CVE-2022-39197 PoC — HelpSystems Cobalt Strike 跨站脚本漏洞

Source

https://github.com/lovechoudoufu/about_cobaltstrike4.5_cdf

Associated Vulnerability

Title:HelpSystems Cobalt Strike 跨站脚本漏洞 (CVE-2022-39197)
Description:HelpSystems Cobalt Strike是美国HelpSystems公司的一个渗透测试软件。 HelpSystems Cobalt Strike 4.7及之前版本存在跨站脚本漏洞，该漏洞源于XSS（跨站脚本）漏洞，允许远程攻击者在Cobalt Strike团队服务器上执行HTML。

Description

cobaltstrike4.5版本破解、去除checksum8特征、bypass BeaconEye、修复错误路径泄漏stage、增加totp双因子验证、修复CVE-2022-39197等

Readme

# about_cobaltstrike4.5_cdf
cobaltstrike4.5版本破解、去除checksum8特征、bypass BeaconEye、修复错误路径泄漏stage、增加totp双因子验证、修复CVE-2022-39197等

如果您在寻找这个项目：cobaltstrike4.5_cdf
是的它又被封了：`Repository unavailable due to DMCA takedown.`

如果您对原文中的不涉及软件版权的去除checksum8特征、bypass BeaconEye、错误路径泄漏stage、totp双因子认证的思路和方法感兴趣，相信你可以在Internet中搜索到相关文章。

曾经发布过的hash如下，谨防有人篡改加料：
```
d0388ce3b646d5d3ab6d41261848a26af248c8345e0bab5475cedfd9e82328b5  cs.jar

eeba31fac820508a9fe5a733a617e5d6  cobaltstrike4.5_cdf.zip
2aba5e2942799f606c144699ff5ef120  cobaltstrike4.5_cdf_without_totp.zip

4509eea090a7403e2ea646adf3c3117e  cobaltstrike4.5_cdf.zip
977967c7a32f28222e1f9f2164e8002e  cobaltstrike4.5_cdf_without_totp.zip

9454823009d3e41d88cd5bff5e0bc9b9  cobaltstrike4.5_cdf.zip
4e9dc80430438387a8ec63487bc478a5  cobaltstrike4.5_cdf_without_totp.zip
```

File Snapshot


 [4.0K]  /data/pocs/3ea94c782305bf22778e9f3774012c3616c039f5
└── [1.0K]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!