{"uuid": "96aaeb09-077e-48ee-bfbc-23e4ce7308c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20126", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2826", "content": "\u200b\u200bEasyPen\n\nA GUI program which helps pentesters do information gathering, vulnerability scan and exploitation.\n\nIt has more than 100 built-in scan scripts written in Python which covers most common vulnerabilities while at the same time it provides you some extra exploitation tools.\n\nYou can easily write your own python script and apply the scan for thousands of targets.\n\nhttps://github.com/lijiejie/EasyPen\n\n\u200b\u200bOpenWRTInvasion\n\nRoot shell exploit for several Xiaomi routers: 4A Gigabit, 4A 100M, 4C, 3Gv2, 4Q, miWifi 3C...\n\nhttps://github.com/acecilia/OpenWRTInvasion\n\n#exploit\n\n\u200b\u200bMitra\n\nA tool to generate binary polyglots (files that are valid with several file formats).\n\nhttps://github.com/corkami/mitra\n\n\u200b\u200bHeadless Strike\n\nAggressorscript that turns the headless aggressor client into a (mostly) functional cobalt strike client.\n\nhttps://github.com/CodeXTF2/cobaltstrike-headless\n\n\u200b\u200bCVE-2022-20126\n\nhttps://github.com/Trinadh465/packages_apps_Bluetooth_AOSP10_r33_CVE-2022-20126\n\n#cve\n\n\u200b\u200bcURL for OSINT\n\ncURL Tool usage (with Grep) for OSINT (Open-Source Intelligence)\n\nhttps://github.com/C3n7ral051nt4g3ncy/cURL_for_OSINT\n\n\u200b\u200btargetedKerberoast\n\nKerberoast with ACL abuse capabilities.\n\nA Python script that can, like many others (e.g. GetUserSPNs.py), print \"kerberoast\" hashes for user accounts that have a SPN set. This tool brings the following additional feature: for each user without SPNs, it tries to set one (abuse of a write permission on the servicePrincipalName attribute), print the \"kerberoast\" hash, and delete the temporary SPN set for that operation. This is called targeted Kerberoasting. This tool can be used against all users of a domain, or supplied in a list, or one user supplied in the CLI.\n\nMore information about this attack:\nThe Hacker Recipes - Kerberoast\nThe Hacker Recipes - Targeted Kerberoasting\n\nhttps://github.com/ShutdownRepo/targetedKerberoast\n\n\u200b\u200bModules\n\nOpen sourced the \"assembly execute\" and \"powerpick\" module/command. Have fun.\n\nhttps://github.com/HavocFramework/Modules\n\n\u200b\u200bMinimalistic TCP and UDP port scanners\n\nA simple yet powerful TCP and UDP port scanners:\n\n\u25ab\ufe0f Detection of open, closed and filtered ports (both TCP and UDP)\n\u25ab\ufe0f Ability to scan a single host, network range or a list of hosts in a file\n\u25ab\ufe0f Adjustable timeout values for effective and reliable port scanning\n\nDespite the minimalistic design, both port scanners keep track of everything by using a simple state file (scanresults.txt) which is created in the current working directory. This allows the scanners to be easily resumed if they were interrupted or to skip already scanned hosts / ports.\n\nhttps://github.com/InfosecMatter/Minimalistic-offensive-security-tools\n\nDetails:\nhttps://www.infosecmatter.com/port-scanner-in-powershell-tcp-udp-ps1/\n\n#InsoSec #cybersec \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06", "creation_timestamp": "2023-04-02T11:47:21.000000Z"}