Struts2Shell - Interactive Shell Command to Exploit Apache Struts CVE-2017-5638

Improves manipulation and sending commands to the vulnerable Apache Struts server using a shell. Usage: python Struts2Shell.py Download Struts2Shell...

Interactive Multi User Javascript Shell: JSShell

Interactive Multi User Javascript Shell An interactive multi-user web based shell written in Python with Flask for server side and of course Javascript and HTML client side. It was initially created in order to debug remote esoteric browsers during tests and research. Features Multi client suppor...

Twittor - A fully featured backdoor that uses Twitter as a C&C server

A stealthy Python based backdoor that uses Twitter Direct Messages as a command and control server This project has been inspired by Gcat which does the same but using a Gmail account. Setup For this to work you need: A Twitter account Use a dedicated account! Do not use your personal one! Regist...

CapTipper - Malicious HTTP traffic explorer tool

CapTipper is a python tool to analyze, explore and revive HTTP malicious traffic. CapTipper sets up a web server that acts exactly as the server in the PCAP file, and contains internal tools, with a powerful interactive console, for analysis and inspection of the hosts, objects and conversations...

Nagios-history.cgi-Exec-Code

CVE-2012-6096 - Nagios history.cgi Remote Command Execution Another year, another reincarnation of classic and trivial bugs to exploit. This time we attack Nagios.. or more specifically, one of its CGI scripts. !/usr/bin/python CVE-2012-6096 - Nagios history.cgi Remote Command Execution...

Command Shell, Reverse TCP (via python)

Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include...

Command Shell, Reverse TCP (via Firefox XPCOM script)

Creates an interactive shell via Javascript with access to Firefox's XPCOM API This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include...

Command Shell, Bind TCP (via Firefox XPCOM script)

Creates an interactive shell via Javascript with access to Firefox's XPCOM API This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include...

Command Shell, Bind TCP (via nodejs)

Creates an interactive shell via nodejs This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework It would be better to have a commonjs payload, but because the implementations differ so greatly when it comes to require paths f...

Command Shell, Reverse TCP SSL (via nodejs)

Creates an interactive shell via nodejs, uses SSL This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 831 include Msf::Payload::Single include Msf::Payload::NodeJS include...

Unix Command Shell, Reverse TCP (via AWK)

Creates an interactive shell via GNU AWK This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 154 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def...

[SET Version 5.0] The Social-Engineer Toolkit "The Wild West"

Social-Engineer Toolkit SET v5.0 codename: The Wild West is a culmination of six months of development, bug squashing, and user feedback. New with this version includes a completely redesigned multiprocessing web server that handles non-rfc compliant HTTP information. The builtin SET web server...

Unix Command Shell, Reverse TCP (via netcat -e)

Creates an interactive shell via netcat This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 34 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def initializeinf...

Unix Command Shell, Reverse TCP SSL (via php)

Creates an interactive shell via php, uses SSL This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 279 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def...

Unix Command Shell, Reverse TCP SSL (telnet)

Creates an interactive shell via mkfifo and telnet. This method works on Debian and other systems compiled without /dev/tcp support. This module uses the '-z' option included on some systems to encrypt using SSL. This module requires Metasploit: https://metasploit.com/download Current source:...

pfSense 2.0.1 - Cross-Site Scripting / Cross-Site Request Forgery / Remote Command Execution

Exploit Title: pfSense 2.0.1 XSS & CSRF Remote root Access Date: 04/01/2013 Author: Yann CAM @ Synetis Vendor or Software Link: www.pfsense.org Version: 2.0.1 Category: XSS & CSRF Remote root Access Google dork: Tested on: FreeBSD pfSense firewall/router distribution description :...

Struts2 remote command execution vulnerability analysis and prevention-vulnerability and early warning-the black bar safety net

Struts 2 is the struts and WebWork technology based on a merge of the new framework. Its brand new Struts 2 architecture and Struts 1 architecture the difference is huge. Struts 2 with WebWork as the core, using the interceptor mechanism to deal with user's request, such design also makes the...

Telnetd encrypt_keyid: Remote Root function pointer overwrite

Exploit for linux platform in category remote exploits / telnetd-encryptkeyid.c Mon Dec 26 20:37:05 CET 2011 Copyright 2011 Jaime Penalba Estebanez NighterMan email protected - email protected Credits to batchdrake as always / / // / / / // /\ \ / / / / / \ / / / / / / // / / / / // / / / //,///...

Sqlninja 0.2.6 is now available

Sqlninja 0.2.6 is now available Sqlninja's goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end. It is released under the GPLv3.There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on...

Sqlninja 0.2.6 is now available

Sqlninja 0.2.6 is now available Sqlninja's goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end. It is released under the GPLv3.There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on...