1886 matches found
Exploit for Off-by-one Error in Sudo_Project Sudo
This is a PoC exploit for CVE-2021-3156, a sudo vulnerability dubbed Baron Samedit by Qualys. The exploit is written in C and uses a heap overflow technique to gain elevated privileges. The exploit is designed to be run on a system with the vulnerable sudo version installed. The usage of the...
xss
This is a web application for a free online web and mobile security class, Hacker101. The application is built using Jekyll, a static site generator, and is hosted on GitHub Pages. The site provides a variety of resources, including videos, resources, and a CTF Capture The Flag section. The...
OSCP
OSCP Hello world! This repo contain some of the scripts, exploits, and documents made during my OSCP journey. The list include but not limited to the following: LinuxPrivCheck.sh Yes, there are far better scripts out there, However this one has less output to go thru and it has colors. Think basi...
zip
This is a robust ZIP decoder with defenses against various types of malicious archive signatures, including dangerous compression ratios, spec deviations, and ambiguous UTF-8 filenames. The decoder is implemented in JavaScript and is designed to be used in a Node.js environment. It provides a ran...
Exploit for Path Traversal in Citrix Application_Delivery_Controller_Firmware
CVE-2019-19781 Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway CVE-2019-19781 Usage : bash CVE-2019-19781.sh IPOFVULNURABLEHOST COMMANDTOEXECUTE e.g : bash CVE-2019-19781.sh XX.XX.XX.XX 'cat /etc/passwd' Reference :...
Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind
hacktheboxoscp 介绍 准备oscp考试过程中做的hackthebox里的oscp向靶机 因为oscp考试内容改变,新增域渗透。所以还有红日出的vulnstack靶场 新增:endgame,fortresses,open beta season对应HTB相应的栏目。是oscp向靶机列表外练手打的 靶机摘要 hackthebox lame lame vsftpd笑脸漏洞烟雾弹,samba服务漏洞才是真凶 legacy ms08-067,但靶机有点问题,除了第一次,后面都连不上端口了 blue blue 神似 修改命名管道,手打ms17-010 Devel Devel 神似...
exploitdb
This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains a searchable archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. The Exploit Database is...
pwntools
This is a CTF Capture The Flag framework and exploit development library. It is written in Python and provides a set of tools for developing and executing exploits. The library is designed to be extensible and customizable, allowing users to easily add new functionality and plugins. The library i...
pwntools
This is a CTF framework and exploit development library. It is a Python library for exploit development and reverse engineering. The library provides a set of tools for creating and executing exploits, as well as for analyzing and debugging binary files. The library is designed to be extensible a...
PowerSploit
This is an offensive tool for Windows PowerShell exploitation. It is a collection of PowerShell scripts that can be used to exploit vulnerabilities in Windows systems. The repository contains several modules, including AntivirusBypass and CodeExecution, which provide various functions for bypassi...
Exploit for OS Command Injection in Sixapart Movable_Type
cve-2021-20837-poc PoC for the CVE-2021-20837 : RCE in MovableType This vulnerability was discovered with the collaboration of The.Criminal.One. This PoC was developped by him. BLOG POST: https://nemesis.sh/posts/movable-type-0day/...
InfiniteWP-exploit
It is an exploit module for InfiniteWP Client 1.9.4.5 - Authentication Bypass. The primary CVE ID is not explicitly stated, but the exploit is based on a vulnerability disclosed at https://0day.work/infinitewp-client-1-9-4-5-authentication-bypass/. The target product/service is InfiniteWP Client,...
uptux
uptux Specialized privilege escalation checks for Linux systems. Implemented so far: - Writable systemd paths, services, timers, and socket units - Disassembles systemd unit files looking for: - References to executables that are writable - References to broken symlinks pointing to writeable...
Beebeeto-framework
This is a Python framework for building and executing proof-of-concept POC exploits, specifically targeting the HttpFileServer HFS vulnerability. The framework is called Beebeeto and is maintained by the n0tr00t security team. The framework provides a set of tools and libraries for creating and...
RootHelper
This is an offensive tool for Linux privilege escalation. The primary CVE ID is not explicitly mentioned, but the tool fetches scripts that aid in privilege escalation, suggesting that it targets vulnerabilities in Linux systems. The tool, called RootHelper, downloads and unzips scripts that...
Exploit for OS Command Injection in Gnu Bash
PoC exploit for CVE-2014-6271 Shellshock. The target product/service is Apache httpd, and the vulnerability class/vector is RCE Remote Code Execution via environment variable manipulation. The probable entry point is the CGI Common Gateway Interface handler. Notable dependencies/tooling include t...
threat-detection-as-code
This repository is a community-driven set of security analytics for auditing cloud usage and detecting threats to data & workloads in Google Cloud. It provides a list of sample security analytics for auditing cloud usage and for detecting threats to your data & workloads in Google Cloud. The...
awesome-windows-exploitation
This is a curated list of Windows Exploitation resources and tools. The list is organized by category, including Windows stack overflows, Windows heap overflows, kernel-based Windows overflows, Windows kernel memory corruption, return-oriented programming, Windows memory protections, bypassing...
maltrail
It is an offensive tool for network traffic analysis. The primary CVE ID is not present in the provided context, but the tool is designed to detect malicious traffic. The target product/service or framework is not explicitly stated, but it is likely a network traffic analysis system. The...
personal-security-checklist
It is an offensive tool for community guidelines and contributor policies. The repository contains a curated checklist of 300+ tips for protecting digital security and privacy in 2022. The primary CVE ID is not present in the provided context. The target product/service or framework is not...
Dictionary-Of-Pentesting
This repository is an offensive tool for bug bounty hunting and penetration testing, specifically a dictionary collection project for various types of attacks, including Pentesing, Fuzzing, Bruteforce, and BugBounty. The primary target product/service is not explicitly stated, but the repository...
Exploit for CVE-2011-3918
This repository is an Android Exploits collection, containing various exploits and hacks for Android devices. The exploits are categorized into different types, including Denial of Service DoS and remote code execution. The DoS exploits include: Android FTPServer 1.9.0 Remote DoS CVE-2011-3918...
shelling
This repository is an offensive tool for OS command injection. It is a comprehensive OS command injection payload generator, suitable for detecting OS command injection vulnerabilities. The tool, named SHELLING, provides a customizable payload generator with various features, including support fo...
hackingtool
This is an offensive tool for a comprehensive hacking suite. The primary purpose of this tool is to provide a wide range of functionalities for hackers, including information gathering, exploitation, and post-exploitation activities. The tool is designed to be user-friendly and can be run on...
gauntlt
This is an offensive tool for web application security testing. It is a ruggedization framework that enables security testing that is usable by devs, ops, and security. The tool is called Gauntlt. The target product/service or framework is not explicitly stated, but based on the examples provided...
anti-xss
It is an offensive tool for PHP. The primary CVE ID is not explicitly mentioned in the provided context, but the tool is designed to prevent Cross-site scripting XSS attacks. The target product/service is PHP, and the vulnerability class/vector is XSS. The probable entry points are not explicitly...
poc
Proof of Concepts As the result of plugin writing or just general bug hunting, researchers at Tenable often stumble upon new and interesting vulnerabilities. These vulnerabililities are shared with the community on our company blog, Medium, or through our research advisories. We've decided to...
php-saml
This is a PHP SAML toolkit for adding SAML support to PHP software. It is a library provided and supported by OneLogin Inc. The library is compatible with PHP versions greater than 7.1. The library includes features such as: Support for SAML 2.0 Support for SAML 1.1 Support for SAML 1.0 Support f...
La MaraDNS
MaraDNS is a small open-source DNS server. It is an authoritative DNS server that handles recursion using the included "Deadwood" program. The MaraDNS repository contains various files, including a README, CHANGELOG, and Dockerfile, which provide information on how to compile and run MaraDNS, as...
BigBountyRecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation...
pentest-guide
This repository is an offensive tool for penetration testing, specifically a guide based on OWASP Open Web Application Security Project including test cases, resources, and examples. It contains various modules and tools for testing different types of vulnerabilities, such as Brute Force, Busines...
pathbrute
This is an exploit module/toolkit targeting web servers, specifically designed to brute force directories and files names. The tool, named "pathbrute," uses wordlists from Exploit databases and Metasploit to identify interesting content on servers, including potentially vulnerable websites. It ca...
Exploit for Improper Authentication in Microsoft
Exploit and detect tools for CVE-2020-0688Microsoft Exchange default MachineKeySection deserialize vulnerability build csc ExchangeCmd.cs csc ExchangeDetect.cs usage ExchangeDetect ExchangeCmd sub commands: exec args exec command arch get remote process architecturefor shellcode shellcode run...
cve_article
No description provided...
aflnet_profuzzbench
It is an offensive tool for network protocols. The primary CVE ID is not present in the provided context, but the tool is an extension of American Fuzzy Lop AFL, which is a greybox fuzzer for protocol implementations. The tool, AFLNet, is seeded with a corpus of recorded message exchanges between...
browserify-sourcemap-poc
This is a proof-of-concept repository for browserify source mapping. The repository contains a index.js file that reads the contents of three JavaScript files foo.js, bar.js, and sub/foo.js and creates a source map for each file. The source map is then used to map the original source code to the...
Exploit for Code Injection in Vmware Spring_Framework
No description...
Exploit for Improper Input Validation in Vmware Vcenter_Server
No description provided...
DependencyCheck
This is an open-source project for a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies. The project is called OWASP dependency-check. The project is written in Java and is designed to be used in a variety of environments, including...
vulns
It is an offensive tool for Linux. The repository, 'vulns', contains a collection of vulnerabilities and attacks, including Slowloris, BEAST, CRIME, BREACH, TIME, Heartbleed, CCS Injection, Shellshock, Drupalgeddon, POODLE, goto fail, GHOST, FREAK, Superfish, Rowhammer, Logjam, Stagefright, VENOM...
suricata-rules
suricata-rules Suricata是一个优秀的开源入侵检测系统,此项目记录安全运营人员提取的高质量Suricata IDS规则,欢迎大家提交。 规则编写要求如下 每个规则对应新建目录如下 webshell检测 规则目录名称-按照对应检测规则描述清楚即可 - webshell.pcap 规则对应的pcap包,尽量以flow的形式保存 - websehll.rules 自己提取的规则文件,尽量测试过提交。 - README 可以描述一些规则相关的东西,便于他人理解,支持Markdown 规则目录...
Exploit for Improper Authentication in Microsoft
cve-2020-0688 Usage: usage: cve-2020-0688.py -h -s SERVER -u USER -p PASSWORD -c CMD optional arguments: -h, --help show this help message and exit -s SERVER, --server SERVER ECP Server URL Example: http://ip/owa -u USER, --user USER login account Example: domain\user -p PASSWORD, --password...
tactical-exploitation
This is a tactical exploitation toolkit repository. It contains a Python script called "easywin.py" that provides a toolkit for exploit-less attacks aimed at Windows and Active Directory environments. The script leverages information gathering and brute force capabilities against the SMB protocol...
sinatra
This is a Sinatra repository, a DSL for creating web applications in Ruby with minimal effort. The repository contains various files, including a .github/workflows/test.yml file that defines a GitHub Actions workflow for testing, and a Gemfile that lists dependencies for the project. The Gemfile...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Android
This repository contains a PoC Proof of Concept code for the BlueBorne vulnerabilities. The BlueBorne vulnerabilities are a set of vulnerabilities in the Bluetooth Low Energy BLE protocol that allow an attacker to remotely execute code on a device. The vulnerabilities were discovered in 2017 and...
Pocsuite
This project is an open-sourced remote vulnerability testing and proof-of-concept development framework called Pocsuite, developed by the Knownsec 404 Team. It comes with a powerful proof-of-concept engine and many niche features for penetration testers and security researchers. The framework...
Priv2Admin
This repository, Priv2Admin, is an exploitation path that allows users to misuse Windows privileges to elevate their rights within the OS. The repository lists various Windows privileges and their corresponding impact, tools, execution paths, and remarks. The privileges include...
Exploit for CVE-2018-2894
Weblogic CVE-2018-2894 CVE-2018-2894 0x01 前言 Oracle 7月更新中,修复了Weblogic Web Service Test Page中一处任意文件上传漏洞,Web Service Test Page 在“生产模式”下默认不开启,所以该漏洞有一定限制, 利用该漏洞,可以上传任意jsp文件,进而获取服务器权限。 0x02 漏洞环境 Ubuntu 16.04 https://github.com/vulhub/vulhub/blob/master/weblogic/CVE-2018-2894/ 执行如下命令,启动weblogic 12.2.1....
Exploit for Improperly Implemented Security Check for Standard in Thekelleys Dnsmasq
This is a PoC exploit for CVE-2020-25686, CVE-2020-25684, and CVE-2020-25685, which are related to a DNS cache poisoning vulnerability in the dnsmasq service. The exploit is designed to demonstrate the vulnerability and is not intended for malicious use. The exploit uses a Python script to send...
enumy
Enumy Enumy is an ultra fast portable executable that you drop on target Linux machine during a pentest or CTF in the post exploitation phase. Running enumy will enumerate the box for common security vulnerabilities. Installation You can download the final binary from the release x86 or x64 tab...