as a trying to write exploitation for anything and find a use for it in real-world scenarios.
Exploiting such vulnerability for persistence can be a very good scenario, also it can be used with phishing and social engineering.
I wrote the next exploit:
https://github.com/mhzcyber/CVE-Analysis/blob/main/CVE-2022-30507/CVE-2022-30507Exploit.py
Which generates reverse shell payload for linux and windows, the payload going to be saved in .md (markdown) file and once it’s imported in Notable, automatically it will be executed.
Run the exploit:
python3 CVE-2022-30507Exploit.py
Linux Payload
python3 CVE-2022-30507Exploit.py linux auto
Windows Payload
python3 CVE-2022-30507Exploit.py win auto
Test exploiting notable using the generated payload by the tool
Linux:
Windows:
Finally thoughts
Exploiting such applications on the end user’s machine it’s a really interesting topic, and it can take us to very deep research to discover new ways of exploiting and hacking end user’s machines through such applications.
This is version one of the exploitation.
We are currently developing version two which will import the payload file in the application automatically, and that will give us even more advanced persistence.
#exploit #cve #vulnerability #persistence #redteam #CVE-2022-30507
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About vRx
vRx is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.