PayloadsAllTheThings - A List Of Useful Payloads And Bypass For Web Application Security And Pentest/CTF

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! Every section contains the following files, you can use the templatevuln folder to create a new chapter: README.md - vulnerability description and how to exploit it Intrud...

Exploit for OS Command Injection in Pi-Hole

CVE-2020-8816 A Python script to exploit CVE-2020-8816, a remo...

Pi-hole < 4.4 - Authenticated Remote Code Execution

!/usr/bin/env python3 Pi-hole = 4.4 RCE Author: Nick Frichette Homepage: https://frichetten.com Note: This exploit must be run with root privileges and port 80 must not be occupied. While it is possible to exploit this from a non standard port, for the sake of simplicity and not having to modify...

Pi-hole < 4.4 - Authenticated Remote Code Execution / Privileges Escalation

!/usr/bin/env python3 Pi-hole = 4.4 RCE Author: Nick Frichette Homepage: https://frichetten.com Note: This exploit must be run with root privileges and port 80 must not be occupied. While it is possible to exploit this from a non standard port, for the sake of simplicity and not having to modify...

Pi-hole 4.4 Remote Code Execution

!/usr/bin/env python3 Pi-hole = 4.4 RCE Author: Nick Frichette Homepage: https://frichetten.com Note: This exploit must be run with root privileges and port 80 must not be occupied. While it is possible to exploit this from a non standard port, for the sake of simplicity and not having to modify...

Pi-hole 4.4 Remote Code Execution / Privilege Escalation

!/usr/bin/env python3 Pi-hole = 4.4 RCE Author: Nick Frichette Homepage: https://frichetten.com Note: This exploit must be run with root privileges and port 80 must not be occupied. While it is possible to exploit this from a non standard port, for the sake of simplicity and not having to modify...

Exploit for Race Condition in Canonical Ubuntu_Linux

This is a PoC Proof of Concept exploit for CVE-2016-5195, also known as Dirty COW. The exploit relies on ptrace to patch the vDSO Virtual Dynamic Shared Object and gain root privileges. The exploit is architecture-dependent and may not work on every Linux version. The payload is written in assemb...

Exploit for Improper Authentication in Microsoft

CVE-2020-0688 Working Exploit PoC CVE-202...

Nextcloud: Code injection possible with malformed Nextcloud Talk chat commands

Summary The Nextcloud Talk app allows system administrators to setup chat commands that can be executed in Talk using the "/command" syntax. Users can provide additional arguments to the commands, such as "/calc 1+1" or "/wiki Hello", which are passed to the underlying script using @exec. If...

Serverless Prey - Serverless Functions For Establishing Reverse Shells To Lambda, Azure Functions, And Google Cloud Functions

Serverless Prey is a collection of serverless functions FaaS, that, once launched to a cloud environment and invoked, establish a TCP reverse shell, enabling the user to introspect the underlying container: Panther: AWS Lambda written in Node.js Cougar: Azure Function written in C Cheetah: Google...

One-Lin3r v2.1 - Gives You One-Liners That Aids In Penetration Testing Operations, Privilege Escalation And More

One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing Windows, Linux, macOS or even BSD systems or hacking generally with a lot of new features to make all of this fully automated ex: you won't even need to copy the...

Zen Load Balancer 3.10.1 Remote Code Execution

c@kali:/src/eonila/zenload3r$ cat zenload3r.py !/usr/bin/env python zenload3r.py - zen load balancer pwn3r 28.03.2020 @ 22:41 by cody sixteen import base64 import sys, re import requests import ssl from functools import partial ssl.wrapsocket = partialssl.wrapsocket, sslversion=ssl.PROTOCOLTLSv1...

UCM6202 1.0.18.13 - Remote Command Injection

Exploit Title: UCM6202 1.0.18.13 - Remote Command Injection Date: 2020-03-23 Exploit Author: Jacob Baines Vendor: http://www.grandstream.com Product Link: http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series Tested on: UCM6202 1.0.18.13 CVE : CVE-2020-5722 Shodan...

Centreon Poller Authenticated Remote Command Execution Exploit

This Metasploit module exploits a flaw where an authenticated user with sufficient administrative rights to manage pollers can use this functionality to execute arbitrary commands remotely. Usually, the miscellaneous commands are used by the additional modules to perform certain actions, by the...

HTTP Asynchronous Reverse Shell - Asynchronous Reverse Shell Using The HTTP Protocol

Today there are many ways to create a reverse shell in order to be able to remotely control a machine through a firewall. Indeed, outgoing connections are not always filtered. However security software and hardware IPS, IDS, Proxy, AV, EDR... are more and more powerful and can detect these attack...

Avaya Aura Communication Manager 5.2 - Remote Code Execution

Exploit Title: Avaya Aura Communication Manager 5.2 - Remote Code Execution Exploit Author: Sarang Tumne a.k.a SarT Date: 2020-02-14 Confirmed on release 5.2 Vendor: https://www.avaya.com/en/ Avaya's advisory: https://downloads.avaya.com/css/P8/documents/100183151 Exploit generates a reverse shel...

Avaya Aura Communication Manager 5.2 - Remote Code Execution

Avaya Aura Communication Manager 5.2 - Remote Code Execution Exploit Title: Avaya Aura Communication Manager 5.2 - Remote Code Execution Exploit Author: Sarang Tumne a.k.a SarT Date: 2020-02-14 Confirmed on release 5.2 Vendor: https://www.avaya.com/en/ Avaya's advisory:...

Avaya Aura Communication Manager 5.2 - Remote Code Execution Exploit

Exploit for hardware platform in category web applications Exploit Title: Avaya Aura Communication Manager 5.2 - Remote Code Execution Exploit Author: Sarang Tumne a.k.a SarT Confirmed on release 5.2 Vendor: https://www.avaya.com/en/ Avaya's advisory:...

Avaya Aura Communication Manager 5.2 Remote Code Execution

Exploit Title: Avaya Aura Communication Manager 5.2 - Remote Code Execution Exploit Author: Sarang Tumne a.k.a SarT Date: 2020-02-14 Confirmed on release 5.2 Vendor: https://www.avaya.com/en/ Avaya's advisory: https://downloads.avaya.com/css/P8/documents/100183151 Exploit generates a reverse shel...

Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection Exploit

Exploit for hardware platform in category web applications Exploit Title: Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection Date: 2018-08-01 Exploit Author: Cosmin Craciun Vendor Homepage: https://www.se.com Version: = 1.3.4 Tested on: Delivered Virtual Appliance running...