1886 matches found
Exploit for CVE-2013-0422
K8tools 20200118 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 扫描工具 Ladon 6.0 大型内网渗透扫描神器内置48个功能,支持Cobalt Strike + 扫描工具 Ladon 5.7...
Exploit for Out-of-bounds Write in Polkit_Project Polkit
PoC exploit for CVE-2021-4034, a Local Privilege Escalation Vulnerability in polkit’s pkexec. The exploit is implemented in Python and utilizes the PwnKit vulnerability to gain elevated privileges. The code creates a malicious shared object SO that, when loaded by pkexec, executes a setuid0 and...
canTot
This is a Python-based CLI framework called "canTot" that is designed for CAN Bus hacking and exploitation. It is similar to an exploit framework but focused on known CAN Bus vulnerabilities or "fun CAN Bus hacks." The framework is made up of several modules, each with its own specific...
Exploit for Out-of-bounds Write in Polkit_Project Polkit
PoC exploit for CVE-2021-4034, a privilege escalation vulnerability in the polkit package. The target product/service is polkit, a Linux system policy kit. The vulnerability class/vector is a privilege escalation vulnerability. The probable entry points are the gconv-modules file and the...
Exploit for Path Traversal in Mikrotik Routeros
Ladon Scanner For Golang Wiki http://k8gege.org/Ladon/LadonGo.html 简介...
Exploit for Out-of-bounds Write in Polkit_Project Polkit
PoC exploit for CVE-2021-4034, a privilege escalation vulnerability in polkit. The target vulnerability class is RCE Remote Code Execution, and the probable entry point is the cve-2021-4034.c file, which is compiled into an executable. The exploit is typically invoked by running ./cve-2021-4034...
Exploit for Out-of-bounds Write in Polkit_Project Polkit
PoC exploit for CVE-2021-4034, a Linux local privilege escalation vulnerability. The target is the polkit privilege escalation exploit, which has a wide coverage and is stable. The vulnerability class/vector is auth bypass, specifically a privilege escalation exploit. The probable entry point is...
Exploit for OS Command Injection in Docker
CVE-2019-5736 is a container escape vulnerability in Docker. The exploit works by overwriting and executing the host system's runc binary from within the container. The vulnerability allows an attacker to gain root access on the host system. The exploit is implemented in Go and consists of two us...
Exploit for CVE-2017-0144
This is a PoC exploit for CVE-2017-0144, also known as the EternalBlue vulnerability, which is a remote code execution vulnerability in the Windows SMBv1 protocol. The exploit is implemented as a Metasploit module, and it targets the Double Pulsar backdoor. The target product/service is the Windo...
Exploit for CVE-2018-10933
PoC exploit for CVE-2018-10933, a vulnerability in libSSH that allows authentication bypass. The target product/service is libSSH, a free and open-source implementation of the Secure Shell protocol. The vulnerability class/vector is authentication bypass, allowing an attacker to spawn a shell...
Exploit for Path Traversal in Vmware Cloud_Foundation
Ladon Scanner For Golang Wiki http://k8gege.org/Ladon/LadonGo.html 简介...
Exploit for Off-by-one Error in Sudo_Project Sudo
This is a PoC exploit for CVE-2021-3156, a vulnerability in the GNU C Library glibc that allows for a buffer overflow attack. The exploit is written in C and is designed to work on Ubuntu 18.04 and 20.04 systems. The exploit creates a malicious shared library, "libnssX.so.2", that is designed to ...
Exploit for Improper Authentication in Apache Shiro
Apache Shiro 认证绕过分析(CVE-2020-17523) https://www.anquanke.com/post/id/230935 0x01 漏洞描述 Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、密码和会话管理。使用Shiro的易于理解的API,您可以快速、轻松地获得任何应用程序,从最小的移动应用程序到最大的网络和企业应用程序。 当它和 Spring 结合使用时,在一定权限匹配规则下,攻击者可通过构造特殊的 HTTP 请求包完成身份认证绕过。 影响范围:Apache Shiro 1.7.1 0x02 漏洞环境搭建 shiro 1.7...
Exploit for CVE-2013-0422
K8tools 2020628 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 反弹工具 Ladon 6.6.6 反弹MSF/NC ShellTCP/HTTP/HTTPS + 扫描工具 Ladon 6.6 SMB漏洞检测 SMBGhost...
Exploit for Deserialization of Untrusted Data in Apache Tomcat
CVE-2020-9484 is a vulnerability in the Apache Tomcat web server. The vulnerability allows an attacker to execute arbitrary code on the server by exploiting a deserialization vulnerability in the Apache Commons Collections library, which is used by Tomcat. The exploit code is written in Groovy an...
Exploit for Use After Free in Microsoft
System-Vulnerability 实时更新较好用最新漏洞EXP,仅供已授权渗透测试使用 --- Windows --2019.9.20 CVE-2019-0708 Blue Keep Rce --2019.11.20 CVE-2019-1388 UAC 提权 --2020.3 CVE-2020-0796 - SMBv3 poc --2020.4 CVE-2020-0796 - SMBv3 提权 --2020.5 全版本窃取令牌提权 --2020.6 CVE-2020-0796 - SMBv3 getshell Linux --2019.11 CVE-2019-14287 sudo...
Exploit for CVE-2020-1938
Ghostcat exp for CNVD-2020-10487CVE-2020-1938 tomcat ajp协议任意属性设置导致的文件读取和文件执行。 漏洞分析 代码仅供安全测试,请勿用于非法用途,造成的后果使用者负责与本人无关!!! python3 ajpShooter.py -h /\ / \ | | | //\ | | ' \ \ | ' \ / \ / | / \ '| / | | | | \ \ | | | | | || / | / // | ./ /| ||/ / \|| |/|| 00theway,just for test usage:...
Exploit for Race Condition in Canonical Ubuntu_Linux
This is a PoC exploit for CVE-2016-5195, a vulnerability in the Linux kernel that allows for a Dirty Cow DC attack. The exploit is implemented in C++ and Go, with a legacy version in C++. The exploit targets the Linux kernel's memory mapping feature, which allows an attacker to map a file into a...
Exploit for Out-of-bounds Write in Php
This is an exploit module for a bug in php-fpm CVE-2019-11043. The bug allows a web user to execute code on a vulnerable server if the server has a specific configuration. The exploit targets the php-fpm service running on a server with a configuration that includes a "location" block with a...
Exploit for Race Condition in Canonical Ubuntu_Linux
This is a PoC exploit for CVE-2016-5195, a vulnerability in the Linux kernel that allows an attacker to gain root privileges by exploiting a flaw in the way the kernel handles page-zero writes. The exploit is implemented in C++ and Go, and is designed to work on various Linux distributions,...
Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server
ysoserial-cve-2018-2628 0x1. 准备工作 - 准备好POC脚本及Payload Object生成、JRMPListener运行所需软件环境 Python 2.7.x Oracle Java SE 1.7+ - 准备好一套安装好Patch Set Update 180417补丁的WebLogic Server 10.3.6环境(仅有AdminServer即可) 如果有现成的、已经安装好这个PSU版本的WebLogic环境,则可跳过这一步。 - 准备好POC工具 从本项目里下载POC脚本(wls-cve-2018-2628-poc.py)...
Exploit for Out-of-bounds Write in Php
This is an exploit for a bug in php-fpm CVE-2019-11043. The bug is possible to trigger from the outside in certain nginx + php-fpm configurations, allowing a web user to gain code execution if the configuration is vulnerable. The exploit works by setting the PATHINFO variable to an empty value,...
Exploit for CVE-2017-8570
This repository contains a Proof of Concept PoC exploit for CVE-2017-8570, a vulnerability in Microsoft Office that allows an attacker to execute arbitrary code by embedding a malicious script in a Rich Text Format RTF file. The exploit uses the "Packager.dll" file-dropping trick to drop a ".sct"...
Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux
This is a PoC exploit for CVE-2021-3493, a local privilege escalation vulnerability in Ubuntu OverlayFS. The exploit targets Ubuntu versions 20.10, 20.04 LTS, 19.04, 18.04 LTS, 16.04 LTS, and 14.04 ESM. The vulnerability arises from a Linux kernel issue where it did not properly validate the...
Exploit for Off-by-one Error in Sudo_Project Sudo
PoC exploit for CVE-2021-3156, an exploit module targeting the WangluoAnquan framework. The exploit is designed to demonstrate the vulnerability in the framework's UploadHandler.ashx component, which allows for arbitrary file uploads. The exploit uses a simple form submission to upload a maliciou...
Exploit for Race Condition in Canonical Ubuntu_Linux
This repository is an exploit module for the Dirty COW CVE-2016-5195 vulnerability. The exploit relies on ptrace to patch the vDSO Virtual Dynamic Shared Object and gain root privileges. The payload is written in assembly and is executed whenever a process makes a call to clockgettime. If the...
Exploit for Off-by-one Error in Sudo_Project Sudo
PoC exploit for CVE-2021-3156, a heap-based buffer overflow in Sudo. The target product/service is Sudo, a Unix command to execute a command with superuser root privileges. The vulnerability class/vector is a heap-based buffer overflow. Notable dependencies/tooling include the Qualys Security...
Exploit for OS Command Injection in Docker
CVE-2019-5736 is a vulnerability in the runc container runtime that allows for container escape. The exploit works by overwriting the runc binary with a malicious payload, which is achieved by modifying the /bin/sh file in the container to point to the runc binary on the host. The attacker can th...
Exploit for Improper Access Control in Elasticsearch
欢迎各位大佬提BUG,当前版本 AssetScanV1.3 周期 初版:2019年11月28日 V1.0初版编写完成 修改1:2019年12月02日 感谢Shadow·J反馈kali下文件导入异常 修改2:2019年12月03日 V1.1发布,新增ARP存活检测(回滚,测bug) 修改3:2019年12月04日 V1.2发布,修复漏洞脚本异常,修复weblogic脚本 修改4:2019年12月05日 V1.2修改,感谢sevck提供设计思路以及代码不规范问题 修改5:2019年12月05日 V1.2修改,修复IP数据处理异常 修改6:2019年12月19日...
Exploit for Improper Restriction of XML External Entity Reference in Apache Solr
注意: 切勿利用本工具对未授权的网站进行非法攻击。由此产生的法律后果由使用者自行承担!!! AttackWebFrameworkTools 1.0 2021-03-06 AttackWebFrameworkTools For RedTeam 更新状态日志: 2021-03-06 新增DVR 摄像头exp 新增Nexus Repository Manager exp。修改默认线程数为20。增加超时时间。增加界面显示shell的路径。修复cookie bug 2021-03-03 修复某些类延时时间过短导致漏洞检测不准确。下一个版本将调整默认线程数字预计是20或者10 2021-02-27 ...
Exploit for Race Condition in Canonical Ubuntu_Linux
PoC exploit for CVE-2016-5195 Dirty COW. The target product/service is Linux, specifically the vDSO Virtual Dynamic Shared Object component. The vulnerability class/vector is a privilege escalation vulnerability, allowing an unprivileged user to gain root privileges. The probable entry point is t...
Exploit for CVE-2013-0422
K8tools 2020628 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 反弹工具 Ladon 6.6.6 反弹MSF/NC ShellTCP/HTTP/HTTPS + 扫描工具 Ladon 6.6 SMB漏洞检测 SMBGhost...
Exploit for Out-of-bounds Write in Php
It is an exploit module for CVE-2019-11043. The target product/service is Apache Log4j, and the vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the JNDI exploit, which is a known vulnerability in Log4j. Notable dependencies/tooling include the Apache Log4j...
Exploit for CVE-2013-0422
K8tools 2020628 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 反弹工具 Ladon 6.6.6 反弹MSF/NC ShellTCP/HTTP/HTTPS + 扫描工具 Ladon 6.6 SMB漏洞检测 SMBGhost...
Exploit for Improper Access Control in Elasticsearch
欢迎各位大佬提BUG,当前版本 AssetScanV1.3 周期 初版:2019年11月28日 V1.0初版编写完成 修改1:2019年12月02日 感谢Shadow·J反馈kali下文件导入异常 修改2:2019年12月03日 V1.1发布,新增ARP存活检测(回滚,测bug) 修改3:2019年12月04日 V1.2发布,修复漏洞脚本异常,修复weblogic脚本 修改4:2019年12月05日 V1.2修改,感谢sevck提供设计思路以及代码不规范问题 修改5:2019年12月05日 V1.2修改,修复IP数据处理异常 修改6:2019年12月19日...
Exploit for Improper Null Termination in Php
Ladon POC Moudle CVE-2019-11043 PHP-FPM + Ngnix 漏洞简介 PHP-FPM 远程代码执行漏洞CVE-2019-11043 在长亭科技举办的 Real World CTF 中,国外安全研究员 Andrew Danau 在解决一道 CTF 题目时发现,向目标服务器 URL 发送 %0a 符号时,服务返回异常,疑似存在漏洞。 在使用一些有错误的Nginx配置的情况下,通过恶意构造的数据包,即可让PHP-FPM执行任意代码。 Example 和Ladon.exe放在同一目录,即可对C段或url.txt进行批量检测 bash Ladon...
Exploit for CVE-2013-0422
K8tools 2020628 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 反弹工具 Ladon 6.6.6 反弹MSF/NC ShellTCP/HTTP/HTTPS + 扫描工具 Ladon 6.6 SMB漏洞检测 SMBGhost...
Exploit for Out-of-bounds Write in Php
This is an exploit module for a bug in php-fpm CVE-2019-11043. The bug is possible to trigger from the outside in certain nginx + php-fpm configurations, allowing a web user to execute code if the configuration is vulnerable. The exploit targets the "shortopentag" and "htmlerrors" php.ini setting...
Exploit for CVE-2013-0422
K8tools 20200118 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 扫描工具 Ladon 6.0 大型内网渗透扫描神器内置48个功能,支持Cobalt Strike + 扫描工具 Ladon 5.7...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
This is a PoC exploit for CVE-2020-0796, a SMBv3 RCE vulnerability. The exploit is a simple scanner that checks if a server is vulnerable by sending a specially crafted SMB request. The scanner is designed to test whether a server is vulnerable, not for research or development. It checks for SMB...
Exploit for Race Condition in Canonical Ubuntu_Linux
This is a PoC Proof of Concept exploit for CVE-2016-5195, also known as Dirty COW. The exploit relies on ptrace to patch the vDSO Virtual Dynamic Shared Object and gain root privileges. The exploit is architecture-dependent and may not work on every Linux version. The payload is written in assemb...
Exploit for CVE-2017-0144
PoC exploit for CVE-2017-0144 EternalBlue using the Doublepulsar backdoor, implemented as a Metasploit module. The target product/service is Windows, and the vulnerability class is RCE Remote Code Execution. The probable entry point is the Metasploit module, and the notable dependency is the...
Exploit for Out-of-bounds Write in Php
This is an exploit for a bug in php-fpm CVE-2019-11043. The bug allows a web user to execute code on a vulnerable server if the server has a specific configuration. The exploit is written in Go and uses the Cobra framework. The exploit works by setting a PHP setting using the SetSetting function,...
Exploit for Improper Input Validation in Jenkins
hackUtils It is a hack tool kit for pentest and web security research, which is based on BeautifulSoup bs4 module http://www.crummy.com/software/BeautifulSoup/bs4/. Usage: hackUtils.py options Options: -h, --help Show basic help message and exit -b keyword, --baidu=keyword Fetch URLs from Baidu...
Exploit for CVE-2015-0273
phpcodz Php Codz Hacking http://www.80vul.com/pch/ What is PHP? PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. If you are new to PHP and want to get some idea of how it works, try the introductory tutorial. Afte...
Exploit for OS Command Injection in Docker
This is a PoC exploit for CVE-2019-5736, a Docker escape vulnerability. The target product/service is Docker, and the vulnerability class/vector is a Docker escape. The probable entry point is the Dockerfile, which contains a series of RUN commands that ultimately lead to the execution of the...
Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server
ysoserial-cve-2018-2628 0x1. 准备工作 - 准备好POC脚本及Payload Object生成、JRMPListener运行所需软件环境 Python 2.7.x Oracle Java SE 1.7+ - 准备好一套安装好Patch Set Update 180417补丁的WebLogic Server 10.3.6环境(仅有AdminServer即可) 如果有现成的、已经安装好这个PSU版本的WebLogic环境,则可跳过这一步。 - 准备好POC工具 从本项目里下载POC脚本(wls-cve-2018-2628-poc.py)...
Exploit for Argument Injection in Phpmailer_Project Phpmailer
This repository contains a collection of Perl scripts, each targeting a specific vulnerability. The vulnerabilities include: 1. CVE-2016-10033: A remote code execution vulnerability in PHPMailer before 5.2.18. 2. CVE-2016-6195: A SQL injection vulnerability in vBulletin before 4.2.2 Patch Level 5...
Pocsuite
This project is an open-sourced remote vulnerability testing and proof-of-concept development framework called Pocsuite, developed by the Knownsec Security Team. It comes with a powerful proof-of-concept engine and many niche features for penetration testers and security researchers. The framewor...
Exploit for CVE-2017-0144
Based on the provided code and analysis, here is a summary of the findings: Classification: The repository is an offensive tool for exploiting vulnerabilities, specifically targeting the Windows operating system. Primary Target: The primary target is the Windows operating system, with a focus on...