1886 matches found
Exploit for Absolute Path Traversal in Rarlab Winrar
This is a PoC exploit for CVE-2018-20250. The exploit targets a vulnerability in the Microsoft Visual C++ compiler, which allows for arbitrary code execution. The vulnerability is related to the way the compiler handles certain types of data. The exploit consists of a Visual Studio solution file...
Exploit for SQL Injection in Zabbix
This is a pre-built vulnerable environment based on Docker-Compose, maintained by Vulhub. The repository contains various vulnerable applications and services, including CouchDB, FFmpeg, Git, and Jenkins, among others. The vulnerabilities are identified by CVE IDs, such as CVE-2016-10134,...
EvilOSX
This is a Python-based Remote Administration Tool RAT for macOS/OS X, known as EvilOSX. It is a modular system that allows users to extend its functionality by creating custom modules. The tool is designed to be undetectable by anti-virus software, using OpenSSL AES-256 encryption for its payload...
vulhub
This is an open-source collection of vulnerable web applications and environments for security research and training. It is a repository of vulnerable systems, including web applications, databases, and other software, designed to help security professionals and researchers practice and improve...
Exploit for Improper Encoding or Escaping of Output in F5 Nginx
This repository is an open-source collection of vulnerable systems and applications for educational purposes, known as Vulhub. It is a defensive blue-team research and threat mitigation tool, used to improve detection, response, and patch prioritization. The repository contains a variety of...
exp-hub
exp-hub 漏洞复现模板如下: 0x00 软件介绍 git:分布式版本控制系统 0x01 复现环境 使用环境:攻防世界中的环境 复现版本:无 0x02 环境搭建 靶机环境:2008r2standardzh-chs 0x03 利用条件 无 0x04 影响版本 无 0x05 漏洞复现 攻击环境:kalix64en-us python ./GitHack.py http://124.126.19.106:31232/.git/ 如下图 0x06 批量脚本 无 0x07 踩坑记录 坑0:Exploit aborted due to failure: bad-config: Set the...
Exploit for Path Traversal in Vmware Cloud_Foundation
CVE-2021-21972 CVE-2021-21972 Works On - VMware-VCSA-all-6.7.0-8217866、VMware-VIM-all-6.7.0-8217866 ✔ - VMware-VCSA-all-6.5.0-16613358 ✔ For vCenter6.7 U2+ vCenter 6.7U2+ running website in memory,so this exp can't work for 6.7 u2+. Need test - vCenter 6.5 LinuxVCSA/Window Waiting For Test -...
Exploit for Code Injection in Gitlab
The provided code is a Python script that exploits a vulnerability in GitLab CE/EE versions 11.9 and earlier. The vulnerability is related to the way GitLab handles image files, allowing an attacker to execute arbitrary code on the server. Here's a breakdown of the code: 1. The script starts by...
Exploit for Incorrect Default Permissions in Microsoft
Awesome Red Teaming List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point. Anyway, this is a living resources and will update regularly with latest Adversarial Tactics and Techniques based on Mitre ATT&CK You c...
Exploit for Out-of-bounds Write in Linux Linux_Kernel
PoC exploit for CVE-2021-22555, a heap out-of-bounds write affecting Linux since v2.6.19-rc1. The exploit allows an attacker to gain privileges or cause a DoS through user namespace memory corruption. The target is Linux, and the vulnerability class is heap out-of-bounds write. The probable entry...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
This repository is a proof-of-concept PoC exploit for CVE-2020-0796, also known as SMBGhost, a pre-authentication remote code execution vulnerability in Windows SMBv3. The exploit is written in Python and uses the SMB protocol to exploit the vulnerability. The PoC is intended for demonstration...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
PoC exploit for CVE-2020-0796 - SMBv3 RCE. The target product/service is SMB. The vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the scanner.py script. Notable dependencies/tooling include the netaddr library. The execution context is a Python script invoked...
Exploit for Classic Buffer Overflow in Microsoft
PoC exploit for CVE-2017-7269, an RCE vulnerability in Microsoft IIS WebDav ScStoragePathFromUrl function. The exploit targets Microsoft Windows Server 2003 R2 and is implemented as a Metasploit module. The vulnerability allows remote attackers to execute arbitrary code via a long header beginnin...
Exploit for Path Traversal in Microsoft
This repository is an exploit module for CVE-2021-40444, a remote code execution vulnerability in Microsoft Office Word. The exploit is a malicious docx generator that creates a document that, when opened, will execute a malicious DLL file. The exploit is based on some reverse engineering over a...
Exploit for CVE-2021-1678
PoC exploit for CVE-2021-1678, an arbitrary code execution vulnerability in the Windows Print Spooler service. The exploit is contained within a Docker container, which can be built and run using the provided Dockerfile. The container includes a Python script, spoolsploit.py, that can be used to...
Exploit for Improper Input Validation in Google Chrome
It is an offensive tool for WebAssembly exploitation. The repository contains PoC exploits for CVE-2020-16040 and CVE-2021-3156. The primary CVE is CVE-2020-16040. The target product/service is WebAssembly, and the vulnerability class/vector is arbitrary code execution RCE via WebAssembly module...
Exploit for Path Traversal in Microsoft
PoC exploit for CVE-2021-40444, a Microsoft Office Word RCE vulnerability. The target is Microsoft Office Word, with the vulnerability class being Remote Code Execution RCE. The probable entry point is the exploit.py script, which is not specified how it is typically invoked. The exploit chain...
Exploit for Improper Encoding or Escaping of Output in F5 Nginx
This is an offensive tool for web application security training. It is a collection of vulnerable web applications, each with its own set of vulnerabilities, designed to help users learn and practice web application security testing. The repository contains a variety of web applications, includin...
Exploit for Code Injection in Pivotal_Software Spring_Data_Commons
Based on the provided code and metadata, here is a description of the repository and its contents: Repository: This repository appears to be a Maven wrapper for the Apache Maven project, specifically version 3.5.3. The repository contains metadata and configuration files for the Maven wrapper,...
Exploit for Server-Side Request Forgery in Microsoft
Exchange SSRF GetShell --- RunCommand CVE-2021–26855.exe -host 10.11.11.24 -mail [email protected] --- 效果图 - 写出webshell到服务器 - 使用菜刀连接webshell...
Exploit for SQL Injection in Zabbix
This repository is an offensive tool for vulnerability research and exploitation. It contains various tools and exploits for testing and demonstrating vulnerabilities in different software and systems. The primary purpose of this repository is to provide a platform for researchers and security...
Red-Teaming-Toolkit
This repository is an offensive tool for Red Teaming/Adversary Simulation. It contains a collection of open source and commercial tools that aid in red team operations. The primary target product/service or framework is not explicitly stated, but the tools are designed to be used in various stage...
vulhub
This is an open-source collection of vulnerable web applications and environments for security training and testing. It is a repository of vulnerable systems and applications that can be used to practice and improve one's skills in penetration testing and vulnerability assessment. The repository...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Cisco Ios
About 这个github仓库,是eqgrp-free-file.tar.xz 的免费解压版本, 源文件由“The Shadow Brokers”黑客组织放出。 加密的拍卖版本可以在网上找到和下载。 Firewall 这个文件夹包含了所有的源文件。 listing.txt则是所有文件的清单。 This repository contains the decrypted and decompressed contents of the eqgrp-free-file.tar.xz file released by "The Shadow Brokers". The contents ar...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
This is a proof-of-concept PoC exploit for CVE-2020-0796, also known as SMBGhost, a pre-authentication remote code execution vulnerability in Windows SMBv3 servers. The exploit is written in Python and uses the SMB protocol to exploit the vulnerability. The PoC is designed for demonstration...
Exploit for Deserialization of Untrusted Data in Apache Log4J
This is a PoC exploit for CVE-2019-17571, an RCE vulnerability in the Java JNDI API. The repository is a malicious LDAP server for JNDI injection attacks, containing LDAP and HTTP servers for exploiting insecure-by-default Java JNDI API. The tool brings new attack vectors by leveraging the power ...
wesng
This is an offensive tool for Windows vulnerability exploitation. It is a Python-based tool called Windows Exploit Suggester - Next Generation WES-NG, which provides a list of vulnerabilities the OS is vulnerable to, including any exploits for these vulnerabilities. The tool uses the output of...
vulhub
This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for web application security testing and education. The primary vulnerability class/vector targeted by this collection is not explicitly stated, but it likely...
Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux
It is an exploit module for CVE-2021-3493, a local privilege escalation vulnerability in Ubuntu OverlayFS. The target is the Linux kernel, specifically the overlayfs file system, which did not properly validate the application of file system capabilities with respect to user namespaces. A local...
Exploit for Improper Input Validation in Google Chrome
PoC exploit for CVE-2020-16040, an out-of-bounds read vulnerability in the WebAssembly WASM module loader. The exploit targets the WASM module loader's handling of WebAssembly code, specifically the wasmcode array, which is used to load and execute WASM modules. The vulnerability allows an attack...
Exploit for Path Traversal in Vmware Cloud_Foundation
CVE-2021-21972 CVE-2021-21972 Works On - VMware-VCSA-all-6.7.0-8217866、VMware-VIM-all-6.7.0-8217866 ✔ - VMware-VCSA-all-6.5.0-16613358 ✔ For vCenter6.7 U2+ vCenter 6.7U2+ running website in memory,so this exp can't work for 6.7 u2+. Need test - vCenter 6.5 LinuxVCSA/Window Waiting For Test -...
Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager
It is an offensive tool for Web applications. The primary CVE ID is 'CVE-2020-5902'. The target product/service is BIG-IP F5, and the vulnerability class/vector is Remote Code Execution RCE. The probable entry point is undisclosed pages in the Traffic Management User Interface TMUI, also referred...
Exploit for Use After Free in Microsoft
CVE-2019-0708-poc CVE-2019-0708 远程代码执行漏洞批量检测 3389hosts为待检测IP地址清单,一行一个 pool = ThreadPool10 为自定义扫描线程 注意 Windows python3环境 使用 1. 编辑3389hosts,将待检测的IP地址写入文件,一行一个 2. 命令行切换到代码所在的目录,运行python cve-2019-0708.py...
vxhunter
This is an offensive tool for embedded device analysis. It is a toolset for VxWorks based embedded device analyses, specifically designed for analyzing VxWorks firmware. The toolset includes plugins written in Python for analyzing firmware loading address, fixing function names with symbol tables...
Exploit for CVE-2019-1322
Erebus CobaltStrike后渗透测试插件 部分功能只适用于cobalt strike 4.x 由于异步处理问题,某些功能可能会存在BUG 暂时未找到解决方法,如果大佬们有解决方案,欢迎联系我 更新日志 2020-10-19V1.3.5 - 添加badcmd命令基于badpotato - potatos提权添加badpotato - post模块添加socks功能基于ew 详见post----Socks tunnel - 删除信息收集模块审计功能 更新日志 2020-07-31V1.3.4 - 添加fakelogonscreen命令 - 添加SpaceRunner...
Exploit for Missing Authorization in Linuxfoundation Harbor
Ary Ary 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。 版本:2.1.1 公开版 作者: Ali0th 联系: [email protected] 主页: github.com/Martin2877 声明:本工具仅供学习、测试使用,严禁用于非法用途,开发者对使用者的违法行为不负责任。 交流:欢迎提issue,或私信我加入工具使用交流群。 下载 前往releases下载 相关文档 我的一键 getshell 代码开发之路v1.8.pdf 功能 注意,部分功能还在开发中 0. 信息收集工具开发中 1. 通过多个网络空间的搜索引擎批量爬取相应网站, 如...
Exploit for CVE-2020-14644
It is an offensive tool for WebLogic. The repository contains a basic proof-of-concept PoC and exploit script for WebLogic, with the goal of creating a unified detection and exploitation tool. The script, named weblogicpoc.py, uses the T3 protocol to connect to a WebLogic server and exploit...
Exploit for CVE-2020-16898
CVE-2020-16898 CVE-2020-16898 Windows TCP/IP远程代码执行漏洞 EXP&POC 复现 forforever:https://www.cnblogs.com/forforever/p/13846077.html poc CVE-2020-16898Checker-poc 命令: 管理员启动powershell/CMD Powershell.exe -ExecutionPolicy UnRestricted -File .\CVE-2020-16898-poc.ps1 exp cve-2020-16898-exp2...
Exploit for Path Traversal in Intelbras Tip200_Firmware
PoC exploit for CVE-2020-13886, a Local File Include LFI vulnerability in Intelbras TIP 200/200 LITE/TIP 300 devices. The exploit targets the /cgi-bin/cgiServer.exx?page= parameter, allowing an attacker to read sensitive files on the device. The poc.py script takes two user inputs: the URL...
Exploit for Improper Privilege Management in Microsoft
内网渗透学习笔记 作者:chriskali Github:chriskaliX 近期,拜读了腾讯蓝军-红蓝对抗之Windows内网渗透,学到了不少知识点。打算拆分章节进行整理以及复现,主要记录自己缺失的知识点。这是一个大杂烩文章,主线是跟着jumbo师傅的思路,碰到感兴趣的,我会继续扩展。可能有点凌乱,希望大家见谅。 0x01 环境搭建 这一步略过,简单介绍一下测试的环境 |主机名|IP地址|角色|系统| |:-:|:-:|:-:|:-:| |DC|10.10.10.10|DC|DNS|Winserver 2012| |John|10.10.10.11|normal|win7|...
Exploit for SQL Injection in Zabbix
This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for cybersecurity training and research. The primary vulnerability class targeted by Vulhub is not explicitly stated, but based on the provided context, it...
Exploit for Deserialization of Untrusted Data in Microsoft
This is a weaponized tool for exploiting the Microsoft Exchange 2010 MRM.AutoTag.Model unsafe deserialize vulnerability, identified as CVE-2020-17144. The tool is written in C and uses the .NET framework 3.5. The tool consists of two files: e.cs and cve-2020-17144.cs. The e.cs file is a simple C...
Exploit for CVE-2019-1322
Erebus CobaltStrike后渗透测试插件 Auther by S0cke3t 更新日志 2020-03-08 添加cookie steal 支持搜狗,360,360极速,QQ,火狐,谷歌,2345 更多使用事项请移步Browser-cookie-steal 详见:post----Steal-cookie 更新日志 2019-12-30 添加SafetyKatz 此功能为一个修改的mimikatz,截至目前2019-12-30此方式可绕过大部分AV检测和运行 详见:Interact----SafetyKatz 命令 添加Seatbelt...
Exploit for Improper Handling of Exceptional Conditions in Apache Struts
CNVD-ID CNVD-2017-02474 发布时间 2017-03-07 危害级别 高 AV:N/AC:L/Au:N/C:C/I:C/A:C 影响产品 Apache struts =2.3.5,=2.5, CVE Identifier CVE-2017-5638 Problem It is possible to perform a RCE attack with a malicious Content-Type value. If the Content-Type value isn't valid an exception is thrown which is then use...
Gopherus
This is an offensive tool for exploiting various vulnerabilities in servers. The tool is called Gopherus and is designed to generate payloads for exploiting Server-Side Request Forgery SSRF vulnerabilities in various services, including MySQL, PostgreSQL, FastCGI, Memcached, Redis, Zabbix, and...
Exploit for Observable Discrepancy in Intel Atom_C
PoC exploit for CVE-2017-5753 and CVE-2017-5715, variants of the Spectre attack. The target product/service is the CPU, specifically the x86 architecture. The vulnerability class/vector is speculative execution, allowing an attacker to trick error-free programs into leaking their secrets. The...
penetration
This repository contains a collection of 0-day exploits for various web applications, including CMS platforms. The exploits are categorized by the affected application, and each category contains multiple exploits. The exploits are written in various programming languages, including PHP, Python,...
Exploit for CVE-2020-1938
CVE-2020-1938Tomcat-fileinclude and filered Tomcat的文件包含及文件读取漏洞利用POC 文件读取 Usage :python2 "Tomcat-ROOT路径下文件读取CVE-2020-1938.py" -p 8009 -f /test.txt 127.0.0.1 文件包含 Usage :python2 "Tomcat-ROOT路径下文件包含CVE-2020-1938.py" -p 8009 -f /test.txt 127.0.0.1 复现详情:http://www.svenbeast.com/post/fqSI9laE8/ img:...
vulhub
This is a Docker Compose file for a vulnerability environment. It is a collection of services that can be used to test and demonstrate various types of vulnerabilities. The file is written in YAML format and defines the services, their ports, and the networks they use. The file contains several...
Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server
CVE-2018-2628 WebLogic反序列化漏洞复现 weblogic getshell python CVE-2018-2628-Getshell.py ip port shell1.jsp C:\Users\CTF\Desktoppython CVE-2018-2628-Getshell.py 10.10.20.166 7001 jason1.jsp / \ \ / / | | \ / / |/ \ | \ / /| \ / \ | | \ \ / /| | | | | || | | / / | | | | \ / / | |/ /| | | || | usage:...