22 matches found
HTB-Machines-writeups
somdv3 — HTB Writeups Personal HackTheBox writeup repository...
Exploit for Improper Ownership Management in Debian Debian_Linux
HTB-TwoMillion-Writeup HackTheBox TwoMillion machine writeup —...
ofensive-playbook
HackTheBox — Writeups Collection A collection of HackTheBox m...
Exploit for Improper Restriction of XML External Entity Reference in Cisco Secure_Endpoint
--- tags: hackthebox, linux, hard, cve-2023-23946, cve-2023-200...
cyber
Cyber A website and repository for everything related to my s...
cyber
Cyber A website and repository for everything related to my s...
Guided Reasoning in LLM-Driven Penetration Testing Using Structured Attack Trees
Recent advances in Large Language Models LLMs have driven interest in automating cybersecurity penetration testing workflows, offering the promise of faster and more consistent vulnerability assessment for enterprise systems. Existing LLM agents for penetration testing primarily rely on self-guid...
PT-2025-1537
Name of the Vulnerable Software and Affected Versions Prusa PrusaSlicer versions prior to 2.6.2 Description A crafted 3mf project file can lead to arbitrary code execution on a host system during the process of slicing the project and exporting G-code. This issue occurs within the PostProcessor.c...
GCVE-1-2025-0002
creationtimestamp| type| source ---|---|--- 2024-10-06 08:21:05+00:00| confirmed| Reporter 2025-07-01 09:05:03+00:00| seen| https://www.hackthebox.com/blog/cve-2023-34362-explained 2025-07-01 09:52:06+00:00| seen| https://social.circl.lu/@[email protected]/114777352334943118 2025-07-0...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick
CVE-2022-44268-automated CVE-2022-44268 ImageMagick Arbitrary...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-41773 POC & Lab For CVE-2021-41773 Setup Lab...
Exploit for Deserialization of Untrusted Data in Clear Clearml
ClearML Exploit Script This repository contains a Python expl...
Exploit for Injection in Arjunsharda Searchor
CVE-2023-43364-Exploit-CVE This is a python script to exploit...
Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind
hacktheboxoscp 介绍 准备oscp考试过程中做的hackthebox里的oscp向靶机 因为oscp考试内容改变,新增域渗透。所以还有红日出的vulnstack靶场 新增:endgame,fortresses,open beta season对应HTB相应的栏目。是oscp向靶机列表外练手打的 靶机摘要 hackthebox lame lame vsftpd笑脸漏洞烟雾弹,samba服务漏洞才是真凶 legacy ms08-067,但靶机有点问题,除了第一次,后面都连不上端口了 blue blue 神似 修改命名管道,手打ms17-010 Devel Devel 神似...
Exploit for Server-Side Request Forgery in Apache Ofbiz
BadBizness Automatic exploitation scrip...
Exploit for Server-Side Request Forgery in Apache Ofbiz
BadBizness Automatic exploitation scrip...
PentestGPT - A GPT-empowered Penetration Testing Tool
A GPT-empowered penetration testing tool. Common Questions Q : What is PentestGPT? A : PentestGPT is a penetration testing tool empowered by ChatGPT. It is designed to automate the penetration testing process. It is built on top of ChatGPT and operate in an interactive mode to guide penetration...
Exploit for Improper Privilege Management in Openwebanalytics Open_Web_Analytics
CVE-2022-24637 Unauthenticated RCE in Open Web Analytics versi...
PlaySMS index.php Unauthenticated Template Injection Code Execution
This module exploits a preauth Server-Side Template Injection vulnerability that leads to remote code execution in PlaySMS before version 1.4.3. This issue is caused by double processing a server-side template with a custom PHP template system called 'TPL' which is used in the PlaySMS template...
PlaySMS 1.4.3 - Template Injection / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PlaySMS 1.4.3 Pre Auth Template Injection Remote Code Execution', 'Description' = %q This module exploits a Preauth Server-Side Template Injectio...