1886 matches found
browsersploit
This is an advanced browser exploit pack for internal and external pentesting, aiming to gain access to internal computers. The tool is not for script kiddies or non-advanced coders, as it contains bugs and is intended for experienced users. The pack includes various techniques to bypass antiviru...
CTFium
This is a collection of CTF Capture The Flag writeups by PersianCats. It is a repository of technical writeups for various CTF challenges from different events. The writeups cover a range of topics, including exploitation of vulnerabilities, reverse engineering, and binary analysis. The repositor...
malSploitBase
This repository contains a collection of exploit code and research related to various malware and crimeware tools. The exploits are categorized into different sections, including Banking, Exploit Pack, and Http Botnets. The Banking section contains exploits for various banking malware, such as...
Exploit for CVE-2016-1057
This is a PoC exploit for CVE-2016-1057, a remote jailbreak for MikroTik's RouterOS. The exploit targets devices running v6.x.x and allows for remote code execution. The vulnerability exists on other device versions as well, but the exploit only supports v6.x.x. The exploit script is designed to...
Exploit for Improper Initialization in Linux Linux_Kernel
This is a PoC exploit for the Dirty Pipe vulnerability CVE-2022-0847 on Android, specifically targeting Pixel 6 devices with a security patch level from 2022-02-05 to 2022-04-05. The exploit is designed to overwrite readable files and can't overwrite the first byte of each page each 4096 bytes. I...
Exploit for Integer Underflow (Wrap or Wraparound) in Microsoft
This is a rather flaky poc for CVE-2024-38063, a RCE in tcpip.sys patched on August 13th 2024. I didn't find and report this vuln, that would be Wei. requirements pip3 install scapy usage Modify the fields in the script: - iface tcpip!Ipv6pProcessOptions - tcpip!IppSendErrorList being hit? - Brea...
Exploit for Use After Free in Microsoft
PoC exploit for CVE-2019-0708, a RCE vulnerability in Windows systems, including Windows 2003, Windows XP, Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2. The vulnerability occurs during pre-authorization and allows an attacker to run arbitrary malicious code in the NT...
Exploit for Path Traversal in Citrix Application_Delivery_Controller_Firmware
This is a PoC exploit for CVE-2019-19781, a vulnerability in Citrix ADC NetScaler that allows for unauthenticated remote code execution. The tool, called Citrixmash, was published by TrustedSec due to other researchers releasing their code first. The exploit exploits a directory traversal bug in...
Tater
Tater Tater is a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit. Credit All credit goes to @breenmachine, @foxglovesec, Google Project Zero, and anyone else that helped work out the details for this exploit. Potato - https://github.com/foxglovesec/Potato Included...
VulScan
MongoDB 未授权漏洞检测 mongodbunauth.py mongodbunauthmulti.py install python3 -m pip install pymongo mongodbunauth.py 单个IP检测 python3 mongodbunauth.py ip port zoounauthmulti.py 批量检测 python3 mongodbunauthmulti.py /root/unAuth/mongodb/us.txt 10...
ASLRay
This repository contains a Linux ELF x32/x64 ASLR DEP/NX bypass exploit with stack-spraying. The exploit targets the test binary, which is a simple program that takes a string argument and prints it. The exploit works by spraying the stack with a large amount of data, which increases the chances ...
Pentest
This repository is an offensive tool for web application exploitation, specifically a backdoor for web applications. It contains a JavaScript file check.js that is designed to be injected into a web page to steal user credentials. The tool uses the jQuery library jquery.cookie.min.js to manage...
Ninja
This is an open-source C2 server created for stealth red team operations, specifically designed to bypass AMSI Advanced Threat and Malware Protection and other security measures. The server is written in PowerShell and utilizes various modules to achieve its goals. The server includes several...
Exploit for Out-of-bounds Read in Openssl
It is an exploit module/toolkit targeting OpenSSL versions vulnerable to CVE-2014-0160, also known as the Heartbleed vulnerability. The tool, ssltest.py, scans multiple hosts for this vulnerability in an efficient multi-threaded manner without exploiting the server. The probable entry point is th...
sudo_inject
Linux Privilege Escalation by injecting process possessing sudo tokens Inject process that have valid sudo token and activate our own sudo token Introduction We all noticed that sometimes sudo doesn't ask us for a password because he remembers us. How does he remember us and how does he identifie...
Exploit for CVE-2018-3149
log4j2-exploits https://user-images.githubusercontent.com/37479424/145661983-131eb84a-9ac5-4014-9f6b-10b69d8d7cf4.mp4 This fundamental vulnerability was reported by CVE-2018-3149 and patched by this article. 8u121 Release Notes However, the logging library for java called log4j2 had JNDILookup,...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
This repository is a collection of proof-of-concept PoC exploits from Datadog Security Labs. The exploits are designed to demonstrate vulnerabilities in various software products, including Confluence, OpenSSL, and Spring. The repository contains code and instructions for running the exploits, as...
PrivEsc
PrivEsc by 1N3@CrowdShield http://crowdshield.com ABOUT: A collection of Windows, Linux and MySQL privilege escalation scripts and exploits. LINKS: For pre-compiled local linux exploits, check out https://www.kernel-exploits.com. DONATIONS: Donations are welcome. - x BTC...
powertools
PowerTools Is Now Deprecated! PowerView and PowerUp have moved to the PowerSploit repository under ./Recon/ and ./Privesc/ respectively. PowerPick will move repository locations shortly back to its original home. PewPewPew is no longer supported. No pull requests will be accepted and no issues wi...
Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Openssl
Debian OpenSSL Predictable PRNG - - - Links Original URL: http://metasploit.com/users/hdm/tools/debian-openssl/1 Mirror2 Exploit: + https://www.exploit-db.com/exploits/5622/ Perl3 + https://www.exploit-db.com/exploits/5720/ Python4 + https://www.exploit-db.com/exploits/5632/ Ruby12 Recommend Tool...
exifcleaner
Cross-platform desktop GUI app to clean image metadata...
Exploit for Path Traversal in Thecartpress Thecartpress_Ecommerce_Shopping_Cart
This is a PoC exploit for CVE-2015-3301, a vulnerability in the Stagefright media library that allows for remote code execution on Android devices. The exploit, called Metaphor, is designed to bypass Address Space Layout Randomization ASLR and execute arbitrary code on the device. The exploit...
commix
This is an automated all-in-one OS command injection exploitation tool. It is designed to automate the detection and exploitation of command injection vulnerabilities. The tool is written in Python and is available on GitHub under the GPLv3 license. It can be installed by cloning the official Git...
IOHIDeous
IOHIDeous A macOS kernel exploit based on an IOHIDFamily 0day. Write-up here. Notice The prefetch timing attack I'm using for hid for some reason doesn't work on High Sierra 10.13.2 anymore, and I don't feel like investigating that. Maybe patched, maybe just the consequence of a random change, I...
awesome-mobile-security
This is a curated repository of mobile security resources, specifically for Android and iOS. It aggregates various tools and references from their original owners, serving as a centralized hub for mobile security-related information. The repository does not contain any exploit code or tools but...
easy-linux-pwn
This is a set of Linux binary exploitation tasks for beginners on various architectures. The tasks are designed to be solved using a suggested approach, even if there are other easier ways. The tasks assume a dynamically linked libc with a known binary and require the use of ROP Return-Oriented...
Exploit for CVE-2021-4483
It is an offensive tool for PHP The repository contains a collection of PHP code snippets and functions for auditing and exploiting vulnerabilities, including a proof-of-concept exploit for CVE-2021-4483, an exploit module for targeting PHP applications, and a toolkit for auditing PHP code. The...
Crypt-SSLeay
This is a Perl module called Crypt::SSLeay, which provides OpenSSL support for LWP Library for WWW in Perl. The module is used to handle SSL/TLS connections and is part of the LWP distribution. The module has a version of 0.7304 and is maintained by A. Sinan Unur, David Landgren, Joshua Chamas, a...
A-Red-Teamer-diaries
The provided context is a GitHub repository containing a Python script named RunFinger.py and a README.md file. The script is designed to gather information about the domain name and Windows machine running in the network. The README.md file contains information about the purpose of the script an...
Exploit for CVE-2020-1472
ZeroLogon exploitation script Exploit code based on https://www.secura.com/blog/zero-logon and https://github.com/SecuraBV/CVE-2020-1472. Original research and scanner by Secura, modifications by RiskSense Inc. To exploit, clear out any previous Impacket installs you have and install Impacket fro...
pagodo
This is an offensive tool for web application discovery. The primary CVE ID is not present in the provided context. The target product/service or framework is Google Search, and the vulnerability class/vector is not explicitly stated. The probable entry points are scripts/modules such as...
exifcleaner
Cross-platform desktop GUI app to clean image metadata...
log4jScanner
This is a tool for scanning internal subnets for vulnerable log4j web services. It sends a JNDI payload to each discovered web service on common HTTP/S ports and logs the responding host IP. The tool does not send any exploits to the vulnerable hosts and is designed to be as passive as possible...
pwn2exploit
pwn & exploit 这是些前段时间研究二进制的一些心得 Paper. 本来是希望能够从底层原理到全局把控的层次去整理. 这里只完成了部分的Paper, 还有很多的Paper只写了概要点. 个人有几篇 paper 还是很有参考价值的 linux进程动态so注入.md 这篇文章介绍了如何在目前的ELF下进行动态so注入, 介绍 gnu.hash 的结构和相关算法, 具体的代码可以参考evilELF, 代码设计规范. PWN之堆内存管理.md 这篇文章是我在阅读了很多参考资料和glibc后写的, 其中对于glibc分配算法中的各种缓存的设计有比较好的讲述以及对分配和释放算法有比价好的阐...
awesome-android-security
A curated list of Android Security materials and resources For Pentesters and Bug Hunters...
JavaDeserH2HC
This repository contains sample codes for the Hackers to Hackers Conference magazine 2017 H2HC. The codes are designed to demonstrate various exploitation techniques, specifically focusing on Java deserialization vulnerabilities. The primary vulnerability class/vector targeted is Java...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
SMBGhost Simple scanner for CVE-2020-0796 - SMBv3 RCE. The scanner is for meant only for testing whether a server is vulnerable. It is not meant for research or development, hence the fixed payload. It checks for SMB dialect 3.1.1 and compression capability through a negotiate request. A network...
PoC
Pedro Ribeiro @pedrib Exploit Dumping Grounds === This repository contains information, exploits, scripts, etc, that I have made public and it is located at https://github.com/pedrib/PoC. advisories: all my public advisories, research notes, etc Pwn2Own: advisories related to my Pwn2Own...
pentest-wiki
This repository is an online security knowledge library for pentesters/researchers, providing information on various topics related to information gathering. The repository contains documentation on how to gather whois and DNS information, as well as Linux system architecture, processes, and user...
WinPwn
This is an offensive tool for Windows. It is a PowerShell script repository, WinPwn, that automates various internal penetration test processes, including reconnaissance and exploitation. The script is designed to be used on a Windows system with no internet access, and it includes a menu-driven...
Exploit for Improper Access Control in Xen
kernelexploitfactory Keep updating...... Linux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore. This repository is to extract all Linux kernel exploit and relative debug environment. The test is on...
Exploit for CVE-2016-2610
This is a PoC exploit for CVE-2016-2610, a vulnerability in the PlayStation 4's kernel. The exploit targets the 4.55 firmware version and allows for arbitrary code execution as kernel. The exploit includes a loader that listens for payloads on port 9020 and executes them upon reception. The loade...
Exploit for CVE-2020-1189
PoC exploit for CVE-2020-1189, CVE-2020-1190, CVE-2020-1191, CVE-2020-1192, CVE-2020-1193, CVE-2020-1194, CVE-2020-1195, CVE-2020-1196, CVE-2020-1197, CVE-2020-1198, CVE-2020-1199, CVE-2020-1200, CVE-2020-1201, CVE-2020-1202, CVE-2020-1203, CVE-2020-1204, CVE-2020-1205, CVE-2020-1206,...
Kernel-Bridge
This repository is an offensive tool for Windows kernel hacking. It is a Windows kernel hacking framework, driver template, hypervisor, and API written in C++. The primary function of this framework is to provide a set of tools for kernel-mode code injection, hooking, and manipulation. The...
exploitdb
This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains a searchable archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. The Exploit Database is...
disable_eval
This is a Ruby gem called "disableeval" that provides a method to protect against eval-related security vulnerabilities. The gem is designed to prevent remote code execution RCE attacks by disabling the eval method and its variants. The gem provides two main components: 1. A Rack middleware that...
Exploit for Path Traversal in Apache Http_Server
This is a PoC exploit for CVE-2021-41773, a remote code execution vulnerability in Apache HTTP Server versions 2.4.49 and 2.4.50. The exploit targets the CGI enabled feature of these versions, allowing an attacker to execute arbitrary code on the server. The exploit is written in Python and uses...
docker-security-course
This is a vulnerable nodejs app for demos, as stated in the README.md file. The app is designed to demonstrate the use of Docker to clean up after a breach and prevent them from happening again in the future. The app is built using the Dockerfile, which creates an image with the name "node-hack"...
payloadsallthethings
This is an offensive tool for AWS exploitation. The repository contains a collection of tools and scripts for testing the security of Amazon Web Services AWS environments. The tools include: Pacu: an AWS exploitation framework designed for testing the security of AWS environments Bucket Finder: a...
Exploit for Off-by-one Error in Sudo_Project Sudo
This is a PoC exploit for CVE-2021-3156, a sudo vulnerability dubbed Baron Samedit by Qualys. The exploit is written in C and uses a heap overflow technique to gain elevated privileges. The exploit is designed to be run on a system with the vulnerable sudo version installed. The usage of the...