Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
Known issues
- it will not work outside kali , i will update it later on :)
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
Overview
This is a simple PoC for the newly found Polkit error names PwnKit
A Python3 and a BASH PoC for CVE-2021-4034 by Kim Schulz
16 Sep 06, 2022
Phoenix Framework is an environment for writing, testing and using exploit code.
Phoenix-Framework Phoenix Framework is an environment for writing, testing and using exploit code. 🖼 Screenshots 🎪 Community PwnWiki Forums 🔑 Licen
42 Aug 09, 2022
An interactive python script that enables root access on the T-Mobile (Wingtech) TMOHS1, as well as providing several useful utilites to change the configuration of the device.
TMOHS1 Root Utility Description An interactive python script that enables root access on the T-Mobile (Wingtech) TMOHS1, as well as providing several
40 Dec 29, 2022
CVE-2021-26084 Remote Code Execution on Confluence Servers
CVE-2021-26084 CVE-2021-26084 Remote Code Execution on Confluence Servers. Dork Fofa: app="ATLASSIAN-Confluence" Usage Show help information. python P
63 Dec 30, 2022
An automated, reliable scanner for the Log4Shell (CVE-2021-44228) vulnerability.
Log4JHunt An automated, reliable scanner for the Log4Shell CVE-2021-44228 vulnerability. Video demo: Usage Here the help usage: $ python3 log4jhunt.py
39 Nov 21, 2022
Yara Based Detection Engine for web browsers
Yobi Yara Based Detection for web browsers System Requirements Yobi requires python3 and and right now supports only firefox and other Gecko-based bro
44 Nov 20, 2022
Python & JavaScript Obfuscator made in Python 3.
Python Code Obfuscator A script that converts code into full on random numerical expressions. Simple Scripts: Python Mode... Input: Function that deco
1 Dec 29, 2021
A kAFL based hypervisor fuzzer which fully supports nested VMs
hAFL2 hAFL2 is a kAFL-based hypervisor fuzzer. It is the first open-source fuzzer which is able to target hypervisors natively (including Hyper-V), as
115 Dec 07, 2022
CVE-2021-40346 integer overflow enables http smuggling
CVE-2021-40346-POC CVE-2021-40346 integer overflow enables http smuggling Reference: https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021
34 Nov 15, 2022
Spring4Shell - Spring Core RCE - CVE-2022-22965
Spring Core RCE - CVE-2022-22965 After Spring Cloud, on March 29, another heavyweight vulnerability of Spring broke out on the Internet: Spring Core R
118 Dec 31, 2022
A simple Burp Suite extension to extract datas from source code
DataExtractor A simple Burp Suite extension to extract datas from source code. Features in scope parsing file extensions to ignore files exclusion bas
86 Dec 31, 2022
CVE-2021-43798Exp多线程批量验证脚本
Grafana V8.*任意文件读取Exp--多线程批量验证脚本 漏洞描述 Grafana是一个开源的度量分析与可视化套件。经常被用作基础设施的时间序列数据和应用程序分析的可视化,它在其他领域也被广泛的使用包括工业传感器、家庭自动化、天气和过程控制等。其 8.*版本任意文件读取漏洞,该漏洞目前为0d
2 Dec 16, 2021
A Telegram Bot to force users to join a specific channel before sending messages in a group.
Promoter A Telegram Bot to force users to join a specific channel before sending messages in a group. Introduction A Telegram Bot to force users to jo
1 Jan 27, 2022
Repository for a project of the course EP2520 Building Networked Systems Security
EP2520_ACME_Project Repository for a project of the course EP2520 Building Networked Systems Security in Royal Institute of Technology (KTH), Stockhol
1 Dec 11, 2021
We protect the privacy of the data on your computer by using the camera of your Debian based Pardus operating system. 🕵️
Pardus Lookout We protect the privacy of the data on your computer by using the camera of your Debian based Pardus operating system. The application i
19 Nov 18, 2022
👑 Discovery Header DoD Bug-Bounty
👑 Discovery Header DoD Bug-Bounty Did you know that DoD accepts server headers? 😲 (example: apache"version" , php"version") ? In this code it is pos
38 Aug 09, 2022
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
mitmproxy mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. mitmdump is the
29.7k Jan 04, 2023
C++ fully undetected shellcode launcher
charlotte c++ fully undetected shellcode launcher ;) releasing this to celebrate the birth of my newborn description 13/05/2021: c++ shellcode launche
894 Dec 25, 2022
A decompilation of the Nintendo Switch version of Captain Toad: Treasure Tracker
cttt-decomp A decompilation of the Nintendo Switch version of Captain Toad: Trea
14 Aug 17, 2022
Python low-interaction honeyclient
Thug The number of client-side attacks has grown significantly in the past few years shifting focus on poorly protected vulnerable clients. Just as th
896 Dec 19, 2022