The Jasmin Ransomware web server contains an unauthenticated SQL injection vulnerability within the login functionality. As of April 15, 2024 this was still unpatched, so all versions are vulnerable. The last patch was in 2021, so it will likely not ever be patched. Retrieving the victims data may take a long amount of time. It is much quicker to get the logins, then just login to the site.
f7e0d4c8db68c72a070412c58aed2d661337854ce5aff7fbe8948bd051ac28cbThe Jasmin Ransomware web server contains an unauthenticated directory traversal vulnerability within the download functionality. As of April 15, 2024 this was still unpatched, so all versions are vulnerable. The last patch was in 2021, so it will likely not ever be patched.
1a47a9f079fd98ddb8e82daba4cc80d59e8ba4c54e1587cfbd504193442e68fbBuild Your Own Botnet (BYOB) version 2.0.0 exploit that works by spoofing an agent callback to overwrite the sqlite database and bypass authentication and exploiting an authenticated command injection in the payload builder page.
1a82566a9936be9ad74813ab1ab487efa90c117fb11b2d1dcb2897c0a8093afeHavoc C2 version 0.7 suffers from an unauthenticated server-side request forgery vulnerability.
072e4872c04a1287010db51073a32aa650713298636da773ff26d83cde0dd8baNorthStar C2, prior to commit 7674a44 on March 11 2024, contains a vulnerability where the logs page is vulnerable to a stored cross site scripting issue. An unauthenticated user can simulate an agent registration to cause the cross site scripting attack and take over a users session. With this access, it is then possible to run a new payload on all of the NorthStar C2 compromised hosts (agents), and kill the original agent. Successfully tested against NorthStar C2 commit e7fdce148b6a81516e8aa5e5e037acd082611f73 running on Ubuntu 22.04. The agent was running on Windows 10 19045.
e5fdc1eb511aee9e0ced55911325ab4ed7c9efe59d20347fc192d3a17a7fa844CHAOS version 5.0.8 is a free and open-source Remote Administration Tool that allows generated binaries to control remote operating systems. The web application contains a remote command execution vulnerability which can be triggered by an authenticated user when generating a new executable. The web application also contains a cross site scripting vulnerability within the view of a returned command being executed on an agent.
f57ebc1eae72783c36ac9e3df7805d9879e3d1ced0b8232ea872b32518252dceCHAOS RAT web panel version 5.0.1 is vulnerable to command injection, which can be triggered from a cross site scripting attack, allowing an attacker to takeover the RAT server.
343ca35b11570c993ed8818aa37a56638c474563d756a7ac0c8f9334b16b6ca5Jasmin Ransomware version 1.1 suffers from an arbitrary file read vulnerability.
31f4b2bfcea7721b795130a73ea23eb4c455761a9210c8e57d648ef7f5a73b61NorthStar C2 agent version 1.0 applies insufficient sanitization on agent registration routes, allowing an unauthenticated attacker to send multiple malicious agent registration requests to the teamserver to incrementally build a functioning javascript payload in the logs web page. This cross site scripting payload can be leveraged to execute commands on NorthStar C2 agents.
e3d03b1bb5d42cd9ee527169a57dc6bfa52c6c6b50d4e1a990a6c9443e01b3b1Ladder versions 0.0.1 through 0.0.21 fail to apply sufficient default restrictions on destination addresses, allowing an attacker to make GET requests to addresses that would typically not be accessible from an external context. An attacker can access private address ranges, locally listening services, and cloud instance metadata APIs.
f06f89665ccf4436395e34e316f44542fe2c8e5818e1b20f6b1def5ff8cf0c48
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed