1886 matches found
HikPwn
This is an offensive tool for Hikvision devices. The tool, named HikPwn, is a simple scanner written in Python 3.8 that performs basic vulnerability scanning capabilities. It was created by Ananke and is available on GitHub. The tool has several functions and characteristics, including passive an...
vulhub1
This is a repository for a project called Vulhub, which appears to be a collection of vulnerable systems and applications for testing and learning purposes. The repository contains various files and directories, including: 1. .gitattributes: A file that specifies which files should be ignored by...
Exploit for Improper Input Validation in Drupal
PoC exploit for CVE-2018-7600, a remote code execution vulnerability in Drupal. The target product/service is Drupal, and the vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the 'user/register' page, and the exploit is typically invoked by running the...
OffensiveRust
This is a collection of Rust code snippets, each implementing a different type of exploit or malicious functionality. The code is organized into several subdirectories, each containing a specific exploit or tool. Here's a summary of the code and its functionality: 1. AllocateWithSyscalls: This co...
nuclei-templates
This repository is an offensive tool for nuclei templates, which are used to find security vulnerabilities in applications. The primary CVE ID present in the context is not explicitly mentioned, but the repository contains a workflow for CVE annotation. The target product/service or framework is...
ICSwiki
This is an offensive tool for ICS Industrial Control Systems testing. It is a collection of scripts and tools for identifying and exploiting vulnerabilities in ICS protocols, specifically IEC-60870-5-104 and IEC-61850-8-1. The tool is designed to send identify requests and extract vendor name,...
aflnet
It is an offensive tool for network protocols. The primary CVE ID is not explicitly stated in the provided context, but the tool is mentioned in a research paper that was accepted for publication at the IEEE International Conference on Software Testing, Verification and Validation ICST 2020. The...
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq
This is a Python script for exploiting a vulnerability in Apache ActiveMQ. The script is designed to upload a shell to the server using the PUT method. The vulnerability being exploited is CVE-2016-3088. The script requires the user to provide the URL of the ActiveMQ server, the username, and the...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
CVE-2017-11882 43b 原脚本来自于 https://github.com/embedi/CVE-2017-11882 109b 原脚本来自于 https://github.com/unamer/CVE-2017-11882/ (膜一波,现在unamer的代码已经可以执行shellcode了) CVE-2017-11882: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ MITRE CVE-2017-11882: https://vulners.com/cve/CVE-2017-118...
HackTools
This is a web browser extension for penetration testing, called HackTools. It is a comprehensive toolset for web application security testing, providing various features such as: Dynamic shell generation PHP, Bash, Ruby, Python, Perl, Netcat XSS payload generation Common SQL injection payloads...
PocCollect
This is a Python-based proof-of-concept POC collection repository. The repository contains a variety of POCs for different vulnerabilities, including Struts2, Heartbleed, and Java Deserialization. The POCs are designed to be used for educational purposes only and should not be used for malicious...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-41773 复现 https://www.tenable.com/blog/cve-2021-41773-path-traversal-zero-day-in-apache-http-server-exploited v2.4.49 apache 独有漏洞,早期版本中并没有 apnormalizepath 这个函数,该函数是在v2.4.49版本中引入的,正是这个函数导致了 目录穿越,在 v2.4.50 被修复了 环境 https://github.com/1nhann/CVE-2021-41773 本环境中,加载了 cgi 模块: ini LoadModule...
Exploit for Path Traversal in Microsoft
This repository is an exploit module for CVE-2021-40444, a remote code execution vulnerability in Microsoft Office Word. The repository contains a Python script exploit.py that generates a malicious docx document, a Windows DLL calc.dll that pops a calc.exe when executed, and a server script...
ctf
It is an offensive tool for reverse engineering. The repository contains a binary decompiler for a "Magic Word" challenge, which appears to be a reverse engineering exercise. The code is written in C++ and utilizes the basicstring class from the C++ Standard Library. The decompiled main function ...
Red-Teaming-Toolkit
This is a collection of open source and commercial tools that aid in red team operations. The repository includes tools for reconnaissance, weaponization, delivery, command and control, lateral movement, establishing a foothold, escalating privileges, data exfiltration, and miscellaneous...
PrintNightmare
This is a PoC Proof of Concept exploit for the Print Nightmare vulnerability, which affects Windows Print Spooler service. The repository contains a Visual Studio solution file EXP/POC.sln that includes a C++ project POC with a main function. The project uses the RPC Remote Procedure Call client...
Exploit for OS Command Injection in Dlink Dir-859_Firmware
IoT-vulhub 受 Vulhub 项目的启发,希望做一个 IoT 版的固件漏洞复现环境。 安装 在 Ubuntu 20.04 下安装 docker 和 docker-compose: sh 安装 pip $ curl -s https://bootstrap.pypa.io/get-pip.py | python3 安装最新版 docker $ curl -s https://get.docker.com/ | sh 启动 docker 服务 $ systemctl start docker 安装 docker-compose $ python3 -m pip install...
Exploit for CVE-2021-1675
C and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527...
Exploit for CVE-2013-6026
PoC exploit for CVE-2013-6026 Joel's Backdoor in D-Link routers. The target product/service is D-Link routers, and the vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the administration panel of the router, which can be accessed without authentication due to t...
Exploit for CVE-2021-3129
It is an exploit module for CVE-2021-3129. The target product/service is Laravel, a PHP web framework. The vulnerability class/vector is a remote code execution RCE vulnerability. The probable entry point is the Laravel application itself, likely through a web interface. Not specified...
Exploit for Path Traversal in Microsoft
This repository is a proof-of-concept PoC exploit for CVE-2021-40444, a Microsoft Office Word remote code execution vulnerability. The PoC is a malicious docx generator that creates a document that, when opened, will execute arbitrary code on the victim's system. The PoC consists of several files...
Exploit for Out-of-bounds Write in Linux Linux_Kernel
PoC exploit for CVE-2021-22555, a heap out-of-bounds write affecting Linux since v2.6.19-rc1, discovered in net/netfilter/xtables.c. This allows an attacker to gain privileges or cause a DoS via heap memory corruption through user namespace. The exploit is tested on Ubuntu 5.8.0-48-generic and CO...
probench_aflnet
It is an offensive tool for network protocols. The primary CVE ID is not explicitly mentioned in the provided context; however, the tool is designed to fuzz network protocols, which may lead to the discovery of vulnerabilities. The target product/service or framework is network protocols, and the...
CDK
This is an open-sourced container penetration toolkit called CDK, designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs to help escape container and takeover K8s cluster easily. The toolkit i...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Advantech Webaccess
This is a PoC Proof of Concept exploit for CVE-2016-0856, a vulnerability in the Windows RPC Remote Procedure Call service. The exploit targets the RpcClient and RpcDcClient classes in the bwconn.dll library. The exploit is written in Python and uses the ctypes library to interact with the Window...
SpringBootVulExploit
This repository is an offensive tool for exploiting Spring Boot vulnerabilities. It contains a collection of exploits and techniques for various Spring Boot versions, including: 1. Spring Boot 1.0 - 1.4: Exposes actuators by default without any parameters, making it vulnerable to RCE Remote Code...
Exploit-Writeups
The repository whuadmin/Exploit-Writeups is a collection of writeups for various CTF Capture The Flag challenges. The writeups cover a range of topics, including reverse engineering, pwnables, and cryptography. The first challenge is "crackme01" from EncryptCTF-2019, which is a reverse engineerin...
Exploit for CVE-2020-14882
CVE-2020-14882ALL CVE-2020-14882ALL综合利用工具,支持命令回显检测、批量命令回显、外置xml无回显命令执行等功能。 需要模块:requests、http.client (工具仅用于授权的安全测试,请勿用于非法使用,违规行为与作者无关。) 选项 功能一:命令回显 python3 CVE-2020-14882ALL.py -u http://1.1.1.1:7001 -c "net user" python3 CVE-2020-14882ALL.py -u http://1.1.1.1:7001 -c "whoami" 功能二:批量命令回显 python3...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability is not explicitly stated, but the collection includes various vulnerable environments, such as flask/ssti, which is a vulnerable Flask web application with a Server-Side Template Injection SSTI...
impacket1472
This is a Python library called Impacket, which provides a collection of classes for working with network protocols. The library is focused on providing low-level programmatic access to the packets and for some protocols e.g. SMB1-3 and MSRPC the protocol implementation itself. The library includ...
Exploit for Unrestricted Upload of File with Dangerous Type in Pi-Hole
PoC exploit for CVE-2020-11108; an RCE and privilege escalation in Pi-hole. The exploit targets Pi-hole = 4.4 and must be run with root privileges. The primary entry point is the cve-2020-11108-rce.py script, which will give a shell as the www-data user, and the root-cve-2020-11108-rce.py script,...
vulhub
This repository is an offensive tool for vulnerability research and exploitation, specifically targeting various web applications and frameworks. The primary vulnerability class/vector targeted by this repository is not explicitly stated, but based on the code and metadata, it appears to be a...
marshalsec
This is a Java-based tool for exploiting Java object deserialization vulnerabilities, specifically targeting BlazeDS AMF Action Message Format versions 0, 3, and X. The tool, named "marshalsec," is designed to test and demonstrate the exploitation of these vulnerabilities, which can lead to remot...
POChouse
Based on the provided information, the vulnerability is a remote code execution RCE vulnerability in Apache Flink 1.9.x. The vulnerability allows an attacker to upload a malicious JAR package, which can be executed by the JobManager process, leading to RCE. The affected versions of Apache Flink a...
charlotte
This is a C++ shellcode launcher, fully undetected as of May 13th, 2021. It dynamically invokes Win32 API functions, XOR encrypts shellcode and function names, and uses random XOR keys and variables per run. The code is designed to be stealthy and difficult to detect. The code is written in C++ a...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
This is a proof-of-concept POC exploit for CVE-2020-0796, a vulnerability in the SMBv3 protocol. The exploit is implemented in Python and uses the Impacket library to interact with the SMB protocol. The exploit targets the SMBv3 protocol's signing requirement, which can be bypassed to allow for...
vulhub
This repository is an open-source collection of vulnerable web applications and environments for testing and learning purposes. It is maintained by phith0n and hosted on GitHub. The repository contains a variety of applications, including web servers, databases, and other services, that are...
pentestdb
This is an offensive tool for penetration testing. It is a Python-based tool called "pentestdb" that provides a collection of tools and resources for penetration testing, including exploit development, vulnerability scanning, and password cracking. The tool is designed to be easy to use and...
charlotte
It is an offensive tool for Windows. The repository contains a Python script, charlotte.py, which is a fully undetected shellcode launcher. The script uses XOR encryption to encrypt the shellcode and function names. The script is designed to be used with the Metasploit framework, and it can be us...
vulhub
This is a pre-built vulnerable environment based on Docker-Compose, maintained by Vulhub. The repository contains various vulnerable environments, including CouchDB, FFmpeg, Git, InfluxDB, and more. The environments are designed to be easily reproducible and can be used for testing and training...
awesome-windows-exploitation
This is a curated list of Windows exploitation resources and tools. The repository is a collection of articles, tutorials, and tools for Windows exploitation, including stack overflows, heap overflows, and kernel-based Windows overflows. The list includes resources such as articles from Phrack, a...
Exploit for Race Condition in Linux Linux_Kernel
PoC exploit for CVE-2017-1000405, a Linux kernel vulnerability known as Huge Dirty Cow. The target is the Linux kernel, specifically the huge page handling mechanism. The vulnerability class is a use-after-free bug in the huge page handling code, allowing for arbitrary memory access. The probable...
Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server
weblogic-scan weblogic 漏洞扫描工具 妄想试图weblogic一把梭 目前检测的功能 - x console 页面探测 & 弱口令扫描 - x uuid页面的SSRF - x CVE-2017-10271 wls-wsat页面的反序列化 - x CVE-2018-2628 反序列化 - x CNVD-C-2019-48814 后期可以的话还会继续加功能的,主要是一些反序列化的poc真的不好写,我也不咋会.. USE 使用前请先填写config.py中的server参数...
shadowbroker
This repository, afei00123/shadowbroker, contains a collection of exploits and tools leaked by the Shadow Brokers, a group known for releasing sensitive information. The repository includes a README file that lists the contents of the repository, which includes various exploits and tools, such as...
Exploit for Use After Free in Microsoft
CVE-2021-31166 is a proof of concept for a remote UAF Use-After-Free vulnerability in the HTTP.sys protocol stack. The bug occurs in the http!UlpParseContentCoding function, which appends items to a local LISTENTRY and then moves it into the Request structure without NULLing out the local list...
vulhub
This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for various areas, including web application security, penetration testing, and vulnerability research. The primary purpose of Vulhub is to provide a convenie...
Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux
PoC exploit for CVE-2021-3493, a local privilege escalation vulnerability in Ubuntu OverlayFS. The target is the Linux kernel, specifically the overlayfs file system, which did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker coul...
Exploit for CVE-2015-1701
CVE-2015-1701 Win32k Elevation of Privilege Vulnerability. Original info https://www.fireeye.com/blog/threat-research/2015/04/probableapt28useo.html Protection Apply MS15-051 for fix. https://technet.microsoft.com/library/security/MS15-051 Authors c 2015 CVE-2015-1701 Project Credits R136a1...
pocsuite3
This is a Python package called pocsuite3 that provides a framework for remote vulnerability testing and proof-of-concept development. It is designed to be used by penetration testers and security researchers. The package has a powerful proof-of-concept engine and comes with many features,...
CTF-All-In-One
This is a comprehensive guide to CTF Capture The Flag competitions, specifically focusing on the Pwn binary exploitation aspect. The book is written by Yang Chao, a member of L-Team, and is intended for beginners. It covers the basics of binary exploitation, including memory management, buffer...