1886 matches found
vulhub
It is an offensive tool for web application security training. The repository contains a collection of pre-built vulnerable docker environments, allowing users to practice web application security testing without requiring prior knowledge of docker. The tool is designed to be easy to use, with a...
exploitdb
The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...
pwntools
This repository is an offensive tool for CTF Capture The Flag pwn challenges. It is a framework for writing scripts to solve CTF pwn challenges. The primary CVE ID is not explicitly stated in the provided context, but the repository is likely used for exploiting vulnerabilities in various softwar...
vulhub
It is an offensive tool for web application security training. The target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and others. The vulnerability class/vector is not...
vulhub
It is an offensive tool for Vulnerable Environments Based on Docker-Compose. The repository contains a collection of pre-built vulnerable docker environments, allowing users to easily create and test vulnerable environments without requiring prior knowledge of Docker. The tool is designed to be...
powerSploit
This is an offensive tool for Windows. It is a PowerShell module called PowerSploit, which is a framework for penetration testing and red teaming. The module includes various tools for tasks such as antivirus bypass, code execution, and DLL injection. The primary vulnerability targeted by this to...
vulhub
This repository is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for vulnerability research and testing. The target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments, including Flask,...
vulhub
It is an offensive tool for web application security training. The primary target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and others. The vulnerability class/vector ...
vulhub
It is an offensive tool for Docker environments. The tool is designed to create a vulnerable Docker environment for testing and training purposes. It provides a collection of pre-built vulnerable Docker environments, allowing users to execute two simple commands to create a vulnerable environment...
pwn-collection
This repository contains a collection of CTF Capture The Flag challenges with writeups and exploit scripts. The challenges are categorized into three main areas: fmtstr32, heapchunkoverlap64, and pwn300. The fmtstr32 category contains challenges related to format string vulnerabilities, which all...
CTFtools
This repository is an offensive tool for web application exploitation, specifically targeting web servers. The primary vulnerability class is code execution RCE, with various exploitation techniques and payloads. The tool is designed to automate the exploitation process, making it easier for...
CTF-challenges-by-me
This is an offensive tool for CTF challenges. It is a collection of exploits and challenges from various CTF events, including 0ctffinal-2017 and 0ctfquals-2018. The repository contains a variety of challenges, including web security, pwnable, and cryptography challenges. The challenges are...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The repository contains a variety of vulnerable environments, including Flask SSTI, Apache Parsing Vulnerability, and more. The environments are designed to be easy to use, with simple installation and usage instructions...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab
It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID present in the provided context is CVE-2016-9086. The target product/service or framework is GitLab. The vulnerability class/vector is not explicitly stated, but it is likely related to the mentioned...
vulhubs
This is an open-source collection of pre-built vulnerable docker environments. It is not a PoC exploit for a specific CVE, but rather a toolkit for testing and training purposes. The repository contains various vulnerable environments, including Flask SSTI, Apache Parsing Vulnerability, and more...
Exploit for Improper Input Validation in Microsoft
PoC exploit for CVE-2020-1350. The target product/service or framework is IIS, and the vulnerability class/vector is a deserialization vulnerability. The probable entry point is the applicationhost.config file, and the notable dependency/tooling is the IIS configuration file. The execution contex...
bluescan
This is a Python script for a Bluetooth scanner, specifically designed to scan for devices, services, and vulnerabilities. The script is called "bluescan" and is available on GitHub. The script is based on the BlueZ Bluetooth protocol stack and uses the libbluetooth-dev package. It can be install...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Artifex Gsview
PoC exploit for Redis RCE CVE-2017-14947 targeting Redis 4.x/5.x. The vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the redis-rce.py script. Notable dependencies/tooling include six and argparse. The execution context is a Python script invoked from the...
vulhub
This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for testing and training purposes. The primary CVE ID is not specified, but it includes various vulnerable environments based on Docker-Compose. The target product/service or framework is not...
Exploit for CVE-2019-1003000
PoC exploit for CVE-2019-1003000, CVE-2019-1003001, and CVE-2019-1003002, which are related to Script Security, Pipeline: Groovy, and Pipeline: Declarative plugins in Jenkins. This exploit allows users with Overall/Read permission and Job/Configure and optional Job/Build to bypass the sandbox...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab
It is an offensive tool for creating vulnerable environments based on Docker-Compose. The primary CVE ID is not explicitly stated, but the tool is designed to create vulnerable environments for various vulnerabilities, including CVE-2016-9086, CVE-2017-1000353, CVE-2018-1000006, and others. The...
metasploit-framework
This is an offensive tool for Metasploit Framework. It is a collection of modules and tools for exploiting vulnerabilities in various systems and applications. The repository contains a wide range of modules, including exploits, payloads, and post-exploitation tools. The primary target of this to...
ysoserial
This is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, called ysoserial, is a collection of utilities and property-oriented programming "gadget chains" discovered in common Java libraries that can, under the right conditions, exploit Jav...
WriteUp_GoogleCTF_2017
This is a PoC exploit for a vulnerability in the Inst Prof binary, which is a x8664 Linux binary with PIE and NX enabled. The exploit allocates two pages using code reuse, one page to stack pivot and the other page to execute a shellcode. The shellcode is executed by dereferencing a text pointer...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
CVE-2017-11882 文章链接 隐藏17年的Office远程代码执行漏洞(CVE-2017-11882) http://www.cnblogs.com/Hi-blog/p/7878054.html...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
CVE-2020-0796-SMB 该资源为CVE-2020-0796漏洞复现,包括Python版本和C++版本。主要是集合了github大神们的资源,希望您喜欢 C++ Python EXP POC 漏洞利用: - 本地EXP提权:https://github.com/danigargu/CVE-2020-0796 - 本地EXE提权: https://github.com/f1tz/CVE-2020-0796-LPE-EXP - POC版本提权: https://github.com/eerykitty/CVE-2020-0796-PoC -...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not specified, but the environments are designed to be vulnerable to various attacks. The probable entry points are not explicitly stated, but the environments are likely to be...
Zeratool
This repository, Zeratool, is an automatic exploit generation tool for exploitable CTF Capture The Flag problems. It uses the angr concolic analysis framework to analyze binaries and identify vulnerabilities. The tool can generate exploits for buffer overflow and format string vulnerabilities, an...
PowerSploit
This is an offensive tool for Windows. It is a PowerShell module called PowerSploit, which contains various functions for code execution, DLL injection, and antivirus bypass. The module includes several sub-modules, such as CodeExecution and AntivirusBypass, each with its own set of functions. Th...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not specified, but it includes various types of vulnerabilities such as SQL injection, cross-site scripting XSS, and remote code execution RCE. The target product/service or...
vulhub
This is an open-source collection of pre-built vulnerable docker environments. It is not a PoC exploit for a specific CVE, but rather a toolkit for testing and learning about various vulnerabilities. The primary purpose of Vulhub is to provide a simple way to create and run vulnerable environment...
EQGRP
This is a repository containing the decrypted content of eqgrp-auction-file.tar.xz. The repository includes three files: Linux/bin/7z, Linux/bin/7z.so, and Linux/bin/7za. These files are likely related to the 7-Zip file archiver. The files are in ELF Executable and Linkable Format format, which i...
PRET
The repository michaelxiaxc/PRET is a Printer Exploitation Toolkit that allows users to test the security of their printers. The tool connects to a device via network or USB and exploits the features of a given printer language, currently supporting PostScript, PJL, and PCL. The main idea of PRET...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
PoC exploit for CVE-2020-0796 - SMBv3 RCE. The target product/service is SMBv3, and the vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the scanner.py script, which sends a SMB negotiate request to the target server. Notable dependencies/tooling include the...
BJDCTF2020_March
本届BJDCTF由江苏科技大学、北京工业大学、西南民族大学、杭州师范大学、 江苏大学、湖南工业大学(排名不分先后)联合举办,刷题就到buu,感谢赵总大力支持...
vulhub
This is an open-source collection of pre-built vulnerable docker environments. It is not a PoC exploit for a specific CVE, but rather a toolkit for testing and training purposes. The repository contains a variety of vulnerable environments, including Flask SSTI, Apache Parsing Vulnerability, and...
Exploit for Off-by-one Error in Sudo_Project Sudo
PoC exploit for CVE-2021-3156, Exploit module/toolkit targeting Linux, or It is an offensive tool for Linux. The repository contains various tools and scripts for exploiting vulnerabilities in Linux systems. The tools include: evilELF: a tool for exploiting ELF-related vulnerabilities evilHEAP: a...
vulhub
It is an offensive tool for Web Application. The repository contains a collection of pre-built vulnerable environments based on Docker-Compose. The tool is designed to test web applications for vulnerabilities, specifically for web application security testing. The tool includes a variety of...
Exploit for CVE-2020-11651
CVE-2020-11651 is a proof-of-concept PoC exploit for a vulnerability in the SaltStack master. The exploit is designed to obtain pre-auth RCE Remote Code Execution on a SaltStack master and all associated minions. The vulnerability is not explicitly stated in the provided code, but it is likely...
Exploit for Deserialization of Untrusted Data in Oracle Access_Manager
CVE-2020-2555 概述 在2020年1月,互联网上爆出了Weblogic反序列化远程命令执行漏洞(CVE-2020-2555),Oracle Fusion中间件Oracle Coherence存在缺陷,攻击者可利用该漏洞在未经授权下通过构造T3协议请求,获取Weblogic服务器权限,执行任意命令,风险较大。 影响 Oracle Coherence 3.7.1.17 Oracle Coherence & Weblogic 12.1.3.0.0 Oracle Coherence & Weblogic 12.2.1.3.0 Oracle Coherence & Weblogic...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab
It is an open-source collection of pre-built vulnerable docker environments. CVE-2016-9086 is present in the provided context. The target product/service or framework is GitLab, the vulnerability class/vector is a remote code execution RCE vulnerability, the probable entry points are the data...
Exploit for Improper Input Validation in Redhat Openshift
This is a pre-built vulnerable environment based on Docker-Compose, provided by Vulhub. The repository contains a collection of vulnerable environments, each with its own set of vulnerabilities and exploits. The repository is designed to be easy to use, with a simple installation process and a...
vulhub
This repository is an open-source collection of vulnerable web applications and environments for security testing and education, maintained by vulhub. It is a defensive blue-team research and threat mitigation tool. The repository contains a variety of vulnerable web applications and environments...
Exploit for CVE-2019-1040
CVE-2019-1040 Great writeup! Exploiting CVE-2019-1040 - Combining relay vulnerabilities for RCE and Domain Admin . So, I wrote CVE-2019-1040.py for easy to use. You can also check out my exchange2domain repo: https://github.com/ridter/exchange2domain, another way to use exchange to get DC...
Exploit for CVE-2013-0422
K8tools 20190428 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 博客: https://www.cnblogs.com/k8gege 下载: https://github.com/k8gege/K8tools PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 综合工具 K8飞刀Final.rar + K8data.mdb K8飞刀漏洞数据库20190402 + K8expList.txt...
pentest-wiki
This repository is an information gathering library for penetration testers/researchers. It contains various tools and documentation for gathering information about a target organization, including IP analysis, whois analysis, and social media research. The library includes bookmarks for various...
Information_Collection_Handbook
Handbook of information collection for penetration testing...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
This is a PoC exploit for CVE-2020-0796, a Windows SMBv3 LPE Local Privilege Escalation vulnerability. The exploit is written in C++ and uses the Windows API to manipulate system handles and exploit the vulnerability. The code includes a function to get the address of a handle, and another functi...
metasploit-framework
This is a Metasploit Framework repository. The framework is a penetration testing tool that allows users to create and execute exploits against various targets. The repository contains a wide range of modules, including exploits, payloads, and auxiliary tools. The framework is written in Ruby and...
antSword
This is a comprehensive analysis of the provided code and metadata from the AntSword repository. Classification: Exploit module/toolkit targeting web applications Primary CVE ID: Not specified Target product/service or framework: Web applications Vulnerability class/vector: Not specified Probable...