Published: 22/09/2022 Updated: 22/09/2022

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 0

An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike up to and including 4.7 that allowed a remote malicious user to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).

Vulnerable Product	Search on Vulmon	Subscribe to Product
helpsystems cobalt strike

cobaltstrike4.5版本破解、去除checksum8特征、bypass BeaconEye、修复错误路径泄漏stage、增加totp双因子验证、修复CVE-2022-39197等

about_cobaltstrike45_cdf cobaltstrike45版本破解、去除checksum8特征、bypass BeaconEye、修复错误路径泄漏stage、增加totp双因子验证、修复CVE-2022-39197等如果您在寻找这个项目：cobaltstrike45_cdf 是的它又被封了：Repository unavailable due to DMCA takedown 如果您对原文中的不涉及软件版权的去除checksum8特征、byp

CVE-2022-39197

CVE-2022-39197 CVE-2022-39197 "ID": "CVE-2022-39197", "STATE": "RESERVED"

Cobaltstrike RCE 漏洞CVE-2022-39197复现漏洞简述该漏洞存在于Cobalt Strike的Beacon软件中，可能允许攻击者在Beacon配置中设置格式错误的用户名，触发XSS，从而导致在CS服务端上造成远程代码执行。截图：获取NTLMv2-SSP Hash，前提是Cobalt Strike在Windows运行参考： wwwfreebufcom/vuls/345522html http

CVE-2022-39197 bug fix patch

CVE-2022-39197-fix_patch Usage Add parameters when starting cobaltstrike -javaagent:fixXss-10-SNAPSHOTjar

cs4.4修改去特征狗狗版(美化ui,去除特征,自带bypass核晶截图等..)

DogCs44 44修改版关于64不上线bug:profile文件里添加如下: http-stager { set uri_x86 "/XXXXn"; set uri_x64 "/XXXXXX"; } 修复20220921 dogcsv21 fix CVE-2022-39197 新出了个漏洞,就简单更新一下吧。简单修复了一下最新出来的xss漏洞 1新加主机ip归属地查�

基于Cobalt Strike 4.5二开版

Cobalt-Strike-45-Secondary-modification 基于CobaltStrike45二开完成 (原dogcs44二开功能基本都有)(自带破解,不需要使用csagent) 自定义属于你自己的CobaltStrike,方便一些不会二开的朋友使用～本人只测试了https上线,如有bug请在lssues中提出 By: T00lscom 相关配置 Java版本:11 运行前请先配置CatClientproperties

Cobalt Strike 二开项目

SharkOneCS 版本 beta01 测试版一些说明项目在release中sharkone zip打包基于CobaltStrike45二开完成 SharkOne的主要功能是将beacon代码可视化，其实是为了方便自己也方便其他做这方面的二次开发 teamserver验证标识是将48879改成了其他标志并且验证错误会返回其他内容并记录ip 其他的一些beacon改了�

CobaltStrike <= 4.7.1 RCE

CVE-2022-39197 RCE POC Usage Prepare Payload Edit Line 19 with your payload in EvilJar/src/main/java/Exploitjava Build using jar mvn clean compile assembly:single Move EvilJar-10-jar-with-dependenciesjar from EvilJar/target/ to serve/ folder Edit serve\evilsvg replace [attacker] Serve using python3 -m httpserver 8080 Execute Exploit python3 cve-2022-39197py beacone

CVE-2022-39197 RCE POC

CVE-2022-39197-RCE First This project was modified from @its-arun project githubcom/its-arun/CVE-2022-39197 When I tested the script, I found that the frida script could not query the data in the normal order The method of modifying the frida script to modify the process name Thanks to Master @Kai5174 for his contribution to the utilization method Usage Prepare Pay

Cobalt Strike RCE CVE-2022-39197

Cobalt Strike 存储型XSS RCE CVE-2022-39197 运行参数： -u: Cobaltstrike http监听的地址，如 127001:8500 -p: Payload，如 <html><img src=127001/logpng> 不宜过长演示：打包命令：go build -ldflags "-s -w" QQ 群：点击加入：528118163 加群 / 合作 / 联系（左） | 公众号：遮�

CVE-2022-39197

CVE-2022-39197 RCE POC Reference Links mpweixinqqcom/s/Eb0pQ-1ebLSKPUFC7zS6dg — There’s a great in depth analysis of this vulnerability wwwagarrifr/blog/archives/2012/05/11/svg_files_and_java_code_execution/indexhtml

CVE-2022-39197 漏洞补丁. CVE-2022-39197 Vulnerability Patch.

CVE-2022-39197 patch CVE-2022-39197 Cobalt Strike XSS 漏洞的一个临时补丁通过 hook javaxswingplafbasicBasicHTML的isHTMLString方法来禁用swing的html支持 PS: 部分依赖html的页面无法正常渲染(例如关于页面) 使用方法将 patchjar 放入cobaltstrike启动目录下在cobaltstrike启动参数中加入javaagent 启用补丁 -javaagent:patch

Cobalt Strike 4.4 猪猪版去暗桩去流量特征 beacon仿造真实API服务修补CVE-2022-39197补丁

注：仅供安全研究与学习之用，若将工具做其他用途，由使用者承担全部法律及连带责任，作者及发布者不承担任何法律及连带责任。 Cobalt Strike 44 猪猪版该版本为预发布内测版本,公开版本即将在五月底发布去暗桩更改认证头 COOKIE改为Authentication 更改get请求与POST请求地址使用geacon�

cve-2022-39197 poc

cve-2022-39197 Currently only remote images can be loaded

本项目包含CobaltStrike密码爆破、伪造上线以及DDos功能。其中伪造上线支持常见魔改版CS。This project includes CobaltStrike password blasting, fake online and DDos functions. Among them, fake online supports common secondary development version CS.

0x01 概述本项目包含CobaltStrike密码爆破、伪造上线以及DDos功能。其中伪造上线支持常见魔改版CS。 This project includes CobaltStrike password blasting, fake online and DDos functions Among them, fake online supports common secondary development version CS 0x02 环境准备 pip3 install netstruct pip3 install pefile

红蓝对抗快速搭建基础设施平台

X 简介 X 是一款红蓝对抗快速搭建基础设施的一个平台，主要解决红蓝对抗中队员直接经常沟通frp配置，cs之类的服务地址，浪费了大量时间的痛点。文件目录功能 frp模块 cs服务开启(打了xss补丁，githubcom/burpheart/CVE-2022-39197-patch) ldap服务开发记录 2022921 整体架构设计，�

猫猫Cs:基于Cobalt Strike[4.5]二开 (原dogcs二开移植)

2024-01-01 关于新版本猫猫Cs的说明 (PS:说了不更新了,但是还是没忍住) 新版本已修复大家提出的bug,详细看:wwwnctrycom/2735html 但是还没写完,希望大家可以提出别的bug和一些小需求,我会尽量去写,谢谢 2023-05-01 更新最终版，以后将不再更新更新说明更新说明 CobaltStrike-[Cat]-45-兔年快乐

CVE-2022-39197(CobaltStrike XSS <=4.7) POC

CVE-2022-39197-POC 中文版本README_CNmd Vulnerability Intro According to the Update Log of the latest version 471 officially released by CobaltStrike on 20 September, teamserver version(<=47) has XSS vulnerability, which can cause RCE We were contacted by an independent researcher named "Beichendream" to inform us of an XSS vulnerability they found in

为了修复XSS RCE的同时提供其他功能聚合而成的cs agent

CS_Agent_INA CS 45 Java Agent INA 为了修复XSS RCE的同时提供其他功能聚合而成的cs agent 1、支持XSS RCE修复、汉化、agent调试限制绕过及其他功能 2、理论支持CS4X版本，Java8|java11下CS45原版已进行运行验证测试声明 1、非完全原创代码, 整合于CSAgent、Attack2DefenseAgent、C

CWE-79 https://www.cobaltstrike.com/blog/tag/release/https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1/https://nvd.nist.gov https://github.com/lovechoudoufu/about_cobaltstrike4.5_cdf

Get Started

CVE-2022-39197

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect