Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

PoC exploit for CVE-2020-0796 - SMBv3 RCE. The target product/service is SMB Server Message Block protocol, specifically SMBv3. The vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the scanner.py script, which sends a specially crafted SMB negotiate request to...

Exploit for Race Condition in Canonical Ubuntu_Linux

This is a PoC exploit for CVE-2016-5195, a vulnerability in the Linux kernel that allows for a Dirty Cow DC attack. The exploit is implemented in C++ and Go, with a legacy version in C++. The exploit targets the Linux kernel's memory mapping feature, which allows an attacker to map a file into a...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly mentioned, but the repository contains various vulnerable environments based on Docker-Compose, including ones for CVE-2016-9086, CVE-2017-1000353, and CVE-2018-1000006. The target...

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for web application security testing. The primary vulnerability class/vector targeted by this repository is Server-Side Template Injection SSTI, specifically in Flask applications. Th...

Exploit for Improper Resource Shutdown or Release in Microsoft

CVE-2018-8120 CVE-2018-8120 Windows LPE exploit 测试支持: Win7 x32, Win7 x64, Win2008 x32, Win2008 R2 x32, Win2008 R2 Datacenter x64, Win2008 Enterprise x64 WinXP x32, Win2003 x32,Win2003 x64 原exp不支持xp，2003，当前代码在原基础上增加了对这两个系统的支持。 Usage shell CVE-2018-8120 exploit by...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 Windows SMBv3 LPE Exploit Authors Daniel García Gutiérrez @danigargu Manuel Blanco Parajón @dialluvioso References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 https://www.synacktiv.com/posts/exploit/im-smbghost-daba-dee-daba-da.html...

Exploit for Injection in Oracle Agile_Plm

CVE-2019-2725 CVE-2019-2725CNVD-C-2019-48814、WebLogic wls9-async 命令回显 10.3.6 12.1.3 ResultBaseExec.java 用于测试defineClass，将把恶意类从base64还原出来，执行代码，主要是比较方便（可用可不用）。 JDK7u21.java 会生成weblogic-2019-272512.1.3命令执行.txt中的xml，请使用jdk6编译。 CVE-2019-2725.py 检测命令是否会执行。...

Exploit for CVE-2020-1938

说明 工具仅用于安全研究以及内部自查, 禁止使用工具发起非法攻击, 造成的后果由使用者负责 Apache Tomcat文件包含漏洞（CVE-2020-1938 / CNVD-2020-1048 ）批量检测工具. 此项目在Kit4y的项目的基础上进行修改. 代码修改 当ip.txt中只有1个域名或ip时, 会使得threadCount为1, 程序实际上没有运行, 增加判断线程数的代码 ... if threadCount == 1: threadCount = 2 for i in range0,threadCount-1: ... 修改少量代码, 以兼容Python3. 修改前的代码...

Exploit for CVE-2017-0213

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 Security Bulletin KB Description Operating System - MS17-017 KB4013081 GDI Palette Objects Local Privilege Escalation windows 7/8 - CVE-2017-8464 LNK Remote Code Execution Vulnerability windows 10/8.1/7/2016/2010/2008 - CVE-2017-0213...

Exploit for CVE-2018-8581

CVE-2018-8581 这是一个邮箱层面的横向渗透和提权漏洞 它可以在拥有了一个普通权限邮箱账号密码后，完成对其他用户包括域管理员邮箱收件箱的委托接管 本EXP脚本是在原PoC基础上修改的增强版一键脚本，它将在配置好相关参数后，自动完成目标邮箱inbox收件箱的添加委托和删除委托操作，以方便甲方安全部门和红队对授权企业完成一次模拟攻击过程 原PoC是两个脚本配合使用完成添加收信规则的操作，在甲方红队实际工作中不怎么实用，而原PoC除了需要邮箱外，还需要设置目标邮箱用户的SID，但在参考文章中提到的获取用户SID的方法，我在实际环境中测试Exchange Server...

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

CVE-2018-2628 is a remote command execution vulnerability in Oracle WebLogic Server. The exploit code is written in Python and uses the CVE-2018-2628 Weblogic GetShell.py script to exploit the vulnerability. The script sends a specially crafted request to the vulnerable server, which allows an...

shadowbroker-1

This repository, fengzihk/shadowbroker-1, contains a collection of exploits and tools leaked by the Shadow Brokers, a group known for releasing sensitive information. The repository includes a README file that lists various exploits, such as EARLYSHOVEL, EBBISLAND, ECHOWRECKER, EASYBEE, and...

Scanners-Box

This is a collection of open-source scanning tools, referred to as "Scanners Box" or "scanbox." The project is a repository of various tools for scanning and testing web applications, IoT devices, and other targets. The tools are primarily used for vulnerability scanning, penetration testing, and...

Exploit for Use After Free in Google Chrome

PoC exploit for CVE-2019-5786, a FileReader Use-After-Free UAF vulnerability in Chrome 72.0.3626.119 stable for Windows 7 x86. The exploit uses site-isolation to brute-force the vulnerability. The target is the FileReader object, which is used to read files from the local file system. The exploit...

Exploit for Incorrect Authorization in Jenkins Git

CVE-2018-1000110: User and Node Enumeration Through Jenkins Git Plugin v3.7 Description: An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users. Versions...

Vxscan

Based on the provided code and context, here is a summary of the analysis: Classification: It is an offensive tool for web application security testing. Primary Functionality: The tool, named Vxscan, is designed to perform a comprehensive scan of a web application, including: 1. Sensitive file...

Exploit for Improper Input Validation in Microsoft

It is an exploit module for CVE-2019-0604, a remote code execution vulnerability in SharePoint. The target product/service is SharePoint, and the vulnerability class/vector is RCE. The probable entry point is not specified, but the usage link suggests it may be invoked via a web interface...

metasploit-framework

This is an exploit module for the Metasploit Framework, a penetration testing tool. The module is designed to exploit a vulnerability in a specific target, but the exact target and vulnerability are not specified in the provided code. The module is written in Ruby and uses the Metasploit framewor...

Exploit for Use After Free in Microsoft

This is a PoC Proof of Concept exploit for CVE-2019-0708, a remote code execution vulnerability in Microsoft Windows Remote Desktop Services. The exploit is written in Python and uses the SMBLoris library to send packets to the target host. The exploit is designed to check if a host is vulnerable...

ptf

The Penetration Testers Framework PTF is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. It is a modular framework that installs and updates various penetration testing tools, compiles them, and makes...

dedecmscan

This is a Python script designed to scan for vulnerabilities in DedeCMS, a content management system. The script is called "dedescan" and is written in Python 3. It uses various techniques to identify potential vulnerabilities, including SQL injection, cross-site scripting XSS, and path traversal...

Exploit for Out-of-bounds Write in Php

This is an exploit for a bug in php-fpm CVE-2019-11043. The bug allows a web user to execute code on a vulnerable server if the server has a specific configuration. The exploit is written in Go and uses the Cobra framework. The exploit works by setting a PHP setting using the SetSetting function,...

Exploit for Path Traversal in Citrix Application_Delivery_Controller_Firmware

Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway CVE-2019-19781...

Exploit for CVE-2014-4878

PoC-and-Exp-of-Vulnerabilities 漏洞验证和利用代码收集 - 免责声明：本项目中的代码为互联网收集或自行编写，请勿用于非法用途，产生的法律责任和本人无关。针对Windows的PoC很多会被杀毒软件拦截，此为正常现象，请自行斟酌是否下载，如果有带有后门的exp，请通过提交issue联系我。 Windows - CVE-2017-0143MS17-010 Microsoft Windows SMB远程代码执行漏洞（永恒之蓝） - CVE-2017-7269 Microsoft IIS 6.0 远程代码执行漏洞 - CVE-2017-11882 Microsoft...

PayloadsAllTheThings

Exploit module/toolkit targeting Amazon Web Services AWS environments. The repository contains a list of useful payloads and bypass for Web Application Security and Pentest/CTF. The primary vulnerability class targeted is CRLF Carriage Return-Line Feed injection, which can be used to inject...

Scanners-Box

This repository, Scanners-Box, is a powerful hacker toolkit that collects more than 10 categories of open-source scanners from GitHub. It includes subdomain, database, middleware, and other modular design scanners, but excludes well-known scanning tools such as Awvs, Nmap, and W3af. The toolkit i...

PowerShell-Suite

This repository is an offensive tool for Windows UAC User Account Control bypass. The tool, named "Bypass-UAC," provides a framework to perform UAC bypasses based on auto-elevating IFileOperation COM object method calls. It rewrites PowerShell's PEB Portable Executable Binary to give it the...

PSKernel-Primitives

This repository contains a collection of PowerShell primitives for fuzzing and exploitation. The primitives are designed to be used in a Windows environment and are intended for use in red teaming and penetration testing. The repository includes the following primitives: 1. Alloc-NullPage.ps1:...

Exploit for Improper Input Validation in Jenkins

hackUtils It is a hack tool kit for pentest and web security research, which is based on BeautifulSoup bs4 module http://www.crummy.com/software/BeautifulSoup/bs4/. Usage: hackUtils.py options Options: -h, --help Show basic help message and exit -b keyword, --baidu=keyword Fetch URLs from Baidu...

PrivEsc

PrivEsc by 1N3@CrowdShield http://crowdshield.com ABOUT: A collection of Windows, Linux and MySQL privilege escalation scripts and exploits. LINKS: For pre-compiled local linux exploits, check out https://www.kernel-exploits.com. DONATIONS: Donations are welcome. - x BTC...

exploit-database

This is an official Exploit Database repository, a collection of public exploits and vulnerable software. The repository is updated daily with the most recently added submissions. It includes a search utility called "searchsploit" that allows users to search through the exploits using one or more...

Unix-PrivEsc

UNIX-PrivEsc ============ This is just an effort to aggregate local UNIX privilege escalation exploits. They are all publicly available but don't allow for a sensible overview + it's always the quirky ones that you can't find when you need them. I am going to progressively push out exploits from ...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various types of attacks. The probable entry points are not specified, but the environments are likel...

metasploit-framework

This is the Metasploit Framework repository, a comprehensive collection of exploit modules and tools for penetration testing and vulnerability assessment. The framework is written in Ruby and provides a wide range of features for discovering and exploiting vulnerabilities in various systems and...

AssassinGo

This is an extensible and concurrency pentest framework in Go, also with a WebGUI. It is an offensive tool for Network Scanning, Vulnerability Scanning, and Information Gathering. The primary CVE ID is not specified in the provided context. The target product/service is not explicitly stated, but...

exploitdb-bin-sploits

This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. It is intended to serve as the most comprehensive...

PayloadsAllTheThings

This repository is an offensive tool for API key and bucket S3 exploitation. It contains tools and exploits for various types of attacks, including CRLF injection, CSRF injection, and API key leaks. The repository includes a variety of scripts and modules for different types of attacks, such as...

Win2016LPE

Win2016LPE Windows10 & Windows Server 2016 LPE Exploit 利用 schedsvc!SchRpcSetSecurity 漏洞 目录说明 bin-x86 为支持Win10 x86系统的Bin bin-x64 为支持Win10 x64 、 Win2016系统的Bin Win2016LPE 为提权主程序 ALPC-TaskSched-LPE 漏洞利用DLL ExpDLL exploit dll 编译生成之后放置于ALPC-TaskSched-LPE\resource目录 更新历史 2018-09-28...

Exploit for Classic Buffer Overflow in Microsoft

PoC exploit for CVE-2017-7269, a buffer overflow vulnerability in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2. The exploit is implemented as a Metasploit module, which allows for remote code execution via a...

Exploit for Improper Input Validation in Jenkins

hackUtils It is a hack tool kit for pentest and web security research, which is based on BeautifulSoup bs4 module http://www.crummy.com/software/BeautifulSoup/bs4/. Usage: hackUtils.py options Options: -h, --help Show basic help message and exit -b keyword, --baidu=keyword Fetch URLs from Baidu...

cve_2019_0708_bluekeep_rce

bluekeep exploit...

CMSmap

It is an offensive tool for web application security testing. The primary CVE ID is not present in the provided context, but the tool is designed to automate the process of detecting security flaws in popular Content Management Systems CMSs such as WordPress, Joomla, Drupal, and Moodle. The tool,...

hitconDockerfile

This repository is an offensive tool for web application exploitation. It contains a collection of web challenges created by the user "Pr0phet" for the HITCON CTF Capture The Flag series. The challenges are designed to test various web application vulnerabilities, including SQL injection, SSRF...

dedecmscan

This is a Python script designed to scan for vulnerabilities in DedeCMS, a content management system. The script is called "dedescan" and is written in Python 3. It uses various modules to perform different types of scans, including SQL injection, cross-site scripting XSS, and path traversal. The...

fuzzdb-collect

Based on the provided code and context, I will analyze the situation and provide a concise summary. Summary: The provided code appears to be a Python script designed to perform...

Exploit for Use After Free in Microsoft

PoC exploit for CVE-2019-0708, a vulnerability in the Windows Remote Desktop Client. The target product/service is Windows Remote Desktop Client, and the vulnerability class/vector is a Remote Code Execution RCE vulnerability. The probable entry point is the poc.py script, which is invoked by...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

PoC exploit for CVE-2020-0796 - SMBv3 RCE. The target product/service is Windows SMBv3. The vulnerability class/vector is Remote Code Execution RCE. The probable entry point is the scanner.py script, which sends a specially crafted SMB packet to the target server to check for vulnerability. Notab...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various types of attacks. The probable entry points are not specified, but the environments are likel...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

This repository is an open-source collection of pre-built vulnerable docker environments, vulhub. It is an offensive tool for web application security training and testing. The primary CVE ID present in the context is CVE-2016-9086. The target product/service or framework is GitLab, and the...

Exploit for CVE-2016-0728

This repository is an offensive tool for Linux kernel exploitation, specifically targeting the CVE-2016-0728 vulnerability. The vulnerability is a REFCOUNT overflow/Use-After-Free in keyrings, which allows for local root exploitation. The repository contains two exploit modules, expboost.c and...