1886 matches found
Exploit for CVE-2017-0213
windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 Security Bulletin KB Description Operating System - MS17-017 KB4013081 GDI Palette Objects Local Privilege Escalation windows 7/8 - CVE-2017-8464 LNK Remote Code Execution Vulnerability windows 10/8.1/7/2016/2010/2008 - CVE-2017-0213...
Exploit for CVE-2016-0728
This repository is an offensive tool for Linux kernel exploitation. It contains exploits for various real-world kernel vulnerabilities, including CVE-2016-0728. The primary vulnerability being targeted is a REFCOUNT overflow/Use-After-Free in keyrings. The repository includes two exploit modules:...
PowerTools
This repository is an offensive tool for PowerShell exploitation. It contains a collection of scripts that utilize a common pattern to host a script on a PowerShell webserver, invoke the IEX download cradle to download/execute the target code and post the results back to the server, and then...
exploit-database
This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains exploits, shellcodes, and papers for various vulnerabilities in different software and systems. The exploits are categorized by operating system, software, and vulnerability...
XXEinjector
This is an exploit module/toolkit targeting XXE XML eXternal Entity vulnerabilities. The primary CVE ID is not explicitly stated, but the tool is designed to automate exploitation of XXE vulnerabilities using direct and out-of-band methods. The target product/service is likely web applications,...
Exploit for Improper Certificate Validation in Microsoft
PoC exploit for CVE-2020-0601, a vulnerability in the signature verification of certificates using elliptic curve cryptography ECC in Windows 10. The exploit targets the MicrosoftECCProductRootCertificateAuthority.cer, a trusted root certificate authority CA using ECC. The vulnerability allows an...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not specified, but the environments are designed to be vulnerable to various attacks. The probable entry points include docker-compose build and run commands. Notable...
Shiro-721
This is a vulnerability analysis of a Shiro RCE Remote Code Execution exploit via Padding Oracle Attack. Here's a summary of the key points: Vulnerability Overview The Shiro framework is a popular open-source security framework that provides identity, authentication, authorization, encryption, an...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
CVE-2017-11882 43b 原脚本来自于 https://github.com/embedi/CVE-2017-11882 109b 原脚本来自于 https://github.com/unamer/CVE-2017-11882/ (膜一波,现在unamer的代码已经可以执行shellcode了) CVE-2017-11882: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ MITRE CVE-2017-11882: https://vulners.com/cve/CVE-2017-118...
Exploit for Out-of-bounds Write in Adobe Acrobat
How2pwn Author: Wenhuo - github仅作为仓库使用,个人新博客已迁移至:https://fandazh.cn 。老域名已关闭网站,CTF系列可能不会再更新了,现在主要更新how2CVE。...
vulhub123
It is an offensive tool for web application security training. The target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and others. The vulnerability class/vector is not...
icsmaster
This repository, 'icsmaster', is an ICS/SCADA security resource collection. It contains various tools and scripts for identifying and exploiting vulnerabilities in industrial control systems. The repository includes a list of dorks search terms for finding vulnerable systems, as well as a...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various attacks. The probable entry points are not specified, but the environments are likely to be...
Exploit for Use After Free in Microsoft
This is a PoC Proof of Concept exploit for CVE-2019-0708, a vulnerability in Microsoft Windows Remote Desktop Services. The repository contains a scanner that can detect if a host is vulnerable to this vulnerability by binding the MST120 channel outside of its normal slot and sending non-DoS...
Exploit for Improper Input Validation in Microsoft
CVE-2019-0708 批量检测 0x01 前言 CVE-2019-0708 Windows RDP 远程命令执行漏洞 Windows系列服务器于2019年5月15号,被爆出高危漏洞,该漏洞影响范围较广,windows2003、windows2008、windows2008 R2、windows xp 系统都会遭到攻击,该服务器漏洞利用方式是通过远程桌面端口3389,RDP协议进行攻击的...
POC-T
This is a Python-based penetration testing framework called POC-T. It is a concurrent framework that allows users to perform various types of attacks, including vulnerability verification, file upload, weak password cracking, and more. The framework has a modular design, with each module...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
CVE-2017-11882 43b 原脚本来自于 https://github.com/embedi/CVE-2017-11882 109b 原脚本来自于 https://github.com/unamer/CVE-2017-11882/ (膜一波,现在unamer的代码已经可以执行shellcode了) CVE-2017-11882: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ MITRE CVE-2017-11882: https://vulners.com/cve/CVE-2017-118...
Exploit for Improper Input Validation in Microsoft
cve-2019-0604 SharePoint RCE exploit...
Exploit for CVE-2013-0422
K8tools 20191024 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 下载: https://github.com/k8gege/K8tools PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 扫描工具 K8Cscan5.4 大型内网渗透扫描器内置28个功能,支持Cobalt Strike + 综合工具 K8飞刀Final.rar + K8data.mdb K8飞刀漏洞数据库20190402 +...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The target product/service or framework is docker and docker-compose. The vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various attacks. The probable entry...
Exploit for OS Command Injection in Dlink Dir-655_Firmware
This is a PoC exploit for CVE-2019-16920, a vulnerability in D-Link routers. The exploit is implemented in two Python scripts: CVE-2019-16920.py and CVE-2019-16920-MassPwn3r.py. The scripts send arbitrary input to a "PingTest" device common gateway interface, which can lead to command injection a...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab
It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly stated, but the repository contains various vulnerable environments and exploits for different vulnerabilities, including CVE-2016-9086, CVE-2017-1000353, and CVE-2018-1000006. The...
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq
This repository is an offensive tool for ActiveMQ. It is a proof-of-concept PoC exploit for CVE-2016-3088. The tool is designed to upload a shell to the ActiveMQ server and execute it, allowing for remote code execution. The tool is written in Python and uses the urlparse and urlunparse modules t...
Exploit for Race Condition in Canonical Ubuntu_Linux
This is a PoC exploit for CVE-2016-5195, a vulnerability in the Linux kernel that allows for a local privilege escalation. The exploit is implemented in C++ and has been ported to Go and a legacy version without C++11 features. The exploit modifies the /etc/passwd file, forcing the password...
icsmaster
This repository is an offensive tool for ICS Industrial Control Systems security research and exploitation. It contains a collection of resources, including papers, exploits, firmware, Nmap scripts, and tools, related to ICS security. The repository is maintained by GeneBlue and appears to be a...
vulhub
It is an offensive tool for Vulnerability Research. The repository, vulhub, is a collection of pre-built vulnerable environments based on Docker-Compose. It is designed to be used for vulnerability research and testing, allowing users to easily create and manage vulnerable environments without...
icsmaster
This is a collection of resources for ICS/SCADA security, including papers, exploit scripts, firmware, Nmap scripts, protocol libraries, and tools. The repository is organized into several categories, including: Papers: A collection of research papers on ICS/SCADA security, including topics such ...
ATSCAN
This is a tool called ATSCAN, a mass exploitation scanner. It is a Perl script that can be used to scan for various types of vulnerabilities, including XSS, LFI/RFI, and SQL injection. The tool can also be used to filter WordPress and Joomla sites, find admin pages, and perform other tasks. The...
Scanners-Box
This is a collection of open-source scanning tools and wordlists for web application security testing. The repository, Scanners-Box, is a collection of tools from various contributors, including lijiejie, ringzero, and others. The tools are categorized into subdomains, database vulnerability...
Exploit for CVE-2013-0422
K8tools 20190403 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 博客: https://www.cnblogs.com/k8gege 下载: https://github.com/k8gege/K8tools 密码: k8gege k8team K8team PS: 不定期更新,文件比较大,可按需下载。 提权工具均可在远控cmd或WebShell下运行,大部份经过修改重新编译兼容性稳定性比网上要好 综合工具 + 综合工具 K8飞刀Final.rar + K8data.mdb K8飞刀漏洞数据库20190402 + K8expList.txt K8飞刀漏洞利用列表...
vulhub
It is an offensive tool for Web Application. The repository contains a collection of pre-built vulnerable docker environments, including a web application vulnerable to various attacks. The tool is designed to help developers and security researchers test and demonstrate the effectiveness of web...
PowerSploit
This is an offensive tool for Windows PowerShell exploitation. It is a collection of PowerShell scripts that can be used to exploit vulnerabilities in Windows systems. The repository contains several modules, including AntivirusBypass, CodeExecution, and others. The AntivirusBypass module contain...
exploit-database-bin-sploits
This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains a collection of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. The aim is to serve as the most...
Exploit for Race Condition in Linux Linux_Kernel
This is a PoC exploit for CVE-2017-1000405, also known as the Huge Dirty Cow vulnerability. The target product/service is the Linux kernel, and the vulnerability class/vector is a use-after-free bug in the handling of transparent huge pages. The probable entry point is the main.c file, which...
metasploit-framework
This is the Metasploit Framework repository, a comprehensive collection of exploit modules and tools for penetration testing and vulnerability assessment. The framework is written in Ruby and is widely used by security professionals and researchers. The repository contains a large number of...
exploit-database
This is the official Exploit Database repository, a collection of public exploits and vulnerable software gathered through direct submissions, mailing lists, and other public sources. The repository is updated daily with the most recently added submissions. It includes a search utility called...
Exploit for CVE-2005-1125
PoC exploit for CVE-2005-1125. The exploit targets a vulnerability in the Libsafe library, which is a safety net for applications to prevent buffer overflows. The exploit is designed to bypass the Libsafe protection and execute arbitrary code. The repository contains a Makefile that builds the...
黑客工具测试
This is an offensive tool for a comprehensive hacking toolkit. The primary vulnerability class targeted is RCE Remote Code Execution, with various tools and modules available for different attack vectors, including SQL injection, phishing, web attacks, post-exploitation, and more. The tool is...
CVEfixes-db
This repository is an offensive tool for collecting and processing CVE Common Vulnerabilities and Exposures data. It is a Python-based tool that collects CVE data from various sources, including the National Vulnerability Database NVD and GitHub, and stores it in a SQLite database. The tool is...
渗透字典
This repository is an offensive tool for Bug Bounty research and exploitation. The primary CVE ID is not explicitly mentioned, but it appears to be a collection of exploits and techniques for various vulnerabilities. The repository contains a wide range of exploits and techniques, including: 1...
Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware
This repository is an offensive tool for web application exploitation. The primary vulnerability targeted is CVE-2022-30525, a server-side request forgery SSRF vulnerability in a web application. The tool is designed to exploit this vulnerability by sending a specially crafted request to the targ...
firejail
This repository is an open-source project for the Firejail tool, which is a Linux security tool that allows users to sandbox applications and restrict their access to system resources. The repository contains various files and directories related to the project, including configuration files,...
Exploit for SQL Injection in Zabbix
This is a comprehensive and well-structured vulnerability hub repository. Here's a concise analysis of the provided information: Classification: It is an offensive tool for various vulnerability exploitation and testing purposes. CVE IDs: The repository contains references to several CVE IDs,...
vulhub
This repository is an open-source collection of vulnerable web applications and environments for security research and training. It is maintained by phith0n and hosted on GitHub. The repository contains a variety of vulnerable applications, including web servers, databases, and other systems, to...
vulhub
This repository is an offensive tool for web application security training and testing. It is a collection of vulnerable web applications and tools for testing and training purposes. The repository contains a variety of vulnerable applications, including web servers, databases, and other web-base...
exploitdb
The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...
pikachu
It is an offensive tool for web application security training. The primary CVE ID is not explicitly stated, but the tool is designed to demonstrate various web application vulnerabilities, including but not limited to: Burt Force brute force, XSS cross-site scripting, CSRF cross-site request...
vulhub
This repository is an offensive tool for web application security training and testing. It is a collection of vulnerable web applications, each designed to demonstrate a specific web application security vulnerability. The repository includes various web applications, such as CouchDB, Git, and...
Exploit for SQL Injection in Zabbix
This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable environments and exploits for various software and frameworks, including CouchDB, FFmpeg, Git, and Oracle Java. The repository is maintained by phith0n and is hosted on GitHub...
redis-rce
PoC exploit for Redis RCE Remote Code Execution in Redis 4.x/5.x. The exploit is inspired by Redis post-exploitation techniques and is based on a modified version of the Redis Rogue Server. The exploit uses the RedisModules-ExecuteCommand library to load a custom Redis module, which allows for...