Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796-SMB 该资源为CVE-2020-0796漏洞复现，包括Python版本和C++版本。主要是集合了github大神们的资源，希望您喜欢 C++ Python EXP POC 漏洞利用： - 本地EXP提权：https://github.com/danigargu/CVE-2020-0796 - 本地EXE提权: https://github.com/f1tz/CVE-2020-0796-LPE-EXP - POC版本提权： https://github.com/eerykitty/CVE-2020-0796-PoC -...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 Windows SMBv3 LPE Exploit Authors Daniel García Gutiérrez @danigargu Manuel Blanco Parajón @dialluvioso Exploit analysis POC Analysis by SungLin Knownsec 404 Team Writeup+PoC by @ZecOps References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796...

exploitdb-bin-sploits

This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. It aims to serve as the most comprehensive collection ...

vulhub

It is an offensive tool for vulnerable environments. The target product/service or framework is a collection of pre-built vulnerable docker environments. The vulnerability class/vector is various, including but not limited to SQL injection, cross-site scripting, and remote code execution. The...

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for vulnerability research and testing. The target product/service or framework is various, including Flask, Apache, Nginx, and Jenkins. The vulnerability class/vector is not specified, but it...

Vxscan

This is a Python script for a comprehensive scanning tool called Vxscan. The tool is designed to perform various types of scans, including sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection,...

Exploit for CVE-2013-0422

K8tools 20200118 声明: 工具仅供安全研究或授权渗透，非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大，可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行，大部份经过修改编译兼容性稳定性更好 注意：不保证永久有效,喜欢自行保存。 综合工具 + 扫描工具 Ladon 6.0 大型内网渗透扫描神器内置48个功能,支持Cobalt Strike + 扫描工具 Ladon 5.7...

Exploit for Out-of-bounds Write in Php

This is an exploit module for a bug in php-fpm CVE-2019-11043. The bug is possible to trigger from the outside in certain nginx + php-fpm configurations, allowing a web user to execute code if the vulnerable configuration is present. The exploit targets PHP 7+ and works by appending a specially...

BJDCTF2020_March

本届BJDCTF由江苏科技大学、北京工业大学、西南民族大学、杭州师范大学、 江苏大学、湖南工业大学（排名不分先后）联合举办,刷题就到buu,感谢赵总大力支持...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

It is an offensive tool for Java. This repository contains a proof-of-concept PoC exploit for CVE-2020-9484, a vulnerability in the Apache Commons Collections library for Java. The exploit is designed to demonstrate the vulnerability and is not intended for malicious use. The exploit is implement...

vulhub2

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the repository contains various vulnerable environments, including ones related to Flask, Apache, Nginx, and Jenkins. The probable entry points are the...

fuzzdb-collect

This repository appears to be a collection of files related to filename bruteforce attacks. The files are in a format that suggests they are used for testing or fuzzing purposes. The Extensions.Backup.fuzz.txt file contains a...

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is not a PoC exploit for a specific CVE, but rather a toolkit for testing and training purposes. The repository contains a variety of vulnerable environments, including Flask SSTI, Apache Parsing Vulnerability, and...

Exploit for Off-by-one Error in Sudo_Project Sudo

PoC exploit for CVE-2021-3156, Exploit module/toolkit targeting Linux, or It is an offensive tool for Linux. The repository contains various tools and scripts for exploiting vulnerabilities in Linux systems. The tools include: evilELF: a tool for exploiting ELF-related vulnerabilities evilHEAP: a...

Exploit for Expression Language Injection in Sonatype Nexus

Nexus Repository Manager 3 Vuln 影响版本：= 3.21.2 CVE-2020-10199、CVE-2020-10204、CVE-2020-11444 CVE-2020-10199 远程代码命令执行 回显poc 不回显poc $\A''.getClass.forName'java.lang.Runtime'.getMethods6.invokenull.exec'touch /tmp/cve-2020-10199' 普通用户权限 /service/rest/beta/repositories/go/group 需要管理员权限 1...

Exploit for Use After Free in Microsoft

This is an attempt to port existing PoCs Proof of Concept to actual exploits for the BlueKeep vulnerability CVE-2019-0708. The project is not actively maintained, but the author welcomes suggestions and opinions from the public. The goal is to achieve Remote Code Execution RCE on vulnerable hosts...

Exploit for Use After Free in Microsoft

微软3389远程漏洞CVE-2019-0708批量检测工具 0x001 Win下检测 https://github.com/robertdavidgraham/rdpscan C:\Users\K8team\Desktop\rdpscan-master\vs10\Release 的目录 2019/06/02 02:11 DIR . 2019/06/02 02:11 DIR .. 2019/06/02 01:55 2,582,016 libcrypto-11.dll 2019/06/02 01:57 619,520 libssl-11.dll 2019/06/02 02:04 172,03...

vulhub

It is an offensive tool for Web Application. The repository contains a collection of pre-built vulnerable environments based on Docker-Compose. The tool is designed to test web applications for vulnerabilities, specifically for web application security testing. The tool includes a variety of...

Exploit for Improper Input Validation in Joomla Joomla\!

CMS-Hunter 简介 Content Management System Vulnerability Hunter 说明：目前来看，本项目会进行长期维护，有修改的建议或者想法欢迎联系作者。 CMS 漏洞列表 Discuz - Discuz＜3.4birthprovince前台任意文件删除 DedeCMS - DedeCMSv5.7shopsdelivery存储型XSS - DedeCMSv5.7carbuyaction存储型XSS - DedeCMSv5.7友情链接CSRFGetShell - DedeCMS V5.7 SP2后台存在代码执行漏洞 Drupal -...

Exploit for Use After Free in Microsoft

CVE-2019-0708 真烦那些整天黑菜虚昆的人 在B站上面黑就算了，因为我基本上不看B站 现在出个漏洞还要黑，你们不累吗?反正我不累 好吧进入正题 目标需开启3389 电脑右键允许远程连桌面连接 命令: python CVE-2019-0708-poc.py 192.168.1.106...

CiscoExploit

This is a collection of three separate tools for exploiting vulnerabilities in Cisco devices. The tools are: 1. CiscoRV320Dump-master: This tool is designed to dump the configuration of a Cisco RV320 router. It includes a script called dumpconfig.py that extracts the configuration from the router...

Exploit for Use After Free in Microsoft

This is a PoC exploit for CVE-2019-0708, a vulnerability in Microsoft Remote Desktop. The tool, named rdpscan, is designed to scan networks for vulnerable machines. It is based on the rdesktop patch from https://github.com/zerosum0x0/CVE-2019-0708. The tool can be compiled on Windows, macOS, and...

test_hack

This repository contains a collection of exploits and vulnerabilities for various web applications, including CMS systems. The exploits are categorized by the affected application, and each category contains multiple exploits. The first category, "BLUECMS", contains exploits for BlueCMS v1.6 sp1,...

exploitdb

The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for testing and training purposes. The primary CVE ID is not specified, but the repository contains various vulnerable environments based on Docker-Compose, including ones for Flask, Apache, and...

Exploit for CVE-2020-11651

CVE-2020-11651 is a proof-of-concept PoC exploit for a vulnerability in the SaltStack master. The exploit is designed to obtain pre-auth RCE Remote Code Execution on a SaltStack master and all associated minions. The vulnerability is not explicitly stated in the provided code, but it is likely...

POC-EXP

This repository contains a collection of proof-of-concept PoC exploits for various vulnerabilities. The exploits are written in Python and target different applications, including Apache James Server, Apache Flink Web Dashboard, and Apache Solr. The Apache James Server exploit is a remote command...

Exploit for Deserialization of Untrusted Data in Oracle Access_Manager

CVE-2020-2555 概述 在2020年1月，互联网上爆出了Weblogic反序列化远程命令执行漏洞（CVE-2020-2555），Oracle Fusion中间件Oracle Coherence存在缺陷，攻击者可利用该漏洞在未经授权下通过构造T3协议请求，获取Weblogic服务器权限，执行任意命令，风险较大。 影响 Oracle Coherence 3.7.1.17 Oracle Coherence & Weblogic 12.1.3.0.0 Oracle Coherence & Weblogic 12.2.1.3.0 Oracle Coherence & Weblogic...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The repository contains a collection of docker-compose files for various vulnerable environments, including Flask SSTI, Apache Parsing Vulnerability, and more. The environments are designed to be easy to use, with simple...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. CVE-2016-9086 is present in the provided context. The target product/service or framework is GitLab, the vulnerability class/vector is a remote code execution RCE vulnerability, the probable entry points are the data...

MCIR

This is a collection of intentionally vulnerable applications for testing code injection vulnerabilities. The applications are designed to be used in a trusted web environment and should not be published on a production server or exposed to the internet. The applications include: CryptOMG: A...

penetration

This repository contains a collection of penetration testing files, primarily targeting various Content Management Systems CMS and web applications. The files are organized by the CMS or application they target, with each folder containing multiple files related to specific vulnerabilities or...

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

CVE-2018-2628 CVE-2018-2628漏洞工具包 根据Github上整理出的漏洞利用工具包含： 1.CVE-2018-2628漏洞检测工具 //漏洞存在检测的POC 2.weblogicpoc.py //漏洞利用的POC 3.ysoserial-0.1-cve-2018-2628-all.jar //借鉴的漏洞利用工具https://github.com/tdy218/ysoserial-cve-2018-2628/releases 具体的漏洞复现过程请移步简书：https://www.jianshu.com/p/6649118ba7b6...

Exploit for CVE-2020-2551

CVE-2020-2551 Weblogic IIOP 反序列化 测试环境 Weblogic10.3.6+jdk1.6 打包好的jar包 提取码：a6ob 漏洞利用 下载jar包，然后使用marshalsec起一个恶意的RMI服务，本地编译一个exp.java java package payload; import java.io.IOException; public class exp public exp String cmd = "curl http://172.16.1.1/success"; try...

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

WebLogic Wls-wsat XMLDecoder 漏洞描述 mitre:https://vulners.com/cve/CVE-2017-3506 早期，黑客利用WebLogic WLS 组件漏洞对企业服务器发起大范围远程攻击，有大量企业的服务器被攻陷，且被攻击企业数量呈现明显上升趋势，需要引起高度重视。其中，CVE-2017-3506是一个利用Oracle WebLogic中WLS 组件的远程代码执行漏洞，属于没有公开细节的野外利用漏洞，大量企业尚未及时安装补丁。官方在 2017 年 4 月份就发布了该漏洞的补丁。 CVE-2017-3506补丁说明： public...

Windows-Pwn-Step-by-Step

This is a Windows executable file ExploitMe1.exe that appears to be a proof-of-concept PoC exploit for a vulnerability in the Windows operating system. The file is a Visual Studio project that has been compiled and packaged into an executable. The executable is designed to exploit a vulnerability...

Exploit for OS Command Injection in Atom Electron

CVE-2018-1000006-DEMO The Demo for CVE-2018-1000006 Analysis Electron v1.8.2-beta.4 远程命令执行漏洞—【CVE-2018-1000006】 POC 可以直接使用 elecrce\elecrce-win32-x64\elecrce.exe 也可以自己打包成exe应用,生成有漏洞的版本应用，以版本1.7.8为例： electron-packager ./test elecrce --win --out ./elecrce --arch=x64 --version=0.0.1...

vulhub

It is an offensive tool for vulnerable environments. The repository contains a collection of pre-built vulnerable Docker environments, including a Flask SSTI Server-Side Template Injection environment. The tool is designed to be used for testing and training purposes, allowing users to practice...

Exploit for Code Injection in Apache Solr

This is a PoC exploit for CVE-2019-0193, a vulnerability in the Windows operating system. The exploit is written in C and uses the Metasploit framework to target the Windows kernel. The exploit code is not provided, but it is likely that it uses a buffer overflow vulnerability to execute arbitrar...

metasploit-framework

This is an instance of the Metasploit Framework repository, a widely used penetration testing tool. The Metasploit Framework is a comprehensive platform for testing and exploiting vulnerabilities in computer systems and applications. It is a collection of tools and scripts that can be used to...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

This repository is an exploit module for CVE-2020-0796, a Windows SMBv3 LPE Local Privilege Escalation vulnerability. The exploit is written in C++ and utilizes the Windows API to achieve privilege escalation. The exploit targets the SMBv3 server on a Windows system and exploits a vulnerability i...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an offensive tool for web application security testing. The primary CVE ID present in the provided context is CVE-2016-9086. The target product/service or framework is GitLab. The vulnerability class/vector is a remote code execution RCE vulnerability. The probable entry point is the GitLab...

Exploit for Improper Input Validation in Redhat Openshift

This is a pre-built vulnerable environment based on Docker-Compose, provided by Vulhub. The repository contains a collection of vulnerable environments, each with its own set of vulnerabilities and exploits. The repository is designed to be easy to use, with a simple installation process and a...

vulhub

This repository is an open-source collection of vulnerable web applications and environments for security testing and education, maintained by vulhub. It is a defensive blue-team research and threat mitigation tool. The repository contains a variety of vulnerable web applications and environments...

Exploit for Observable Discrepancy in Linux Linux_Kernel

This is an offensive tool for fuzzing. It is a PoC exploit for CVE-2021-34556, but the primary focus is on fuzzing and testing the robustness of software. The tool is called AFLplusplus, which is an enhanced version of the original AFL American Fuzzy Lop tool. The target of the tool is not...

Exploit for CVE-2019-1040

CVE-2019-1040 Great writeup! Exploiting CVE-2019-1040 - Combining relay vulnerabilities for RCE and Domain Admin . So, I wrote CVE-2019-1040.py for easy to use. You can also check out my exchange2domain repo: https://github.com/ridter/exchange2domain, another way to use exchange to get DC...

PayloadsAllTheThings

This is a collection of security-related tools and resources, including a list of useful payloads and bypass techniques for web application security and penetration testing/CTF Capture The Flag. The repository includes tools such as Pacu, an AWS exploitation framework, and Bucket Finder, a tool f...

kernel_exploit_series

This is a collection of files related to a vulnerable driver, specifically targeting the Linux kernel. The files are part of a repository called "povcfe/kernelexploitseries". The files include: 1. 1-heapsprayUAF/easyuaf.c: This file appears to be a simple example of a heap spray vulnerability,...

ctf_repo

This is a Python script for a CTF Capture The Flag challenge called "FunPwn". The script is designed to automate the game by interacting with the game's console. Here's a breakdown of the script: 1. The script starts by importing the pwn module, which is a Python library for exploitation. 2. The...

Exploit for Race Condition in Openbsd Openssh

PoC exploit for CVE-2018-15473, an OpenSSH username enumeration vulnerability. The target product/service is OpenSSH, and the vulnerability class/vector is username enumeration. The probable entry point is the sshUsernameEnumExploit.py script, which is invoked by the ENTRYPOINT in the Dockerfile...