Login
Start Free Trial
Back

Unique Exploit - Persistence through CVE-2022-30507

Dec 31, 2022

as a trying to write exploitation for anything and find a use for it in real-world scenarios.

Exploiting such vulnerability for persistence can be a very good scenario, also it can be used with phishing and social engineering.

I wrote the next exploit:

https://github.com/mhzcyber/CVE-Analysis/blob/main/CVE-2022-30507/CVE-2022-30507Exploit.py

Which generates reverse shell payload for linux and windows, the payload going to be saved in .md (markdown) file and once it’s imported in Notable, automatically it will be executed.

Run the exploit:

python3 CVE-2022-30507Exploit.py

Linux Payload

python3 CVE-2022-30507Exploit.py linux auto

Windows Payload

python3 CVE-2022-30507Exploit.py win auto

Test exploiting notable using the generated payload by the tool

Linux:

Windows:

Finally thoughts

Exploiting such applications on the end user's machine it’s a really interesting topic, and it can take us to very deep research to discover new ways of exploiting and hacking end user's machines through such applications.

This is version one of the exploitation.

We are currently developing version two which will import the payload file in the application automatically, and that will give us even more advanced persistence.

#exploit #cve #vulnerability #persistence #redteam #CVE-2022-30507

We are presenting a unique exploit that helps us exploit Notable app CVE-2022-30507, mainly we are using this for persistence and social engineering.

Tags

  • #vulnerability

  • #cve

  • #exploit

  • #redteam

  • #vicarius_blog

  • #CVE-2022-30507

  • #persistence

users/photos/cl9eol3ua2l7i0llg9fft6uoq.jpg

Written by

Mohammad Hussam Alzeyyat

Recent Posts

  • 1

    Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerability (CVE-2022-44666) (0day)

    j00sean (https://twitter.com/j00sean) July 11, 2023

  • 2

    CVE-2021-38294: Apache Storm Nimbus Command Injection

    Zeyad Abdelazim June 20, 2023

  • 3

    CVE-2023-21931 & CVE-2023-21839 RCE via post-deserialization

    Mohammad Hussam Alzeyyat June 19, 2023

  • 4

    Have you missed them? The new reports feature is here!

    Noa Machter May 14, 2023

  • 5

    CVE-2021-45456 Apache Kylin RCE Exploit

    Mohammad Hussam Alzeyyat April 30, 2023

Related Posts

By Matek Kamilló
Sep 06, 2023

A tale about a Red Team exercise and the Forcepoint Endpoint One DLP client

While preparing for a Red Team Engagement, I learned about the Forcepoint Endpoint One DLP client. The product contains a limited Python interpreter that can be run by non-administrator users. I managed to remove the restrictions and now I have a functionally perfectly working Python interpreter. It is essential that according to the Forcepoint recommendation, the entire installation folder should be added to the exclusion list of AV and monitoring systems. This gave me the idea to use the "secret" interpreter to gain "initial access" to the client with a phishing attack. I successfully implemented this in practice. Later, I found an accepted and high-class vulnerability, but internal testing has found it before me, therefore there will be no CVE about it.
By Reidho Satria
Sep 05, 2023

Aizawa, a super simple command-line webshell that execute commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function.

Hi guys, my name is Rei and in this post I wanna share my little project about making simple all-in-one tools to bypassing disable_function and execute commands in PHP with different approach, It's called Aizawa the name is inspired from japanese esport vtuber called Aizawa Ema, the code itself was written in PHP and you can easily run it in different operating system.
By Akos Jakab
Aug 03, 2023

RCE via example DAG in Apache Airflow (CVE-2022-40127) - Exploit

The provided Python code is an exploit script targeting CVE-2022-40127, a Remote Code Execution (RCE) vulnerability in Apache Airflow versions before 2.4.0. The vulnerability arises due to insufficient validation of user-supplied inputs, which allows an attacker to execute arbitrary code on the target system
last_chanse_02.png

Start Closing Security Gaps

  • Risk reduction from Day 1
  • Fast set-up and deployment
  • Unified platform
  • Full-featured 14-day trial
Start Free Trial!