Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
Known issues
- it will not work outside kali , i will update it later on :)
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
Overview
com_media allowed paths that are not intended for image uploads to RCE
CVE-2021-23132 com_media allowed paths that are not intended for image uploads to RCE. CVE-2020-24597 Directory traversal in com_media to RCE Two CVEs
67 Nov 09, 2022
DNSpooq - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685)
dnspooq DNSpooq PoC - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685) For educational purposes only Requirements Docker compo
80 Nov 28, 2022
In this program, I generate the strong password from existing password without class using python. The special thing in this program is that is generate very strong password from our existing password. It replaces some elements from password and put another elements in it.
Strong-password-Generator-from-existing-password-using-python In this program, I generate the strong password from existing password without class usi
4 Sep 24, 2021
Hack computer in the form of RAR files from all types of clients, even Linux
Program Features 📌 Hide malware 📌 Vulnerability software vulnerabilities RAR 📌 Creating malware 📌 Access client files 📌 Client Hacking 📌 Link Do
5 Nov 25, 2022
Grafana-POC(CVE-2021-43798)
Grafana-Poc 此工具请勿用于违法用途。 一、使用方法:python3 grafana_hole.py 在domain.txt中填入ip:port 二、漏洞影响范围 影响版本: Grafana 8.0.0 - 8.3.0 安全版本: Grafana 8.3.1, 8.2.7, 8.1.8,
8 Jan 03, 2023
SpiderFoot automates OSINT collection so that you can focus on analysis.
SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of m
9k Jan 08, 2023
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.
CVE-2021-21389 BuddyPress 7.2.1 - REST API Privilege Escalation to RCE PoC (Full) Affected version: 5.0.0 to 7.2.0 User requirement: Subscriber user
17 Nov 09, 2022
Fast and easy way to rollout on multiple GitLab project file a particular content.
Volatile Fast and easy way to rollout on multiple GitLab project file a particular content. Why ? After looking for a tool to simply enforce a develop
4 Jan 17, 2022
Brute-Force-Connected
Brute-Force-Connected Guess the password for Connected accounts the use : Create a new file and put usernames and passwords in it Example : joker:1234
4 Jun 05, 2022
Brute-forcing (or not!) deck builder for Pokemon Trading Card Game.
PokeBot Deck Builder Brute-forcing (or not!) deck builder for Pokemon Trading Card Game. Warning: intensely not optimized and spaghetti coded Credits
0 Jan 10, 2022
MS-FSRVP coercion abuse PoC
ShadowCoerce MS-FSRVP coercion abuse PoC Credits: Gilles LIONEL (a.k.a. Topotam)
219 Dec 28, 2022
A script based on sqlmap that uses sql injection vulnerabilities to traverse the existence of a file
A script based on sqlmap that uses sql injection vulnerabilities to traverse the existence o
2 Nov 09, 2022
CTF framework and exploit development library
pwntools - CTF toolkit Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and develo
9.8k Dec 31, 2022
Simple yara rule manager
Yara Manager A simple program to manage your yara ruleset in a (sqlite) database. Todos Search rules and descriptions Cluster rules in rulesets Enforc
65 Nov 17, 2022
OLOP: One-Line & Obfuscated Python
OLOP: One-Line & Obfuscated Python This repository contains useful python modules for one-line and obfuscated python. pip install olop-ShadowLugia650
1 Jan 09, 2022
A Feature Rich Modular Malware Configuration Extraction Utility for MalDuck
Malware Configuration Extractor A Malware Configuration Extraction Tool and Modules for MalDuck This project is FREE as in FREE 🍺 , use it commercial
103 Dec 18, 2022
D-810 is an IDA Pro plugin which can be used to deobfuscate code at decompilation time by modifying IDA Pro microcode.
Introduction fork from https://gitlab.com/eshard/d810 What is D-810 D-810 is an IDA Pro plugin which can be used to deobfuscate code at decompilation
30 Dec 06, 2022
Everything I needed to understand what was going on with "Spring4Shell" - translated source materials, exploit, links to demo apps, and more.
springcore-0day-en These are all my notes from the alleged confirmed! 0day dropped on 2022-03-29. This vulnerability is commonly referred to as "Sprin
105 Nov 26, 2022
Um keylogger que se disfarça de um app que tira print da tela.
Keylogger_ Um keylogger que se disfarça de um app que tira print da tela. Este programa captura o print da tela e salva ,normalmente, na pasta Picture
1 Dec 03, 2021
Open-source jailbreaking tool for many iOS devices
Open-source jailbreaking tool for many iOS devices *Read disclaimer before using this software. checkm8 permanent unpatchable bootrom exploit for hund
6.7k Jan 05, 2023