1886 matches found
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
CVE-2020-0796-SMB 该资源为CVE-2020-0796漏洞复现,包括Python版本和C++版本。主要是集合了github大神们的资源,希望您喜欢 C++ Python EXP POC 漏洞利用: - 本地EXP提权:https://github.com/danigargu/CVE-2020-0796 - 本地EXE提权: https://github.com/f1tz/CVE-2020-0796-LPE-EXP - POC版本提权: https://github.com/eerykitty/CVE-2020-0796-PoC -...
Exploit for CVE-2020-2551
CVE-2020-2551 Weblogic IIOP 反序列化 测试环境 Weblogic10.3.6+jdk1.6 打包好的jar包 提取码:a6ob 漏洞利用 下载jar包,然后使用marshalsec起一个恶意的RMI服务,本地编译一个exp.java java package payload; import java.io.IOException; public class exp public exp String cmd = "curl http://172.16.1.1/success"; try...
Exploit for Path Traversal in Atlassian Confluence_Server
PoC exploit for CVE-2019-3396, a Confluence Server-Side Template Injection SSTI Remote Code Execution RCE vulnerability. The exploit targets Confluence versions vulnerable to this CVE. The vulnerability is exploited by sending a specially crafted request to the Confluence REST API, which allows a...
Exploit for CVE-2017-0144
This is a PoC exploit for CVE-2017-0144, a remote code execution vulnerability in Windows. The exploit targets Windows 2000 and later versions. It does not require Python installation, as it is built with Pyinstaller. The exploit implements a few options, such as username/password specification a...
Exploit for Improper Encoding or Escaping of Output in F5 Nginx
It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly mentioned, but the project is based on various vulnerabilities, including CVE-2016-9086, CVE-2013-4547, CVE-2017-1000353, and CVE-2018-1000006. The target product/service or framework...
Exploit for CVE-2017-0213
windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 Security Bulletin KB Description Operating System - MS17-017 KB4013081 GDI Palette Objects Local Privilege Escalation windows 7/8 - CVE-2017-8464 LNK Remote Code Execution Vulnerability windows 10/8.1/7/2016/2010/2008 - CVE-2017-0213...
Exploit for CVE-2020-1938
说明 工具仅用于安全研究以及内部自查, 禁止使用工具发起非法攻击, 造成的后果由使用者负责 Apache Tomcat文件包含漏洞(CVE-2020-1938 / CNVD-2020-1048 )批量检测工具. 此项目在Kit4y的项目的基础上进行修改. 代码修改 当ip.txt中只有1个域名或ip时, 会使得threadCount为1, 程序实际上没有运行, 增加判断线程数的代码 ... if threadCount == 1: threadCount = 2 for i in range0,threadCount-1: ... 修改少量代码, 以兼容Python3. 修改前的代码...
exploit-database
This is an official Exploit Database repository, a collection of public exploits and vulnerable software. The repository is updated daily with the most recently added submissions. It includes a search utility called "searchsploit" that allows users to search through the exploits using one or more...
Exploit for CVE-2016-0728
This repository is an offensive tool for Linux kernel exploitation, specifically targeting the CVE-2016-0728 vulnerability. The vulnerability is a REFCOUNT overflow/Use-After-Free in keyrings, which allows for local root exploitation. The repository contains two exploit modules, expboost.c and...
Exploit for Use After Free in Microsoft
CVE-2019-0708 is a remote code execution vulnerability in Microsoft Windows Remote Desktop Services. This repository contains a proof-of-concept PoC exploit for this vulnerability, as well as a scanner for detecting vulnerable hosts. The PoC exploit is written in Python and uses the SMBLoris...
Exploit for Improper Input Validation in Joomla Joomla\!
CMS-Hunter 简介 Content Management System Vulnerability Hunter 说明:目前来看,本项目会进行长期维护,有修改的建议或者想法欢迎联系作者。 CMS 漏洞列表 Discuz - Discuz<3.4birthprovince前台任意文件删除 DedeCMS - DedeCMSv5.7shopsdelivery存储型XSS - DedeCMSv5.7carbuyaction存储型XSS - DedeCMSv5.7友情链接CSRFGetShell - DedeCMS V5.7 SP2后台存在代码执行漏洞 Drupal -...
Exploit for Classic Buffer Overflow in Point-To-Point_Protocol_Project Point-To-Point_Protocol
PoC exploit for CVE-2020-8597, a buffer overflow vulnerability in the eap.c file of the pppd daemon in ppp versions 2.4.2 through 2.4.8. The vulnerability allows for a buffer overflow in the eaprequest and eapresponse functions, which can be exploited by sending a long "EAP: unauthenticated peer...
Exploit for Improper Input Validation in Jenkins
hackUtils It is a hack tool kit for pentest and web security research, which is based on BeautifulSoup bs4 module http://www.crummy.com/software/BeautifulSoup/bs4/. Usage: hackUtils.py options Options: -h, --help Show basic help message and exit -b keyword, --baidu=keyword Fetch URLs from Baidu...
Exploit for Classic Buffer Overflow in Microsoft
This is a PoC exploit for CVE-2017-7269, a vulnerability in Microsoft IIS 6.0. The target product/service is Microsoft IIS 6.0, and the vulnerability class/vector is a remote code execution RCE vulnerability. The probable entry point is the exploit.py script, which is invoked using the python...
Exploit for Improper Resource Shutdown or Release in Microsoft
CVE-2018-8120 CVE-2018-8120 Windows LPE exploit Supports both x32 and x64. Tested on: Win7 x32, Win7 x64, Win2008 x32, Win2008 R2 x32, Win2008 R2 Datacenter x64, Win2008 Enterprise x64. Usage shell CVE-2018-8120 exploit by @unamerhttps://github.com/unamer Usage: exp.exe command Example: exp.exe...
Exploit for CVE-2019-1003000
PoC exploit for CVE-2019-1003000, CVE-2019-1003001, and CVE-2019-1003002, which are related to Script Security, Pipeline: Groovy, and Pipeline: Declarative plugins in Jenkins. The exploit allows users with Overall/Read permission and Job/Configure and optional Job/Build to bypass the sandbox...
Exploit for Deserialization of Untrusted Data in Apache Log4J
CVE-2019-17571 is a vulnerability in the Apache Commons FileUpload library. It allows an attacker to upload a malicious file with a .class extension, which can be used to execute arbitrary code on the server. The vulnerability is caused by the library not properly validating the file extension...
Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server
CVE-2018-2628 Weblogic GetShell.py is a Python script that exploits the Oracle Weblogic Server deserialization vulnerability. The script generates a payload using ysoserial and sends it to the target server. The payload is a serialized Java object that, when deserialized, executes arbitrary code...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
Awesome Web Security 🐶 Curated list of Web Security materials and resources. Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of...
Exploit for Improper Input Validation in Joomla Joomla\!
CMS-Hunter 简介 Content Management System Vulnerability Hunter 说明:目前来看,本项目会进行长期维护,有修改的建议或者想法欢迎联系作者。 CMS 漏洞列表 Discuz - Discuz<3.4birthprovince前台任意文件删除 DedeCMS - DedeCMSv5.7shopsdelivery存储型XSS - DedeCMSv5.7carbuyaction存储型XSS - DedeCMSv5.7友情链接CSRFGetShell - DedeCMS V5.7 SP2后台存在代码执行漏洞 Drupal -...
Exploit for CVE-2013-0422
K8tools 20190727 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 博客: https://www.cnblogs.com/k8gege 下载: https://github.com/k8gege/K8tools PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 综合工具 K8飞刀Final.rar + K8data.mdb K8飞刀漏洞数据库20190402 + K8expList.txt...
Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server
CVE-2018-2628 Weblogic GetShell.py is a Python script that exploits the Oracle Weblogic Server 10.3.6.0, 12.1.3.0, 12.2.1.2, 12.2.1.3 deserialization remote command execution vulnerability. The script generates a payload using the ysoserial tool and sends it to the target server using a socket...
Exploit for CVE-2013-0422
K8tools 20190428 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 博客: https://www.cnblogs.com/k8gege 下载: https://github.com/k8gege/K8tools PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 综合工具 K8飞刀Final.rar + K8data.mdb K8飞刀漏洞数据库20190402 + K8expList.txt...
exploitdb-bin-sploitsss
This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains a collection of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. It is intended to serve as the...
Exploit for CVE-2013-6026
PoC exploit for CVE-2013-6026, a severe vulnerability allowing unauthenticated access to the administration panel of many routers made by D-Link. The target product/service is D-Link routers, and the vulnerability class/vector is auth bypass. The probable entry point is the Shodan search engine,...
vulhub
This is a Docker Compose file for a vulnerability environment. It is a collection of services and their configurations that can be used to test and demonstrate various vulnerabilities. The file is written in YAML format and defines the services, their ports, and their dependencies. The services...
Exploit for CVE-2017-0213
windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 Security Bulletin KB Description Operating System - MS17-017 KB4013081 GDI Palette Objects Local Privilege Escalation windows 7/8 - CVE-2017-8464 LNK Remote Code Execution Vulnerability windows 10/8.1/7/2016/2010/2008 - CVE-2017-0213...
Exploit for Race Condition in Sudo_Project Sudo
PoC exploit for CVE-2017-1000367, a vulnerability in the Linux sudo command. The target is the Linux operating system, specifically the sudo command. The vulnerability class is a privilege escalation vulnerability, allowing an attacker to gain root privileges. The probable entry point is the...
lua-resty-waf
It is an offensive tool for web application firewalls WAFs. The repository, huangjacky/lua-resty-waf, contains a high-performance WAF built on the OpenResty stack. The tool is designed to protect against various types of attacks, including HTTP violations, HTTP anomalies, SQL injection, and gener...
Tater
It is an offensive tool for Windows Privilege Escalation. The primary CVE ID is not explicitly mentioned, but the tool is based on the Hot Potato Windows Privilege Escalation exploit, which is a known vulnerability. The target product/service is Windows, and the vulnerability class/vector is...
pocsuite3
This is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec 404 Team. It comes with a powerful proof-of-concept engine, many nice features for the ultimate penetration testers and security researchers. The framework supports various...
Exploit for Code Injection in Apache Cassandra
0day 由于众所周知的原因,原始仓库被删除,但保留了副本,forks和stars 清零 不过请放心,还是原来的配方,原来的味道。 为了避免再次出现这种情况找不到此项目,可以Follow 一下 本仓库所有内容仅限用于学习交流 English | 中文 各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC ,该项目将持续更新 优秀项目列表 1. Fastjson RCE https://github.com/dbgee/fastjson-rce 2. Log4j RCE https://github.com/dbgee/log4j2rce 3. redis RCE...
Exploit for Classic Buffer Overflow in Cisco Pix_Firewall_Software
This is a PoC exploit for CVE-2016-6366, a remote code execution vulnerability in Cisco ASA. The repository contains improvements to the EXTRABACON exploit, which was written by the Equation Group NSA and leaked by the Shadow Brokers. The exploit targets various versions of Cisco ASA, including 8...
Exploit for Code Injection in Apache Cassandra
0day 由于众所周知的原因,原始仓库被删除,但保留了副本,forks和stars 清零 不过请放心,还是原来的配方,原来的味道。 为了避免再次出现这种情况找不到此项目,可以Follow 一下 本仓库所有内容仅限用于学习交流 English | 中文 各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC ,该项目将持续更新 优秀项目列表 1. Fastjson RCE https://github.com/dbgee/fastjson-rce 2. Log4j RCE https://github.com/dbgee/log4j2rce 3. redis RCE...
Exploit for CVE-2020-13933
CVE-2020-13933 靶场 shiro 权限配置, 当请求 /res/ 资源时, 302 跳转到登陆页面进行身份认证 - NameController.java: · /res/name: 请求名为 name 的的资源(触发身份认证) · /res/: 不请求任何资源(不触发身份认证) 靶场验证 不在请求路由中指定资源名称时,不触发身份验证,也无资源返回: http://127.0.0.1:8080/res/ 在请求路由中指定资源名称时,302 跳转到身份验证页面: http://127.0.0.1:8080/res/poc 构造特定 PoC...
vulhub
This is an offensive tool for web application security training and education. It is a collection of vulnerable web applications and tools for testing and training purposes. The repository is a clone of vulhub/vulhub, which is a collection of vulnerable web applications and tools for testing and...
Exploit for Use of Hard-coded Cryptographic Key in Apache Aurora
This repository is an open-source project called "Attack-Defense ThinkTank" openKylin, which is a community-driven platform for sharing knowledge and research on attack and defense techniques. The project is hosted on Gitee, a Chinese version of GitHub. The repository contains various articles an...
Exploit for SQL Injection in Zabbix
This repository is an open-source collection of vulnerable web applications and tools for security testing and education, maintained by phith0n. It is an offensive tool for web application security testing. The primary vulnerability targeted by this repository is not explicitly stated, but it...
Exploit for Absolute Path Traversal in Rarlab Winrar
This is a PoC exploit for CVE-2018-20250. The exploit targets a vulnerability in the Microsoft Visual C++ compiler, which allows for arbitrary code execution. The vulnerability is related to the way the compiler handles certain types of data. The exploit consists of a Visual Studio solution file...
Exploit for SQL Injection in Zabbix
This is a pre-built vulnerable environment based on Docker-Compose, maintained by Vulhub. The repository contains various vulnerable applications and services, including CouchDB, FFmpeg, Git, and Jenkins, among others. The vulnerabilities are identified by CVE IDs, such as CVE-2016-10134,...
EvilOSX
This is a Python-based Remote Administration Tool RAT for macOS/OS X, known as EvilOSX. It is a modular system that allows users to extend its functionality by creating custom modules. The tool is designed to be undetectable by anti-virus software, using OpenSSL AES-256 encryption for its payload...
vulhub
This is an open-source collection of vulnerable web applications and environments for security research and training. It is a repository of vulnerable systems, including web applications, databases, and other software, designed to help security professionals and researchers practice and improve...
Exploit for Improper Encoding or Escaping of Output in F5 Nginx
This repository is an open-source collection of vulnerable systems and applications for educational purposes, known as Vulhub. It is a defensive blue-team research and threat mitigation tool, used to improve detection, response, and patch prioritization. The repository contains a variety of...
exp-hub
exp-hub 漏洞复现模板如下: 0x00 软件介绍 git:分布式版本控制系统 0x01 复现环境 使用环境:攻防世界中的环境 复现版本:无 0x02 环境搭建 靶机环境:2008r2standardzh-chs 0x03 利用条件 无 0x04 影响版本 无 0x05 漏洞复现 攻击环境:kalix64en-us python ./GitHack.py http://124.126.19.106:31232/.git/ 如下图 0x06 批量脚本 无 0x07 踩坑记录 坑0:Exploit aborted due to failure: bad-config: Set the...
Exploit for Path Traversal in Vmware Cloud_Foundation
CVE-2021-21972 CVE-2021-21972 Works On - VMware-VCSA-all-6.7.0-8217866、VMware-VIM-all-6.7.0-8217866 ✔ - VMware-VCSA-all-6.5.0-16613358 ✔ For vCenter6.7 U2+ vCenter 6.7U2+ running website in memory,so this exp can't work for 6.7 u2+. Need test - vCenter 6.5 LinuxVCSA/Window Waiting For Test -...
Exploit for Code Injection in Gitlab
The provided code is a Python script that exploits a vulnerability in GitLab CE/EE versions 11.9 and earlier. The vulnerability is related to the way GitLab handles image files, allowing an attacker to execute arbitrary code on the server. Here's a breakdown of the code: 1. The script starts by...
Exploit for Incorrect Default Permissions in Microsoft
Awesome Red Teaming List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point. Anyway, this is a living resources and will update regularly with latest Adversarial Tactics and Techniques based on Mitre ATT&CK You c...
Exploit for Out-of-bounds Write in Linux Linux_Kernel
PoC exploit for CVE-2021-22555, a heap out-of-bounds write affecting Linux since v2.6.19-rc1. The exploit allows an attacker to gain privileges or cause a DoS through user namespace memory corruption. The target is Linux, and the vulnerability class is heap out-of-bounds write. The probable entry...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
This repository is a proof-of-concept PoC exploit for CVE-2020-0796, also known as SMBGhost, a pre-authentication remote code execution vulnerability in Windows SMBv3. The exploit is written in Python and uses the SMB protocol to exploit the vulnerability. The PoC is intended for demonstration...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
PoC exploit for CVE-2020-0796 - SMBv3 RCE. The target product/service is SMB. The vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the scanner.py script. Notable dependencies/tooling include the netaddr library. The execution context is a Python script invoked...