kconfig-hardened-check-master

This is a tool for checking Linux kernel Kconfig option lists against security hardening preferences. The tool is called "kconfig-hardened-check" and is written in Python. It is designed to help users ensure that their Linux systems are properly secured by checking the kernel configuration agains...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

PoC exploit for CVE-2021-44228, a remote code execution vulnerability in Apache Log4j. The target product/service is Apache Log4j, and the vulnerability class/vector is remote code execution RCE. The probable entry point is the Log4j2ExploitTest.java file, which contains the exploit code. The...

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

This is a Java project for a web application that uses the Log4j library. The project is a practice environment for testing and learning about the Log4j vulnerability CVE-2021-44228. The project includes a Maven project settings file, a Java class file, and a Log4j configuration file. The Log4j...

vulhub

This is an open-source collection of vulnerable systems and applications for educational purposes. The repository is maintained by phith0n and is available on GitHub. It contains a variety of vulnerable systems and applications, including web applications, databases, and operating systems. The...

pikachu

It is an offensive tool for web application security training. The primary CVE ID is not explicitly mentioned, but the tool is designed to simulate various web application vulnerabilities, including but not limited to: Burt Force brute force, XSS cross-site scripting, CSRF cross-site request...

pikachu

It is an offensive tool for web application security training. The primary CVE ID is not explicitly stated, but the tool includes various web application vulnerabilities such as Burt Force brute force, XSS cross-site scripting, CSRF cross-site request forgery, SQL-Inject SQL injection, RCE remote...

EvilOSX

This is a Python-based Remote Administration Tool RAT for macOS/OS X, known as EvilOSX. It is a modular system that allows users to extend its functionality by creating custom modules. The tool is designed to be undetectable by anti-virus software, using OpenSSL AES-256 encryption for its payload...

vulhub

This is an open-source collection of vulnerable web applications and environments for security research and training. It is a repository of vulnerable systems, including web applications, databases, and other software, designed to help security professionals and researchers practice and improve...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Sophos Hitmanpro

引用 这篇文章的目的是介绍一种基于内核态内存的越界写入通用利用技术和相关工具复现. toc 简介 笔者的在原作者池风水利用工具以下简称工具基础上进行二次开发,新增了全自动获取内核调试模块符号的偏移量及配置参数和不同漏洞利用方式优化等功能, 解决了不同Windows版本适配问题,工具包括适配驱动和利用程序两部分组成,实现了在Windows 10 19H1之后任意版本包括满补丁系统上的稳定利用. 自Windows 10 19H1开始，用户层段堆（Segment Heap）结构后端逻辑被用于内核层，主要分为低碎片化堆Low-fragmentation Heap与VS堆Variable Size...

pocsuite_poc_collect

It is an offensive tool for vulnerability exploitation. The repository appears to be a collection of proof-of-concept PoC exploits for various vulnerabilities, likely created using the Pocsuite framework. Not specified...

pikachu

It is an offensive tool for web application security training. The primary CVE ID is not explicitly mentioned, but the tool is designed to simulate various web application vulnerabilities, including Burt Force 暴力破解漏洞, XSS 跨站脚本漏洞, CSRF 跨站请求伪造, SQL-Inject SQL注入漏洞, RCE 远程命令/代码执行, Files Inclusion...

vulhub

This repository is an offensive tool for vulnerability research and exploitation, specifically targeting various web applications and services. It contains a collection of exploits and tools for identifying and exploiting vulnerabilities in software and systems. The repository includes a variety ...

PayloadsAllTheThings

It is an offensive tool for general-purpose payloads. The repository contains a list of supported funding platforms, including GitHub Sponsors, Ko-fi, and Buy Me a Coffee. The primary funding platform mentioned is GitHub Sponsors, with the username swisskyrepo. No specific exploit or vulnerabilit...

Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware

This is a Metasploit module targeting a command injection vulnerability in Hikvision web servers. The module is designed to exploit the vulnerability by sending malicious commands to the vulnerable server. The module is written in Python and uses the Metasploit framework to interact with the targ...

vulhub

This repository is an open-source collection of vulnerable systems and applications for educational purposes, specifically for learning and practicing penetration testing and vulnerability assessment. It is maintained by phith0n and hosted on GitHub. The repository contains various vulnerable...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

安全相关的测试 介绍 安全相关的测试，仅供学习！ 1.log4j2 CVE-2021-44228漏洞问题复现...

Exploit for OS Command Injection in Docker

CVE-2019-5736 is a container escape vulnerability in Docker. The PoC Proof of Concept exploit for this vulnerability is available in the repository sekla/CVE-2019-5736-PoC. The exploit works by overwriting and executing the host system's runc binary from within the container. The exploit has two...

Exploit for Off-by-one Error in Sudo_Project Sudo

This is a PoC exploit for CVE-2021-3156, a sudo vulnerability dubbed Baron Samedit. The exploit is designed to achieve single-shot access to the system, without modifying system files. It is written in C and uses a heap overflow technique to bypass security restrictions. The exploit is typically...

Exploit for Use After Free in Linux Linux_Kernel

CVE-2018-17182 Linux 内核VMA-UAF 提权漏洞（CVE-2018-17182） About Google Project Zero的网络安全研究人员发布了详细信息，并针对自内核版本3.16到4.18.8以来Linux内核中存在的高严重性漏洞的概念验证（PoC）漏洞利用。 由白帽黑客Jann Horn发现，内核漏洞（CVE-2018-17182）是Linux内存管理子系统中的缓存失效错误，导致释放后使用漏洞， 如果被利用，可能允许攻击者获得root权限目标系统上的特权...

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

This is a PoC exploit for CVE-2021-44228, a remote code execution vulnerability in Apache Log4j2. The repository contains a Java application that demonstrates the exploitation of this vulnerability. The application is built using Maven and includes various marshalling libraries that allow for...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell（CVE-2021-44228）related attacks IOCs 源IP使用Apache Log4j RCE尝试攻击，其中包含很大部分Tor节点，详见Attack-IP.md 利用log4j漏洞传播的恶意程序、Botnet等IOC详见IOC-C2.md Snort检测规则详见Snort.md Suricata规则详见Suricata.md...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

It is an offensive tool for Log4j RCE CVE-2021-44228 vulnerability scanning. The primary CVE ID is CVE-2021-44228. The target product/service is Apache Log4j. The vulnerability class/vector is RCE Remote Code Execution. The probable entry points are scripts/modules such as log4j-scan.py. Notable...

Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux

PoC exploit for CVE-2021-3493, a local privilege escalation vulnerability in Ubuntu OverlayFS. The target is the Linux kernel, specifically the overlayfs file system, which did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker coul...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

This repository is an open-source collection of vulnerable systems and applications for educational purposes, known as Vulhub. It is a defensive blue-team research and threat mitigation tool, used to improve detection, response, and patch prioritization. The repository contains a variety of...

pikachu

It is an offensive tool for web application security training. The primary CVE ID is not explicitly mentioned, but the tool is designed to demonstrate various web security vulnerabilities, including Burt Force, XSS, CSRF, SQL-Inject, RCE, Files Inclusion, Unsafe file downloads, Unsafe file upload...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4j2-CVE-2021-44228 介绍 Log4J的漏洞复现 软件架构 软件架构说明 安装教程 1. git clone https://gitee.com/demonbhao/log4j2-cve-2021-44228.git 2. 安装JDK1.8.0以下版本 3. 安装maven，打包需要 使用说明 1. 编写你的poc代码块 2. 编译Exploit.java javac Exploit.java 形成Exploit.class 3. 开启LDAP协议 4.开启http服务器，用python简单开启，注意要和被访问的端口一致...

Exploit for Generation of Error Message Containing Sensitive Information in Postgresql

PoC exploit for CVE-2021-3393. The target product/service or framework is Apache Commons BeanUtils. The vulnerability class/vector is a deserialization vulnerability. The probable entry points are the BasicDynaBean class. The notable dependency/tooling is Apache Commons BeanUtils. The execution...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

This repository is a proof-of-concept PoC exploit for CVE-2021-44228, a vulnerability in the Log4j logging library. The exploit targets the Log4j 2 library, which is a popular logging framework for Java applications. The exploit uses the JNDI Java Naming and Directory Interface protocol to inject...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

PoC exploit for CVE-2021-44228, a vulnerability in the Log4j Java library. The target product/service is Log4j, a Java logging library, and the vulnerability class/vector is a Remote Code Execution RCE vulnerability. The probable entry point is the "sendDetectionRequest" function in the...

log4j2-bug-recurrent

log4j2漏洞复现demo 演示版本 ------ jdk : jdk8u181 log4j2 : 2.12.0 log4j2漏洞范围:2.0 jdk.version jdk.version 8u191 还有其他版本不一一列出 server-simple:模拟一个生产服务 attack-simple:模拟的攻击代码 rmi-service :模拟黑客的rmi服务...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-4428 复现 本DEMO是针对Log4j2 超高危RCE漏洞CVE-2021-4428的复现DEMO，目的是认识该漏洞的危害性并根据您系统的情况做出针对性的防御。 警告 本DEMO只是针对技术层面的研究，不涉及恶意远程计算机侵入方面的相关脚本。请勿利用漏洞进行非法侵入他人计算机的违法活动。否则您将可能承担以下侵权责任： 1. 根据《中华人民共和国治安管理处罚法》第二十九条 对违反国家规定，侵入计算机信息系统，造成危害的，处五日以下拘留;情节较重的，处五日以上十日以下拘留。 2...

exp-hub

exp-hub 漏洞复现模板如下： 0x00 软件介绍 git：分布式版本控制系统 0x01 复现环境 使用环境：攻防世界中的环境 复现版本：无 0x02 环境搭建 靶机环境：2008r2standardzh-chs 0x03 利用条件 无 0x04 影响版本 无 0x05 漏洞复现 攻击环境：kalix64en-us python ./GitHack.py http://124.126.19.106:31232/.git/ 如下图 0x06 批量脚本 无 0x07 踩坑记录 坑0：Exploit aborted due to failure: bad-config: Set the...

Exploit for Off-by-one Error in Sudo_Project Sudo

This is a PoC Proof of Concept exploit for the CVE-2021-3156 vulnerability in the sudo package. The vulnerability is a heap-based buffer overflow that can be exploited to gain elevated privileges. The exploit is written in C and uses a brute-force approach to identify the correct offset and...

CDK

This is a defensive analysis of the CDK Container Penetration Toolkit repository. Here is a summary of the findings: Classification: Exploit module/toolkit targeting Linux containers Primary CVE ID: Not specified Target product/service: Linux containers specifically, the Linux kernel Vulnerabilit...

Exploit for Use After Free in Microsoft

CVE-2021-40449-Exploit olny worker on windows 10 14393,and windows 10 17763 Use Palette to Spay and RtlSetAllBits to Write...

Exploit for Path Traversal in Vmware Cloud_Foundation

CVE-2021-21972 CVE-2021-21972 Works On - VMware-VCSA-all-6.7.0-8217866、VMware-VIM-all-6.7.0-8217866 ✔ - VMware-VCSA-all-6.5.0-16613358 ✔ For vCenter6.7 U2+ vCenter 6.7U2+ running website in memory,so this exp can't work for 6.7 u2+. Need test - vCenter 6.5 LinuxVCSA/Window Waiting For Test -...

Exploit for Path Traversal in Vmware Cloud_Foundation

PoC exploit for CVE-2021-22005, a vulnerability in VMware vCenter Server allowing file upload to remote code execution. The target product/service is VMware vCenter Server, and the vulnerability class/vector is file upload to RCE. The probable entry point is a POST request to the...

nuclei-templates

This is a GitHub repository for a community-driven project called "Nuclei Templates". The project provides a collection of templates for the Nuclei engine to find security vulnerabilities in applications. The repository contains various files and workflows for managing and updating the templates,...

Exploit for Code Injection in Gitlab

The provided code is a Python script that exploits a vulnerability in GitLab CE/EE versions 11.9 and earlier. The vulnerability is related to the way GitLab handles image files, allowing an attacker to execute arbitrary code on the server. Here's a breakdown of the code: 1. The script starts by...

Exploit for Improper Input Validation in Linux Linux_Kernel

This is a PoC exploit for CVE-2021-3490, a Linux kernel vulnerability. The exploit targets the eBPF subsystem and leverages a bug in the verifier to gain arbitrary read and write access to kernel memory. The exploit is designed to work on Ubuntu 20.04.02 and 20.10 Groovy Gorilla kernels 5.8.0-25....

Exploit for Race Condition in Canonical Ubuntu_Linux

《云原生安全：攻防实践与体系构建》资料仓库 本仓库提供了《云原生安全：攻防实践与体系构建》一书的补充材料和随书源码，供感兴趣的读者深入阅读、实践。 本仓库所有内容仅供教学、研究使用，严禁用于非法用途，违者后果自负！ 相关链接：豆瓣 | 京东 | 当当 补充阅读资料 - 100云计算简介.pdf - 101代码安全.pdf - 200容器技术.pdf - 201容器编排.pdf - 202微服务.pdf - 203服务网格.pdf - 204DevOps.pdf - CVE-2017-1002101：突破隔离访问宿主机文件系统.pdf -...

Exploit for OS Command Injection in Zeroshell

CVE-2019-12725 CVE-2019-12725 ZeroShell 远程命令执行漏洞 =================================================== 自己的练习项目...

Exploit for CVE-2016-2384

This repository contains proof-of-concept PoC exploits for various vulnerabilities in the Linux kernel. The exploits target different vulnerabilities, including CVE-2016-2384, CVE-2016-9793, and CVE-2017-1000112. CVE-2016-2384 is a use-after-free vulnerability in the usb-midi driver, which allows...

Exploit for CVE-2021-1675

Impacket implementation of CVE-2021-1675...

Exploit for Incorrect Default Permissions in Microsoft

Awesome Red Teaming List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point. Anyway, this is a living resources and will update regularly with latest Adversarial Tactics and Techniques based on Mitre ATT&CK You c...

Exploit for OS Command Injection in Zabbix

This is a Python script that exploits a vulnerability in the Zabbix web application. The script is designed to send a malicious payload to the Zabbix server, which will execute the payload and potentially allow an attacker to gain unauthorized access to the system. Here is a breakdown of the...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Artifex Gsview

PoC exploit for CVE-2017-14947, an RCE vulnerability in Redis 4.x/5.x. The target product/service is Redis, and the vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the RedisModules module, and the execution context is a Python script redis-rce.py that is...

vulhub

This repository is an open-source collection of vulnerable web applications and tools for security training and research. It is maintained by phith0n and hosted on GitHub. The repository contains a variety of vulnerable applications, including web servers, databases, and other systems, to help...

php_code_audit_project

The provided code snippet appears to be a PDF document containing a vulnerability report for ThinkPHP, a PHP framework. The report describes a request function vulnerability that allows for remote code execution. The code snippet is a PDF document with a single page containing a table with severa...

vulhub

This is an offensive tool repository for vulnerability research and testing, specifically targeting various web applications and services. The repository contains a collection of exploits, proof-of-concept PoC code, and tools for identifying and exploiting vulnerabilities in software and systems...