{"uuid": "3a28cb7e-810e-4870-bbe9-eaaafb1399c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42287", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2834", "content": "Tools\u00a0 \ud83d\udee0\ufe0f \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\nMsSettingsDelegateExecute\n\nBypass UAC on Windows 10/11 x64 using ms-settings DelegateExecute registry key. This visual studio project will compile a static x64 binary to test this issue.\n\nhttps://github.com/hackerhouse-opensource/MsSettingsDelegateExecute\n\niscsicpl_bypassUAC\n\nUAC bypass for x64 Windows 7-11\n\nhttps://github.com/zha0gongz1/iscsicpl_bypassUAC\n\nSysmonEnte\n\nThis is a POC attack on the integrity of Sysmon which emits a minimal amount of observable events even if a SACL is in place.\n\nTo our understanding, this attack is difficult to detect in environments where no security sensors other than Sysmon or the Windows Event Log are in use.\n\nFor more technical information on the attack and possible mitigations, please see our blogpost.\n\nhttps://github.com/codewhitesec/SysmonEnte\n\nPico-PIO-USB.\n\nUSB host/device implementation using PIO of raspberry pi pico (RP2040).\n\nhttps://github.com/sekigon-gonnoc/Pico-PIO-USB\n\nuosint\n\nFind The Profiles Of A Person On Social Networks\n\nWith this tool, you can see all the information of the target person's social networks which is publicy available. Many people thik that this tool needs to be installed, so i will make a Telegram Bot so that information can be obtained more easily and there no need to install or do any other probles just simple and easy.\n\nhttps://github.com/uosint-project/uosint\n\nserver-status PWN\n\nA script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances.\n\nhttps://github.com/mazen160/server-status_PWN\n\nExploiting Misconfigured Apache server-status Instances with server-status_PWN:\nhttps://mazinahmed.net/blog/exploiting-misconfigured-apache-server-status-instances/\n\nChitchatter\n\nA free (as in both price and freedom) communication tool. It is designed with security and privacy in mind.\n\nhttps://github.com/jeremyckahn/chitchatter\n\nDemo:\nhttps://chitchatter.im/\n\nSwiss Cyber Defence\n\nExam Preparation for Cyber Security Specialist with Swiss Federal Diploma.\n\nhttps://github.com/phr85/swiss-cyber-defence\n\nnoPac\n\nExploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user\n\nhttps://github.com/Ridter/noPac\n\n#cve #exploit\n\nVulnerable Web App\n\nsqli-postgres-rce-privesc-hacking-playground\n\nThis is free vulnerable app for novice pentesters & developers to experiment with SQL Injection vulnerability and privilege escalation.\n\nRecommended path:\n\u25ab\ufe0f exploit the SQLi vulnerability\n\u25ab\ufe0f get shell via vulnerable version of PostgreSQL\n\u25ab\ufe0f perform privilage escalation and become root \ud83e\udd42\n\nhttps://github.com/filipkarc/sqli-postgres-rce-privesc-hacking-playground\n\n#Tools\u00a0 \ud83d\udee0\ufe0f \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06", "creation_timestamp": "2023-04-03T08:51:04.000000Z"}