渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Stars: ✭ 3,858 (+3877.32%)

Mutual labels: exploit, rce

Sireprat

Remote Command Execution as SYSTEM on Windows IoT Core (releases available for Python2.7 & Python3)

Stars: ✭ 326 (+236.08%)

Mutual labels: exploit, rce

Cve 2019 1003000 Jenkins Rce Poc

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

Stars: ✭ 270 (+178.35%)

Mutual labels: exploit, rce

Vulmap

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Stars: ✭ 1,079 (+1012.37%)

Mutual labels: exploit, rce

Cve 2018 18852

CERIO RCE CVE-2018-18852, authenticated (vendor defaults) web-based RCE as root user.

Stars: ✭ 42 (-56.7%)

Mutual labels: exploit, rce

Umbraco-RCE

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

Stars: ✭ 61 (-37.11%)

Mutual labels: exploit, rce

Gitlab rce

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

Stars: ✭ 104 (+7.22%)

Mutual labels: exploit, rce

PwnX.py

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

Stars: ✭ 30 (-69.07%)

Mutual labels: exploit, rce

Exploit Cve 2017 7494

SambaCry exploit and vulnerable container (CVE-2017-7494)

Stars: ✭ 265 (+173.2%)

Mutual labels: exploit, rce

CVE-2021-41773 CVE-2021-42013

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

Stars: ✭ 20 (-79.38%)

Mutual labels: exploit, rce

Exploit Cve 2016 9920

Roundcube 1.0.0 <= 1.2.2 Remote Code Execution exploit and vulnerable container

Stars: ✭ 34 (-64.95%)

Mutual labels: exploit, rce

Cve 2019 0708 Tool

A social experiment

Stars: ✭ 87 (-10.31%)

Mutual labels: exploit, rce

SAP vulnerabilities

DoS PoC's for SAP products

Stars: ✭ 47 (-51.55%)

Mutual labels: exploit, rce

rce

Distributed, workflow-driven integration environment

Stars: ✭ 42 (-56.7%)

Mutual labels: rce

spring-boot-upload-file-lead-to-rce-tricks

spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧

Stars: ✭ 517 (+432.99%)

Mutual labels: rce

View All Similar Projects ➔

ProFTPd 1.3.5 - (mod_copy) Remote Command Execution

ProFTPD is a highly configurable FTP daemon for Unix and Unix-like operating systems. ProFTPD grew from a desire for a secure and configurable FTP server. It was inspired by a significant admiration of the Apache web server. Unlike most other Unix FTP servers, it has not been derived from the old BSD ftpd code base, but is a completely new design and implementation.

Vulnerable environment

To setup a vulnerable environment for your test you will need Docker installed, and just run the following command:

docker build -t vuln/cve-2015-3306 .
docker run --rm -it -p 21:21 -p 80:80 vuln/cve-2015-3306

And it will spawn a vulnerable application on your host on 21 and 80 port

Vulnerable code

The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands. Any unauthenticated client can leverage these commands to copy files from any part of the filesystem to a chosen destination. The copy commands are executed with the rights of the ProFTPD service, which by default runs under the privileges of the 'nobody' user. By using /proc/self/cmdline to copy a PHP payload to the website directory, PHP remote code execution is made possible.

Exploit

To exploit this target just run:

./exploit.py --host HOST --port PORT --path PATH

If you are using this vulnerable image, you can just run:

./exploit.py --host 127.0.0.1 --port 21 --path "/var/www/html/"

After the exploitation, a file called backdoor.php will be stored on the root folder of the web directory. And the exploit will drop you a shell where you can send commands to the backdoor:

./exploit.py --host 127.0.0.1 --port 21 --path "/var/www/html/"
[+] CVE-2015-3306 exploit by t0kx
[+] Exploiting 127.0.0.1:21
[+] Target exploited, acessing shell at http://127.0.0.1/backdoor.php
[+] Running whoami: www-data
[+] Done

Credits

This vulnerability was found by Vadim Melihow.

Disclaimer

This or previous program is for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that me (t0kx) is not liable for any damages caused by direct or indirect use of the information or functionality provided by these programs. The author or any Internet provider bears NO responsibility for content or misuse of these programs or any derivatives thereof. By using these programs you accept the fact that any damage (dataloss, system crash, system compromise, etc.) caused by the use of these programs is not t0kx's responsibility.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

t0kx / exploit-CVE-2015-3306

Programming Languages

Labels

Projects that are alternatives of or similar to exploit-CVE-2015-3306

ProFTPd 1.3.5 - (mod_copy) Remote Command Execution

Vulnerable environment

Vulnerable code

Exploit

Credits

Disclaimer