ecriminal / Exploit Discord Cache System Poc
Exploit Discord's cache system to remote upload payloads on Discord users machines
Stars: ✭ 51
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Exploit Discord Cache System Poc
CVE-2021-44228-PoC-log4j-bypass-words
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
Stars: ✭ 760 (+1390.2%)
Mutual labels: exploit, poc, payload
Cloak
Cloak can backdoor any python script with some tricks.
Stars: ✭ 411 (+705.88%)
Mutual labels: exploit, payload
Ladongo
Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
Stars: ✭ 366 (+617.65%)
Mutual labels: exploit, poc
Drupalgeddon2
Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)
Stars: ✭ 464 (+809.8%)
Mutual labels: exploit, poc
Cve 2019 0708
3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)
Stars: ✭ 350 (+586.27%)
Mutual labels: exploit, poc
Gef
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers ☢
Stars: ✭ 4,197 (+8129.41%)
Mutual labels: exploit, discord
Cve 2017 0785
Blueborne CVE-2017-0785 Android information leak vulnerability
Stars: ✭ 428 (+739.22%)
Mutual labels: exploit, poc
Penetration testing poc
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+7464.71%)
Mutual labels: poc, exploit
Am I Affected By Meltdown
Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.
Stars: ✭ 549 (+976.47%)
Mutual labels: exploit, poc
K8cscan
K8Cscan大型内网渗透自定义插件化扫描神器,包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用,程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本,支持Cobalt Strike联动
Stars: ✭ 693 (+1258.82%)
Mutual labels: exploit, poc
Medusa
🐈Medusa是一个红队武器库平台,目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能,持续开发中 http://medusa.ascotbe.com
Stars: ✭ 796 (+1460.78%)
Mutual labels: poc, payload
Cve 2018 7600
💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002
Stars: ✭ 330 (+547.06%)
Mutual labels: exploit, poc
Wordpress Xmlrpc Brute Force Exploit
Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield
Stars: ✭ 315 (+517.65%)
Mutual labels: exploit, poc
K8tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
Stars: ✭ 4,173 (+8082.35%)
Mutual labels: exploit, poc
Ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Stars: ✭ 4,808 (+9327.45%)
Mutual labels: exploit, poc
Pysploit
Remote exploitation framework written in Python
Stars: ✭ 37 (-27.45%)
Mutual labels: exploit, payload
Commodity Injection Signatures
Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
Stars: ✭ 267 (+423.53%)
Mutual labels: exploit, poc
Cve 2019 1003000 Jenkins Rce Poc
Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)
Stars: ✭ 270 (+429.41%)
Mutual labels: exploit, poc
Exploit Discord's cache system to hide payloads PoC
Remote upload embedded payload from image using EOF to Discord users machines through cache.
Depending on how NodeJS and Discord's cache system works, you could potentially make this a full remote code execution exploit.
Step-by-step
Step 1
Embed payload to an image that's less than 256 kb of size:
python3 embed.py <image> <python payload>
For this proof-of-concept, my payload is:
print('Hello World!')
Step 2
Upload the image with the embedded payload to a Discord server as an emoji.
Step 3
Send the emoji in a text channel. Any member that displays that emoji will automatically download it with the embedded payload to cache.
Step 4
To actually execute the embedded payload, you'd have to make victim run a script like victim.py. The script will find and execute the embedded payload from the image in cache.
Video showcase
Note
The same trick can be done with profile avatars.
Credits
cs:
Have fun triggering AVs :p
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].