1833 matches found
Pi-hole < 4.4 - Authenticated Remote Code Execution
!/usr/bin/env python3 Pi-hole = 4.4 RCE Author: Nick Frichette Homepage: https://frichetten.com Note: This exploit must be run with root privileges and port 80 must not be occupied. While it is possible to exploit this from a non standard port, for the sake of simplicity and not having to modify...
Pi-hole < 4.4 - Authenticated Remote Code Execution / Privileges Escalation
!/usr/bin/env python3 Pi-hole = 4.4 RCE Author: Nick Frichette Homepage: https://frichetten.com Note: This exploit must be run with root privileges and port 80 must not be occupied. While it is possible to exploit this from a non standard port, for the sake of simplicity and not having to modify...
Exploit for Race Condition in Canonical Ubuntu_Linux
This is a PoC Proof of Concept exploit for CVE-2016-5195, also known as Dirty COW. The exploit relies on ptrace to patch the vDSO Virtual Dynamic Shared Object and gain root privileges. The exploit is architecture-dependent and may not work on every Linux version. The payload is written in assemb...
Exploit for Improper Authentication in Microsoft
CVE-2020-0688 Working Exploit PoC CVE-202...
Nextcloud: Code injection possible with malformed Nextcloud Talk chat commands
Summary The Nextcloud Talk app allows system administrators to setup chat commands that can be executed in Talk using the "/command" syntax. Users can provide additional arguments to the commands, such as "/calc 1+1" or "/wiki Hello", which are passed to the underlying script using @exec. If...
Serverless Prey - Serverless Functions For Establishing Reverse Shells To Lambda, Azure Functions, And Google Cloud Functions
Serverless Prey is a collection of serverless functions FaaS, that, once launched to a cloud environment and invoked, establish a TCP reverse shell, enabling the user to introspect the underlying container: Panther: AWS Lambda written in Node.js Cougar: Azure Function written in C Cheetah: Google...
One-Lin3r v2.1 - Gives You One-Liners That Aids In Penetration Testing Operations, Privilege Escalation And More
One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing Windows, Linux, macOS or even BSD systems or hacking generally with a lot of new features to make all of this fully automated ex: you won't even need to copy the...
Zen Load Balancer 3.10.1 Remote Code Execution
c@kali:/src/eonila/zenload3r$ cat zenload3r.py !/usr/bin/env python zenload3r.py - zen load balancer pwn3r 28.03.2020 @ 22:41 by cody sixteen import base64 import sys, re import requests import ssl from functools import partial ssl.wrapsocket = partialssl.wrapsocket, sslversion=ssl.PROTOCOLTLSv1...
UCM6202 1.0.18.13 - Remote Command Injection
Exploit Title: UCM6202 1.0.18.13 - Remote Command Injection Date: 2020-03-23 Exploit Author: Jacob Baines Vendor: http://www.grandstream.com Product Link: http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series Tested on: UCM6202 1.0.18.13 CVE : CVE-2020-5722 Shodan...
Centreon Poller Authenticated Remote Command Execution Exploit
This Metasploit module exploits a flaw where an authenticated user with sufficient administrative rights to manage pollers can use this functionality to execute arbitrary commands remotely. Usually, the miscellaneous commands are used by the additional modules to perform certain actions, by the...
HTTP Asynchronous Reverse Shell - Asynchronous Reverse Shell Using The HTTP Protocol
Today there are many ways to create a reverse shell in order to be able to remotely control a machine through a firewall. Indeed, outgoing connections are not always filtered. However security software and hardware IPS, IDS, Proxy, AV, EDR... are more and more powerful and can detect these attack...
Avaya Aura Communication Manager 5.2 - Remote Code Execution
Avaya Aura Communication Manager 5.2 - Remote Code Execution Exploit Title: Avaya Aura Communication Manager 5.2 - Remote Code Execution Exploit Author: Sarang Tumne a.k.a SarT Date: 2020-02-14 Confirmed on release 5.2 Vendor: https://www.avaya.com/en/ Avaya's advisory:...
Avaya Aura Communication Manager 5.2 - Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: Avaya Aura Communication Manager 5.2 - Remote Code Execution Exploit Author: Sarang Tumne a.k.a SarT Confirmed on release 5.2 Vendor: https://www.avaya.com/en/ Avaya's advisory:...
Avaya Aura Communication Manager 5.2 Remote Code Execution
Exploit Title: Avaya Aura Communication Manager 5.2 - Remote Code Execution Exploit Author: Sarang Tumne a.k.a SarT Date: 2020-02-14 Confirmed on release 5.2 Vendor: https://www.avaya.com/en/ Avaya's advisory: https://downloads.avaya.com/css/P8/documents/100183151 Exploit generates a reverse shel...
Avaya Aura Communication Manager 5.2 - Remote Code Execution
Exploit Title: Avaya Aura Communication Manager 5.2 - Remote Code Execution Exploit Author: Sarang Tumne a.k.a SarT Date: 2020-02-14 Confirmed on release 5.2 Vendor: https://www.avaya.com/en/ Avaya's advisory: https://downloads.avaya.com/css/P8/documents/100183151 Exploit generates a reverse shel...
Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection Exploit
Exploit for hardware platform in category web applications Exploit Title: Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection Date: 2018-08-01 Exploit Author: Cosmin Craciun Vendor Homepage: https://www.se.com Version: = 1.3.4 Tested on: Delivered Virtual Appliance running...
Centreon 19.10.5 - Remote Command Execution Exploit
Exploit for php platform in category web applications Exploit Title: Centreon 19.10.5 - Remote Command Execution Exploit Author: Fabien AUNAY, Omri BASO Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7 CVE : -...
Centreon 19.10.5 Remote Command Execution
Exploit Title: Centreon 19.10.5 - 'centreontrapd' Remote Command Execution Date: 2020-01-29 Exploit Author: Fabien AUNAY, Omri Baso Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7 CVE : - Centreon 19.10.5 Remote...
Centreon 19.10.5 - centreontrapd Remote Command Execution
Centreon 19.10.5 - centreontrapd Remote Command Execution Exploit Title: Centreon 19.10.5 - 'centreontrapd' Remote Command Execution Date: 2020-01-29 Exploit Author: Fabien AUNAY, Omri Baso Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version:...
Centreon 19.10.5 - (centreontrapd) Remote Command Execution Exploit
Exploit for php platform in category web applications Exploit Title: Centreon 19.10.5 - 'centreontrapd' Remote Command Execution Exploit Author: Fabien AUNAY, Omri Baso Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentO...