code Execution. ziki 0 56 Yesterday at 08:59 AM
Last Post: ziki
Penetration Testing - Compilation teamkelvinsecteam 0 99 November 27, 2020 at 04:27 AM
Last Post: teamkelvinsecteam
APT Malware Collection BryanOps 3 173 November 27, 2020 at 02:46 AM
Last Post: alxirr

 Users browsing this thread: 1 Guest(s)