The Web Application Firewall Paranoia Level Test Tool.

Overview

Quick WAF "paranoid" Doctor Evaluation

wafparano1d3
WAFPARAN01D3

The Web Application Firewall Paranoia Level Test Tool.
— From alt3kx.github.io

Introduction to Paranoia Levels

In essence, the Paranoia Level (PL) allows you to define how aggressive the Core Rule Set is.
Reference: https://coreruleset.org/20211028/working-with-paranoia-levels/

How it works

  • The wafparan01d3.py python3 script takes malicious requests using encoded payloads placed in different parts of HTTP requests based on GET parameters, The results of the evaluation are recorded in the report debug file wafparan01d3.log created on your machine.
  • Observe the behavior and response for each WAF paranoia level setting different attacks or payloads by using the default config level.
  • The PoC below provide de basic installation and configuration from scratch and re-use byself the current WAF deployed by settting a basic "Mock" and simulate the backend.
  • The default payloads avaiable was called mysql_gosecure.txt based on the research "A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection" from gosecure available here https://www.gosecure.net/blog/2021/10/19/a-scientific-notation-bug-in-mysql-left-aws-waf-clients-vulnerable-to-sql-injection/ evaluating our WAFs using modsecurity in their different levels of paranoia either in a default configuration or by disabling different rules / IDs in a staggered and quick way.

Approach

  • Pentesters: GreyBox scope with limited access to WAF Linux box using a "shell" with privileges to start/reload and edit WAF Apache config files on DEV/STG/TEST enviroments sending diferent payloads.
  • Secutity Officers: Take the best decision to apply the level of WAF paranoia for each solution in your organization.
  • Blueteamers: Rule enforcement, best alerting , less false positive results in your organization.
  • Integrators: Perform a depper troubheshooting and define the adequate level of WAF paranoia quickly customizing rules or creating virtual patches.

Proof of Concept: Based on Ubuntu 20.04.3 and OWASP Core Rule Set (CRS) v3.3.2

Reference: https://www.inmotionhosting.com/support/server/apache/install-modsecurity-apache-module/

Initial installation

  1. Update software repos:
$ sudo apt update -y && sudo apt dist-upgrade -y
  1. Install Essentials:
$ sudo apt-get install build-essential -y
  1. Install apache2 for ubuntu (if it is not installed):
$ sudo apt-get install apache2 -y
  1. Download and install the ModSecurity Apache module:
$ sudo apt install libapache2-mod-security2 -y
  1. Install curl for ubuntu (if it is not installed):
$ sudo apt-get install curl vim gridsite-clients net-tools -y
  1. Restart the Apache service:
$ sudo systemctl restart apache2
  1. Ensure the installed software version is at least 2.9.x:
$ sudo apt-cache show libapache2-mod-security2

install

Configure ModSecurity

  1. Copy and rename the file:
$ sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

Next, change the ModSecurity detection mode. First, move into the cd /etc/modsecurity folder
2. Edit the ModSecurity configuration file with vi, vim, emacs, or nano.

$ sudo vim /etc/modsecurity/modsecurity.conf
  1. Near the top of the file, you’ll see SecRuleEngine DetectionOnly. Change DetectionOnly to On.

Original value: SecRuleEngine DetectionOnly
New value: SecRuleEngine On

modsec

  1. Save changes.
  2. Restart Apache:
$ sudo systemctl restart apache2

Download OWASP Core Rule Set

  1. Download the latest CRS from CoreRuleSet.org/installation
$ cd ~
$ wget https://github.com/coreruleset/coreruleset/archive/refs/tags/v3.3.2.zip
  1. Verify the checksum, be sure match of public available here: https://coreruleset.org/installation/
$ sha1sum v3.3.2.zip && echo ProvidedChecksum
88f336ba32a89922cade11a4b8e986f2e46a97cf  v3.3.2.zip
ProvidedChecksum 

checksum

  1. Uncompress the zip file.
$ unzip v3.3.2.zip
  1. Move the CRS setup file from the new directory into your ModSecurity directory:
$ sudo mv coreruleset-3.3.2/crs-setup.conf.example /etc/modsecurity/crs/crs-setup.conf
  • (Optional but recommended) Move the rules directory from the new directory to your ModSecurity directory:
$ sudo mv coreruleset-3.3.2/rules/ /etc/modsecurity/crs/
  1. Edit your Apache security2.conf file to ensure it’ll load ModSecurity rules:
$ sudo vim /etc/apache2/mods-enabled/security2.conf

   
    
        # Default Debian dir for modsecurity's persistent data
        SecDataDir /var/cache/modsecurity

        # Include all the *.conf files in /etc/modsecurity.
        # Keeping your local configuration in that directory
        # will allow for an easy upgrade of THIS file and
        # make your life easier
        IncludeOptional /etc/modsecurity/crs-setup.conf
        IncludeOptional /etc/modsecurity/rules/*.conf

        # Include OWASP ModSecurity CRS rules if installed
        #IncludeOptional /usr/share/modsecurity-crs/*.load

   

secmodule

  1. Ensure both the default ModSecurity and new CRS configuration files are listed. The first line conf file path may already be included. The second file path should be wherever you moved the /rules directory.
  2. Edit /etc/apache2/apache2.conf
$ sudo vim /etc/apache2/apache2.conf

Copy & Paste the following code and save it.

# Include list of ports to listen on
Include ports.conf

Include /etc/modsecurity/modsecurity.conf
Include /etc/modsecurity/crs/crs-setup.conf
Include /etc/modsecurity/crs/rules/*.conf

ports

Apache Load Modules Rewrite & Proxy

  1. Copy the following modules. Enable Proxy and Rewrite module.
$ cd /etc/apache2
$ sudo cp mods-available/proxy_http.load mods-enabled
$ sudo cp mods-available/proxy.load mods-enabled/
$ sudo cp mods-available/rewrite.load mods-enabled/
  1. Restart Apache
$ sudo systemctl restart apache2

Add Virtualhosts for testing "Mocks"

  1. Add ports, edit /etc/apache2/ports.conf
$ sudo vim /etc/apache2/ports.conf

Copy & Paste the following code and save it.

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf

Listen 8080
Listen 18080


   
    
        Listen 443

   


   
    
        Listen 443

   

ports2

  1. Go to /etc/apache2/sites-enabled, create the file 001-test.conf
$ cd /etc/apache2/sites-enabled/
$ sudo touch 001-test.conf
$ sudo vim 001-test.conf

Copy & Paste the following code and save it.


   
    
        ServerName test.domain:8080

        SecRuleEngine On

        ErrorLog ${APACHE_LOG_DIR}/test_error.log
        CustomLog ${APACHE_LOG_DIR}/test_access.log combined
        SecAuditLog ${APACHE_LOG_DIR}/test_audit.log

        ProxyPass / http://127.0.0.1:18080/
        ProxyPassReverse / http://127.0.0.1:18080/

   
  1. Go to /etc/apache2/sites-enabled, create the file 002-moc.conf
$ cd /etc/apache2/sites-enabled/
$ sudo touch 002-moc.conf
$ sudo vim 002-moc.conf

Copy & Paste the following code and save it.


   
    

        ErrorLog ${APACHE_LOG_DIR}/moc_error.log
        CustomLog ${APACHE_LOG_DIR}/moc_access.log combined

        RewriteEngine On
        RewriteRule ^(.*)$ $1 [R=200,L]

   
  1. Restart apache
$ sudo systemctl restart apache2
  1. Create the file wafparan01d3_rulesremove.conf inside of /etc/apache2/conf-enabled
$ sudo touch /etc/apache2/conf-enabled/wafparan01d3_rulesremove.conf
  1. Reload Apache
$ sudo service apache2 reload

Test your FE and BE (mock)

200 OK

OK

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.


Apache/2.4.41 (Ubuntu) Server at 127.0.0.1 Port 18080
$ curl -i -k -s -XGET http://localhost:18080/ HTTP/1.1 200 OK Date: Mon, 22 Nov 2021 06:27:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 571 Content-Type: text/html; charset=iso-8859-1 200 OK

OK

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.


Apache/2.4.41 (Ubuntu) Server at localhost Port 18080
">
Must be specify a domain , edit the following lines  

Windows:
C:\Windows\System32\drivers\etc\hosts
192.168.56.106 test.domain <-- add this line and specify your IP address  

Linux: 
/etc/hosts
192.168.1.23 test.domain <-- add this line and specify your IP address 

$ curl -i -k -s -XGET http://test.domain:8080/
HTTP/1.1 200 OK
Date: Mon, 22 Nov 2021 06:31:41 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 571
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding



200 OK

OK

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.


Apache/2.4.41 (Ubuntu) Server at 127.0.0.1 Port 18080
$ curl -i -k -s -XGET http://localhost:18080/ HTTP/1.1 200 OK Date: Mon, 22 Nov 2021 06:27:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 571 Content-Type: text/html; charset=iso-8859-1 200 OK

OK

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.


Apache/2.4.41 (Ubuntu) Server at localhost Port 18080

How do I use it

For help you can make use of the help option. The basic usage is to pass diferent arguments defined.
Example:

$ sudo python3 wafparan01d3.py -h 

           (                                  )   ) (       )
 (  (      ))\ )          ) (      )        ( /(( /( )\ ) ( /(
 )\))(  ( /(()/( `  )  ( /( )(  ( /(  (     )\())\()|()/( )\())
((_)()\ )(_))(_))/(/(  )(_)|()\ )(_)) )\ ) ((_)((_)\ ((_)|(_)\
_(()((_|(_)(_) _((_)_\((_)_ ((_|(_)_ _(_/( /  (_) (_)_| |__ (_)
\ V  V / _` |  _| '_ \) _` | '_/ _` | ' \)) () || |/ _` ||_ \
 \_/\_/\__,_|_| | .__/\__,_|_| \__,_|_||_| \__/ |_|\__,_|___/
                |_|

                    ~ WAFPARANO1D3 : v1.1 ~
     The Web Application Firewall Paranoia Level Test Tool.

usage: wafparan01d3.py [-h] [--run [_RUN]] [--debug [_DEBUG]] [--pl [_PARANOIALEVEL ...]] [--proxy [_PROXY]] [--payload [_PAYLOAD]] [--rules-remove [_RULESREMOVE]] [--log [_LOG]] [--domain [_DOMAIN]] [--conf-file [_CONF_FILE]]
                       [--time-sleep [_TIME_TO_SLEEP]] [--time-sleep-request [_TIME_TO_SLEEP_REQUEST]] [--desc [_DESC]] [--output-desc [_OUTPUT_DESC]]

optional arguments:
  -h, --help            show this help message and exit
  --run [_RUN]          Run script
  --debug [_DEBUG]      Debug mode
  --pl [_PARANOIALEVEL ...]
                        Define paranoia level Ex. -pl 2
  --proxy [_PROXY]      Define Proxy. Ex: http://127.0.0.1:8081
  --payload [_PAYLOAD]  Define payload file. Ex. --payload payload2.txt
  --rules-remove [_RULESREMOVE]
                        Define rules remove file. Ex. --rules-remove rules1.txt
  --log [_LOG]          Define path of the log file. Ex. --log /var/log/apache/wafparan01d3.log
  --domain [_DOMAIN]    Define your domain. Ex. --domain example.domain:8080
  --conf-file [_CONF_FILE]
                        Define configuration file. Ex. --conf-file /opt/modsecurity/crs/rules/INITIALIZATION.conf
  --time-sleep [_TIME_TO_SLEEP]
                        Sleep time per PL. Ex. --time-sleep 3
  --time-sleep-request [_TIME_TO_SLEEP_REQUEST]
                        Sleep time per Request. Ex. --time-sleep-request 3
  --desc [_DESC]        Description of the script and authors
  --output-desc [_OUTPUT_DESC]
                        Description of the output on console mode.
                                                              

Optional Arguments

$ sudo python3 wafparan01d3.py -h 
	- show the help message

$ sudo python3 wafparan01d3.py --run
	- run the script with default options.

$ sudo python3 wafparan01d3.py --run --debug
	- Print every line on console.
	
$ sudo python3 wafparan01d3.py --run --pl 1
	- Run the script in assigned Paranoia Level.
	- By default runs on Paranoia Level 1, 2, 3, 4

$ sudo python3 wafparan01d3.py --run --payload file_payload2.txt
	- Define the payload file that you want to send to WAF.
	- By default takes the file mysql_gosecure.txt

$ sudo python3 wafparan01d3.py --run --rules-remove rules_removex.txt
	- Define the rules that you want to remove on GWAF.
	- Example of the file: 
		- Default 920000 920001 920002
	- By default takes the files: rules_remove1.txt, rules_remove2.txt, rules_remove3.txt, rules_remove4.txt

$ sudo python3 wafparan01d3.py --run --log /home/waf_user/paranoia.log
	- Define LOG File.
	- By default print the log on paranoia_debug.log

$ sudo python3 wafparan01d3.py --run --domain mydomain.test.com
	- Define Domain of Front End WAF.
	- By default runs over domain domain.test:8080
	
$ sudo python3 wafparan01d3.py --run --conf-file /opt/modsecurity/crs/rules/INITIALIZATION.conf
	- Define the configuration file to update the Paranoia Level
	- By default takes /etc/modsecurity/crs/rules/REQUEST-901-INITIALIZATION.conf

$ sudo python3 wafparan01d3.py --run --time-sleep 3
	- Define the time to sleep per Paranoia Level.

$ sudo python3 wafparan01d3.py --run --time-sleep-request 2
	- Define the time to sleep per request send to WAF.

$ sudo python3 wafparan01d3.py --desc
	- Print the description of the script and the authors.

Demos

You can try wafparan01d3.py by running the VM environment (Ubuntu) that deploys WAF ModSecurity & 'Mock' using latest OWASP Core Rule Set CRS 3.3.2 evaluating ModSecurity paranoia levels easyble customizable.

To run:

$ git clone https://github.com/alt3kx/wafparan01d3.git
$ cd wafparan01d3
$ sudo python3 wafparan01d3.py --help 
$ sudo python3 wafparan01d3.py --run

wafparan01d3_001

$ sudo python3 wafparan01d3.py --run --debug --proxy http://192.168.56.1:8081

wafparan01d3_002

$ sudo python3 wafparan01d3.py --run --debug --pl 1 2 --proxy http://192.168.56.1:8081 --log test.log --domain vulnerable.domain:8080 --time-sleep-request 1 --time-sleep 1 --rules-remove my_rules_remove.txt --payload my_payload.txt

wafparan01d3_003

WAF Rule Scientific Notation

https://github.com/mindhack03d/WAF-Rule-Scientific-Notation

Authors

Alex Hernandez aka (@_alt3kx_)
Jesus Huerta aka @mindhack03d

You might also like...
A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers within industrial environments. Utilizing multithreaded processing, Automator-Terminator delivers a powerful wave of spoofed ethernet packets to a null MAC address. Source code for
Source code for "A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction" @ NAACL 2022

TSAR Source code for NAACL 2022 paper: A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction. 🔥 Introduction We focus on extra

High level cheatsheet that was designed to make checks on the OSCP more manageable

High level cheatsheet that was designed to make checks on the OSCP more manageable. This repository however could also be used for your own studying or for evaluating test systems like on HackTheBox or TryHackMe. DM me via Twitter (@FindingUrPasswd) to request any specific additions to the content that you think would also be helpful!

Log4j rce test environment and poc
Log4j rce test environment and poc

log4jpwn log4j rce test environment See: https://www.lunasec.io/docs/blog/log4j-zero-day/ Experiments to trigger in various software products mentione

Python script to tamper with pages to test for Log4J Shell vulnerability.

log4jShell Scanner This shell script scans a vulnerable web application that is using a version of apache-log4j 2.15.0. This application is a static

Something I built to test for Log4J vulnerabilities on customer networks.

Log4J-Scanner Something I built to test for Log4J vulnerabilities on customer networks. I'm not responsible if your computer blows up, catches fire or

These are Simple python scripts to test/scan your network
These are Simple python scripts to test/scan your network

Disclaimer This tool is for Educational purpose only. We do not promote or encourage any illegal activities. Summary These are Simple python scripts t

A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

This project is no longer maintained March 2020 Update: Please go see the amazing Pysa tutorial that should get you up to speed finding security vulne

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities
WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities Which is a great tool for web pentesters. Coded in python3, CLI. WebScan is capable of scanning and detecting sql injection vulnerabilities across HTTP and HTTP sites.

Releases(v1.1)
  • v1.1(Nov 22, 2021)

    Optional Arguments

    $ sudo python3 wafparan01d3.py -h 
    	- show the help message
    
    $ sudo python3 wafparan01d3.py --run
    	- run the script with default options.
    
    $ sudo python3 wafparan01d3.py --run --debug
    	- Print every line on console.
    	
    $ sudo python3 wafparan01d3.py --run --pl 1
    	- Run the script in assigned Paranoia Level.
    	- By default runs on Paranoia Level 1, 2, 3, 4
    
    $ sudo python3 wafparan01d3.py --run --payload file_payload2.txt
    	- Define the payload file that you want to send to WAF.
    	- By default takes the file mysql_gosecure.txt
    
    $ sudo python3 wafparan01d3.py --run --rules-remove rules_removex.txt
    	- Define the rules that you want to remove on GWAF.
    	- Example of the file: 
    		- Default 920000 920001 920002
    	- By default takes the files: rules_remove1.txt, rules_remove2.txt, rules_remove3.txt, rules_remove4.txt
    
    $ sudo python3 wafparan01d3.py --run --log /home/waf_user/paranoia.log
    	- Define LOG File.
    	- By default print the log on paranoia_debug.log
    
    $ sudo python3 wafparan01d3.py --run --domain mydomain.test.com
    	- Define Domain of Front End WAF.
    	- By default runs over domain domain.test:8080
    	
    $ sudo python3 wafparan01d3.py --run --conf-file /opt/modsecurity/crs/rules/INITIALIZATION.conf
    	- Define the configuration file to update the Paranoia Level
    	- By default takes /etc/modsecurity/crs/rules/REQUEST-901-INITIALIZATION.conf
    
    $ sudo python3 wafparan01d3.py --run --time-sleep 3
    	- Define the time to sleep per Paranoia Level.
    
    $ sudo python3 wafparan01d3.py --run --time-sleep-request 2
    	- Define the time to sleep per request send to WAF.
    
    $ sudo python3 wafparan01d3.py --desc
    	- Print the description of the script and the authors.
    
    Source code(tar.gz)
    Source code(zip)
    wafparan01d3.py(8.92 KB)
Owner
Red Teamer | PentTester | Bug Bounty | 0day guy! | Researcher | Lone Wolf...l opinions expressed are mine
A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell

log4j-poc An LDAP RCE exploit for CVE-2021-44228 Log4Shell Description This demo Tomcat 8 server has a vulnerable app deployed on it and is also vulne

60 Dec 10, 2022
This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit

CVE-2021-40444 builders This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit. This repo is just for testing, re

ASL IT Security 168 Nov 09, 2022
We protect the privacy of the data on your computer by using the camera of your Debian based Pardus operating system. 🕵️

Pardus Lookout We protect the privacy of the data on your computer by using the camera of your Debian based Pardus operating system. The application i

Ahmet Furkan DEMIR 19 Nov 18, 2022
Nmap automated port scanner written in Python

port-scanner Nmap automated port scanner written in Python. USE: Clone the module Import the module: from portscanModule import portscanner Use: ports

Brayden Karnes 1 Dec 03, 2021
Python exploit for vsftpd 2.3.4 - Backdoor Command Execution

CVE-2011-2523 - vsftpd 2.3.4 Exploit Discription vsftpd, which stands for Very Secure FTP Daemon,is an FTP server for Unix-like systems, including Lin

Padsala Tushal 5 Nov 08, 2022
Obfuscate your Python scripts better, faster.

⚜️ Berserker ⚜️ An unique Python3 obfuscator using Kyrie Eleison's encryption protocol, written in Python3. 📋 Examples 📋 Unobfuscated: input("Hello

Billy 81 Dec 07, 2022
python script for hack gmail account using brute force attack

#Creator: johnry #coded by john ry GBrute python script for hack gmail account using brute force attack Commands apt update && apt upgrade git clone h

6 Dec 09, 2022
This is a Crypto asset tracker that I built to aid my personal journey in cryptocurrencies.

Wallet Tracker This is a Crypto asset tracker that I built to aid my personal journey in cryptocurrencies. build docker build -t wallet-tracker . run

2 Mar 21, 2022
A Python tool to automate some dorking stuff to find information disclosures.

WebDork v1.0.3 A open-source tool to find publicly available sensitive information about Companies/Organisations! WebDork A Python tool to automate so

Rahul rc 123 Jan 08, 2023
LdapRelayScan - Check for LDAP protections regarding the relay of NTLM authentication

LDAP Relay Scan A tool to check Domain Controllers for LDAP server protections r

315 Dec 18, 2022
Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI

LFI-Hunter Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI A script written in

Anukul Pandey 6 Jan 30, 2022
The Multi-Tool Web Vulnerability Scanner.

🟥 RapidScan v1.2 - The Multi-Tool Web Vulnerability Scanner RapidScan has been ported to Python3 i.e. v1.2. The Python2.7 codebase is available on v1

skavngr 1.3k Dec 31, 2022
阿里云accesskey利用工具

aliyun-accesskey-Tools 此工具用于查询ALIYUN_ACCESSKEY的主机,并且远程执行命令。 对于ALIYUN_ACCESSKEY利用方式可参考文章:记一次阿里云主机泄露Access Key到Getshell 工具截图 安装模块 pip install -r require

一灯老和尚 826 Jan 01, 2023
Docker Compose based system for running remote browsers (including Flash and Java support) connected to web archives

pywb Remote Browsers This repository provides a simple configuration for deploying any pywb with remote browsers provided by OWT/Shepherd Remote Brows

Webrecorder 10 Jul 28, 2022
Writing and posting code throughout my new journey into python!

bootleg-productions consider this account to be a journal for me to record my progress throughout my python journey feel free to copy codes from this

1 Dec 30, 2021
😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.

😭 WSOB (CVE-2022-29464) 😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464. CVE-2022-29464 details:

0p 25 Oct 14, 2022
Malware arcane - Scripts and notes on my malware analysis journey

Malware Arcane Repository of notes and scripts I use when doing malware analysis

pwncat module that automatically exploits CVE-2021-4034 (pwnkit)

pwncat_pwnkit Introduction The purpose of this module is to attempt to exploit CVE-2021-4034 (pwnkit) on a target when using pwncat. There is no need

Dana Epp 33 Jul 01, 2022
SonicWall SMA-100 Unauth RCE Exploit (CVE-2021-20038)

Bad Blood Bad Blood is an exploit for CVE-2021-20038, a stack-based buffer overflow in the httpd binary of SMA-100 series systems using firmware versi

Jake Baines 80 Dec 29, 2022
Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file which allows an unauthenticated user to execute arbitrary code via directory traversal

CVE-2021-40870 Exploitation An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous ty

Ashraful Islam 16 Nov 15, 2022