1899 matches found
vulns
It is an offensive tool for Linux. The repository, 'vulns', contains a collection of vulnerabilities and attacks, including Slowloris, BEAST, CRIME, BREACH, TIME, Heartbleed, CCS Injection, Shellshock, Drupalgeddon, POODLE, goto fail, GHOST, FREAK, Superfish, Rowhammer, Logjam, Stagefright, VENOM...
Windows
Windows Awesome tools to play with Windows ! List of tools used for exploiting Windows: - Exploitation : Windows Software Exploitation - hacking-team-windows-kernel-lpe : Previously-0day exploit from the Hacking Team leak, written by Eugene Ching/Qavar. - mimikatz : A little tool to play with...
Exploit for CVE-1999-0078
Browsable content of eqgrp-auction-file.tar.xz - Original file: https://mega.nz/!zEAU1AQL!oWJ63n-D6lCuCQ4AY0Cv405hX8kn7MEsa1iLH5UjKU - Passphrase: CrDj";Va.NdlnzB9M?@K2deB7mN as disclosed by the ShadowBrokers, source - This summary is provided by the community: complaints/credits to jvoisin @...
pwn2exploit
pwn & exploit 这是些前段时间研究二进制的一些心得 Paper. 本来是希望能够从底层原理到全局把控的层次去整理. 这里只完成了部分的Paper, 还有很多的Paper只写了概要点. 个人有几篇 paper 还是很有参考价值的 linux进程动态so注入.md 这篇文章介绍了如何在目前的ELF下进行动态so注入, 介绍 gnu.hash 的结构和相关算法, 具体的代码可以参考evilELF, 代码设计规范. PWN之堆内存管理.md 这篇文章是我在阅读了很多参考资料和glibc后写的, 其中对于glibc分配算法中的各种缓存的设计有比较好的讲述以及对分配和释放算法有比价好的阐...
AutoLocalPrivilegeEscalation
AutoLocalPrivilegeEscalation An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically This script is created due to Hackademics, there are so much possible exploit for that version of kernel, as a rookie OSCP student, I am not able to fin...
Dracnmap
Dracnmap is an open-source program designed to exploit networks and gather information using the help of Nmap. It is intended to simplify the process of network scanning by utilizing the script engine of Nmap and performing various automatic scanning techniques with advanced commands. Dracnmap is...
personal-security-checklist
It is an offensive tool for community guidelines and contributor policies. The repository contains a curated checklist of 300+ tips for protecting digital security and privacy in 2022. The primary CVE ID is not present in the provided context. The target product/service or framework is not...
Exploit for Deserialization of Untrusted Data in Ibm Sterling_B2B_Integrator
Java Deserialization Exploits A collection of curated Java Deserialization Exploits Currently this repo contains exploits for the following vulnerabilities: - Cisco Prime Infrastructure Java Deserialization RCE CVE-2016-1291 - IBM WebSphere Java Object Deserialization RCE CVE-2015-7450 - OpenNMS...
powertools
PowerTools Is Now Deprecated! PowerView and PowerUp have moved to the PowerSploit repository under ./Recon/ and ./Privesc/ respectively. PowerPick will move repository locations shortly back to its original home. PewPewPew is no longer supported. No pull requests will be accepted and no issues wi...
MS17-010
This repository is for public analysis of the MS17-010 vulnerability. The repository contains various PoCs Proof of Concept and exploits for the vulnerability, which affects the Windows SMB protocol. The vulnerability is a buffer overflow in the SMB protocol, allowing an attacker to execute...
CTF-challenges-by-me
This repository contains a series of CTF Capture The Flag challenges created by l4wio. The challenges are designed to test various skills such as web security, cryptography, and problem-solving. The repository includes several files and directories, each containing a specific challenge. The...
OSCP
OSCP Hello world! This repo contain some of the scripts, exploits, and documents made during my OSCP journey. The list include but not limited to the following: LinuxPrivCheck.sh Yes, there are far better scripts out there, However this one has less output to go thru and it has colors. Think basi...
pwn2own2018
Pwn2Own 2018: Safari + macOS Safari RCE, sandbox escape, and LPE to kernel for macOS 10.13.3. Usage Install nasm and tornado: brew install nasm pip3 install tornado Check config.py if you want to change the host or ports. Afterwards start the server with ./server.py and navigate to the shown URL...
0day-security-software-vulnerability-analysis-technology
0day-security-software-vulnerability-analysis-technology 《0day安全:软件漏洞分析技术(第二版)》随书资料包使用注意事项 资料包中资料仅用于学习目的,任何组织、个人、机构不可以任何形式利用资料包中的资料进行商业盈利目的的活动。 资料包中的部分资料和实验代码有可能引起某些安全软件的报警,书籍作者,出版社,看雪论坛对这些使用这些资料造成的后果概不负责,请您在充分了解这些资料用途的基础上慎用。 任何组织、个人、机构不得利用本书及相关资料进行任何形式的非法活动。 root@Jas502n:/tmp/0day2 git push -u...
Privesc
Privesc Windows PowerShell script that finds misconfiguration issues which can lead to privilege escalation. Disclaimer This repository contains tool developed strictly for educational purposes. Any misuse of the tool for illegal activities is strictly prohibited. Legal Notice It is important to...
AllVideoPocsFromHackerOne
This is an offensive tool for retrieving public reports from HackerOne, a bug bounty platform. The tool, named "AllPocsFromHackerOne," is designed to grab public reports from HackerOne and categorize vulnerabilities by technique. It appears to be a Python script that utilizes the HackerOne API to...
PowerTools
PowerTools Is Now Deprecated! PowerView and PowerUp have moved to the PowerSploit repository under ./Recon/ and ./Privesc/ respectively. PowerPick will move repository locations shortly back to its original home. PewPewPew is no longer supported. No pull requests will be accepted and no issues wi...
Exploit for Type Confusion in Google Chrome
This is a JavaScript exploit code for a Chrome vulnerability, specifically CVE-2021-38001. The code is designed to be used in the context of the Chrome V8 JavaScript engine. The code defines two functions: d2u and u2d. The d2u function takes a 64-bit floating-point value and converts it to a 32-b...
TEE-reversing
This repository is an offensive tool for learning how to reverse-engineer and achieve trusted code execution on ARM devices. It contains a curated list of public TEE resources, including papers on TEE reversing and security analysis. The repository includes links to various papers and resources o...
awesome-android-security
A curated list of Android Security materials and resources For Pentesters and Bug Hunters...
SharpKatz
This is a port of the mimikatz tool, specifically the sekurlsa::logonpasswords, sekurlsa::ekeys, and lsadump::dcsync commands, to C and .NET. The tool is called SharpKatz. The tool is designed to extract sensitive information from a Windows system, including: Logon passwords Kerberos encryption...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
CVE-2020-0796 PoC aka CoronaBlue aka SMBGhost Usage ./CVE-2020-0796.py servername This script connects to the target host, and compresses the authentication request with a bad offset field set in the transformation header, causing the decompressor to buffer overflow and crash the target. This...
BigBountyRecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation...
Dictionary-Of-Pentesting
This repository is an offensive tool for bug bounty hunting and penetration testing, specifically a dictionary collection project for various types of attacks, including Pentesing, Fuzzing, Bruteforce, and BugBounty. The primary target product/service is not explicitly stated, but the repository...
Exploit for Argument Injection in Phpmailer_Project Phpmailer
PHPMailer And that's it, you have your shell. There is another exploit, which ilustrates another use case. ./deface.sh localhost:8080 + CVE-2016-10033 exploit by opsxcq + Exploiting localhost:8080 + Target exploited, acessing shell at http://localhost:8080/backdoor.php + Checking if the backdoor...
Exploit for Improper Input Validation in Mozilla Firefox
Full chain exploit for CVE-2019-11708 & CVE-2019-9810 This is a full browser compromise exploit chain CVE-2019-11708 & CVE-2019-9810 targeting Firefox on Windows 64-bit. It uses CVE-2019-9810 for getting code execution in both the content process as well as the parent process and CVE-2019-11708 t...
Sitadel
This is a web application security scanner called Sitadel, which is an update for WAScan making it compatible for Python = 3.4. It allows more flexibility for users to write new modules and implement new features, such as frontend framework detection, content delivery network detection, and plugi...
osx-security-awesome
It is an offensive tool for collecting and categorizing OSX and iOS security resources. The primary CVE ID is not present in the provided context. The target product/service or framework is not explicitly stated, but the tool appears to be collecting resources related to OSX and iOS security. The...
redis-rce
Redis RCE A exploit for Redis 4.x/5.x RCE, inspired by Redis post-exploitation. This repo is a modified version of . Usage: Compile exp.so from . usage: redis-rce.py -h -r RHOST -p RPORT -L LHOST -P LPORT -f FILE -a AUTH -v Redis 4.x/5.x RCE with RedisModules optional arguments: -h, --help show...
Exploit for Out-of-bounds Read in Openssl
This repository contains exploits and proof-of-concept vulnerability demonstration files from the team at Hacker House. The exploits target various vulnerabilities in different products and services, including: 1. AirWatch MDM solution: The repository contains a file called...
Tater
Tater Tater is a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit. Credit All credit goes to @breenmachine, @foxglovesec, Google Project Zero, and anyone else that helped work out the details for this exploit. Potato - https://github.com/foxglovesec/Potato Included...
Exploit for OS Command Injection in Gnu Bash
Exploits Miscellaneous proof of concept exploit code written at Xiphos Research for testing purposes. Current Exploits index may be out of date phpMoAdmin Remote Code Execution CVE-2015-2208 LotusCMS Remote Code Execution OSVDB-75095 ElasticSearch Remote Code Execution CVE-2015-1427 ShellShock...
WebMap
This is an exploit module/toolkit targeting WebMap, a web dashboard for Nmap XML reports. The primary CVE ID is not explicitly mentioned, but the code and context suggest it is related to a vulnerability in the Django framework used by WebMap. The probable entry point is the rmNotes function in...
Exploit for Use After Free in Adobe Flash_Player
APTREPORT collected by @blackorbird https://x.com/blackorbird Interesting apt report & sample & malware & technology & intellegence collection APT Group for country Threat Actor Groups Tracked by Palo Alto Networks Unit 42...
JavaDeserH2HC
This repository contains sample codes for the Hackers to Hackers Conference magazine 2017 H2HC. The codes are designed to demonstrate various exploitation techniques, specifically focusing on Java deserialization vulnerabilities. The primary vulnerability class/vector targeted is Java...
Exploit for Path Traversal in Mikrotik Routeros
Ladon Scanner For Golang Wiki http://k8gege.org/Ladon/LadonGo.html Introduction LadonGo is an open source intranet penetration scanner framework, which can be used to easily detect segment C, B, A live hosts, fingerprint identification, port scanning, password explosion, remote execution, high-ri...
shellshocker-pocs
This repository contains a collection of Proof of Concepts PoCs and potential targets for the Shellshock vulnerability, also known as Bash Bug. The vulnerability affects the Bash shell and allows an attacker to execute arbitrary code by injecting malicious environment variables. The repository...
IOHIDeous
IOHIDeous A macOS kernel exploit based on an IOHIDFamily 0day. Write-up here. Notice The prefetch timing attack I'm using for hid for some reason doesn't work on High Sierra 10.13.2 anymore, and I don't feel like investigating that. Maybe patched, maybe just the consequence of a random change, I...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
CVE-2020-0796 Windows SMBv3 LPE Exploit Authors Daniel García Gutiérrez @danigargu Manuel Blanco Parajón @dialluvioso Exploit analysis POC Analysis by SungLin Knownsec 404 Team Writeup+PoC by @ZecOps References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796...
Exploit for OS Command Injection in Gnu Bash
This is an extension for Burp Suite, a web application security testing tool. The extension, named "ActiveScan++", extends Burp's active and passive scanning capabilities to identify application behavior that may be of interest to advanced testers. It includes checks for potential host header...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Acrobat
技术文章存档 ------ Paper list: Talking About Exploit Writing Bypassing AntiVirus Detection for Malicious PDFs MBR病毒分析 使用bochs调试MBR 基于MBR的系统登录密码验证程序 PDF文件格式分析 恶意PDF文件解析思路 Win 7下定位kernel32.dll基址及shellcode编写 CVE-2009-0658漏洞分析 Firefox vulnerabilityCVE-2011-0065 Bypassing DEP CVE-2009-4324漏洞分析 Flash XSS漏洞挖...
Exploit for CVE-2011-3918
This repository is an Android Exploits collection, containing various exploits and hacks for Android devices. The exploits are categorized into different types, including Denial of Service DoS and remote code execution. The DoS exploits include: Android FTPServer 1.9.0 Remote DoS CVE-2011-3918...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Android
This repository contains a PoC Proof of Concept code for the BlueBorne vulnerabilities. The BlueBorne vulnerabilities are a set of vulnerabilities in Bluetooth devices that allow an attacker to remotely execute code on a device. The PoC code is written in Python and uses the PyBluez library to...
Linux_kernel_exploits
Linuxkernelexploits Some Linux kernel exploits for various real world kernel vulnerabilities here. More exploits are yet to come. This repo contains the exploits developed during a research project, as well as the code of FUZE to facilitate exploit generation. What is FUZE FUZE is a framework to...
Exploit for CVE-2019-13272
Linux 4.10 5.1.17 PTRACETRACEME local root...
Exploit for Cross-site Scripting in Atmail
AWAE/OSWE Preparation for coming AWAE Training. Work in progress... Atmail Mail Server Appliance: from XSS to RCE 6.4 CVE-2012-2593 - https://www.exploit-db.com/exploits/20009 - https://github.com/sourceincite/poc/blob/master/SRC-2016-0012.py ATutor Authentication Bypass and RCE 2.2.1 CVE-2016-25...
PSKernel-Primitives
PSKernel-Primitives Over time I'll add PowerShell helper functions to assist in kernel exploitation. Common PowerShell Exploit Constructs Create buffer powershell Byte buffer int/hex $Buff = Byte0x41255 + Byte0x420xff Buffer includes pointer Takes care of endianness, may need ".ToInt32" or...
PowerShell-Suite
This is an offensive tool for Windows UAC bypass. It is a PowerShell module called "Bypass-UAC" that provides a framework to perform UAC bypasses based on auto-elevating IFileOperation COM object method calls. The tool is designed to bypass User Account Control UAC on Windows systems, allowing an...
dirty_sock
dirtysock: Linux Privilege Escalation via snapd In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository contains the original exploit POC, which is being made available for research and education. F...
Exploit for Use After Free in Linux Linux_Kernel
This repository contains various kernel exploits for Linux systems. The exploits target different vulnerabilities in the Linux kernel, including: 1. CVE-2016-8655: A Linux AFPACKET race condition exploit that includes KASLR and SMEP bypasses. 2. CVE-2016-9793: A Linux SOSND|RCVBUFFORCE CAPNETADMI...