1886 matches found
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
This repository is a proof-of-concept PoC exploit for CVE-2020-0796, also known as SMBGhost, a pre-authentication remote code execution vulnerability in Windows SMBv3. The exploit is written in Python and uses the SMB protocol to exploit the vulnerability. The PoC is intended for demonstration...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
PoC exploit for CVE-2020-0796 - SMBv3 RCE. The target product/service is SMB. The vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the scanner.py script. Notable dependencies/tooling include the netaddr library. The execution context is a Python script invoked...
Exploit for Classic Buffer Overflow in Microsoft
PoC exploit for CVE-2017-7269, an RCE vulnerability in Microsoft IIS WebDav ScStoragePathFromUrl function. The exploit targets Microsoft Windows Server 2003 R2 and is implemented as a Metasploit module. The vulnerability allows remote attackers to execute arbitrary code via a long header beginnin...
Exploit for CVE-2021-1678
PoC exploit for CVE-2021-1678, an arbitrary code execution vulnerability in the Windows Print Spooler service. The exploit is contained within a Docker container, which can be built and run using the provided Dockerfile. The container includes a Python script, spoolsploit.py, that can be used to...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Solarwinds Orion_Platform
This is a collection of Suricata rules and related information for various vulnerabilities. Here's a summary of the content: Rules: 1. Behinder3: Two rules for detecting Behinder3 PHP HTTP Request and Response. The rules set the behinder3 flowbit when the conditions are met. 2. Apache Nifi API RC...
Exploit for Improper Input Validation in Google Chrome
It is an offensive tool for WebAssembly exploitation. The repository contains PoC exploits for CVE-2020-16040 and CVE-2021-3156. The primary CVE is CVE-2020-16040. The target product/service is WebAssembly, and the vulnerability class/vector is arbitrary code execution RCE via WebAssembly module...
Exploit for Improper Encoding or Escaping of Output in F5 Nginx
This is an offensive tool for web application security training. It is a collection of vulnerable web applications, each with its own set of vulnerabilities, designed to help users learn and practice web application security testing. The repository contains a variety of web applications, includin...
Exploit for Server-Side Request Forgery in Microsoft
Exchange SSRF GetShell --- RunCommand CVE-2021–26855.exe -host 10.11.11.24 -mail [email protected] --- 效果图 - 写出webshell到服务器 - 使用菜刀连接webshell...
Exploit for Off-by-one Error in Sudo_Project Sudo
This repository is a collection of exploit code for the CVE-2021-3156 vulnerability in sudo, a Unix command that allows users to execute commands as another user. The vulnerability is a heap-based overflow in the sudo library, which can be exploited to gain elevated privileges. The repository...
Exploit for SQL Injection in Zabbix
This repository is an offensive tool for vulnerability research and exploitation. It contains various tools and exploits for testing and demonstrating vulnerabilities in different software and systems. The primary purpose of this repository is to provide a platform for researchers and security...
Red-Teaming-Toolkit
This repository is an offensive tool for Red Teaming/Adversary Simulation. It contains a collection of open source and commercial tools that aid in red team operations. The primary target product/service or framework is not explicitly stated, but the tools are designed to be used in various stage...
vulhub
This is an open-source collection of vulnerable web applications and environments for security training and testing. It is a repository of vulnerable systems and applications that can be used to practice and improve one's skills in penetration testing and vulnerability assessment. The repository...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Cisco Ios
About 这个github仓库,是eqgrp-free-file.tar.xz 的免费解压版本, 源文件由“The Shadow Brokers”黑客组织放出。 加密的拍卖版本可以在网上找到和下载。 Firewall 这个文件夹包含了所有的源文件。 listing.txt则是所有文件的清单。 This repository contains the decrypted and decompressed contents of the eqgrp-free-file.tar.xz file released by "The Shadow Brokers". The contents ar...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
This is a proof-of-concept PoC exploit for CVE-2020-0796, also known as SMBGhost, a pre-authentication remote code execution vulnerability in Windows SMBv3 servers. The exploit is written in Python and uses the SMB protocol to exploit the vulnerability. The PoC is designed for demonstration...
Exploit for Deserialization of Untrusted Data in Apache Log4J
This is a PoC exploit for CVE-2019-17571, an RCE vulnerability in the Java JNDI API. The repository is a malicious LDAP server for JNDI injection attacks, containing LDAP and HTTP servers for exploiting insecure-by-default Java JNDI API. The tool brings new attack vectors by leveraging the power ...
wesng
This is an offensive tool for Windows vulnerability exploitation. It is a Python-based tool called Windows Exploit Suggester - Next Generation WES-NG, which provides a list of vulnerabilities the OS is vulnerable to, including any exploits for these vulnerabilities. The tool uses the output of...
vulhub
This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for web application security testing and education. The primary vulnerability class/vector targeted by this collection is not explicitly stated, but it likely...
Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux
It is an exploit module for CVE-2021-3493, a local privilege escalation vulnerability in Ubuntu OverlayFS. The target is the Linux kernel, specifically the overlayfs file system, which did not properly validate the application of file system capabilities with respect to user namespaces. A local...
Exploit for Improper Input Validation in Google Chrome
PoC exploit for CVE-2020-16040, an out-of-bounds read vulnerability in the WebAssembly WASM module loader. The exploit targets the WASM module loader's handling of WebAssembly code, specifically the wasmcode array, which is used to load and execute WASM modules. The vulnerability allows an attack...
Exploit for Off-by-one Error in Sudo_Project Sudo
This is a PoC exploit for CVE-2021-3156, a heap-based overflow vulnerability in sudo. The exploit is written in C and uses a combination of techniques to achieve arbitrary code execution. The exploit creates a shared library libnssX/P0PSH3LLZ .so.2 that is loaded by sudo, which contains a buffer...
Exploit for Path Traversal in Vmware Cloud_Foundation
CVE-2021-21972 CVE-2021-21972 Works On - VMware-VCSA-all-6.7.0-8217866、VMware-VIM-all-6.7.0-8217866 ✔ - VMware-VCSA-all-6.5.0-16613358 ✔ For vCenter6.7 U2+ vCenter 6.7U2+ running website in memory,so this exp can't work for 6.7 u2+. Need test - vCenter 6.5 LinuxVCSA/Window Waiting For Test -...
Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager
It is an offensive tool for Web applications. The primary CVE ID is 'CVE-2020-5902'. The target product/service is BIG-IP F5, and the vulnerability class/vector is Remote Code Execution RCE. The probable entry point is undisclosed pages in the Traffic Management User Interface TMUI, also referred...
Exploit for Use After Free in Microsoft
CVE-2019-0708-poc CVE-2019-0708 远程代码执行漏洞批量检测 3389hosts为待检测IP地址清单,一行一个 pool = ThreadPool10 为自定义扫描线程 注意 Windows python3环境 使用 1. 编辑3389hosts,将待检测的IP地址写入文件,一行一个 2. 命令行切换到代码所在的目录,运行python cve-2019-0708.py...
Exploit for CVE-2019-1322
Erebus CobaltStrike后渗透测试插件 部分功能只适用于cobalt strike 4.x 由于异步处理问题,某些功能可能会存在BUG 暂时未找到解决方法,如果大佬们有解决方案,欢迎联系我 更新日志 2020-10-19V1.3.5 - 添加badcmd命令基于badpotato - potatos提权添加badpotato - post模块添加socks功能基于ew 详见post----Socks tunnel - 删除信息收集模块审计功能 更新日志 2020-07-31V1.3.4 - 添加fakelogonscreen命令 - 添加SpaceRunner...
Exploit for Missing Authorization in Linuxfoundation Harbor
Ary Ary 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。 版本:2.1.1 公开版 作者: Ali0th 联系: [email protected] 主页: github.com/Martin2877 声明:本工具仅供学习、测试使用,严禁用于非法用途,开发者对使用者的违法行为不负责任。 交流:欢迎提issue,或私信我加入工具使用交流群。 下载 前往releases下载 相关文档 我的一键 getshell 代码开发之路v1.8.pdf 功能 注意,部分功能还在开发中 0. 信息收集工具开发中 1. 通过多个网络空间的搜索引擎批量爬取相应网站, 如...
Exploit for Off-by-one Error in Sudo_Project Sudo
This is a PoC exploit for CVE-2021-3156, a heap-based overflow vulnerability in sudo. The exploit is a C program that creates a shared library libnssX/P0PSH3LLZ.so.2 that overflows the heap when sudoedit is called. The exploit can be built using the provided Makefile and run using the...
Exploit for CVE-2020-14644
It is an offensive tool for WebLogic. The repository contains a basic proof-of-concept PoC and exploit script for WebLogic, with the goal of creating a unified detection and exploitation tool. The script, named weblogicpoc.py, uses the T3 protocol to connect to a WebLogic server and exploit...
Exploit for CVE-2020-16898
CVE-2020-16898 CVE-2020-16898 Windows TCP/IP远程代码执行漏洞 EXP&POC 复现 forforever:https://www.cnblogs.com/forforever/p/13846077.html poc CVE-2020-16898Checker-poc 命令: 管理员启动powershell/CMD Powershell.exe -ExecutionPolicy UnRestricted -File .\CVE-2020-16898-poc.ps1 exp cve-2020-16898-exp2...
Exploit for Path Traversal in Intelbras Tip200_Firmware
PoC exploit for CVE-2020-13886, a Local File Include LFI vulnerability in Intelbras TIP 200/200 LITE/TIP 300 devices. The exploit targets the /cgi-bin/cgiServer.exx?page= parameter, allowing an attacker to read sensitive files on the device. The poc.py script takes two user inputs: the URL...
Exploit for Improper Privilege Management in Microsoft
内网渗透学习笔记 作者:chriskali Github:chriskaliX 近期,拜读了腾讯蓝军-红蓝对抗之Windows内网渗透,学到了不少知识点。打算拆分章节进行整理以及复现,主要记录自己缺失的知识点。这是一个大杂烩文章,主线是跟着jumbo师傅的思路,碰到感兴趣的,我会继续扩展。可能有点凌乱,希望大家见谅。 0x01 环境搭建 这一步略过,简单介绍一下测试的环境 |主机名|IP地址|角色|系统| |:-:|:-:|:-:|:-:| |DC|10.10.10.10|DC|DNS|Winserver 2012| |John|10.10.10.11|normal|win7|...
Exploit for SQL Injection in Zabbix
This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for cybersecurity training and research. The primary vulnerability class targeted by Vulhub is not explicitly stated, but based on the provided context, it...
Exploit for Deserialization of Untrusted Data in Microsoft
This is a weaponized tool for exploiting the Microsoft Exchange 2010 MRM.AutoTag.Model unsafe deserialize vulnerability, identified as CVE-2020-17144. The tool is written in C and uses the .NET framework 3.5. The tool consists of two files: e.cs and cve-2020-17144.cs. The e.cs file is a simple C...
Exploit for CVE-2019-1322
Erebus CobaltStrike后渗透测试插件 Auther by S0cke3t 更新日志 2020-03-08 添加cookie steal 支持搜狗,360,360极速,QQ,火狐,谷歌,2345 更多使用事项请移步Browser-cookie-steal 详见:post----Steal-cookie 更新日志 2019-12-30 添加SafetyKatz 此功能为一个修改的mimikatz,截至目前2019-12-30此方式可绕过大部分AV检测和运行 详见:Interact----SafetyKatz 命令 添加Seatbelt...
Exploit for CVE-2016-2384
This repository contains proof-of-concept exploits for two Linux kernel vulnerabilities: CVE-2016-2384 and CVE-2017-6074. CVE-2016-2384 is a double-free vulnerability in the USB MIDI driver. The exploit is a part of a proof-of-concept exploit for the vulnerability in the usb-midi driver. It is...
Exploit for Improper Handling of Exceptional Conditions in Apache Struts
CNVD-ID CNVD-2017-02474 发布时间 2017-03-07 危害级别 高 AV:N/AC:L/Au:N/C:C/I:C/A:C 影响产品 Apache struts =2.3.5,=2.5, CVE Identifier CVE-2017-5638 Problem It is possible to perform a RCE attack with a malicious Content-Type value. If the Content-Type value isn't valid an exception is thrown which is then use...
Gopherus
This is an offensive tool for exploiting various vulnerabilities in servers. The tool is called Gopherus and is designed to generate payloads for exploiting Server-Side Request Forgery SSRF vulnerabilities in various services, including MySQL, PostgreSQL, FastCGI, Memcached, Redis, Zabbix, and...
Exploit for Observable Discrepancy in Intel Atom_C
PoC exploit for CVE-2017-5753 and CVE-2017-5715, variants of the Spectre attack. The target product/service is the CPU, specifically the x86 architecture. The vulnerability class/vector is speculative execution, allowing an attacker to trick error-free programs into leaking their secrets. The...
penetration
This repository contains a collection of 0-day exploits for various web applications, including CMS platforms. The exploits are categorized by the affected application, and each category contains multiple exploits. The exploits are written in various programming languages, including PHP, Python,...
Exploit for CVE-2020-1938
CVE-2020-1938Tomcat-fileinclude and filered Tomcat的文件包含及文件读取漏洞利用POC 文件读取 Usage :python2 "Tomcat-ROOT路径下文件读取CVE-2020-1938.py" -p 8009 -f /test.txt 127.0.0.1 文件包含 Usage :python2 "Tomcat-ROOT路径下文件包含CVE-2020-1938.py" -p 8009 -f /test.txt 127.0.0.1 复现详情:http://www.svenbeast.com/post/fqSI9laE8/ img:...
vulhub
This is a Docker Compose file for a vulnerability environment. It is a collection of services that can be used to test and demonstrate various types of vulnerabilities. The file is written in YAML format and defines the services, their ports, and the networks they use. The file contains several...
Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server
CVE-2018-2628 WebLogic反序列化漏洞复现 weblogic getshell python CVE-2018-2628-Getshell.py ip port shell1.jsp C:\Users\CTF\Desktoppython CVE-2018-2628-Getshell.py 10.10.20.166 7001 jason1.jsp / \ \ / / | | \ / / |/ \ | \ / /| \ / \ | | \ \ / /| | | | | || | | / / | | | | \ / / | |/ /| | | || | usage:...
KITT-Lite
This is a Python-based pentesting CLI tool. The tool is designed to extract WPS Wi-Fi Protected Setup pins from vulnerable routers. It uses various tools such as Piexiewps, Reaver, Bully, Aircrack Suite, and Wash in an automated way to achieve its goal. The tool is likely used for penetration...
Phantom-Evasion
This is a Python antivirus evasion tool called Phantom-Evasion. It is free software, licensed under the GNU General Public License GPL version 3. The tool is designed to evade detection by antivirus software and is intended for educational or research purposes only. The tool consists of several...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability is a Server-Side Template Injection SSTI vulnerability in a Flask application. The repository contains a Docker Compose file that sets up a vulnerable environment for testing and demonstration...
Exploit for Incorrect Default Permissions in Ui Unifi_Controller
This is a PoC exploit for CVE-2020-12695, a vulnerability in the CallStranger protocol. The script is designed to check against this vulnerability and demonstrate its exploitation. The vulnerability allows an attacker to bypass DLP Data Loss Prevention and exfiltrate data, use millions of...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
Awesome Web Security 🐶 Curated list of Web Security materials and resources. Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of...
Dockerfiles
This repository is a collection of Dockerfiles for CTF Capture The Flag challenges running on SniperOJ. The Dockerfiles are used to build a vulnerable environment for the challenges, which can be solved by participants. The repository contains various challenges, including web-based and pwn...
ctf-pwns
This repository contains a collection of CTF Capture The Flag challenges for training and education. The challenges are categorized into several folders, each containing a specific challenge. The challenges are designed to test various skills, including exploitation, reverse engineering, and...
Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server
CVE-2018-2628 CVE-2018-2628漏洞工具包 根据Github上整理出的漏洞利用工具包含: 1.CVE-2018-2628漏洞检测工具 //漏洞存在检测的POC 2.weblogicpoc.py //漏洞利用的POC 3.ysoserial-0.1-cve-2018-2628-all.jar //借鉴的漏洞利用工具https://github.com/tdy218/ysoserial-cve-2018-2628/releases 具体的漏洞复现过程请移步简书:https://www.jianshu.com/p/6649118ba7b6...
penetration-1
This is a collection of 0-day exploits for various web applications, including CreateLive CMS, BlueCMS, and DVBBS. The exploits are written in a mix of languages, including Chinese, Russian, and English. The exploits target various vulnerabilities, including SQL injection, cross-site scripting XS...