rvn0xsy / cooolis-ms Goto Github PK

✈@golangniu 有没有联系方式啊，想和师傅沟通下~

例如 windows/x64/meterpreter/reverse_tcp_rc4，我看 loader 里面没有 rc4 的相关内容。

这个问题在v1.2中解决了

请教2个问题：
1为什么Coolis-ms.exe与msf联动后，进程是rundll32.exe而不是Coolis-ms.exe，是执行successfull = (*DllEntry)((HINSTANCE)code, DLL_PROCESS_ATTACH, 0)后直接进入了dllmain么，我在源码中没有找到有关rundll32.exe的信息，我看执行这句后，msf就收到数据连接成功了，后面的代码也就不执行了.
2如果dllmain中无执行信息，通过MemoryGetProcAddress（）调用相关函数才会执行一下语句是么.
//DllMain = (Module)MemoryGetProcAddress(hModule, cFunctionName);
//hThread = CooolisCreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)DllMain, NULL, NULL, &dwThread);
//WaitForSingleObject(hThread, INFINITE);
//MemoryFreeLibrary(hModule);
//return VOID();

是一定要用阿里云的OSS吗？或者是哪个地方需要修改？

用msf tcp_rc4的payload 成功上线后。只要目标网络中断过，就无法重新正常上线。
sessions 可看到 但是无任何信息，应该是Encrypted: No这个问题。

Hello, there!

As part of the university research we are currently doing regarding the security of Github Actions, we noticed that one or many of the workflows that are part of this repository are referencing vulnerable versions of the third-party actions. As part of a disclosure process, we decided to open issues to notify GitHub Community.

Please note that there are could be some false positives in our methodology, thus not all of the open issues could be valid. If that is the case, please let us know, so that we can improve on our approach. You can contact me directly using an email: ikoishy [at] ncsu.edu

Thanks in advance

1. The workflow main.yml is referencing action ilammy/msvc-dev-cmd using references v1.4.1. However this reference is missing the commit 74a501b which may contain fix to the vulnerability.

The vulnerability fix that is missing by actions' versions could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider updating the reference to the action.

If you end up updating the reference, please let us know. We need the stats for the paper :-)