1886 matches found
Exploit for Path Traversal in Mikrotik Routeros
Ladon Scanner For Golang Wiki http://k8gege.org/Ladon/LadonGo.html 简介...
Exploit for Out-of-bounds Write in Polkit_Project Polkit
PoC exploit for CVE-2021-4034, a privilege escalation vulnerability in polkit. The target vulnerability class is RCE Remote Code Execution, and the probable entry point is the cve-2021-4034.c file, which is compiled into an executable. The exploit is typically invoked by running ./cve-2021-4034...
Exploit for Out-of-bounds Write in Polkit_Project Polkit
PoC exploit for CVE-2021-4034, a Linux local privilege escalation vulnerability. The target is the polkit privilege escalation exploit, which has a wide coverage and is stable. The vulnerability class/vector is auth bypass, specifically a privilege escalation exploit. The probable entry point is...
Exploit for Off-by-one Error in Sudo_Project Sudo
Based on the provided context and code, here is a summary of the analysis: Classification: Exploit module/toolkit targeting a vulnerability in a specific product/service framework. Primary vulnerability: CVE-2021-3156, a heap-based buffer overflow in sudo. Target product/service: sudo, a Unix...
Exploit for OS Command Injection in Docker
CVE-2019-5736 is a container escape vulnerability in Docker. The exploit works by overwriting and executing the host system's runc binary from within the container. The vulnerability allows an attacker to gain root access on the host system. The exploit is implemented in Go and consists of two us...
Exploit for CVE-2017-0144
This is a PoC exploit for CVE-2017-0144, also known as the EternalBlue vulnerability, which is a remote code execution vulnerability in the Windows SMBv1 protocol. The exploit is implemented as a Metasploit module, and it targets the Double Pulsar backdoor. The target product/service is the Windo...
Exploit for Path Traversal in Vmware Cloud_Foundation
Ladon Scanner For Golang Wiki http://k8gege.org/Ladon/LadonGo.html 简介...
Exploit for Improper Authentication in Apache Shiro
Apache Shiro 认证绕过分析(CVE-2020-17523) https://www.anquanke.com/post/id/230935 0x01 漏洞描述 Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、密码和会话管理。使用Shiro的易于理解的API,您可以快速、轻松地获得任何应用程序,从最小的移动应用程序到最大的网络和企业应用程序。 当它和 Spring 结合使用时,在一定权限匹配规则下,攻击者可通过构造特殊的 HTTP 请求包完成身份认证绕过。 影响范围:Apache Shiro 1.7.1 0x02 漏洞环境搭建 shiro 1.7...
Exploit for CVE-2013-0422
K8tools 2020628 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 反弹工具 Ladon 6.6.6 反弹MSF/NC ShellTCP/HTTP/HTTPS + 扫描工具 Ladon 6.6 SMB漏洞检测 SMBGhost...
Exploit for Deserialization of Untrusted Data in Apache Tomcat
CVE-2020-9484 is a vulnerability in the Apache Tomcat web server. The vulnerability allows an attacker to execute arbitrary code on the server by exploiting a deserialization vulnerability in the Apache Commons Collections library, which is used by Tomcat. The exploit code is written in Groovy an...
Exploit for Use After Free in Microsoft
System-Vulnerability 实时更新较好用最新漏洞EXP,仅供已授权渗透测试使用 --- Windows --2019.9.20 CVE-2019-0708 Blue Keep Rce --2019.11.20 CVE-2019-1388 UAC 提权 --2020.3 CVE-2020-0796 - SMBv3 poc --2020.4 CVE-2020-0796 - SMBv3 提权 --2020.5 全版本窃取令牌提权 --2020.6 CVE-2020-0796 - SMBv3 getshell Linux --2019.11 CVE-2019-14287 sudo...
Exploit for Improper Access Control in Elasticsearch
欢迎各位大佬提BUG,当前版本 AssetScanV1.3 周期 初版:2019年11月28日 V1.0初版编写完成 修改1:2019年12月02日 感谢Shadow·J反馈kali下文件导入异常 修改2:2019年12月03日 V1.1发布,新增ARP存活检测(回滚,测bug) 修改3:2019年12月04日 V1.2发布,修复漏洞脚本异常,修复weblogic脚本 修改4:2019年12月05日 V1.2修改,感谢sevck提供设计思路以及代码不规范问题 修改5:2019年12月05日 V1.2修改,修复IP数据处理异常 修改6:2019年12月19日...
Exploit for CVE-2020-1938
Ghostcat exp for CNVD-2020-10487CVE-2020-1938 tomcat ajp协议任意属性设置导致的文件读取和文件执行。 漏洞分析 代码仅供安全测试,请勿用于非法用途,造成的后果使用者负责与本人无关!!! python3 ajpShooter.py -h /\ / \ | | | //\ | | ' \ \ | ' \ / \ / | / \ '| / | | | | \ \ | | | | | || / | / // | ./ /| ||/ / \|| |/|| 00theway,just for test usage:...
Exploit for CVE-2014-4878
PoC-and-Exp-of-Vulnerabilities 漏洞验证和利用代码收集 - 免责声明:本项目中的代码为互联网收集或自行编写,请勿用于非法用途,产生的法律责任和本人无关。针对Windows的PoC很多会被杀毒软件拦截,此为正常现象,请自行斟酌是否下载,如果有带有后门的exp,请通过提交issue联系我。 Windows - CVE-2017-0143MS17-010 Microsoft Windows SMB远程代码执行漏洞(永恒之蓝) - CVE-2017-7269 Microsoft IIS 6.0 远程代码执行漏洞 - CVE-2017-11882 Microsoft...
Exploit for Out-of-bounds Write in Php
This is an exploit module for a bug in php-fpm CVE-2019-11043. The bug allows a web user to execute code on a vulnerable server if the server has a specific configuration. The exploit targets the php-fpm service running on a server with a configuration that includes a "location" block with a...
Exploit for Race Condition in Canonical Ubuntu_Linux
This is a PoC exploit for CVE-2016-5195, a vulnerability in the Linux kernel that allows an attacker to gain root privileges by exploiting a flaw in the way the kernel handles page-zero writes. The exploit is implemented in C++ and Go, and is designed to work on various Linux distributions,...
Exploit for Out-of-bounds Write in Php
This is an exploit for a bug in php-fpm CVE-2019-11043. The bug is possible to trigger from the outside in certain nginx + php-fpm configurations, allowing a web user to gain code execution if the configuration is vulnerable. The exploit works by setting the PATHINFO variable to an empty value,...
Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux
This is a PoC exploit for CVE-2021-3493, a local privilege escalation vulnerability in Ubuntu OverlayFS. The exploit targets Ubuntu versions 20.10, 20.04 LTS, 19.04, 18.04 LTS, 16.04 LTS, and 14.04 ESM. The vulnerability arises from a Linux kernel issue where it did not properly validate the...
Exploit for Race Condition in Canonical Ubuntu_Linux
This repository is an exploit module for the Dirty COW CVE-2016-5195 vulnerability. The exploit relies on ptrace to patch the vDSO Virtual Dynamic Shared Object and gain root privileges. The payload is written in assembly and is executed whenever a process makes a call to clockgettime. If the...
Exploit for OS Command Injection in Docker
CVE-2019-5736 is a vulnerability in the runc container runtime that allows for container escape. The exploit works by overwriting the runc binary with a malicious payload, which is achieved by modifying the /bin/sh file in the container to point to the runc binary on the host. The attacker can th...
Exploit for Improper Access Control in Elasticsearch
欢迎各位大佬提BUG,当前版本 AssetScanV1.3 周期 初版:2019年11月28日 V1.0初版编写完成 修改1:2019年12月02日 感谢Shadow·J反馈kali下文件导入异常 修改2:2019年12月03日 V1.1发布,新增ARP存活检测(回滚,测bug) 修改3:2019年12月04日 V1.2发布,修复漏洞脚本异常,修复weblogic脚本 修改4:2019年12月05日 V1.2修改,感谢sevck提供设计思路以及代码不规范问题 修改5:2019年12月05日 V1.2修改,修复IP数据处理异常 修改6:2019年12月19日...
Exploit for CVE-2018-10933
PoC exploit for CVE-2018-10933, a vulnerability in libSSH that allows authentication bypass. The target product/service is libSSH, a free and open-source implementation of the Secure Shell protocol. The vulnerability class/vector is authentication bypass, allowing an attacker to spawn a shell...
Exploit for Off-by-one Error in Sudo_Project Sudo
This is a PoC exploit for CVE-2021-3156, a vulnerability in the GNU C Library glibc that allows for a buffer overflow attack. The exploit is written in C and is designed to work on Ubuntu 18.04 and 20.04 systems. The exploit creates a malicious shared library, "libnssX.so.2", that is designed to ...
Exploit for Improper Restriction of XML External Entity Reference in Apache Solr
注意: 切勿利用本工具对未授权的网站进行非法攻击。由此产生的法律后果由使用者自行承担!!! AttackWebFrameworkTools 1.0 2021-03-06 AttackWebFrameworkTools For RedTeam 更新状态日志: 2021-03-06 新增DVR 摄像头exp 新增Nexus Repository Manager exp。修改默认线程数为20。增加超时时间。增加界面显示shell的路径。修复cookie bug 2021-03-03 修复某些类延时时间过短导致漏洞检测不准确。下一个版本将调整默认线程数字预计是20或者10 2021-02-27 ...
Exploit for Race Condition in Canonical Ubuntu_Linux
PoC exploit for CVE-2016-5195 Dirty COW. The target product/service is Linux, specifically the vDSO Virtual Dynamic Shared Object component. The vulnerability class/vector is a privilege escalation vulnerability, allowing an unprivileged user to gain root privileges. The probable entry point is t...
Exploit for CVE-2013-0422
K8tools 2020628 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 反弹工具 Ladon 6.6.6 反弹MSF/NC ShellTCP/HTTP/HTTPS + 扫描工具 Ladon 6.6 SMB漏洞检测 SMBGhost...
Exploit for Out-of-bounds Write in Php
It is an exploit module for CVE-2019-11043. The target product/service is Apache Log4j, and the vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the JNDI exploit, which is a known vulnerability in Log4j. Notable dependencies/tooling include the Apache Log4j...
Exploit for CVE-2013-0422
K8tools 2020628 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 反弹工具 Ladon 6.6.6 反弹MSF/NC ShellTCP/HTTP/HTTPS + 扫描工具 Ladon 6.6 SMB漏洞检测 SMBGhost...
Exploit for Improper Access Control in Elasticsearch
欢迎各位大佬提BUG,当前版本 AssetScanV1.3 周期 初版:2019年11月28日 V1.0初版编写完成 修改1:2019年12月02日 感谢Shadow·J反馈kali下文件导入异常 修改2:2019年12月03日 V1.1发布,新增ARP存活检测(回滚,测bug) 修改3:2019年12月04日 V1.2发布,修复漏洞脚本异常,修复weblogic脚本 修改4:2019年12月05日 V1.2修改,感谢sevck提供设计思路以及代码不规范问题 修改5:2019年12月05日 V1.2修改,修复IP数据处理异常 修改6:2019年12月19日...
Exploit for OS Command Injection in Webmin
This repository contains a proof-of-concept PoC exploit for CVE-2019-15107, a vulnerability in the NetScape 2.0 browser. The exploit is a GIF file that, when opened, will execute arbitrary code on the victim's system. The exploit targets the vulnerability in the browser's GIF89a parser, which...
Exploit for Improper Null Termination in Php
Ladon POC Moudle CVE-2019-11043 PHP-FPM + Ngnix 漏洞简介 PHP-FPM 远程代码执行漏洞CVE-2019-11043 在长亭科技举办的 Real World CTF 中,国外安全研究员 Andrew Danau 在解决一道 CTF 题目时发现,向目标服务器 URL 发送 %0a 符号时,服务返回异常,疑似存在漏洞。 在使用一些有错误的Nginx配置的情况下,通过恶意构造的数据包,即可让PHP-FPM执行任意代码。 Example 和Ladon.exe放在同一目录,即可对C段或url.txt进行批量检测 bash Ladon...
Exploit for CVE-2013-0422
K8tools 2020628 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 反弹工具 Ladon 6.6.6 反弹MSF/NC ShellTCP/HTTP/HTTPS + 扫描工具 Ladon 6.6 SMB漏洞检测 SMBGhost...
Exploit for CVE-2013-0422
K8tools 20200118 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 扫描工具 Ladon 6.0 大型内网渗透扫描神器内置48个功能,支持Cobalt Strike + 扫描工具 Ladon 5.7...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
This is a PoC exploit for CVE-2020-0796, a SMBv3 RCE vulnerability. The exploit is a simple scanner that checks if a server is vulnerable by sending a specially crafted SMB request. The scanner is designed to test whether a server is vulnerable, not for research or development. It checks for SMB...
Exploit for Race Condition in Canonical Ubuntu_Linux
This is a PoC Proof of Concept exploit for CVE-2016-5195, also known as Dirty COW. The exploit relies on ptrace to patch the vDSO Virtual Dynamic Shared Object and gain root privileges. The exploit is architecture-dependent and may not work on every Linux version. The payload is written in assemb...
Exploit for CVE-2017-0144
PoC exploit for CVE-2017-0144 EternalBlue using the Doublepulsar backdoor, implemented as a Metasploit module. The target product/service is Windows, and the vulnerability class is RCE Remote Code Execution. The probable entry point is the Metasploit module, and the notable dependency is the...
Exploit for Race Condition in Canonical Ubuntu_Linux
This is a PoC exploit for CVE-2016-5195, a vulnerability in the Linux kernel that allows for a Dirty Cow DC attack. The exploit is implemented in C++ and Go, with a legacy version in C++. The exploit targets the Linux kernel's memory mapping feature, which allows an attacker to map a file into a...
Exploit for Out-of-bounds Write in Php
This is an exploit for a bug in php-fpm CVE-2019-11043. The bug allows a web user to execute code on a vulnerable server if the server has a specific configuration. The exploit is written in Go and uses the Cobra framework. The exploit works by setting a PHP setting using the SetSetting function,...
Exploit for CVE-2015-0273
phpcodz Php Codz Hacking http://www.80vul.com/pch/ What is PHP? PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. If you are new to PHP and want to get some idea of how it works, try the introductory tutorial. Afte...
Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server
ysoserial-cve-2018-2628 0x1. 准备工作 - 准备好POC脚本及Payload Object生成、JRMPListener运行所需软件环境 Python 2.7.x Oracle Java SE 1.7+ - 准备好一套安装好Patch Set Update 180417补丁的WebLogic Server 10.3.6环境(仅有AdminServer即可) 如果有现成的、已经安装好这个PSU版本的WebLogic环境,则可跳过这一步。 - 准备好POC工具 从本项目里下载POC脚本(wls-cve-2018-2628-poc.py)...
Exploit for OS Command Injection in Docker
This is a PoC exploit for CVE-2019-5736, a Docker escape vulnerability. The target product/service is Docker, and the vulnerability class/vector is a Docker escape. The probable entry point is the Dockerfile, which contains a series of RUN commands that ultimately lead to the execution of the...
Exploit for Argument Injection in Phpmailer_Project Phpmailer
This repository contains a collection of Perl scripts, each targeting a specific vulnerability. The vulnerabilities include: 1. CVE-2016-10033: A remote code execution vulnerability in PHPMailer before 5.2.18. 2. CVE-2016-6195: A SQL injection vulnerability in vBulletin before 4.2.2 Patch Level 5...
Pocsuite
This project is an open-sourced remote vulnerability testing and proof-of-concept development framework called Pocsuite, developed by the Knownsec Security Team. It comes with a powerful proof-of-concept engine and many niche features for penetration testers and security researchers. The framewor...
Exploit for CVE-2017-0144
Based on the provided code and analysis, here is a summary of the findings: Classification: The repository is an offensive tool for exploiting vulnerabilities, specifically targeting the Windows operating system. Primary Target: The primary target is the Windows operating system, with a focus on...
Exploit for CVE-2017-8570
This repository contains a Proof of Concept PoC exploit for CVE-2017-8570, a vulnerability in Microsoft Office that allows an attacker to execute arbitrary code by embedding a malicious script in a Rich Text Format RTF file. The exploit uses the "Packager.dll" file-dropping trick to drop a ".sct"...
Exploit for Open Redirect in Git-Scm Git
PoC exploit for CVE-2017-1000117, a vulnerability in the way Git handles submodule initialization. The target is Git, a vulnerability class/vector of arbitrary file write, probable entry point is the Git submodule initialization process, notable dependency is Git, and execution context is a Git...
Exploit for CVE-2013-0422
K8tools 20190727 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 博客: https://www.cnblogs.com/k8gege 下载: https://github.com/k8gege/K8tools PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 综合工具 K8飞刀Final.rar + K8data.mdb K8飞刀漏洞数据库20190402 + K8expList.txt...
Exploit for OS Command Injection in Docker
This is a PoC Proof of Concept exploit for CVE-2019-5736, a vulnerability in the runc binary of the Docker container runtime. The exploit is implemented in Go and is designed to overwrite the runc binary on the host system from within a container. The exploit works by overwriting the /bin/sh bina...
Exploit for CVE-2016-2384
This repository contains proof-of-concept PoC exploits for various vulnerabilities in the Linux kernel. The exploits target different vulnerabilities, including CVE-2016-2384, CVE-2016-9793, and CVE-2017-1000112. CVE-2016-2384 is a use-after-free vulnerability in the usb-midi driver, which allows...
Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind
CVE-2020-8840 Jackson-databind远程代码执行漏洞(CVE-2020-8840)分析复现环境代码。 项目包含: jackson-databind、Fastjson中payload WebServer恶意类 编译好的marshalsec-0.0.3-SNAPSHOT-all.jar 漏洞简介 Jackson-databind远程代码执行漏洞(CVE-2020-8840),攻击者可利用xbean-reflect的利用链(org.apache.xbean.propertyeditor.JndiConverter)触发JNDI远程类加载从而达到远程代码执行。...