Iopsys Router - 'dhcp' Remote Code Execution

!/usr/bin/python import json import sys import subprocess import socket import os from time import sleep from websocket import createconnection def ubusAuthhost, username, password: ws = createconnection"ws://" + host, header = "Sec-WebSocket-Protocol: ubus-json" req =...

Cisco IOS 12.2 < 12.4 / 15.0 < 15.6 - Security Association Negotiation Request Device Memory E

Exploit for hardware platform in category remote exploits !/usr/bin/python -- coding: utf8 -- import socket from scapy.all import --------------------------- Requirements: $ sudo pip install scapy --------------------------- conf.verb = 0 RCVSIZE = 2548 TIMEOUT = 6 payload =...

Linux/x64 - Custom Encoded XOR + Polymorphic + execve(/bin/sh) Shellcode (Generator)

Linux/x64 - Custom Encoded XOR + Polymorphic + execve/bin/sh Shellcode Generator. Shellcode exploit for Generator platform !/usr/bin/python from random import randint encoded = "" encoded2 = "" badchars = 0x00 shellcode = "\x90" +...

Open-Xchange: SSRF - RSS feed, blacklist bypass (IP Formatting)

FYI - Tested on local installation of App Suite 7.8.4 REV 17 Hello, There appears to be a SSRF vulnerability in the below endpoint. This is due to a failure in the App Suite code when evaluating an IP address against a blacklist. The SSRF is limited to scanning hosts on port 80/443 but accuracy i...

The vulnerability of the Python script execution subsystem of the NX-OS network operating system allows a attacker to execute arbitrary commands on the underlying operating system.

The vulnerability of the Python script execution subsystem in the NX-OS network operating system is related to insufficient cleaning of user parameters used by certain Python functions in an isolated scripting environment. Exploiting this vulnerability allows a malicious actor to exit the isolate...

SocuSoft Co. Photo 2 Video Converter 8.0.0 Code Execution / DoS

================================================================================= | | | | | | | | | | | |/' | / / / / | ' | /| | ' \ \ / | '| \ \ \ /\ / / | | | \ |/ / | | | | |./ / | | ./ /\ V V / || ||/|| || ||/ || / // C O N T A C T : Twitter: @ret2eax Email: [email protected] Blog:...

EmbedInHTML - Embed and hide any file in an HTML file

What this tool does is taking a file any type of file, encrypt it, and embed it into an HTML file as ressource, along with an automatic download routine simulating a user clicking on the embedded ressource. Then, when the user browses the HTML file, the embedded file is decrypted on the fly, save...

Vonage VDV-23 - Denial of Service Exploit

Exploit for hardware platform in category dos / poc Overview During an evaluation of the Vonage home phone router, it was identified that the loginUsername and loginPassword parameters were vulnerable to a buffer overflow. This overflow caused the router to crash and reboot. Further analysis will...

Dup Scout Enterprise 10.0.18 - Login Buffer Overflow Exploit

Exploit for windows platform in category remote exploits Tested on Windows 10 x86 The application requires to have the web server enabled. Exploit for older version: https://www.exploit-db.com/exploits/40832/ !/usr/bin/python import socket,os,time,struct,argparse parser = argparse.ArgumentParser...

Linux Process Hunter: Prochunter

Prochunter aims to find hidden process with all userspace and most of the kernelspace rootkits. This tool is composed of a kernel module that prints out all running processes walking the taskstruct list and creates /sys/kernel/prochunter/set entry. A python script that invokes the kernel function...

KRACK Detector - Detect and prevent KRACK attacks in your network

KRACK Detector is a Python script to detect possible KRACK attacks against client devices on your network. The script is meant to be run on the Access Point rather than the client devices. It listens on the Wi-Fi interface and waits for duplicate message 3 of the 4-way handshake. It then...

Easy MPEG/AVI/DIVX/WMV/RM To DVD Buffer Overflow

!/usr/bin/python Exploit Title: Easy MPEG/AVI/DIVX/WMV/RM to DVD - 'Enter User Name' Field Buffer Overflow SEH Date: 05-10-2017 Exploit Author: Venkat Rajgor Vendor Homepage: http://www.divxtodvd.net/ Software Link: http://www.divxtodvd.net/easyvideotodvd.exe Tested On: Windows 7 x64 To reproduce...

Apache James Deserialization RCE(CVE-2017-12628)

Analysis of CVE-2017-12628 This morning I spotted a tweet mentioning an “Apache James 3.0.1 JMX Server Deserialization” vulnerability, CVE-2017-12628, which caught my eye because I wrote a generic JMX deserialization exploit which is included in my RMI attack tool BaRMIe. A quick search for more...

Check_MK 1.2.8p25 - Information Disclosure

CheckMK 1.2.8p25 - Information Disclosure 1. ADVISORY INFORMATION ======================= Product: Checkmk Vendor URL: https://mathias-kettner.de/checkmk.html Type: Race Condition CWE-362 Date found: 2017-09-21 Date published: 2017-10-18 CVSSv3 Score: 7.5...

Opentext Documentum Content Server File Hijack / Privilege Escalation

!/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server does not properly validate input of PUTFILE RPC-command which allows any authenticated user to hijack arbitrary file from Content Server filesystem, because some files on Content Server...

Apache Tomcat Upload Bypass / Remote Code Execution

!/usr/bin/python import requests import re import signal from optparse import OptionParser class bcolors: HEADER = '\03395m' OKBLUE = '\03394m' OKGREEN = '\03392m' WARNING = '\03393m' FAIL = '\03391m' ENDC = '\0330m' BOLD = '\0331m' UNDERLINE = '\0334m' banner=""" / \ \ / / | | \ / / | | / | \ /...

Wifite 2 - A complete re-write of Wifite (Automated Wireless Attack Tool)

A complete re-write of wifite, a Python script for auditing wireless networks. What's new? Lots of files instead of "one big script". Cleaner process management -- No longer leaves processes running in the background. UX: Target access points are refreshed every second instead of every 5 seconds...

Easy MPEG/AVI/DIVX/WMV/RM to DVD - &#039;Enter User Name&#039; Local Buffer Overflow (SEH)

!/usr/bin/python Exploit Title: Easy MPEG/AVI/DIVX/WMV/RM to DVD - 'Enter User Name' Field Buffer Overflow SEH Date: 05-10-2017 Exploit Author: Venkat Rajgor Vendor Homepage: http://www.divxtodvd.net/ Software Link: http://www.divxtodvd.net/easyvideotodvd.exe Tested On: Windows 7 x64 To reproduce...

UEFI Firmware Parser

The UEFI firmware parser is a simple module and set of scripts for parsing, extracting, and recreating UEFI firmware volumes. This includes parsing modules for BIOS, OptionROM, Intel ME and other formats too. Please use the example scripts for parsing tutorials. Installation This module is includ...

Dnsmasq < 2.78 - Information Leak Exploit

Exploit for multiple platform in category dos / poc ''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14494.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html Sadly, there are no easy docker setup...