{"uuid": "a257a665-9bab-4cc4-8d5f-6d514aaf740e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-23897", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3233", "content": "Tools - Hackers Factory \n\nLinux anti-debugging and anti-analysis rust library\n\nhttps://github.com/0xor0ne/debugoff\n\nRemote buffer overflow over wifi_stack in wpa_supplicant binary in android 11, platform:samsung a20e, stock options so like works out of the box\n\nhttps://github.com/SpiralBL0CK/Remote-buffer-overflow-over-wifi_stack-in-wpa_supplicant-binary-in-android-11-platform-samsung-a20e\n\nNegoexrelayx - Negoex relaying tool\n\nToolkit for abusing Kerberos PKU2U and NegoEx. Requires impacket It is recommended to install impacket from git directly to have the latest version available\n\nhttps://github.com/morRubin/NegoExRelay\n\nMinimal DNS server built in Rust with rule system and logging.\n\nhttps://github.com/sammwyy/mindns\n\nA repository of code signing certificates known to have been leaked or stolen, then abused by threat actors\n\nhttps://github.com/WithSecureLabs/lolcerts\n\nTo audit the security of read-only domain controllers\n\nhttps://github.com/wh0amitz/SharpRODC\n\nCVE-2024-23897\nJenkins CVE-2024-23897: Arbitrary File Read Vulnerability Leading to RCE\n\nhttps://github.com/h4x0r-dz/CVE-2024-23897\n\nCVE-2024-21893: SSRF Vulnerability in Ivanti Connect Secure\n\nhttps://github.com/h4x0r-dz/CVE-2024-21893.py\n\nHTTP Downgrade attacks with SmuggleFuzz\n\nhttps://moopinger.github.io/blog/smugglefuzz/fuzzing/smuggling/2024/01/31/SmuggleFuzz.html\n\nsmugglefuzz : A customizable and rapid HTTP downgrade smuggling scanner written in Go \n\nhttps://github.com/Moopinger/smugglefuzz\n\nRef : http2smugl : tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -&gt; HTTP/1.1 conversion by the frontend server\n\nhttps://github.com/neex/http2smugl\n\nAdvanced Time-based Blind SQL Injection fuzzer for HTTP Headers\n\nhttps://github.com/danialhalo/SqliSniper\n\n#HackersFactory", "creation_timestamp": "2024-02-18T11:26:18.000000Z"}