1886 matches found
pwntools
This repository is an open-source project for a Python library called pwntools, which is used for reverse engineering and exploitation of binaries. The library is designed to be a comprehensive tool for security researchers and developers. The repository contains a variety of files, including:...
Exploit for CVE-2019-1003000
PoC exploit for CVE-2019-1003000, CVE-2019-1003001, CVE-2019-1003002: Script Security, Pipeline: Groovy, Pipeline: Declarative. This PoC allows users with Overall/Read permission and Job/Configure and optional Job/Build to bypass the sandbox protection and execute arbitrary code on the Jenkins...
Pwnable.kr-CTF-Writeups
This repository contains writeups for a CTF Capture The Flag challenge called Pwnable.kr. The challenge involves exploiting vulnerabilities in various programs to obtain flags. The repository includes four writeups: 1. FD: This writeup involves exploiting a file descriptor vulnerability in a...
pocsuite_poc_collect
It is an offensive tool for vulnerability exploitation...
Exploit for Improper Authentication in Apache Shiro
Apache Shiro 认证绕过分析(CVE-2020-17523) https://www.anquanke.com/post/id/230935 0x01 漏洞描述 Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、密码和会话管理。使用Shiro的易于理解的API,您可以快速、轻松地获得任何应用程序,从最小的移动应用程序到最大的网络和企业应用程序。 当它和 Spring 结合使用时,在一定权限匹配规则下,攻击者可通过构造特殊的 HTTP 请求包完成身份认证绕过。 影响范围:Apache Shiro 1.7.1 0x02 漏洞环境搭建 shiro 1.7...
vulscan
This is a Python-based web application for vulnerability scanning and management. The application is built using Django and has several features, including: 1. Vulnerability Scanning: The application can scan for vulnerabilities in web applications using a variety of plugins POCs. 2. Plugin...
ysoserial
This is a Java-based tool called ysoserial, which generates payloads that exploit unsafe Java object deserialization. The tool is designed to create payloads that can be used to attack vulnerable Java applications. The tool uses a variety of payloads, including CommonsCollectionsK1,...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Redhat Jboss_Enterprise_Application_Platform
PoC exploit for CVE-2016-2183, a Padding Oracle vulnerability in Apache Shiro. The exploit targets the RCE Remote Code Execution vector, leveraging the Padding Oracle attack to bypass encryption and inject arbitrary data. The probable entry point is the shirooraclepadding.py script, which is...
Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind
CVE-2020-8840:FasterXML/jackson-databind 远程代码执行漏洞 0x00 简介 jackson-databind 是隶属 FasterXML 项目组下的JSON处理库。 0x01 漏洞概述 2月19日,NVD发布安全通告披露了jackson-databind由JNDI注入导致的远程代码执行漏洞(CVE-2020-8840),CVSS评分为9.8...
vulhub1
This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is a collection of vulnerable environments for testing and learning purposes, with no pre-existing knowledge of docker required. The repository contains a variety of vulnerable...
Exploit for Off-by-one Error in Sudo_Project Sudo
This repository contains exploits for the CVE-2021-3156 vulnerability, which affects the Linux kernel. The vulnerability allows an attacker to gain root privileges by exploiting a flaw in the way the kernel handles the "setuid" system call. The repository contains two exploit files: "exploit.c" a...
Exploit for Improper Handling of Exceptional Conditions in Sudo_Project Sudo
PoC exploit for CVE-2019-14287, a vulnerability in Sudo before 1.8.28. The exploit targets the ability of an attacker with access to a Runas ALL sudoer account to bypass certain policy blacklists and session PAM modules, and cause incorrect logging, by invoking sudo with a crafted user ID. The...
Exploit for Off-by-one Error in Sudo_Project Sudo
This is a PoC exploit for CVE-2021-3156, a heap-based overflow vulnerability in sudo. The exploit is a C program that creates a shared library libnssX/P0PSH3LLZ.so.2 that overflows the heap when sudoedit is called. The exploit can be built using the provided Makefile and run using the...
shadowbroker
This repository, lvxiao54/shadowbroker, contains a collection of exploits and tools, including the infamous Shadow Brokers dump. The primary focus of this repository is on exploiting vulnerabilities in various software and systems, particularly in the context of Windows and Linux. The repository...
dedecmscan
This is a Python-based vulnerability scanner for the DedeCMS platform. The scanner is designed to identify potential vulnerabilities in the platform, including SQL injection, cross-site scripting XSS, and other types of attacks. The scanner consists of several modules, each responsible for...
vulhub
This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for web application security testing and vulnerability research. The primary vulnerability targeted by this repository is not explicitly stated, but it contai...
Exploit for CVE-2020-14756
This is an exploit module for the CVE-2020-14756 vulnerability in Oracle WebLogic. The vulnerability allows for remote code execution RCE due to a deserialization issue in the coherence.jar library. The exploit is written in Python and uses the socket library to establish a connection to the...
CDK
This is an offensive tool for container penetration. It is called CDK Container Penetration Toolkit and is designed for offering stable exploitation in different slimmed containers without any OS dependency. The tool comes with useful net-tools and many powerful PoCs/EXPs that help users to escap...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
This is a proof-of-concept PoC exploit for CVE-2020-0796, also known as SMBGhost, a pre-authentication remote code execution vulnerability in Windows SMBv3. The exploit is written in Python and uses the SMB protocol to inject shellcode into the Windows kernel. The shellcode is generated from a...
Exploit for Improper Access Control in Elasticsearch
欢迎各位大佬提BUG,当前版本 AssetScanV1.3 周期 初版:2019年11月28日 V1.0初版编写完成 修改1:2019年12月02日 感谢Shadow·J反馈kali下文件导入异常 修改2:2019年12月03日 V1.1发布,新增ARP存活检测(回滚,测bug) 修改3:2019年12月04日 V1.2发布,修复漏洞脚本异常,修复weblogic脚本 修改4:2019年12月05日 V1.2修改,感谢sevck提供设计思路以及代码不规范问题 修改5:2019年12月05日 V1.2修改,修复IP数据处理异常 修改6:2019年12月19日...
Exploit for Improper Initialization in Apple Ipados
This is a PoC exploit for CVE-2020-27950, a vulnerability in the macOS kernel that allows for a port pointer leak. The exploit targets the macOS kernel and leverages a vulnerability in the kalloc.1024 buffer to allocate a controlled buffer with a magic value. The exploit then creates an ipckmsg...
JNDIExploit
JNDIExploit 一款用于 JNDI注入 利用的工具,大量参考/引用了 Rogue JNDI 项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。 使用说明 使用 java -jar JNDIExploit.jar -h 查看参数说明,其中 --ip 参数为必选参数 Usage: java -jar JNDIExploit.jar options Options: -i, --ip Local ip address -l, --ldapPort Ldap bind port default: 1389 -p,...
Exploit for Improper Input Validation in Apache Unomi
PoC exploit for CVE-2020-13942, an unauthenticated RCE vulnerability through MVEL and OGNL injection in Apache Unomi. The exploit targets the context.js/json endpoint exposed by the Unomi server, allowing an attacker to execute arbitrary OS commands. Two RCE vectors are available: MVEL injection...
Exploit for CVE-2020-14644
It is an offensive tool for WebLogic. The repository contains a basic proof-of-concept PoC and exploit script for WebLogic, with the goal of creating a unified detection and exploitation tool. The script, named weblogicpoc.py, uses the T3 protocol to connect to a WebLogic server and exploit...
PrivescCheck
This is a PoC exploit for Windows privilege escalation enumeration. The script, PrivescCheck, is designed to identify common Windows security misconfigurations that can be leveraged for privilege escalation. It gathers various information that might be useful for exploitation and/or...
XSS_Bypass_Payload
It is an offensive tool for XSS. The repository contains a collection of XSS bypass payloads, which are used to exploit vulnerabilities in web applications to inject malicious code. The payloads are designed to bypass various security measures, such as Content Security Policy CSP and XSS filters...
Exploit for CVE-2020-16898
CVE-2020-16898 CVE-2020-16898 Windows TCP/IP远程代码执行漏洞 EXP&POC 复现 forforever:https://www.cnblogs.com/forforever/p/13846077.html poc CVE-2020-16898Checker-poc 命令: 管理员启动powershell/CMD Powershell.exe -ExecutionPolicy UnRestricted -File .\CVE-2020-16898-poc.ps1 exp cve-2020-16898-exp2...
Exploit for CVE-2020-14882
CVE-2020–14882 Weblogic Unauthorized bypass RCE bypass patch with CVE-2020–14882 private static final String IllegalUrl = new String";", "%252E%252E", "%2E%2E", "..", "%3C", "%3E", ""; list %252E%252E %2E%2E .. %3E %3C ; lower "%252E%252E%252F".lower '%252e%252e%252f' %252E%252E%252F to...
Exploit for Path Traversal in Intelbras Tip200_Firmware
PoC exploit for CVE-2020-13886, a Local File Include LFI vulnerability in Intelbras TIP 200/200 LITE/TIP 300 devices. The exploit targets the /cgi-bin/cgiServer.exx?page= parameter, allowing an attacker to read sensitive files on the device. The poc.py script takes two user inputs: the URL...
Exploit for Improper Privilege Management in Microsoft
内网渗透学习笔记 作者:chriskali Github:chriskaliX 近期,拜读了腾讯蓝军-红蓝对抗之Windows内网渗透,学到了不少知识点。打算拆分章节进行整理以及复现,主要记录自己缺失的知识点。这是一个大杂烩文章,主线是跟着jumbo师傅的思路,碰到感兴趣的,我会继续扩展。可能有点凌乱,希望大家见谅。 0x01 环境搭建 这一步略过,简单介绍一下测试的环境 |主机名|IP地址|角色|系统| |:-:|:-:|:-:|:-:| |DC|10.10.10.10|DC|DNS|Winserver 2012| |John|10.10.10.11|normal|win7|...
blogpost_qiling_dlink_1
It is an offensive tool for exploiting vulnerabilities in software. The repository contains a Python script that exploits a vulnerability in a software product. The script is designed to be used by a penetration tester or a security researcher to test the security of the software. The script uses...
Exploit for CVE-2020-1034
This is a PoC Proof of Concept exploit for CVE-2020-1034, a vulnerability discovered by Microsoft and fixed on August 9, 2020. The exploit targets an unpatched Windows 10 2004, build 19041.488. The exploit code is written in C++ and uses the Windows API to manipulate the system's Event Tracing fo...
shellcode-x86_x64
This repository contains a collection of assembly code examples for a 64-bit Linux system, primarily focusing on basic instructions and operations. The code is written in NASM Netwide Assembler and covers various topics such as arithmetic, logical operations, string manipulation, and stack...
CDK
It is an offensive tool for container exploitation. The primary CVE ID is not explicitly stated in the provided context, but the tool is designed for container exploitation, which may involve various vulnerabilities. The tool, CDK, is a zero-dependency container penetration toolkit that offers...
Exploit for Improper Input Validation in Cisco Adaptive_Security_Appliance_Software
PoC exploit for CVE-2020-3452, an unauthorized remote file reading vulnerability in Cisco Adaptive Security Appliance and FTD Software. The exploit uses Shodan to scan for vulnerable targets, then attempts to exploit the vulnerability by sending crafted HTTP requests to the identified targets. Th...
Exploit for CVE-2020-17008
CVE-2020-17008 splWOW64 Elevation of Privilege C:\Windows\splwow64.exe Poc From: https://bugs.chromium.org/p/project-zero/issues/detail?id=2096 0x01 set splwow64poc.exe Low cd splwow64poc\x64\Release icacls splwow64poc.exe /setintegritylevel L /setintegritylevel CIOI级别将完整性 ACE 显式...
Exploit for CVE-2020-17057
cve-2020-17057 cve-2020-17057 poc 微软于2020-11-10日发布补丁修补...
Exploit for OS Command Injection in Sonatype Nexus_Repository_Manager
CVE-2019-5475 CVE-2019-5475 与 CVE-2019-15588 靶场: RCE 命令注入漏洞 ------ 0x00 背景 CVE-2019-5475 是 Nexus 关于内置插件 Yum Repository 的 RCE 命令注入漏洞,其最早被披露于 hackerone,但因官方第一次修复不完整,故又衍生出了 CVE-2019-15588 漏洞。 这两个漏洞都需要以 admin 身份登录后才可以利用,但是 nexus 默认管理员密码 admin123 经常被忽略修改,很容易就被利用了。 0x10 靶场环境 0x20 目录结构 CVE-2019-5475 ├──...
Exploit for CVE-2020-27949
This is a PoC exploit for CVE-2020-27949, a vulnerability in macOS's DTrace system that allows an attacker to read memory of other processes without elevated permissions. The exploit creates probes in the victim process using the /dev/fasttrap device, which lacks permission checks, allowing any...
Exploit for Improper Access Control in Xen
kernelexploitfactory Keep updating...... Linux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore. This repository is to extract all Linux kernel exploit and relative debug environment. The test is on...
Exploit for OS Command Injection in Apache Struts
CVE-2020-26259 CVE-2020-26259: XStream1.4.14 is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights. https://x-stream.github.io/CVE-2020-26259.html XStream 1.4.14 pom.xml com.thoughtworks.xstream xstream 1.4.14 poc...
Exploit for Deserialization of Untrusted Data in Microsoft
This is a weaponized tool for exploiting the Microsoft Exchange 2010 MRM.AutoTag.Model unsafe deserialize vulnerability, identified as CVE-2020-17144. The tool is written in C and uses the .NET framework 3.5. The tool consists of two files: e.cs and cve-2020-17144.cs. The e.cs file is a simple C...
Exploit for Deserialization of Untrusted Data in Microsoft
CVE-2020-17144-EXP 条件: Exchange2010; 普通用户 默认用法写webshell: CVE-2020-17144-EXP.exe mail.example.com user pass 执行命令 & 端口复用: 修改ExploitClass.cs 参考 @zcgonvh...
Exploit for Expression Language Injection in Apache Struts
PoC exploit for CVE-2020-17530, a deserialization vulnerability in Apache Struts 2.0.0 to 2.5.25. The target product/service is Apache Struts, specifically the struts2showcasewar application. The vulnerability class/vector is deserialization, allowing for remote code execution. The probable entry...
Exploit for Path Traversal in Citrix Xenmobile_Server
使用方法&免责声明 该脚本为Citrix XenMobile 目录遍历漏洞(CVE-2020-8209)批量检测脚本。 使用方法:Python CVE-2020-8209-Multiple.py url.txt 存在漏洞的地址输出在vul.txt中 影响版本: - RP2之前的Citrix XenMobile Server 10.12 - RP4之前的Citrix XenMobile Server 10.11 - RP6之前的Citrix XenMobile Server 10.10 - RP5之前的Citrix XenMobile Server 10.9...
Exploit for Deserialization of Untrusted Data in Apache Tapestry
This repository contains a proof-of-concept PoC exploit for the CVE-2020-17531 vulnerability in Apache Struts 2. The exploit is written in Python and uses the requests library to send a malicious request to the vulnerable application. The PoC exploit is designed to execute a command on the...
emp3r0r
This is a Linux post-exploitation framework made by linux user, known as emp3r0r. The framework is designed to provide a comprehensive set of tools for exploiting and manipulating Linux systems. The framework is composed of several components, including a build script, a command-line interface CL...
mad-metasploit
This is a Metasploit custom module repository, mad-metasploit, which contains a collection of exploits and plugins for various vulnerabilities. The repository is maintained by hahwul and is available on GitHub. The repository includes a variety of exploits, including: AIX Calendar Manager Service...
ctfs-1
This repository contains notes and code on past CTF Capture The Flag challenges, with a focus on web, crypto, and realistic challenges. The repository is organized into several sections, each covering a different type of challenge. The web section includes write-ups on various web-based challenge...
Exploit for OS Command Injection in Xstream
CVE-2020-26217 is a remote code execution RCE vulnerability in the XStream library, which is a popular XML serialization library for Java. The vulnerability is present in versions of XStream prior to 1.4.13. The vulnerability is caused by a deserialization issue in the XStream library, which allo...