Dec 31, 2022
as a trying to write exploitation for anything and find a use for it in real-world scenarios.
Exploiting such vulnerability for persistence can be a very good scenario, also it can be used with phishing and social engineering.
I wrote the next exploit:
Which generates reverse shell payload for linux and windows, the payload going to be saved in .md (markdown) file and once it’s imported in Notable, automatically it will be executed.
Run the exploit:
python3 CVE-2022-30507Exploit.py linux auto
python3 CVE-2022-30507Exploit.py win auto
Exploiting such applications on the end user's machine it’s a really interesting topic, and it can take us to very deep research to discover new ways of exploiting and hacking end user's machines through such applications.
This is version one of the exploitation.
We are currently developing version two which will import the payload file in the application automatically, and that will give us even more advanced persistence.
#exploit #cve #vulnerability #persistence #redteam #CVE-2022-30507
We are presenting a unique exploit that helps us exploit Notable app CVE-2022-30507, mainly we are using this for persistence and social engineering.
Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerability (CVE-2022-44666) (0day)j00sean (https://twitter.com/j00sean) July 11, 2023
CVE-2021-38294: Apache Storm Nimbus Command InjectionZeyad Abdelazim June 20, 2023
CVE-2023-21931 & CVE-2023-21839 RCE via post-deserializationMohammad Hussam Alzeyyat June 19, 2023
Have you missed them? The new reports feature is here!Noa Machter May 14, 2023
CVE-2021-45456 Apache Kylin RCE ExploitMohammad Hussam Alzeyyat April 30, 2023