Oracle WebLogic < 10.3.6 - wls-wsat Component Deserialisation Remote Command Execution Exploit

Exploit for multiple platform in category remote exploits !/usr/bin/env python -- coding: utf-8 -- Exploit Title: Weblogic wls-wsat Component Deserialization RCE Date Authored: Jan 3, 2018 Date Announced: 10/19/2017 Exploit Author: Kevin Kirsche d3c3pt10n Exploit Github:...

ReverShellGenerator - A Tool to Generate Various Ways to Do a Reverse Shell

A tool to generate various ways to do a reverse shell. Usage example Reverse Shell fonts http://bernardodamele.blogspot.com.br/2011/09/reverse-shells-one-liners.html http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet Download ReverShellGenerator...

GoAhead Web Server LD_PRELOAD Arbitrary Module Load

This module triggers an arbitrary shared library load vulnerability in GoAhead web server versions between 2.5 and that have the CGI module enabled. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModu...

LaCie 5big Network 2.2.8 - Command Injection

!/usr/bin/python Exploit Title: LaCie 5big Network 2.2.8 Command Injection Date: 2017-12-04 Exploit Author: Timo Sablowski Contact: [email protected] Vendor Homepage: http://www.lacie.com Software Link: http://www.lacie.com/files/lacie-content/download/drivers/5%20Big%20Network.zip Version:...

LaCie 5big Network 2.2.8 - Command Injection

LaCie 5big Network 2.2.8 - Command Injection !/usr/bin/python Exploit Title: LaCie 5big Network 2.2.8 Command Injection Date: 2017-12-04 Exploit Author: Timo Sablowski Contact: [email protected] Vendor Homepage: http://www.lacie.com Software Link:...

WAGO PFC 200 SERIES Multiple Vulnerabilities

Exploit for hardware platform in category local exploits VENDOR DESCRIPTION “The WAGO-I/O-SYSTEM is a flexible fieldbus-independent solution for decentralized automation tasks. With the relay, function and interface modules, as well as overvoltage protection, WAGO provides a suitable interface fo...

PowerShell Empire Windows HTTP Reverse Shell

PowerShell Empire is a post exploitation tool. A successful exploitation may allow execution of arbitrary code on the affected target...

ZeroDoor - A Script Written Lazily For Generating Cross-Platform Backdoors

A script written lazily for generating reverse shell backdoors on the go whenever you need without any hassle for your daily penetration needs . These backdoors are not James Bond high tech stuff but rather simple ones to prevent over exploitation and limited capabilities Once you generate the...

Hackers Prepping IOTroop Botnet with Exploits

Hackers moved one step closer to launching full-scale DDoS attacks using millions of IoT devices herded into the botnet known as Reaper or IOTroop. Researchers at NewSky Security warn that hackers are swapping scripts on forums that can scan the internet for vulnerable IoT devices and dump defaul...

osTicket 1.10.1 Shell Upload

Reference: https://becomepentester.blogspot.ae/2017/10/osTicket-File-Upload- Restrictions-Bypassed-CVE-2017-15580.html Exploit Title: File Upload Restrictions Bypassed Date: 18 October, 2017 Exploit Author: Rajwinder Singh Vendor Homepage: http://osticket.com/ Software Link:...

Exploit for Command Injection in Php

It is an exploit module/toolkit targeting web servers. The targe...

Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution

Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution Exploit Title: Oracle WebLogic Server Java Deserialization Remote Code Execution Date: 27/09/2017 Exploit Author: SlidingWindow , Twitter: @kapilkhot Vulnerability Author: FoxGloveSecurity Vendor Homepage:...

Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution

Exploit Title: Oracle WebLogic Server Java Deserialization Remote Code Execution Date: 27/09/2017 Exploit Author: SlidingWindow , Twitter: @kapilkhot Vulnerability Author: FoxGloveSecurity Vendor Homepage: http://www.oracle.com/technetwork/middleware/weblogic/overview/index.html Affetcted Version...

LFiFreak - An automated LFi Exploiter with Bind/Reverse Shells

LFiFreak is a tool for exploiting local file inclusions using PHP Input, PHP Filter and Data URI methods. Features Works with Windows, Linux and OS X Includes bind and reverse shell for both Windows and Linux Written in Python 2.7 Dependencies BeautifulSoup Download LFiFreak...

Command injection

GSTNofflinetool in India Goods and Services Tax Network GSTN Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript...

Dup Scout Enterprise 9.9.14 - Remote Buffer Overflow (SEH)

Dup Scout Enterprise 9.9.14 - Remote Buffer Overflow SEH !/usr/bin/env python Exploit Title: Dup Scout Enterprise v 9.9.14 Date: 2017-08-25 Exploit Author: Nipun Jaswal & Anurag Srivastava Author Homepage: www.pyramidcyber.com Vendor Homepage: http://www.dupscout.com Software Link:...

Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes)

/ ;Title: Linux/x8664 - Reverse Shell Shellcode 192.168.1.2:4444 ;Author: Touhid M.Shaikh ;Contact: https://github.com/touhidshaikh ;Category: Shellcode ;Architecture: Linux x8664 ;Description: Reverse Shell, Run nc and listen port 4444. ;Shellcode Length: 153 ;Tested on : Debian 4.9.30-2kali1...

Linux/x86-64 - Reverse Shell (192.168.1.2:4444) Shellcode (153 bytes)

Linux/x86-64 - Reverse Shell 192.168.1.2:4444 Shellcode 153 bytes. Shellcode exploit for Linx86-64 platform / ;Title: Linux/x8664 - Reverse Shell Shellcode 192.168.1.2:4444 ;Author: Touhid M.Shaikh ;Contact: https://github.com/touhidshaikh ;Category: Shellcode ;Architecture: Linux x8664...

Oracle XDB FTP Service UNLOCK Buffer Overflow

/ Oracle XDB FTP Service UNLOCK Buffer Overflow Exploit / / David Litchfield from ngssoftware at Blackhat 2003/ / / / Original Advisory : / / http://www.blackhat.com/presentations/bh-usa-03/bh- / / us-03-litchfield-paper.pdf / include include include int GainControlOfOraclechar , char ; int...

JexBoss: Java Deserialization Verification & EXploitation Tool!

PenTestIT RSS Feed I was working with a customers Red Hat JBoss server today and wanted to test for affected deserialization vulnerabilities. Though my favourite go-to tool - the Burp Suite has many extensions, I wanted to try something that I had not before. That's when I stumbled across JexBoss...