Cisco Smart Install - Crash (PoC)

Cisco Smart Install - Crash PoC smiibcinitdiscoveryBoF.py import socket import struct from optparse import OptionParser Parse the target options parser = OptionParser parser.addoption"-t", "--target", dest="target", help="Smart Install Client", default="192.168.1.1" parser.addoption"-p", "--port"...

iCloudBrutter - AppleID Bruteforce

iCloudBrutter is a simple python 3.x script to perform basic bruteforce attack againts AppleID. Usage of iCloudBrutter for attacking targets without prior mutual consent is illegal. iCloudBrutter developer not responsible to any damage caused by iCloudBrutter. Installation $ git clone...

Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 < 170109) - Access Control Bypass Explo

Exploit for hardware platform in category web applications Exploit Title: Hikvision IP Camera versions 5.2.0 - 5.3.9 Builds: 140721 - 170109 Backdoor Date: 15-03-2018 Vendor Homepage: http://www.hikvision.com/en/ Exploit Author: Matamorphosis Category: Web Apps Description: Exploits a backdoor in...

Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure Exploit

Exploit for Android platform in category dos / poc import os import sys import struct import bluetooth BNEPPSM = 15 BNEPFRAMECOMPRESSEDETHERNET = 0x02 LEAKATTEMPTS = 20 def leaksrcbdaddr, dst: bnep = bluetooth.BluetoothSocketbluetooth.L2CAP bnep.settimeout5 bnep.bindsrcbdaddr, 0 print 'Connecting...

MikroTik RouterOS < 6.41.3/6.42rc27 - SMB Buffer Overflow Exploit

Exploit for hardware platform in category remote exploits !/usr/bin/env python import socket import struct import sys import telnetlib NETBIOSSESSIONMESSAGE = "\x00" NETBIOSSESSIONREQUEST = "\x81" NETBIOSSESSIONFLAGS = "\x00" trick from http://shell-storm.org/shellcode/files/shellcode-881.php wil...

SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution Exploit

Exploit for windows platform in category remote exploits !/usr/bin/env python import argparse import urllib import requests, random from bs4 import BeautifulSoup from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disablewarningsInsecureRequestWarning...

MikroTik RouterOS &lt; 6.41.3/6.42rc27 - SMB Buffer Overflow

!/usr/bin/env python import socket import struct import sys import telnetlib NETBIOSSESSIONMESSAGE = "\x00" NETBIOSSESSIONREQUEST = "\x81" NETBIOSSESSIONFLAGS = "\x00" trick from http://shell-storm.org/shellcode/files/shellcode-881.php will place the socket file descriptor in eax findsockfd =...

SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution

!/usr/bin/env python import argparse import urllib import requests, random from bs4 import BeautifulSoup from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disablewarningsInsecureRequestWarning helpdesc = ''' PoC of Remote Command Execution via Log...

TwLocation - Python Script That Gets Twitter Users' Tweets Location

Python script that gets Twitter users' tweets location Features Gets Twitter Usernames based on a latitude and longitude Profiles URLs Tweet Latitude and Longitude Google Maps link to Latitude and Longitude Usage TwLocation should work on all Linux distros running Python 2.7 First, clone it by...

Arjun - Tool To Find Hidden GET & POST Parameters

Arjun is a python script for finding hidden GET & POST parameters using regex and bruteforce. Dependencies requests threading Usages Here's how you can scan a webpage for get parameters python arjun.py -u http://example.com/index.php --get For POST, just use the --post flag. To specify the number...

CVE-2018-1000117

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates...

CVE-2018-1000117

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates...

Aragog - Facebook Invalid Email Checker

Aragog is a python 2.7 script which looks for Facebook Accounts that have invalid emails on their account. This script was only created for Gmail & Hotmail to be checked, but in the future this could be further upgraded in new features. The attack scenario through this script is if the email of t...

Cl0neMast3r - Git All Your Favorite Tools In One Click

Cl0neMast3r is a Python script that was coded to make your life easier. Now you can easily choose your favorite tools from GitHub and install them on your system with one click. Even better you can ensure that you have latest version of your favorite tools. All this and more you can do with Clone...

Concrete5 < 8.3.0 - Username / Comments Enumeration Exploit

Exploit for php platform in category web applications !/usr/bin/env python3 Concrete5 8.3 vulnerable to Authorization Bypass Through User-Controlled Key IDOR CVE-2017-18195 Chapman R3naissance Schleiss from queue import Queue from threading import Thread from bs4 import BeautifulSoup from tabulat...

Threat Analysis: ROKRAT Malware

ROKRAT also referred to as DOGcall is a family of malware that has been used by attackers originating from North Korea. The family continues to evolve and adopt techniques from other families also used by the same attack group. The ROKRAT core payload is typically deployed by a loader, which has...

Concrete5 8.3.0 - Username Comments Enumeration

Concrete5 8.3.0 - Username Comments Enumeration !/usr/bin/env python3 Concrete5 8.3 vulnerable to Authorization Bypass Through User-Controlled Key IDOR CVE-2017-18195 Chapman R3naissance Schleiss from queue import Queue from threading import Thread from bs4 import BeautifulSoup from tabulate impo...

Concrete5 CMS 8.3.0 - Username Comments Enumeration

Concrete5 CMS 8.3.0 - Username Comments Enumeration !/usr/bin/env python3 Concrete5 8.3 vulnerable to Authorization Bypass Through User-Controlled Key IDOR CVE-2017-18195 Chapman R3naissance Schleiss from queue import Queue from threading import Thread from bs4 import BeautifulSoup from tabulate...

Concrete5 Username / Comments Enumeration

!/usr/bin/env python3 Concrete5 8.3 vulnerable to Authorization Bypass Through User-Controlled Key IDOR CVE-2017-18195 Chapman R3naissance Schleiss from queue import Queue from threading import Thread from bs4 import BeautifulSoup from tabulate import tabulate import argparse import requests impo...

HPE iLO4 Add New Administrator User

!/usr/bin/env python """ Exploit trigger was presented @reconbrx 2018 Vulnerability found and documented by synacktiv: https://www.synacktiv.com/posts/exploit/rce-vulnerability-in-hp-ilo.html Original advisory from HP: https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03769enus Other...