Exploit for Cross-site Scripting in Prisma Graphql-Playground-Html

This is a PoC exploit for CVE-2020-4038, an XSS Reflection attack vulnerability in the GraphQL Playground repository. The vulnerability is present in the graphql-playground-html package, which is used by several other packages, including graphql-playground-express, graphql-playground-koa,...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

This repository is an open-source collection of vulnerable systems and applications for educational purposes, specifically for penetration testing and vulnerability assessment. It is maintained by phith0n and hosted on GitHub. The repository contains various vulnerable systems and applications,...

Exploit for Off-by-one Error in Sudo_Project Sudo

Based on the provided context and code, here is a summary of the analysis: Classification: Exploit module/toolkit targeting a vulnerability in a specific product/service framework. Primary vulnerability: CVE-2021-3156, a heap-based buffer overflow in sudo. Target product/service: sudo, a Unix...

Exploit for CVE-2021-42321

This repository is a proof-of-concept PoC exploit for CVE-2021-42321, a vulnerability in Microsoft Exchange Server. The PoC is written in Python and uses the requests library to send a SOAP request to the Exchange server. The exploit targets the Exchange server's GetFolder method, which can be us...

Exploit for Improper Authentication in Dahuasecurity Ipc-Hum7Xxx_Firmware

This is a PoC exploit for CVE-2021-33044, an authentication bypass vulnerability in Dahua IPC, VTH, and VTO devices. The exploit targets the login process of these devices, allowing attackers to bypass device identity authentication by constructing malicious data packets. The exploit is implement...

HikPwn

This is an offensive tool for Hikvision devices. The tool, named HikPwn, is a simple scanner written in Python 3.8 that performs basic vulnerability scanning capabilities. It was created by Ananke and is available on GitHub. The tool has several functions and characteristics, including passive an...

Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux

PoC exploit for CVE-2021-3493, a local privilege escalation vulnerability in Ubuntu OverlayFS. The target is the Linux kernel, specifically the overlayfs file system, which did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker coul...

Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux

This is a PoC exploit for CVE-2021-3493, a local privilege escalation vulnerability in Ubuntu OverlayFS. The exploit targets Ubuntu versions 20.10, 20.04 LTS, 19.04, 18.04 LTS, 16.04 LTS, and 14.04 ESM. The vulnerability arises from a Linux kernel issue where it did not properly validate the...

Exploit for Incorrect Conversion between Numeric Types in Linux Linux_Kernel

CVE-2020-27194 my exp for CVE-2020-27194, tested on linux kernel 5.8.14. More details : https://ama2in9.top/2020/12/14/CVE-2020-27194/ reference CVE-2020-8835 pwn2own 2020 ebpf 提权漏洞分析 CVE-2020-8835 pwn2own 2020 ebpf 通过任意读写提权分析...

vulhub1

This is a repository for a project called Vulhub, which appears to be a collection of vulnerable systems and applications for testing and learning purposes. The repository contains various files and directories, including: 1. .gitattributes: A file that specifies which files should be ignored by...

Exploit for Out-of-bounds Write in Linux Linux_Kernel

PoC exploit for CVE-2021-22555, a heap out-of-bounds write affecting Linux since v2.6.19-rc1. The exploit allows an attacker to gain privileges or cause a DoS through user namespace memory corruption. The target is Linux, and the vulnerability class is heap out-of-bounds write. The probable entry...

Exploit for Improper Input Validation in Drupal

PoC exploit for CVE-2018-7600, a remote code execution vulnerability in Drupal. The target product/service is Drupal, and the vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the 'user/register' page, and the exploit is typically invoked by running the...

K8tools

It is an offensive tool for web application exploitation. The repository, K8tools, contains a collection of tools for various purposes, including internal penetration, privilege escalation, remote overflow, vulnerability exploitation, scanning, password cracking, and evasion. The primary focus is...

OffensiveRust

This is a collection of Rust code snippets, each implementing a different type of exploit or malicious functionality. The code is organized into several subdirectories, each containing a specific exploit or tool. Here's a summary of the code and its functionality: 1. AllocateWithSyscalls: This co...

Web-Attack-Cheat-Sheet

It is an offensive tool for web application security testing. The repository contains a comprehensive web attack cheat sheet, covering various techniques for discovering, enumerating, scanning, and monitoring web applications. The tool covers topics such as IP and subdomain enumeration, cache and...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

This repository is a proof-of-concept PoC exploit for CVE-2020-0796, also known as SMBGhost, a pre-authentication remote code execution vulnerability in Windows SMBv3. The exploit is written in Python and uses the SMB protocol to exploit the vulnerability. The PoC is intended for demonstration...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 PoC exploit for SMBGhost vulnerability in Windows 10 1903/1909's SMB3 compression capability. This PoC connects to the target host, compresses the authentication request with a bad offset field set in the transformation header, causing the decompressor to buffer overflow and crash t...

Exploit for SQL Injection in Zabbix

This is an offensive tool repository for Vulhub, a web application vulnerability training platform. The repository contains various tools and exploits for testing and demonstrating vulnerabilities in different web applications and frameworks. The primary classification of this repository is: "It ...

Exploit for Argument Injection in Phpmailer_Project Phpmailer

This is a Python script that exploits a vulnerability in PHPMailer version 5.2.18. The script is designed to be run on a vulnerable environment, and it will spawn a vulnerable web application on the host on port 8080. The exploit will drop a shell where commands can be sent to the backdoor. The...

Exploit for OS Command Injection in Docker

CDK - Zero Dependency Container Penetration Toolkit English | 简体中文 Legal Disclaimer Usage of CDK for attacking targets without prior mutual consent is illegal. CDK is for security testing purposes only. Overview CDK is an open-sourced container penetration toolkit, designed for offering stable...

Kunyu

This is a Python-based tool called Kunyu, which is designed for more efficient corporate asset collection and network surveying and mapping. The tool is intended for security-related practitioners to use in their work. The tool's primary function is to identify and collect information about asset...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

PoC exploit for CVE-2020-0796 - SMBv3 RCE. The target product/service is SMB. The vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the scanner.py script. Notable dependencies/tooling include the netaddr library. The execution context is a Python script invoked...

Exploit for Race Condition in Canonical Ubuntu_Linux

内网渗透中的一些工具及项目资料 入侵与渗透是两个不同的概念，很多人喜欢混为一谈，简单来说，入侵是从信息收集到打点，渗透是横向移动，获取目标，稳固权限。本页是针对内网渗透中整理的一些工具以及项目资料，方便安全从业人员查阅. 此项目同步至：https://forum.ywhack.com/bountytips.php?pentest 目录 信息收集 漏洞利用 免杀系列 代理隧道 权限提升 权限维持 横向移动 技术资料 信息收集 2021.04.06 - https://github.com/shadow1ng/fscan - 一款内网扫描工具，方便一键大保健 推荐： | 编程语言: Gola...

Exploit for Classic Buffer Overflow in Microsoft

PoC exploit for CVE-2017-7269, an RCE vulnerability in Microsoft IIS WebDav ScStoragePathFromUrl function. The exploit targets Microsoft Windows Server 2003 R2 and is implemented as a Metasploit module. The vulnerability allows remote attackers to execute arbitrary code via a long header beginnin...

vulhub

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable applications and services, along with exploits and tools to demonstrate their vulnerabilities. The primary vulnerability targeted by this repository is not explicitly stated, b...

Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind

CVE-2020-8840 Jackson-databind远程代码执行漏洞（CVE-2020-8840）分析复现环境代码。 项目包含： jackson-databind、Fastjson中payload WebServer恶意类 编译好的marshalsec-0.0.3-SNAPSHOT-all.jar 漏洞简介 Jackson-databind远程代码执行漏洞（CVE-2020-8840），攻击者可利用xbean-reflect的利用链（org.apache.xbean.propertyeditor.JndiConverter）触发JNDI远程类加载从而达到远程代码执行。...

nuclei-templates

This repository is an offensive tool for nuclei templates, which are used to find security vulnerabilities in applications. The primary CVE ID present in the context is not explicitly mentioned, but the repository contains a workflow for CVE annotation. The target product/service or framework is...

Exploit for Path Traversal in Microsoft

This repository is an exploit module for CVE-2021-40444, a remote code execution vulnerability in Microsoft Office Word. The exploit is a malicious docx generator that creates a document that, when opened, will execute a malicious DLL file. The exploit is based on some reverse engineering over a...

dedecms5.81beta1 rce

PoC exploit for CVE-2021-XXXX-XXXX. It is a Python script targeting DedeCMS V5.8.1 beta 1, exploiting a remote code execution RCE vulnerability. The probable entry point is the exp function, which is typically invoked by running python3 poc.py -u url. The script sends a GET request to the...

Exploit for OS Command Injection in Docker

CVE-2019-5736 is a container escape vulnerability in Docker. The exploit works by overwriting and executing the host system's runc binary from within the container. The vulnerability allows an attacker to gain root access on the host system. The exploit is implemented in Go and consists of two us...

ICSwiki

This is an offensive tool for ICS Industrial Control Systems testing. It is a collection of scripts and tools for identifying and exploiting vulnerabilities in ICS protocols, specifically IEC-60870-5-104 and IEC-61850-8-1. The tool is designed to send identify requests and extract vendor name,...

Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux

PoC exploit for CVE-2021-3493, a local privilege escalation vulnerability in Ubuntu OverlayFS. The target is the Linux kernel, specifically the overlayfs file system, which did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker coul...

vulhub

This is an open-source collection of vulnerable web applications and environments for testing and learning about web application security. It is a project maintained by phith0n and hosted on GitHub. The project provides a variety of vulnerable applications and environments, including web servers,...

aflnet

It is an offensive tool for network protocols. The primary CVE ID is not explicitly stated in the provided context, but the tool is mentioned in a research paper that was accepted for publication at the IEEE International Conference on Software Testing, Verification and Validation ICST 2020. The...

Exploit for CVE-2021-1678

PoC exploit for CVE-2021-1678, an arbitrary code execution vulnerability in the Windows Print Spooler service. The exploit is contained within a Docker container, which can be built and run using the provided Dockerfile. The container includes a Python script, spoolsploit.py, that can be used to...

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq

This is a Python script for exploiting a vulnerability in Apache ActiveMQ. The script is designed to upload a shell to the server using the PUT method. The vulnerability being exploited is CVE-2016-3088. The script requires the user to provide the URL of the ActiveMQ server, the username, and the...

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat

PoC exploit for CVE-2017-12617, CVE-2017-12618, CVE-2017-12619, CVE-2017-12620, CVE-2017-12621, CVE-2017-12622, CVE-2017-12623, CVE-2017-12624, CVE-2017-12625, CVE-2017-12626, CVE-2017-12627, CVE-2017-12628, CVE-2017-12629, CVE-2017-12630, CVE-2017-12631, CVE-2017-12632, CVE-2017-12633,...

vulhub

This is an open-source collection of vulnerable web applications and environments for testing and learning purposes. It is a community-driven project that aims to provide a safe and controlled environment for users to practice and improve their skills in web application security. The repository...

Exploit for CVE-2021-417731

No description...

Exploit for Path Traversal in Mikrotik Routeros

Ladon Scanner For Golang Wiki http://k8gege.org/Ladon/LadonGo.html 简介...

Vxscan

This is a Python-based comprehensive scanning tool called Vxscan. It is used for sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, SQL injection, and other functions. The too...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Solarwinds Orion_Platform

This is a collection of Suricata rules and related information for various vulnerabilities. Here's a summary of the content: Rules: 1. Behinder3: Two rules for detecting Behinder3 PHP HTTP Request and Response. The rules set the behinder3 flowbit when the conditions are met. 2. Apache Nifi API RC...

pocsuit3

Based on the provided code and metadata, here is a compact paragraph of 5-7 sentences summarizing the repository: This repository is an open-sourced remote vulnerability testing and proof-of-concept development framework called pocsuite3, developed by the Knownsec 404 Team. It comes with a powerf...

Exploit for Improperly Implemented Security Check for Standard in Thekelleys Dnsmasq

This is a PoC exploit for CVE-2020-25686, CVE-2020-25684, and CVE-2020-25685, which are related to a DNS cache poisoning vulnerability in the dnsmasq service. The exploit is designed to demonstrate the vulnerability and is not intended for malicious use. The exploit uses a Python script to send...

marshalsec

This repository is an offensive tool for Java deserialization exploitation. It is a Java-based tool that exploits Java object deserialization vulnerabilities, which can lead to remote code execution RCE and other security issues. The tool includes payload generators for various Java marshalling...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2017-11882 43b 原脚本来自于 https://github.com/embedi/CVE-2017-11882 109b 原脚本来自于 https://github.com/unamer/CVE-2017-11882/ （膜一波，现在unamer的代码已经可以执行shellcode了） CVE-2017-11882: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ MITRE CVE-2017-11882: https://vulners.com/cve/CVE-2017-118...

MS17-011

This is a repository for exploiting the MS17-010 vulnerability in Windows SMB. The repository contains various proof-of-concept PoC exploits and tools for exploiting this vulnerability. The MS17-010 vulnerability is a remote code execution vulnerability in the Windows SMB service. It allows an...

Exploit for Improper Initialization in Docker

sectoolset -- Github安全相关工具集合 主要内容： 0x00 漏洞利用实战练习&CTF安全竞赛 0x01 安全扫描器 0x02 安全防守 0x03 渗透测试 0x04 漏洞库及利用工具（POC，EXP 0x05 二进制及代码分析工具 0x06 威胁情报&蜜罐 0x07 安全文档资料 0x11 所有内容 乌云镜像 乌云镜像 乌云镜像,河蟹 近期安全热点 Microsoft 365 Defender研究团队和威胁情报中心（MSTIC）的SolarWinds攻击分析文章 OpenSSL 拒绝式攻击严重漏洞CVE-2020-1971 安全论文：《Measuring and...

CrossC2-1

It is an offensive tool for macOS. The repository contains a CrossC2 framework fork, version 2.0, created by gloxec. The tool includes various modules for tasks such as file management, password gathering, keylogging, browser data dumping, and more. The framework uses a loader script that include...

Active-Directory-Exploitation-Cheat-Sheet

This is a cheat sheet for Windows Active Directory exploitation, containing common enumeration and attack methods. The repository is a collection of PowerShell scripts and modules that can be used to perform various attacks on Active Directory, including domain enumeration, lateral movement, and...