One-Lin3r v1.1 - Gives You One-Liners That Aids In Penetration Testing Operations

One-Lin3r is simple and light-weight framework inspired by the web-delivery module in Metasploit. It consists of various one-liners that aids in penetration testing operations: Reverser : Give it IP & port and it returns a reverse shell liner ready for copy & paste. Dropper : Give it an...

Linux/x86 - Reverse (10.0.7.17:4444/TCP) Shell (/bin/sh) Shellcode (101 Bytes)

Linux/x86 - Reverse 10.0.7.17:4444/TCP Shell /bin/sh Shellcode 101 Bytes. Shellcode exploit for Linuxx86 platform / Name : Jonathan "Chops" Crosby Email : [email protected] Twitter : @securitychops Website : https://securitychops.com Blog Post :...

Nanopool Claymore Dual Miner 7.3 - Remote Code Execution

Nanopool Claymore Dual Miner 7.3 - Remote Code Execution Exploit Title: Nanopool Claymore Dual Miner = 7.3 Remote Code Execution Date: 2018/02/09 Exploit Author: ReverseBrain Vendor Homepage: https://nanopool.org/ Software Link: https://github.com/nanopool/Claymore-Dual-Miner Version: 7.3 and lat...

Nanopool Claymore Dual Miner 7.3 - Remote Code Execution Vulnerability

Exploit for windows platform in category remote exploits Exploit Title: Nanopool Claymore Dual Miner = 7.3 Remote Code Execution Exploit Author: ReverseBrain Vendor Homepage: https://nanopool.org/ Software Link: https://github.com/nanopool/Claymore-Dual-Miner Version: 7.3 and later Tested on:...

Microsoft Word Document Upload to Stored XSS: A Case Study

Anytime I see a file upload form during an application test, my attention is piqued. In a best-case scenario, I can upload a reverse shell in a scripting language available on the webserver. If the application is running in PHP or ASP for example, it becomes quite easy. If I cant get a backdoor...

Semmle: Docker Registry HTTP API v2 exposed in HTTP without authentication leads to docker images dumping and poisoning

Summary: Docker Registry HTTP API v2 is exposed in HTTP without authentication. An attacker can use it to dump your docker images and poison them. Description: While digging into the environment that hosts the sandboxed build container, I came across the port 5000 open on another machine probably...

CHAOS Framework v2.0 - Generate Payloads And Control Remote Windows Systems

CHAOS allow generate payloads and control remote Windows systems. Disclaimer This project was created only for learning purpose. THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. YOU MAY USE THIS SOFTWARE AT YOUR OWN RISK. THE USE IS COMPLETE RESPONSIBILITY OF THE END-USER. THE...

ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution Exploit

Exploit for windows platform in category web applications Exploit Title: Arbitrary Code Execution Google Dork: N/A Date: 03-07-2018 Exploit Author: Clutchisback1 Vendor Homepage: https://www.acl.com Software Link: https://www.acl.com/products/acl-analytics/ Version: 11.x - 13.0.0.579 Tested on:...

ACL Analytics 13.0.0.579 Arbitrary Code Execution

Exploit Title: Arbitrary Code Execution Google Dork: N/A Date: 03-07-2018 Exploit Author: Clutchisback1 Vendor Homepage: https://www.acl.com Software Link: https://www.acl.com/products/acl-analytics/ Version: 11.x - 13.0.0.579 Tested on: Windows 7 pro SP1 x86 Clutchisback1 ///\ I'll get OSCP one...

ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution

ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution Exploit Title: Arbitrary Code Execution Google Dork: N/A Date: 03-07-2018 Exploit Author: Clutchisback1 Vendor Homepage: https://www.acl.com Software Link: https://www.acl.com/products/acl-analytics/ Version: 11.x - 13.0.0.579 Tested on:...

ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution

Exploit Title: Arbitrary Code Execution Google Dork: N/A Date: 03-07-2018 Exploit Author: Clutchisback1 Vendor Homepage: https://www.acl.com Software Link: https://www.acl.com/products/acl-analytics/ Version: 11.x - 13.0.0.579 Tested on: Windows 7 pro SP1 x86 Clutchisback1 ///\ I'll get OSCP one...

Nessus plug-in“arms”tutorial-vulnerability warning-the black bar safety net

! Overview In a recent internal penetration test, we need to use a Java two-stage deserialization vulnerability. In this article, we will tell you how to transform the Nessus plugin, because the plugin was originally only the use of an existing RCE vulnerability, but we will teach you how to...

LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution

LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary:...

LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution Vulnerability

Exploit for java platform in category web applications LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalD...

LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution

LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management system that is designe...

One-Liners That Aids in Penetration Testing Operations: One-Lin3r

One-Lin3r is simple and light-weight framework inspired by the web-delivery module in Metasploit. It consists of various one-liners that aids in penetration testing operations: Reverser : Give it IP & port and it returns a reverse shell liner ready for copy & paste. Dropper : Give it an...

Geovision Inc. IP Camera & Video - Remote Command Execution

!/usr/bin/env python2.7 SOF Geovision Inc. IP Camera & Video Server Remote Command Execution PoC Researcher: bashis November 2017 1. Pop stunnel TLSv1 reverse root shell Local listener: 'ncat -vlp --ssl'; Verified w/ v7.60 2. Dump all settings of remote IPC with Login/Passwd in cleartext Using: -...

Geovision Inc. IP Camera Video - Remote Command Execution

Geovision Inc. IP Camera Video - Remote Command Execution !/usr/bin/env python2.7 SOF Geovision Inc. IP Camera & Video Server Remote Command Execution PoC Researcher: bashis November 2017 1. Pop stunnel TLSv1 reverse root shell Local listener: 'ncat -vlp --ssl'; Verified w/ v7.60 2. Dump all...

Werkzeug - 'Debug Shell' Command Execution

!/usr/bin/env python import requests import sys import re import urllib usage : python exploit.py 192.168.56.101 5000 192.168.56.102 4422 if lensys.argv != 5: print "USAGE: python %s " % sys.argv0 sys.exit-1 response = requests.get'http://%s:%s/console' % sys.argv1,sys.argv2 if "Werkzeug " not in...

Werkzeug - Debug Shell Command Execution

Werkzeug - Debug Shell Command Execution !/usr/bin/env python import requests import sys import re import urllib usage : python exploit.py 192.168.56.101 5000 192.168.56.102 4422 if lensys.argv != 5: print "USAGE: python %s " % sys.argv0 sys.exit-1 response = requests.get'http://%s:%s/console' %...