Exploits & CVEs

Exploit-DB

MSI Ambient Link Driver 1.0.0.8 - Local Privilege Escalation

Druva inSync Windows Client 6.6.3 - Local Privilege Escalation

River Past Audio Converter 7.7.16 - Local Buffer Overflow (SEH)

CloudMe Sync 1.11.2 Buffer Overflow - WoW64 - (DEP Bypass)

AnyBurn 4.3 - Local Buffer Overflow (SEH - Unicode)

Free MP3 CD Ripper 2.8 - ‘.wma’ Buffer Overflow (SEH) (DEP Bypass)

CuteFTP 5.0 - Buffer Overflow

Metasploit modules & payloads

Linux Command Shell, Reverse TCP Inline (IPv6)

Splunk Custom App Remote Code Execution

Shellcodes

Linux/x86 - IPv6 TCP bind tcp shell

CVEs

CVE-2020-5752 | Druva - inSync Windows Client 6.6.3 - Path Traversal LPE

CVE-2020-10680 | Polycom - RealPresence Desktop - Windows Client - Local BoF

CVE-2020-2035 | Palo Alto Networks - PAN-OS: URL filtering policy is not enforced on TLS handshakes for decrypted HTTPS sessions

CVE-2020-15936 | Fortinet - Inspection not enforced in TLS handshakes

 

Tools

Credential Dumping

PykDumper

ATPMiniDump

Heap Exploitation

Heappo

IDAPython scripts

Payload Exfiltration

SNIcat