banner
andrewji8

Being towards death

Heed not to the tree-rustling and leaf-lashing rain, Why not stroll along, whistle and sing under its rein. Lighter and better suited than horses are straw sandals and a bamboo staff, Who's afraid? A palm-leaf plaited cape provides enough to misty weather in life sustain. A thorny spring breeze sobers up the spirit, I feel a slight chill, The setting sun over the mountain offers greetings still. Looking back over the bleak passage survived, The return in time Shall not be affected by windswept rain or shine.
telegram
twitter
github
HomeArchives

【Divine Weapon】Apt_t00ls High-risk Vulnerability Exploitation Tool

#工具118
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The project "Apt_t00ls" is a high-risk vulnerability exploitation tool. It is developed by White-hua, I0veD, and luckyh. The tool is written in Java and allows for the construction and validation of POCs (Proof of Concepts) for vulnerabilities. It has a user-friendly graphical interface and provides clear feedback on results. The tool is open-source and has strong self-expansion capabilities. It integrates new POCs quickly. The project provides pre-packaged JAR files for easy use. The tool has been used in a recent attack and defense exercise to identify and validate Nday vulnerabilities in important target systems such as OA systems, Hikvision, and gateways. It allows for quick and efficient acquisition of target assets and finding network isolation vulnerabilities. The tool can also be used to exploit the recent YouKu KSOA v9.0 arbitrary file upload vulnerability. It allows for the customization of webshells to be uploaded, with the default being the "冰蝎4.0" shell. The tool is capable of testing various vulnerabilities.

Project Name: Apt_t00ls High-risk Vulnerability Exploitation Tool
Experts: White-hua, I0veD, luckyh

Project Address: https://github.com/White-hua/Apt_t00ls

Advantages: This tool is constructed using Java language to create POCs and verify vulnerabilities. The graphical interface makes it more convenient and easy to operate, with clearer echo results. It is open source and has strong self-expansion capabilities. POC integration is new and updates quickly.

The project release provides packaged Jar products, eliminating the need for independent packaging.

image

image

image

User Experience#

I initially used this tool during a recent attack and defense exercise in a prefecture-level city. It was used to screen important target system assets and then verify their Nday vulnerabilities in batches, such as OA systems, Hikvision, and gateways, in order to quickly and efficiently obtain target asset permissions and find network isolation breakthroughs.

For example, the recent use of the YouYun KSOA v9.0 arbitrary file upload vulnerability was successful.

You can independently edit the webshell that needs to be uploaded, with the default upload being the shell of Bingshen 4.0.

image
Current vulnerabilities that can be tested with this tool:

image

image

image

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.