Exploit for Use After Free in Microsoft

System-Vulnerability 实时更新较好用最新漏洞EXP，仅供已授权渗透测试使用 --- Windows --2019.9.20 CVE-2019-0708 Blue Keep Rce --2019.11.20 CVE-2019-1388 UAC 提权 --2020.3 CVE-2020-0796 - SMBv3 poc --2020.4 CVE-2020-0796 - SMBv3 提权 --2020.5 全版本窃取令牌提权 --2020.6 CVE-2020-0796 - SMBv3 getshell Linux --2019.11 CVE-2019-14287 sudo...

Exploit for Incorrect Default Permissions in Ui Unifi_Controller

This is a PoC exploit for CVE-2020-12695, a vulnerability in the CallStranger protocol. The exploit is implemented in Python and uses the upnpy library for UPnP communication. The script is designed to simulate data exfiltration, bypassing DLP Data Loss Prevention systems, and can also be used to...

Exploit for CVE-2015-0273

phpcodz Php Codz Hacking http://www.80vul.com/pch/ What is PHP? PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. If you are new to PHP and want to get some idea of how it works, try the introductory tutorial. Afte...

pwn-collection

This repository contains a collection of CTF Capture The Flag challenges with writeups and exploit scripts. The challenges are categorized into three main areas: fmtstr32, heapchunkoverlap64, and pwn300. The fmtstr32 category contains challenges related to format string vulnerabilities, which all...

Exploit for Observable Discrepancy in Linux Linux_Kernel

PoC exploit for CVE-2021-34556 This repository contains a proof-of-concept exploit for a vulnerability in a specific product/service. The exploit targets a vulnerability in the product's framework, allowing for remote code execution. Exploit module/toolkit targeting The exploit module targets a...

Exploit for Incorrect Default Permissions in Ui Unifi_Controller

This is a PoC exploit for CVE-2020-12695, a vulnerability in the CallStranger protocol. The script is designed to check against this vulnerability and demonstrate its exploitation. The vulnerability allows an attacker to bypass DLP Data Loss Prevention and exfiltrate data, use millions of...

CTFtools

This repository is an offensive tool for web application exploitation, specifically targeting web servers. The primary vulnerability class is code execution RCE, with various exploitation techniques and payloads. The tool is designed to automate the exploitation process, making it easier for...

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for testing and training purposes. The primary CVE ID is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose. The target product/service or...

Exploit for CVE-2020-1938

Ghostcat exp for CNVD-2020-10487CVE-2020-1938 tomcat ajp协议任意属性设置导致的文件读取和文件执行。 漏洞分析 代码仅供安全测试，请勿用于非法用途,造成的后果使用者负责与本人无关！！！ python3 ajpShooter.py -h /\ / \ | | | //\ | | ' \ \ | ' \ / \ / | / \ '| / | | | | \ \ | | | | | || / | / // | ./ /| ||/ / \|| |/|| 00theway,just for test usage:...

CTF-challenges-by-me

This is an offensive tool for CTF challenges. It is a collection of exploits and challenges from various CTF events, including 0ctffinal-2017 and 0ctfquals-2018. The repository contains a variety of challenges, including web security, pwnable, and cryptography challenges. The challenges are...

pwnstudy

The provided context is a GitHub repository named "zhangbo123321/pwnstudy" containing a file named "Article/2018西普杯全国高校信息安全铁人三项大赛-河南赛区个人赛题解.md". This file appears to be a solution to a CTF Capture The Flag challenge, specifically a pwn challenge, from a 2018 national collegiate cybersecurity...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

Awesome Web Security 🐶 Curated list of Web Security materials and resources. Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of...

Dockerfiles

This repository is a collection of Dockerfiles for CTF Capture The Flag challenges running on SniperOJ. The Dockerfiles are used to build a vulnerable environment for the challenges, which can be solved by participants. The repository contains various challenges, including web-based and pwn...

webcgi-exploits

This repository is an offensive tool for Web CGI interfaces. It contains exploits for various web CGI interfaces, including PHP and Python. The primary focus is on FastCGI and Apache Modphp. The exploits are designed to take advantage of vulnerabilities in the web CGI interfaces, allowing for...

penetration

This repository contains a collection of 0-day exploits and vulnerabilities for various CMS platforms, including CreateLive CMS, BlueCMS, and DVBBS. The exploits are primarily SQL injection and file upload vulnerabilities. The CreateLive CMS exploits include: A SQL injection vulnerability in the...

metasploit-framework

This is a Metasploit Framework repository, a widely used penetration testing tool. The framework is used for identifying and exploiting vulnerabilities in computer systems and applications. The primary target of this framework is the Metasploit Framework itself, which is a Ruby-based framework fo...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The repository contains a variety of vulnerable environments, including Flask SSTI, Apache Parsing Vulnerability, and more. The environments are designed to be easy to use, with simple installation and usage instructions...

ctf-pwns

This repository contains a collection of CTF Capture The Flag challenges for training and education. The challenges are categorized into several folders, each containing a specific challenge. The challenges are designed to test various skills, including exploitation, reverse engineering, and...

exploiting

It is an offensive tool for Linux and Windows exploitation. The repository contains a PoC exploit for an unspecified vulnerability, likely related to the 3dsctf2016 challenge. The exploit targets a Linux system and appears to be a binary ELF file. The code snippet shows a getstarted script that i...

CTF-Web-Challenges

This is a PHP challenge where the goal is to get a shell on the server. The challenge is hosted on a Docker container, and the PHP code is written in a way that makes it difficult to execute arbitrary code. The challenge involves using the session.uploadprogress feature in PHP, which allows us to...

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

CVE-2018-2628 CVE-2018-2628漏洞工具包 根据Github上整理出的漏洞利用工具包含： 1.CVE-2018-2628漏洞检测工具 //漏洞存在检测的POC 2.weblogicpoc.py //漏洞利用的POC 3.ysoserial-0.1-cve-2018-2628-all.jar //借鉴的漏洞利用工具https://github.com/tdy218/ysoserial-cve-2018-2628/releases 具体的漏洞复现过程请移步简书：https://www.jianshu.com/p/6649118ba7b6...

aflnet

It is an offensive tool for Network protocols. The repository contains a greybox fuzzer for protocol implementations, named AFLNet. It takes a mutational approach and uses state-feedback, in addition to code-coverage feedback, to guide the fuzzing process. AFLNet is seeded with a corpus of record...

WhyNot-HEAP-Exploitation

This repository is for a proof-of-concept PoC exploit for a vulnerability in the glibc library, specifically targeting the House of Force attack. The House of Force attack is a type of attack that exploits the way glibc handles memory allocation and deallocation, allowing an attacker to control t...

Exploit for CVE-2013-0422

K8tools 2020628 声明: 工具仅供安全研究或授权渗透，非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大，可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行，大部份经过修改编译兼容性稳定性更好 注意：不保证永久有效,喜欢自行保存。 综合工具 + 反弹工具 Ladon 6.6.6 反弹MSF/NC ShellTCP/HTTP/HTTPS + 扫描工具 Ladon 6.6 SMB漏洞检测 SMBGhost...

Exploit for OS Command Injection in Docker

CVE-2019-5736 is a vulnerability in the runc container runtime that allows for container escape. The exploit works by overwriting the runc binary with a malicious version, which is then executed when a container is run. The vulnerability is present in the runc binary, which is responsible for...

KITT-Lite

This is an offensive tool for wireless network exploitation. It is a collection of scripts and tools for various wireless-related tasks, including wireless network scanning, device identification, and password cracking. The toolset includes scripts for tasks such as: Wireless network scanning usi...

Gopherus

This is a Python script that generates payloads for exploiting Server-Side Request Forgery SSRF vulnerabilities in various services, including MySQL, PostgreSQL, FastCGI, Memcached, Redis, Zabbix, and SMTP. The script uses a variety of techniques to generate payloads, including Python, Ruby, and...

pwntools

This repository is an offensive tool for binary exploitation, specifically a Python library for writing exploits. It is not a PoC exploit for a specific CVE, but rather a toolkit for creating exploits. The primary vulnerability class targeted by this library is not explicitly stated, but it is...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID present in the provided context is CVE-2016-9086. The target product/service or framework is GitLab. The vulnerability class/vector is not explicitly stated, but it is likely related to the mentioned...

pwntools

It is an offensive tool for binary exploitation. The repository contains the pwntools project, a Python library for binary exploitation. The primary vulnerability class targeted by this tool is RCE Remote Code Execution. The probable entry points for this tool are the exploit.py script and the...

vulhubs

This is an open-source collection of pre-built vulnerable docker environments. It is not a PoC exploit for a specific CVE, but rather a toolkit for testing and training purposes. The repository contains various vulnerable environments, including Flask SSTI, Apache Parsing Vulnerability, and more...

Exploit for Improper Input Validation in Microsoft

PoC exploit for CVE-2020-1350. The target product/service or framework is IIS, and the vulnerability class/vector is a deserialization vulnerability. The probable entry point is the applicationhost.config file, and the notable dependency/tooling is the IIS configuration file. The execution contex...

Exploit for OS Command Injection in Openbsd Openssh

It is an exploit for CVE-2020-15778, a command injection vulnerability in OpenSSH's SCP component. The vulnerability allows an attacker to inject malicious commands by passing a backtick-enabled payload as a file name, which is then executed by the local shell. The affected component is the SCP...

penetration-1

This is a collection of 0-day exploits for various web applications, including CreateLive CMS, BlueCMS, and DVBBS. The exploits are written in a mix of languages, including Chinese, Russian, and English. The exploits target various vulnerabilities, including SQL injection, cross-site scripting XS...

Exploit for Improper Input Validation in Microsoft

PoC exploit for CVE-2020-1350, a Windows DNS DoS vulnerability. The target product/service is Windows DNS server, and the vulnerability class/vector is a denial-of-service DoS attack. The probable entry point is the sigreddos.py script, which listens on port 53 on both TCP and UDP. Notable...

MITMf

MITMf is a framework for Man-In-The-Middle attacks. It is a modular and easily extendible tool that aims to provide a one-stop-shop for network attacks. The framework is based on sergio-proxy and has been rewritten from scratch to address the shortcomings of other tools like Ettercap and Mallory...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Advantech Webaccess

This is a PoC Proof of Concept exploit for CVE-2016-0856, a vulnerability in the Windows RPC Remote Procedure Call service. The exploit targets the RpcClient and RpcDcClient classes in the bwconn.dll library. The exploit is written in Python and uses the ctypes library to interact with the DLL. T...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly mentioned, but the repository contains various vulnerable environments, including ones related to CVE-2016-9086, CVE-2017-1000353, CVE-2013-4547, and CVE-2018-1000006. The target...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID present in the context is CVE-2016-9086. The target product/service or framework is GitLab. The vulnerability class/vector is not explicitly stated, but it is likely related to the mentioned CVE. The...

shadowbroker

This repository, hc1216/shadowbroker, contains a collection of exploits and tools for various vulnerabilities. The repository was initially reported to contain sensitive data, leading to the deletion of several files. The remaining files include a mix of exploit code, payloads, and documentation...

bluescan

This is a Python script for a Bluetooth scanner, specifically designed to scan for devices, services, and vulnerabilities. The script is called "bluescan" and is available on GitHub. The script is based on the BlueZ Bluetooth protocol stack and uses the libbluetooth-dev package. It can be install...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various attacks. The probable entry points are the docker-compose files, which are used to build and...

Vxscan

This is a Python script for a comprehensive scanning tool called Vxscan. The tool is designed to perform various types of scans, including sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection,...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly stated, but the repository contains several vulnerable environments, including ones for CVE-2016-9086, CVE-2017-1000353, and CVE-2018-1000006. The target product/service or framework ...

Exploit for CVE-2020-2551

CVE-2020-2551 Weblogic IIOP 反序列化 测试环境 Weblogic10.3.6+jdk1.6 打包好的jar包 提取码：a6ob 漏洞利用 下载jar包，然后使用marshalsec起一个恶意的RMI服务，本地编译一个exp.java java package payload; import java.io.IOException; public class exp public exp String cmd = "curl http://172.16.1.1/success"; try...

Exploit for CVE-2018-2893

CVE-2018-2893漏洞验证脚本 使用方法 python CVE-2018-2893.py 10.10.0.1 7001 分析预警 https://www.anquanke.com/post/id/152164 脚本来源 https://www.secfree.com/article-957.html...

vulscan

This is a Python-based web application for vulnerability scanning and management. Here's a summary of the key features and functionality: Overview The application is built using Django, a Python web framework, and is designed to provide a user-friendly interface for vulnerability scanning and...

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq

This repository is an offensive tool for ActiveMQ. It is a PoC exploit for CVE-2016-3088. The tool is designed to upload a shell to the ActiveMQ server, allowing for remote code execution. The exploit targets a vulnerability in the ActiveMQ file server, which allows an attacker to upload a file t...

Exploit for Path Traversal in Atlassian Confluence_Server

PoC exploit for CVE-2019-3396, a Confluence Server-Side Template Injection SSTI Remote Code Execution RCE vulnerability. The exploit targets Confluence versions vulnerable to this CVE. The vulnerability is exploited by sending a specially crafted request to the Confluence REST API, which allows a...

maltrail

It is an offensive tool for network traffic detection. The primary CVE ID is not explicitly mentioned, but it utilizes publicly available blacklists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists. Th...