banner
andrewji8

Being towards death

Heed not to the tree-rustling and leaf-lashing rain, Why not stroll along, whistle and sing under its rein. Lighter and better suited than horses are straw sandals and a bamboo staff, Who's afraid? A palm-leaf plaited cape provides enough to misty weather in life sustain. A thorny spring breeze sobers up the spirit, I feel a slight chill, The setting sun over the mountain offers greetings still. Looking back over the bleak passage survived, The return in time Shall not be affected by windswept rain or shine.
telegram
twitter
github
HomeArchives

【Divine Weapon】Apt_t00ls High-Risk Vulnerability Exploitation Tool

#工具118
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The project "Apt_t00ls" is a high-risk vulnerability exploitation tool developed by White-hua, I0veD, and luckyh. It is written in Java and has a graphical interface for easy operation. The tool is open-source and has strong self-expansion capabilities. It integrates new POCs quickly and provides clear results. The project provides pre-packaged Jar files for convenience. The tool was used in a recent attack and defense exercise to identify and validate Nday vulnerabilities in important target systems such as OA systems, Hikvision, and gateways. It allows for quick and efficient acquisition of target assets and finding network isolation breakthroughs. The tool can also be used to exploit the recent YouKu KSOA v9.0 arbitrary file upload vulnerability. It supports editing and uploading webshells, with the default being the Bheem 4.0 shell. The tool is capable of testing various vulnerabilities.

Project Name: Apt_t00ls High-risk Vulnerability Exploitation Tool
Experts: White-hua, I0veD, luckyh

Project Address: https://github.com/White-hua/Apt_t00ls

Advantages: This tool is constructed using Java language to create POCs and validate vulnerabilities. The graphical interface makes it more convenient and easy to operate, with clear feedback results. It is open-source and has strong self-expansion capabilities. The POC integration is new and updates quickly.

The project release provides packaged JAR files, eliminating the need for self-packaging.

image

image

image

User Experience#

I initially used this tool in a recent attack and defense exercise in a prefecture-level city. It was used to screen important target system assets and then perform batch verification of their Nday vulnerabilities, such as OA systems, Hikvision, and gateways. This tool allows for quick and efficient acquisition of target asset permissions and finding network isolation breakthroughs.

For example, the recent YouYong KSOA v9.0 arbitrary file upload vulnerability can be successfully exploited.

You can independently edit the webshell that needs to be uploaded, with the default upload being the shell of Bingshen 4.0.

image

Current vulnerabilities that can be tested with this tool:

image

image

image

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.