1886 matches found
pocsuite3
This is a Python package called pocsuite3 that provides a framework for remote vulnerability testing and proof-of-concept development. It is designed to be used by penetration testers and security researchers. The package has a powerful proof-of-concept engine and comes with many features,...
CTF-All-In-One
This is a comprehensive guide to CTF Capture The Flag competitions, specifically focusing on the Pwn binary exploitation aspect. The book is written by Yang Chao, a member of L-Team, and is intended for beginners. It covers the basics of binary exploitation, including memory management, buffer...
vulhub
This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is a collection of vulnerable environments, not a single exploit or tool. The repository contains a variety of vulnerable environments, including CouchDB, FFmpeg, Git, InfluxDB, and more,...
Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server
weblogic-scan weblogic 漏洞扫描工具 妄想试图weblogic一把梭 目前检测的功能 - x console 页面探测 & 弱口令扫描 - x uuid页面的SSRF - x CVE-2017-10271 wls-wsat页面的反序列化 - x CVE-2018-2628 反序列化 - x CNVD-C-2019-48814 后期可以的话还会继续加功能的,主要是一些反序列化的poc真的不好写,我也不咋会.. USE 使用前请先填写config.py中的server参数...
Exploit for CVE-2020-2551
描述 在Oracle官方发布的2020年1月关键补丁更新公告CPU(Critical Patch Update)中,公布了一个Weblogic WLS组件IIOP协议中的远程代码执行漏洞(CVE-2020-2551)。 该漏洞可以绕过 Oracle 官方在 2019 年 10 月份发布的最新安全补丁。攻击者可以通过 IIOP 协议远程访问 Weblogic Server 服务器上的远程接口,传入恶意数据,从而获取服务器 权限并在未授权情况下远程执行任意代码。官方给出的CVSS 评分为 9.8。 IIOP 协议以 Java 接口的形式对远程对象进行访问,默认启用,可通过 7001...
Information_Collection_Handbook
The repository is an information collection handbook for penetration testing and source code analysis. It contains a collection of tools and resources for gathering information about a target, including domain name information, application information, and source code analysis. The repository...
Exploit for SQL Injection in Zabbix
This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for web application security testing and vulnerability research. The primary purpose of Vulhub is to provide a simple and convenient way to test and demonstra...
maltrail
This is a Python script repository for a malicious traffic detection system called Maltrail. The repository contains various files and directories, including configuration files, data storage files, and scripts for data processing and analysis. The script uses a variety of techniques to detect...
Exploit for Off-by-one Error in Sudo_Project Sudo
PoC exploit for CVE-2021-3156, a heap overflow vulnerability in sudoedit. The target product/service is sudoedit, a command-line utility for editing files with superuser privileges. The vulnerability class/vector is a heap overflow, which can lead to a privilege escalation LPE. The probable entry...
Exploit for Off-by-one Error in Sudo_Project Sudo
This is a Python script repository for exploiting the CVE-2021-3156 vulnerability in sudo. The vulnerability is a heap-based overflow in the sudo package, which can be exploited to gain root privileges. The repository contains several exploit scripts, each targeting a specific version of the sudo...
Exploit for Path Traversal in Vmware Cloud_Foundation
PoC exploit for CVE-2021-21972, a remote code execution vulnerability in VMware vCenter 6.5-7.0. The exploit uploads the web shell "shell.jsp" to the target server, which is then executed to gain remote code execution. The exploit is invoked by running the Python script "vcenterrce.py" with the U...
PayloadsAllTheThings
This repository is an offensive tool for Web Application Security and Pentest/CTF. It contains a list of useful payloads and bypass for various web application security vulnerabilities. The repository includes tools and exploits for vulnerabilities such as CRLF injection, CSRF injection, and CORS...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Redhat Jboss_Enterprise_Application_Platform
PoC exploit for CVE-2016-2183, a Padding Oracle vulnerability in Apache Shiro. The exploit targets the RCE Remote Code Execution vector, leveraging the Padding Oracle attack to bypass encryption and inject arbitrary data. The probable entry point is the shirooraclepadding.py script, which is...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
This is a proof-of-concept PoC exploit for CVE-2020-0796, also known as SMBGhost, a pre-authentication remote code execution vulnerability in Windows SMBv3. The exploit is written in Python and uses the SMB protocol to inject shellcode into the Windows kernel. The shellcode is generated from a...
JNDIExploit
JNDIExploit 一款用于 JNDI注入 利用的工具,大量参考/引用了 Rogue JNDI 项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。 使用说明 使用 java -jar JNDIExploit.jar -h 查看参数说明,其中 --ip 参数为必选参数 Usage: java -jar JNDIExploit.jar options Options: -i, --ip Local ip address -l, --ldapPort Ldap bind port default: 1389 -p,...
Exploit for CVE-2020-17008
CVE-2020-17008 splWOW64 Elevation of Privilege C:\Windows\splwow64.exe Poc From: https://bugs.chromium.org/p/project-zero/issues/detail?id=2096 0x01 set splwow64poc.exe Low cd splwow64poc\x64\Release icacls splwow64poc.exe /setintegritylevel L /setintegritylevel CIOI级别将完整性 ACE 显式...
Exploit for CVE-2020-17057
cve-2020-17057 cve-2020-17057 poc 微软于2020-11-10日发布补丁修补...
Exploit for OS Command Injection in Apache Struts
CVE-2020-26259 CVE-2020-26259: XStream1.4.14 is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights. https://x-stream.github.io/CVE-2020-26259.html XStream 1.4.14 pom.xml com.thoughtworks.xstream xstream 1.4.14 poc...
Exploit for Deserialization of Untrusted Data in Apache Tapestry
This repository contains a proof-of-concept PoC exploit for the CVE-2020-17531 vulnerability in Apache Struts 2. The exploit is written in Python and uses the requests library to send a malicious request to the vulnerable application. The PoC exploit is designed to execute a command on the...
mad-metasploit
This is a Metasploit custom module repository, mad-metasploit, which contains a collection of exploits and plugins for various vulnerabilities. The repository is maintained by hahwul and is available on GitHub. The repository includes a variety of exploits, including: AIX Calendar Manager Service...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Advantech Webaccess
This is a proof-of-concept PoC exploit for a vulnerability in the bwconn.dll library, which is a Windows RPC client library. The vulnerability is identified as CVE-2016-0856. The PoC exploit is written in Python and uses the ctypes library to interact with the bwconn.dll library. The exploit...
ctf-writeups
This is a PoC exploit for a double free vulnerability in a binary. The exploit creates overlapping chunks on the heap, manipulates heap metadata, and overwrites the mallochook with a one-gadget address to execute /bin/sh. The challenge is interesting because it does not allow the exploitation of...
vulhub_v2
It is an offensive tool for web application security training. The repository contains a collection of vulnerable Docker environments for web application security training. The tool is designed to be easy to use, requiring only two simple commands to set up a vulnerable environment. The tool is n...
pikachu
It is an offensive tool for web application security training. The primary CVE ID is not explicitly mentioned, but the tool is designed to simulate various web application vulnerabilities, including but not limited to, Burt Force, XSS, CSRF, SQL-Inject, RCE, Files Inclusion, Unsafe file downloads...
Sitadel
This repository is an update for WAScan, making it compatible with Python versions 3.4 and above. It allows for more flexibility in writing new modules and implementing new features, such as frontend framework detection, content delivery network detection, defining risk levels for scans, and a...
vulhub
This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is an offensive tool for testing and demonstrating vulnerabilities in various software and systems. The primary purpose of Vulhub is to provide a simple and easy-to-use platform for...
vulhub
It is an offensive tool for Docker environments. The repository contains a collection of vulnerable Docker environments, including CouchDB, FFmpeg, Git, InfluxDB, and Oracle Java. The environments are designed to be used for testing and training purposes, allowing users to practice exploiting...
Exploit for CVE-2019-2888
CVE-2019-2888 WebLogic EJBTaglibDescriptor XXE漏洞 https://www.oracle.com/security-alerts/cpuoct2019.html fernflower.jar weblogic.jar/weblogic/servlet/ejb2jsp/dd/EJBTaglibDescriptor.class ╭─root@jas502n /var ╰─ find ./ |grep EJBTaglibDescriptor ✔ 8388 18:32:43...
PowerSploit
This is an offensive tool for Windows PowerShell exploitation. The repository contains a PowerShell post-exploitation framework called PowerSploit, which provides various tools for exploiting vulnerabilities in Windows systems. The framework includes modules for antivirus bypass, code execution,...
Exploit for Missing Authentication for Critical Function in Sap Netweaver_Application_Server_Java
PoC exploit for CVE-2020-6287, a vulnerability in SAP NetWeaver AS Java. The exploit targets the CTCWebService component, allowing an unauthenticated attacker to add a user with no administrator permission set. The vulnerability is present in the CTCWebServiceBean?wsdl endpoint, which is accessed...
vulhub
It is an offensive tool for web application security testing. The repository contains a collection of pre-built vulnerable docker environments, allowing users to test web application security without requiring prior knowledge of docker. The tool is designed to be easy to use, with a simple...
Exploit for CVE-2016-0728
PoC exploit for CVE-2016-0728 Linux Kernel Vulnerability. The target product/service is the Linux Kernel, and the vulnerability class/vector is a privilege escalation vulnerability. The probable entry point is the cve20160728.c file, which is compiled into an executable named cve20160728. Not...
Exploit for Use After Free in Microsoft
This is a Metasploit module for exploiting the BlueKeep vulnerability CVE-2019-0708 in Microsoft Remote Desktop. The module is designed to check a range of hosts for the vulnerability by binding the MST120 channel outside of its normal slot and sending non-DoS packets which respond differently on...
Exploit for Deserialization of Untrusted Data in Redhat Data_Grid
This repository contains a collection of Python scripts for exploiting Java deserialization vulnerabilities in various applications, including Cisco Prime Infrastructure, JBoss, Jenkins, and OpenNMS. The scripts use the ysoserial tool to generate the payload. The scripts can be categorized into...
bettercap-proxy-modules
This is a collection of HTTP proxy modules for the BetterCap framework, a tool for performing network attacks and penetration testing. The modules are designed to be used with the BetterCap proxy server, which can be configured to intercept and modify HTTP traffic between a client and a server. T...
Exploit for CVE-2020-16898
It is an exploit module targeting Apache Log4j. The vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the "exploit.py" script. Not specified. Preconditions are a vulnerable version of Apache Log4j. The expected impact is RCE...
ctf2
This repository is a writeup of the CSAW CTF 2015, a capture the flag CTF competition. The writeup is written in Polish, with an English version available for those who prefer it. The writeup covers various challenges from the competition, including web, exploit, crypto, reversing, and forensics...
vulhub
It is an offensive tool for web application security training. The primary target is the web application, specifically the Flask framework. The vulnerability class/vector is Server-Side Template Injection SSTI. The probable entry points are scripts/modules such as flask/ssti/exploit.py. Notable...
Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager
No description...
Exploit for CVE-2018-2894
Weblogic CVE-2018-2894 CVE-2018-2894 0x01 前言 Oracle 7月更新中,修复了Weblogic Web Service Test Page中一处任意文件上传漏洞,Web Service Test Page 在“生产模式”下默认不开启,所以该漏洞有一定限制, 利用该漏洞,可以上传任意jsp文件,进而获取服务器权限。 0x02 漏洞环境 Ubuntu 16.04 https://github.com/vulhub/vulhub/blob/master/weblogic/CVE-2018-2894/ 执行如下命令,启动weblogic 12.2.1....
Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server
This is a PoC exploit for CVE-2017-10271, a vulnerability in Oracle WebLogic's wls-wsat component that allows for deserialization of untrusted data, leading to remote code execution. The exploit is written in Python and uses the requests library to send a malicious XML payload to the vulnerable...
maobugs
maobugs 喵喵喵 1.samples-web-1.2.4.war 为 shiro =1.2.4 硬编码漏洞的war包。说实在这个war真的是难打... 2.jdwp-shellifier-master.zip 自己调试的话使用 java -Xdebug -Xrunjdwp:transport=dtsocket,server=y,suspend=n,address=5005 -jar spring-boot-h2-0.0.1-SNAPSHOT.jar 打开jdwp端口 jdwp 端口开启了的话就能被rce ,详情解压文件readme。 这里并不是无条件rce。...
Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager
pocsuite-z Legal Disclaimer Usage of pocsuite for attacking targets without prior mutual consent is illegal. pocsuite is for security testing purposes only 法律免责声明 未经事先双方同意,使用 pocsuite-z 攻击目标是非法的。 pocsuite-z 仅用于安全测试目的 Overview pocsuite-z is an open-sourced remote vulnerability testing and...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
CVE-2020-0796-SMB 该资源为CVE-2020-0796漏洞复现,包括Python版本和C++版本。主要是集合了github大神们的资源,希望您喜欢 - C++ - Python - EXP - POC 漏洞利用: - 本地EXP提权:https://github.com/danigargu/CVE-2020-0796 - 本地EXE提权: https://github.com/f1tz/CVE-2020-0796-LPE-EXP - POC版本提权: https://github.com/eerykitty/CVE-2020-0796-PoC -...
Exploit for Deserialization of Untrusted Data in Redhat Data_Grid
This is a collection of Java deserialization exploits, specifically targeting various Java applications. The exploits are designed to bypass Java's deserialization security features and execute arbitrary code on the target system. The exploits are implemented in Python and use the ysoserial libra...
vulhub
It is an offensive tool for web application security training. The repository contains a collection of pre-built vulnerable docker environments for web application security training. The tool is designed to be easy to use, requiring only two simple commands to compile and run a vulnerable...
Exploit for CVE-2015-1538
PoC exploit for CVE-2015-1538-1, Google Stagefright ‘stsc’ MP4 Atom Integer Overflow Remote Code Execution. The target product/service is Google Stagefright, a media library for Android. The vulnerability class/vector is Integer Overflow in the libstagefright MP4 'stsc' atom handling, leading to...
Exploit for CVE-2015-3636
PoC exploit for CVE-2015-3636 targeting 32-bit Android OS. The exploit targets the Linux kernel, specifically the getroot function, which allows for privilege escalation. The probable entry point is the poc.c file, which is compiled into an executable using the Android.mk file. The exploit uses t...
ios-resources
PoC exploit for iOS device. The primary CVE ID is not explicitly mentioned, but the repository contains resources for iOS hacking, including ARMv8 instruction set documentation and assembly language crash course. The target product/service is the iOS operating system, and the vulnerability...
vulhub
It is an offensive tool for Vulnerability Research and Exploitation. The repository contains pre-built vulnerable environments based on Docker-Compose, allowing users to easily set up and test vulnerable systems without requiring extensive knowledge of Docker. The tool is designed for vulnerabili...