1886 matches found
Exploit for CVE-2021-3129
CVE-2021-3129 Laravel debug rce 食用方法 执行docker-compse up -d启动环境 访问8888端口后点击首页面的generate key就可以复现了 关于docker环境想说的几点: - 把.env.example复制到.env作用是开启debug环境 - 关闭了php.ini的phar.readonly - 在resources/view/里添加了一个hello模板并引用了一个未定义变量,同时在routes/web.php添加路由这个我加在源码里了,没写dockerfile里 复现效果 脚本已放出,脚本要和phpggc项目文件夹在同一级目录下...
Exploit for Deserialization of Untrusted Data in Microsoft
CVE-2020-17144-EXP 条件: Exchange2010; 普通用户 默认用法写webshell: CVE-2020-17144-EXP.exe mail.example.com user pass 执行命令 & 端口复用: 修改ExploitClass.cs 参考 @zcgonvh...
Exploit for CVE-2020-2551
CVE-2020-2551 Weblogic IIOP 反序列化 测试环境 Weblogic10.3.6+jdk1.6 打包好的jar包 提取码:a6ob 漏洞利用 下载jar包,然后使用marshalsec起一个恶意的RMI服务,本地编译一个exp.java java package payload; import java.io.IOException; public class exp public exp String cmd = "curl http://172.16.1.1/success"; try...
Exploit for CVE-2015-3636
PoC exploit for CVE-2015-3636, a vulnerability in the Linux kernel affecting 32-bit Android OS. The exploit targets the Linux kernel's socket timestamping functionality, specifically the SIOCGSTAMPNS ioctl command. The vulnerability allows an attacker to execute arbitrary code with elevated...
dahua
This is a collection of proof-of-concept PoC exploit code and research notes for various vulnerabilities in IP cameras and other network devices. The code is written in Python and C, and the notes provide information on the vulnerabilities, including the attack vector, authentication requirements...
Exploit for Path Traversal in Pivotal_Software Spring_Framework
Web-Security-Learning 项目地址: https://github.com/CHYbeta/Web-Security-Learning 知识星球【漏洞攻防】:https://t.zsxq.com/mm2zBeq 目录: - Web-Security-Learning - Web Security - sql注入 - MySql - MSSQL - PostgreSQL - MongoDB - 技巧 - 工具 - XSS - CSRF - 其他前端安全 - SSRF - XXE - JSONP注入 - SSTI - 代码执行 / 命令执行 - 文件包含 - 文件上传 /...
Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server
CVE-2018-2628 CVE-2018-2628漏洞工具包 根据Github上整理出的漏洞利用工具包含: 1.CVE-2018-2628漏洞检测工具 //漏洞存在检测的POC 2.weblogicpoc.py //漏洞利用的POC 3.ysoserial-0.1-cve-2018-2628-all.jar //借鉴的漏洞利用工具https://github.com/tdy218/ysoserial-cve-2018-2628/releases 具体的漏洞复现过程请移步简书:https://www.jianshu.com/p/6649118ba7b6...
Exploit for CVE-2020-1938
It is an exploit module for CVE-2020-1938, a Tomcat AJP LFI vulnerability. The target product/service is Apache Tomcat, and the vulnerability class/vector is Local File Inclusion LFI. The probable entry point is the poc.py script, which is typically invoked by running it with Python 2.7, specifyi...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
Awesome Web Security 🐶 Curated list of Web Security materials and resources. Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of...
Exploit for OS Command Injection in Docker
CVE-2019-5736 is a vulnerability in the runc container runtime that allows for container escape. The exploit works by overwriting the runc binary with a malicious version, which is then executed when a container is run. The vulnerability is present in the runc binary, which is responsible for...
Exploit for CVE-2017-0144
This is a PoC exploit for CVE-2017-0144, a remote code execution vulnerability in Windows. The exploit targets Windows 2000 and later versions. It does not require Python installation, as it is built with Pyinstaller. The exploit implements a few options, such as username/password specification a...
Exploit for CVE-2015-0273
phpcodz Php Codz Hacking http://www.80vul.com/pch/ What is PHP? PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. If you are new to PHP and want to get some idea of how it works, try the introductory tutorial. Afte...
Exploit for Out-of-bounds Write in Php
This is an exploit module for a bug in php-fpm CVE-2019-11043. The bug is possible to trigger from the outside in certain nginx + php-fpm configurations, allowing a web user to execute code if the configuration is vulnerable. The exploit targets the "PHPVALUE" directive in the php.ini file, which...
Exploit for Improper Encoding or Escaping of Output in F5 Nginx
It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly stated, but the repository contains various vulnerable environments and exploits for different vulnerabilities, including CVE-2016-9086, CVE-2017-1000353, CVE-2013-4547,...
Exploit for Improper Encoding or Escaping of Output in F5 Nginx
It is an offensive tool for Docker environments. The primary CVE ID is not explicitly mentioned, but the repository contains various vulnerable environments based on Docker-Compose, including CVE-2016-9086, CVE-2013-4547, CVE-2017-1000353, and CVE-2018-1000006. The target product/service is Docke...
Exploit for Use After Free in Microsoft
This is a PoC Proof of Concept exploit for CVE-2019-0708, a remote code execution vulnerability in Microsoft Windows Remote Desktop Services. The exploit is written in Python and uses the SMBLoris library to send packets to the target host. The exploit is designed to check if a host is vulnerable...
dedecmscan
This is a Python script designed to scan for vulnerabilities in DedeCMS, a content management system. The script is called "dedescan" and is written in Python 3. It uses various techniques to identify potential vulnerabilities, including SQL injection, cross-site scripting XSS, and path traversal...
Exploit for Improper Input Validation in Jenkins
hackUtils It is a hack tool kit for pentest and web security research, which is based on BeautifulSoup bs4 module http://www.crummy.com/software/BeautifulSoup/bs4/. Usage: hackUtils.py options Options: -h, --help Show basic help message and exit -b keyword, --baidu=keyword Fetch URLs from Baidu...
Exploit for Classic Buffer Overflow in Microsoft
PoC exploit for CVE-2017-7269, a buffer overflow vulnerability in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2. The exploit is implemented as a Metasploit module, which allows for remote code execution via a...
Exploit for SQL Injection in Djangoproject Django
CVE-2020-7471 这个仓库提供 CVE-2020-7471 Potential SQL injection via StringAggdelimiter 漏洞的环境和 POC 受影响的 django 版本 - 1.11 到 1.11.28(不含) - 2.2 到 2.2.10(不含) - 3.0 到 3.0.3(不含) 下载使用前需要如下操作: 1. 安装 django 漏洞版本,我测试用的是 python pip install django==3.0.2 -i https://pypi.tuna.tsinghua.edu.cn/simple 2. 参考...
Exploit for Classic Buffer Overflow in Microsoft
This is a Python script that exploits the CVE-2017-7269 vulnerability in IIS servers. The script sends a specially crafted HTTP request to the target server, which triggers a remote code execution vulnerability. The script then receives the response from the server and prints it to the console...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability being targeted is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including ones for Flask, Apache, and Jenkins. The target...
Exploit for Improper Input Validation in Apple Mac_Os_X
This repository contains a collection of proof-of-concept PoC exploits for various vulnerabilities in different applications. The exploits are written in Python and target vulnerabilities in Apache ActiveMQ, Apache Solr, Apache James Server, MySQL, and other applications. The exploits are designe...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Nvidia Tegra_Bootrom_Rcm
This is a proof-of-concept arbitrary code loader for Tegra processors, which takes advantage of CVE-2018-6242 "Fusée Gelée" to gain arbitrary code execution and load small payloads over USB. The vulnerability is documented in the 'report' subfolder, and more details and guides are to follow. The...
Exploit for Race Condition in Canonical Ubuntu_Linux
This repository is a proof-of-concept PoC for the Dirty COW CVE-2016-5195 vulnerability. The PoC relies on ptrace to patch the vDSO Virtual Dynamic Shared Object instead of modifying filesystem binaries. This approach has several advantages, including no setuid binary required, SELinux bypass,...
Exploit for Code Injection in Vmware Spring_Framework
漏洞简介 最近spring爆出重磅级CVE漏洞,cve信息显示"A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Sophos Hitmanpro
引用 这篇文章的目的是介绍一种基于内核态内存的越界写入通用利用技术和相关工具复现. toc 简介 笔者的在原作者池风水利用工具以下简称工具基础上进行二次开发,新增了全自动获取内核调试模块符号的偏移量及配置参数和不同漏洞利用方式优化等功能, 解决了不同Windows版本适配问题,工具包括适配驱动和利用程序两部分组成,实现了在Windows 10 19H1之后任意版本包括满补丁系统上的稳定利用. 自Windows 10 19H1开始,用户层段堆(Segment Heap)结构后端逻辑被用于内核层,主要分为低碎片化堆Low-fragmentation Heap与VS堆Variable Size...
Exploit for Path Traversal in Vmware Cloud_Foundation
PoC exploit for CVE-2021-22005, a vulnerability in VMware vCenter Server allowing file upload to remote code execution. The target product/service is VMware vCenter Server, and the vulnerability class/vector is file upload to RCE. The probable entry point is a POST request to the...
Exploit for Improper Input Validation in Linux Linux_Kernel
This is a PoC exploit for CVE-2021-3490, a Linux kernel vulnerability. The exploit targets the eBPF subsystem and leverages a bug in the verifier to gain arbitrary read and write access to kernel memory. The exploit is designed to work on Ubuntu 20.04.02 and 20.10 Groovy Gorilla kernels 5.8.0-25....
Exploit for CVE-2021-1675
Impacket implementation of CVE-2021-1675...
vulhub
This repository is an open-source collection of vulnerable web applications and tools for security training and research. It is maintained by phith0n and hosted on GitHub. The repository contains a variety of vulnerable applications, including web servers, databases, and other systems, to help...
Exploit for Improper Encoding or Escaping of Output in F5 Nginx
This repository is an open-source collection of vulnerable systems and applications for educational purposes, specifically for penetration testing and vulnerability assessment. It is maintained by phith0n and hosted on GitHub. The repository contains various vulnerable systems and applications,...
Exploit for CVE-2021-42321
This repository is a proof-of-concept PoC exploit for CVE-2021-42321, a vulnerability in Microsoft Exchange Server. The PoC is written in Python and uses the requests library to send a SOAP request to the Exchange server. The exploit targets the Exchange server's GetFolder method, which can be us...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Solarwinds Orion_Platform
This is a collection of Suricata rules and related information for various vulnerabilities. Here's a summary of the content: Rules: 1. Behinder3: Two rules for detecting Behinder3 PHP HTTP Request and Response. The rules set the behinder3 flowbit when the conditions are met. 2. Apache Nifi API RC...
Exploit for OS Command Injection in Eyesofnetwork
This is an exploit module for EyesOfNetwork 5.1 to 5.3, a network monitoring and management tool. The exploit targets three vulnerabilities: CVE-2020-8654, CVE-2020-8655, and CVE-2020-9465. CVE-2020-8654 is a discovery module that allows arbitrary OS commands to be run. The exploit uses the targe...
Exploit for OS Command Injection in Webmin
PoC exploit for CVE-2019-15107 DNSChanger on home routers. The target product/service is Shuttle Tech ADSL Modem-Router 915 WM. The vulnerability class/vector is DNSChanger. The probable entry point is the routerhunter.py script. Notable dependencies/tooling include requests, random, time,...
Exploit for Improper Encoding or Escaping of Output in F5 Nginx
This repository is an open-source collection of vulnerable systems and applications for educational purposes, specifically for penetration testing and vulnerability assessment. It is maintained by phith0n and is available on GitHub under the MIT License. The repository contains a variety of...
Exploit for Off-by-one Error in Sudo_Project Sudo
This repository is a collection of exploit code for the CVE-2021-3156 vulnerability in sudo, a Unix command that allows users to execute commands as another user. The vulnerability is a heap-based overflow in the sudo library, which can be exploited to gain elevated privileges. The repository...
Exploit for CVE-2018-9995
PoC exploit for CVE-2018-9995. This exploit targets a vulnerability in a DVR system, allowing for remote code execution. The exploit is written in Python and uses the requests library to send HTTP requests to the vulnerable system. The exploit first defines a function to get the system's response...
JavaLearnVulnerability
This is a Java vulnerability learning project repository, specifically focused on deserialization vulnerabilities. The repository contains a gadget called "URLDNS" which is used to verify if a target exists a deserialization vulnerability. The gadget is implemented using Java's built-in classes a...
Exploit for Classic Buffer Overflow in Microsoft
PoC exploit for CVE-2017-7269, a buffer overflow vulnerability in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2. The exploit is implemented as a Metasploit module, which can be used to execute arbitrary code vi...
vulhub111
This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable environments and exploits for various software and frameworks, including CouchDB, FFmpeg, Git, and more. The repository is maintained by Vulhub, a community-driven project for...
PowerSploit
This is an offensive tool for Windows PowerShell exploitation. It is a collection of PowerShell modules, specifically PowerSploit, which provides various functions for code execution, DLL injection, and antivirus bypass. The tool is designed to be used by penetration testers and red teamers to te...
redpill
This is a PowerShell module repository called "redpill" that provides various post-exploitation tools for Windows systems. The repository contains several scripts that can be used to perform different tasks such as: Bypassing AppLocker restrictions Hijacking browser cookies Downloading and...
Exploit for Improper Encoding or Escaping of Output in F5 Nginx
This is an open-source project for vulnerability research and training, called Vulhub. It is a collection of vulnerable systems and applications, designed to help security researchers and students learn about various types of vulnerabilities and how to exploit them. The project is maintained by...
Exploit for Off-by-one Error in Sudo_Project Sudo
This is a PoC exploit for CVE-2021-3156, a heap-based overflow vulnerability in sudo. The exploit is written in C and uses a combination of techniques to achieve arbitrary code execution. The exploit creates a shared library libnssX/P0PSH3LLZ .so.2 that is loaded by sudo, which contains a buffer...
Exploit for CVE-2019-11580
CVE-2019-11580 Atlassian Crowd and Crowd Data Center RCE Usage: python CVE-2019-11580.py http://xx.xx.xx.xx/ Crowd-2.11.0 VulnVersion Donwload https://product-downloads.atlassian.com/software/crowd/downloads/atlassian-crowd-2.11.0.tar.gz Powered by Atlassian Crowd Version: 2.11.0 Build:725 -...
Exploit for Off-by-one Error in Sudo_Project Sudo
This is a PoC exploit for CVE-2021-3156, a heap-based overflow vulnerability in sudo. The exploit is a C program that creates a shared library libnssX/P0PSH3LLZ.so.2 that overflows the heap when sudoedit is called. The exploit can be built using the provided Makefile and run using the...
Exploit for Deserialization of Untrusted Data in Microsoft
This is a weaponized tool for exploiting the Microsoft Exchange 2010 MRM.AutoTag.Model unsafe deserialize vulnerability, identified as CVE-2020-17144. The tool is written in C and uses the .NET framework 3.5. The tool consists of two files: e.cs and cve-2020-17144.cs. The e.cs file is a simple C...
hackingtool
This repository is an offensive tool for a comprehensive hacking toolkit. The primary vulnerability class targeted is not explicitly stated, but the tool includes various modules for exploitation, reverse engineering, and post-exploitation. The probable entry points for this tool are scripts and...