All Projects → XiphosResearch → Exploits

XiphosResearch / Exploits

Miscellaneous exploit code

Programming Languages

python
139335 projects - #7 most used programming language

Projects that are alternatives of or similar to Exploits

K8tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
Stars: ✭ 4,173 (+260.67%)
Mutual labels:  hacking, poc, bypass
exploits
Some personal exploits/pocs
Stars: ✭ 52 (-95.51%)
Mutual labels:  exploits, poc, rce
Cve 2019 0708 Tool
A social experiment
Stars: ✭ 87 (-92.48%)
Mutual labels:  hacking, poc, rce
OSCE
Some exploits, which I’ve created during my OSCE preparation.
Stars: ✭ 74 (-93.6%)
Mutual labels:  exploits, rce, bypass
Cazador unr
Hacking tools
Stars: ✭ 95 (-91.79%)
Mutual labels:  hacking, poc, rce
Penetration testing poc
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+233.45%)
Mutual labels:  poc, bypass, rce
Poc
Advisories, proof of concept files and exploits that have been made public by @pedrib.
Stars: ✭ 376 (-67.5%)
Mutual labels:  hacking, exploits
Eqgrp
Decrypted content of eqgrp-auction-file.tar.xz
Stars: ✭ 3,743 (+223.51%)
Mutual labels:  hacking, exploits
Mec
for mass exploiting
Stars: ✭ 448 (-61.28%)
Mutual labels:  exploits, rce
Payloadsallthethings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+2744.34%)
Mutual labels:  hacking, bypass
Android Exploits
A collection of android Exploits and Hacks
Stars: ✭ 290 (-74.94%)
Mutual labels:  hacking, exploits
Thc Archive
All releases of the security research group (a.k.a. hackers) The Hacker's Choice
Stars: ✭ 474 (-59.03%)
Mutual labels:  hacking, exploits
Fail2ban.webexploits
This custom Fail2Ban filter and jail will deal with all scans for common Wordpress, Joomla and other Web Exploits being scanned for by automated bots and those seeking to find exploitable web sites.
Stars: ✭ 67 (-94.21%)
Mutual labels:  hacking, exploits
Cve 2020 0796 Rce Poc
CVE-2020-0796 Remote Code Execution POC
Stars: ✭ 359 (-68.97%)
Mutual labels:  poc, rce
Hacking
hacker, ready for more of our story ! 🚀
Stars: ✭ 413 (-64.3%)
Mutual labels:  hacking, poc
Cve 2019 0708
3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)
Stars: ✭ 350 (-69.75%)
Mutual labels:  hacking, poc
Hacktheworld
An Python Script For Generating Payloads that Bypasses All Antivirus so far .
Stars: ✭ 527 (-54.45%)
Mutual labels:  hacking, bypass
K8cscan
K8Cscan大型内网渗透自定义插件化扫描神器,包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用,程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本,支持Cobalt Strike联动
Stars: ✭ 693 (-40.1%)
Mutual labels:  hacking, poc
Routeros
RouterOS Security Research Tooling and Proof of Concepts
Stars: ✭ 603 (-47.88%)
Mutual labels:  poc, exploits
Privesc
A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
Stars: ✭ 786 (-32.07%)
Mutual labels:  hacking, exploits

Exploits

Miscellaneous proof of concept exploit code written at Xiphos Research for testing purposes.

Current Exploits (index may be out of date)

  • phpMoAdmin Remote Code Execution (CVE-2015-2208)
  • LotusCMS Remote Code Execution (OSVDB-75095)
  • ElasticSearch Remote Code Execution (CVE-2015-1427)
  • ShellShock (httpd) Remote Code Execution (CVE-2014-6271)
  • IISlap - http.sys Denial of Service/RCE PoC (DoS only). (MS-15-034)
  • se0wned - Seowintech Router diagnostic.cgi remote root
  • WPsh0pwn - Wordpress WPShop eCommerce Shell Upload (WPVDB-7830)
  • nmediapwn - Wordpress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload
  • pwnflow - Wordpress Work the flow file upload 2.5.2 Shell Upload
  • delusions - Wordpress InfusionSoft Gravity Forms Shell Upload (CVE-2014-6446)
  • suiteshell - SuiteCRM Post-Auth Remote Code Execution (CVE-2015-NOTYET)
  • suiteracer - SuiteCRM Post-Auth Remote Code Execution Race Condition (CVE-2015-xxxx)
  • unsanitary - Address Sanitizer + Setuid Binary = Local Root exploit (LD_PRELOAD vector)
  • DiamondFox - DiamondFox Botnet C&C Panel Shell Upload
  • DoubtfullyMalignant - BenignCertain DoS PoC
  • TorCT-Shell - TorCT RAT C&C Panel Shell Upload
  • vBullshit - vBulletin 5.x.x unserialize() Remote Code Execution (CVE-2015-7808)
  • Xanity-Shell - Xanity RAT C&C Panel Shell Upload
  • Joomraa - PoC + upload blacklist bypass (CVE-2016-8869, CVE-2016-8870, CVE-2016-9836)
  • Deathsize - LifeSize Room remote code execution & local root exploit
  • AssetExploder - ManageEngine Asset Explorer remote code execution
  • DroppleGanger - Droppler <= 1.6.5 Auth-Bypass & RCE
  • tr-06fail - TR-064 Misimplementations leading to remote device takeover in ZyXEL Routers
  • screen2root - Screen 4.05.00 (CVE-2017-5618) local privesc
  • FreeACS-Pwn - TR-069 exploit for FreeACS server, disclosed at BSides Edinburgh.
  • Joomblah - Joomla 3.7.0 SQL Injection exploit (CVE-2017-8917)
  • pisspoorpool - Local file inclusion exploit for p2pool status page
  • wipgpwn - Remote Root Exploit for WePresent WiPG-1000,1500,2000 devices
  • dloser - D-Link DNS-320/330/350/x Remote Root Exploit
  • TBA

Infrequently Asked Questions.

  1. Why is there no "leet zerodays" in here?

    Because some of our researchers don't believe in killing bugs prematurely, and the unofficial policy on disclosure is that it is at the sole discretion of the person who finds the bug.

  2. Why don't you just write metasploit modules?

    Reasons, namely, "ruby", amongst other things. Also, other people who are actually getting paid by Rapid7 to do such things can do such things :)

  3. Why are there some old bugs in here?

    The public exploits available for them were unreliable/untrustworthy/rubbish and better ones were called for, or, they are parts of ongoing experiments into various methods to make them more reliable/stealthy/whatever.

Licence

See individual exploits for their respective licences.

Bug Reports

We take the quality of our exploit code very seriously. If you find a bug, or an edge case where an exploit fails to succeed against a vulnerable target, do let us know immediately so said situation can be rectified via the bug tracker (issues thing on this repository), or via email/twitter.

Changes

There is no changelogs here, as that would be too much effort, just git commits. Exploits may be updated regularly for greater stability, reliability or stealthiness, so check them for updates regularly.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].