Active-Directory-Exploitation-Cheat-Sheet

Based on the provided context and code cues, here is a summary of the analysis: Classification: This is an offensive tool for Windows Active Directory exploitation. Primary CVE ID: Not specified. Target Product/Service: Windows Active Directory. Vulnerability Class/Vector: Not specified. Probable...

Windows-Privilege-Escalation

Windows-Privilege-Escalation Here is my step-by-step windows privlege escalation methodology. This guide assumes you are starting with a very limited shell like a webshell, netcat reverse shell or a remote telnet connection. First things first and quick wins Do some basic enumeration to figure ou...

A-Red-Teamer-diaries

The provided context is a GitHub repository containing a Python script named RunFinger.py and a README.md file. The script is designed to gather information about the domain name and Windows machine running in the network. The README.md file contains information about the purpose of the script an...

zip

This is a robust ZIP decoder with defenses against various types of malicious archive signatures, including dangerous compression ratios, spec deviations, and ambiguous UTF-8 filenames. The decoder is implemented in JavaScript and is designed to be used in a Node.js environment. It provides a ran...

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

CNVD-C-2019-48814 WebLogic wls9-async反序列化远程命令执行漏洞 回显poc for weblogic Patch update: https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html 漏洞复现： http://10.10.20.166:7001/async/AsyncResponseService curl -i http://10.10.20.166:7001/async/favicon.ico CNVD-C-2019-48814...

Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager

CVE-2020-5902 BIG-IP RCE Update Use /hsqldb%0a/ Bypass Rules For Java Deserialization or /hsqld%b /hsqldb; /tmui/login.jsp/..;/hsqldb Redirect 404 / bypass /hsqldb; Redirect 404 / bypass /hsqldb%0a include 'FileETag MTime Size Redirect 404 / Redirect 404 / ' fix:...

xsser

XSSER ========== Presentation From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 Demo Version 2.0 - 2015: https://www.youtube.com/playlist?list=PLIjb28IYMQgqqqApoGRCZO40vP-eKsgf Version 2.5 - 2016: https://www.youtube.com/playlist?list=PLRic6PgcrsWGkgacL6WFnSQKVRZIoofRj Version 2.75 - 2017: Non...

shelling

This repository is an offensive tool for OS command injection. It is a comprehensive OS command injection payload generator, suitable for detecting OS command injection vulnerabilities. The tool, named SHELLING, provides a customizable payload generator with various features, including support fo...

suricata-rules

suricata-rules Suricata是一个优秀的开源入侵检测系统，此项目记录安全运营人员提取的高质量Suricata IDS规则,欢迎大家提交。 规则编写要求如下 每个规则对应新建目录如下 webshell检测 规则目录名称-按照对应检测规则描述清楚即可 - webshell.pcap 规则对应的pcap包，尽量以flow的形式保存 - websehll.rules 自己提取的规则文件，尽量测试过提交。 - README 可以描述一些规则相关的东西，便于他人理解，支持Markdown 规则目录...

command-injection-payload-list

It is an offensive tool for web application security. The primary CVE ID is not explicitly mentioned, but the description pertains to OS command injection vulnerabilities. The target product/service is web applications, and the vulnerability class/vector is OS command injection. Notable...

sql-injection-payload-list

It is an offensive tool for SQL injection. The repository contains a list of SQL injection payloads. The primary CVE ID is not explicitly mentioned, but the payloads are likely used to exploit SQL injection vulnerabilities. The target product/service is not specified, but the payloads are likely...

Exploit for CVE-2010-1485

PoC exploit for CVE-2010-1485, Exploit module/toolkit targeting XXE vulnerability. The target product/service or framework is unspecified, but the tool is designed to automate exploitation of XXE vulnerabilities in various applications. The vulnerability class/vector is XXE XML eXternal Entity. T...

Exploit for Race Condition in Canonical Ubuntu_Linux

Linux Exploit Suggester 2 ========================= Next-generation exploit suggester based on LinuxExploitSuggester Key Improvements Include: More exploits! Option to download exploit code directly from Exploit DB Accurate wildcard matching. This expands the scope of searchable exploits. Output...

Exploit for CVE-2020-0609

BlueGate Proof of Concept Denial of Service + scanner for CVE-2020-0609 and CVE-2020-0610. These vulnerabilities allows an unauthenticated attacker to gain remote code execution with highest privileges via RD Gateway for RDP. Please use for research and educational purpose only. Usage Make sure y...

Exploit for Use After Free in Adobe Flash_Player

CobaltStrike-Toolset Aggressor Script, Kit, Malleable C2 Profiles, External C2 and so on - Kits - ResourceKit - ExploitKit - Aggressor Script - chromedumpmimikatz.cna - nopowershell - SMBexecpsh Further Resources nopowershell smbexecpsh.cna CVE-2018-15982...

Exploit for CVE-2014-7911

Security-Data-Analysis-and-Visualization 2018-2020青年安全圈-活跃技术博主/博客 声明 所有数据均来自且仅来自公开信息，未加入个人先验知识，如有疑义，请及时联系[email protected]。 公开这批数据是为了大家一起更快更好地学习，请不要滥用这批数据，由此引发的问题，本人将概不负责。 对这批数据的分析文章首发在个人微信公众号，原文为：我分析了2018-2020年青年安全圈450个活跃技术博客和博主，转载请联系作者。 Why - 最初目的：个人日常安全阅读资源不足，需要从博客、Github、Twitter等多个数据源补充。 -...

awesome-termux-hacking

This is an awesome list of Termux hacking tools. It appears to be a collection of various tools and frameworks for penetration testing, vulnerability assessment, and exploitation. The list includes tools for tasks such as: Subdomain enumeration e.g., Sublist3r Vulnerability scanning e.g., w3af,...

Exploit for Improper Input Validation in Samsung Samsung_Mobile

PoC exploit for CVE-2016-4038, a 0day vulnerability in System Management Mode code execution for Lenovo ThinkPad model line. The exploit targets the SystemSmmRuntimeRt UEFI driver GUID: 7C79AC8C-5E6C-4E3D-BA6F-C260EE7C172E and allows arbitrary code execution in System Management Mode. The...

Exploit for CVE-2020-1472

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit CVE-2020-1472. It attempts to perform the Netlogon authentication bypass. The script will immediately terminate when successfully performing the bypass, and not perform any...

isf

This is a Python-based exploitation framework called ISF Industrial Exploitation Framework that is similar to Metasploit. It is designed for industrial control system ICS exploitation and is used for testing and demonstrating vulnerabilities in ICS devices. The framework is based on the open-sour...

hacking-material-books

This repository is an offensive tool for Metasploit and Nmap scripting. It contains a collection of articles and resource files for Metasploit RC/ERB scripting, Nmap NSE scripting, and bash programming. The repository includes examples of how to use Metasploit RC/ERB scripting to automate tasks,...

Exploit for CVE-2017-3143

Awesome Vulnerability Research 🦄 A curated list of the awesome resources about the Vulnerability Research First things first: There are no exploits in this project. Vulnerabilities != Exploits A Vulnerability resides in the software itself, doing nothing on its own. If you are really curious abou...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

SMBGhost Simple scanner for CVE-2020-0796 - SMBv3 RCE. The scanner is for meant only for testing whether a server is vulnerable. It is not meant for research or development, hence the fixed payload. It checks for SMB dialect 3.1.1 and compression capability through a negotiate request. A network...

Eternalblue-Doublepulsar-Metasploit

This is a Metasploit module to exploit the EternalBlue-Doublepulsar vulnerability. The module is designed to target Windows systems and uses the Doublepulsar backdoor to install a DLL into a user mode process. The module can be used to perform various operations, including outputting the install...

PrivescCheck

PrivescCheck This script aims to identify Local Privilege Escalation LPE vulnerabilities that are usually due to Windows configuration issues, or bad practices. It can also gather useful information for some exploitation and post-exploitation tasks. Getting started After downloading the script an...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

Awesome Advanced Windows Exploitation References List of Awesome Advanced Windows Exploitation References This list is for anyone wishing to upgrade on their Windows Exploitation Knowledge. Anyway, this is a living resources and will update regularly with latest research articles/talks of awesome...

aflnet

It is an offensive tool for network protocols. AFLNet is a greybox fuzzer for protocol implementations. It takes a mutational approach and uses state-feedback, in addition to code-coverage feedback, to guide the fuzzing process. AFLNet is seeded with a corpus of recorded message exchanges between...

Exploit for CVE-2017-0144

This repository is an offensive tool for Windows. It is an implementation of the DoublePulsar backdoor in C/C++. The tool includes a suite of exploits and detectors for various vulnerabilities, including the EternalBlue vulnerability CVE-2017-0144. The tool can be used to upload a DLL to a...

awesome-jenkins-rce-2019

There is no pre-auth RCE in Jenkins since May 2017, but this is the one!...

Priv2Admin

This repository, Priv2Admin, is an exploitation path that allows users to misuse Windows privileges to elevate their rights within the OS. The repository lists various Windows privileges and their corresponding impact, tools, execution paths, and remarks. The privileges include...

Exploit for Improper Input Validation in Joomla Joomla\!

CMS-Hunter 简介 Content Management System Vulnerability Hunter 说明：目前来看，本项目会进行长期维护，有修改的建议或者想法欢迎联系作者。 CMS 漏洞列表 Discuz - Discuz＜3.4birthprovince前台任意文件删除 DedeCMS - DedeCMSv5.7shopsdelivery存储型XSS - DedeCMSv5.7carbuyaction存储型XSS - DedeCMSv5.7友情链接CSRFGetShell - DedeCMS V5.7 SP2后台存在代码执行漏洞 Drupal -...

pentest-guide

This repository is an offensive tool for penetration testing, specifically a guide based on OWASP Open Web Application Security Project including test cases, resources, and examples. It contains various modules and tools for testing different types of vulnerabilities, such as Brute Force, Busines...

wifi-arsenal

This repository is an offensive tool for WiFi exploitation. It is a collection of tools and scripts for various WiFi-related attacks, including denial of service, encryption attacks, WEP/WPA/WPA2 attacks, WPS attacks, and others. The repository is maintained by 0x90/wifi-arsenal. The repository...

pathbrute

This is an exploit module/toolkit targeting web servers, specifically designed to brute force directories and files names. The tool, named "pathbrute," uses wordlists from Exploit databases and Metasploit to identify interesting content on servers, including potentially vulnerable websites. It ca...

Exploit for OS Command Injection in Docker

CDK - Zero Dependency Container Penetration Toolkit English | 简体中文 Legal Disclaimer Usage of CDK for attacking targets without prior mutual consent is illegal. CDK is for security testing purposes only. Overview CDK is an open-sourced container penetration toolkit, designed for offering stable...

awesome-mobile-security

This is a curated repository of mobile security resources, specifically for Android and iOS. It aggregates various tools and references from their original owners, serving as a centralized hub for mobile security-related information. The repository does not contain any exploit code or tools but...

Exploit for Incorrect Default Permissions in Microsoft

This List is no longer updated. Awesome Red Teaming List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point. Anyway, this is a living resources and will update regularly with latest Adversarial Tactics and...

Android-Reports-and-Resources

It is an offensive tool for Android. This repository contains a list of Android Hackerone disclosed reports and other resources, including hardcoded credentials, WebView vulnerabilities, insecure deeplinks, and RCE/ACE exploits. The primary report is CVE-2021-XXXX-XXXX, but only a few reports are...

Exploit for CVE-2024-2961

sectoolset -- Github安全相关工具集合 主要内容： 0x00 漏洞利用实战练习&CTF安全竞赛 0x01 安全扫描器 0x02 安全防守 0x03 渗透测试 0x04 漏洞库及利用工具（POC，EXP 0x05 二进制及代码分析工具 0x06 威胁情报&蜜罐 0x07 安全文档资料 0x10 AI&大模型安全 0x11 所有内容 乌云镜像 乌云镜像，已挂 乌云镜像,已挂 近期安全热点 CVE-2025-48384: Git子模块回车符CR解析注入可致RCE GitHub MCP漏洞：劫持MCP服务访问私有仓库数据 glibc iconv中的缓冲区溢出导致PHP...

Exploit for Incorrect Permission Assignment for Critical Resource in Tenable Nessus

Deprecated. Have a look at Watson instead. Sherlock PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities. Currently looks for: MS10-015 : User Mode to Ring KiTrap0D MS10-092 : Task Scheduler MS13-053 : NTUserMessageCall Win32k Kernel Pool...

Exploit for CVE-2007-6750

ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets. The project currently consists of two major components: a script invoking and aggregating the results of existing...

Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Openssl

Debian OpenSSL Predictable PRNG - - - Links Original URL: http://metasploit.com/users/hdm/tools/debian-openssl/1 Mirror2 Exploit: + https://www.exploit-db.com/exploits/5622/ Perl3 + https://www.exploit-db.com/exploits/5720/ Python4 + https://www.exploit-db.com/exploits/5632/ Ruby12 Recommend Tool...

Exploit for Improper Authentication in Microsoft

cve-2020-0688 Usage: usage: cve-2020-0688.py -h -s SERVER -u USER -p PASSWORD -c CMD optional arguments: -h, --help show this help message and exit -s SERVER, --server SERVER ECP Server URL Example: http://ip/owa -u USER, --user USER login account Example: domain\user -p PASSWORD, --password...

Exploit for Use After Free in Microsoft

This is a PoC exploit for CVE-2019-0708, also known as the "BlueKeep" vulnerability. The vulnerability is in the Remote Desktop Protocol RDP service, which is a remote access protocol used by Windows systems. The exploit is designed to scan for vulnerable systems and exploit the vulnerability to...

PoC

Pedro Ribeiro @pedrib Exploit Dumping Grounds === This repository contains information, exploits, scripts, etc, that I have made public and it is located at https://github.com/pedrib/PoC. advisories: all my public advisories, research notes, etc Pwn2Own: advisories related to my Pwn2Own...

fuzzdb-collect

Based on the provided code and context, here is a summary of the analysis: Classification: This is a Python script for brute-forcing 3-character...

Exploit for CVE-2016-2384

Linux kernel exploits ===================== | Date | Link | Description | Vector | Impact | | --- | --- | --- | --- | --- | | 02.2016 | CVE-2016-2384 | Double-free in USB MIDI driver | Physical + Local | LPE | | 03.2016 | prefetch-side-channel | KASLR bypass via prefetch | Local | Info-leak | |...

Exploit for Classic Buffer Overflow in Microsoft

ExplodingCan An implementation of ExplodingCan's exploit extracted from FuzzBunch, the "Metasploit" of the NSA. Details Vulnerability: Microsoft IIS WebDav 'ScStoragePathFromUrl' Remote Buffer Overflow CVE: CVE-2017-7269 Disclosure date: March 31 2017 Affected product: Microsoft Windows Server 20...

awesome-oneliner-bugbounty

This repository is an offensive tool for bug bounty hunting. It contains a collection of one-liner scripts for identifying vulnerabilities, particularly for bug bounty tips. The primary CVE ID present in the context is not explicitly mentioned, but the repository includes scripts for Local File...

fatt

This is a Python script for extracting network metadata and fingerprints from packet capture files pcap or live network traffic. The script, named "fatt," is designed for monitoring honeypots and other network forensic analysis use cases. It uses the pyshark library, a Python wrapper for tshark,...