exploit Archives — Page 2 of 11

Heartbleed Exploit – Discovery & Exploitation

September 30, 2020 Admin

PHPSploit Full-featured C2 framework which silently persists on webserver via polymorphic PHP oneliner

September 3, 2020September 29, 2020 Admin

Overview The obfuscated communication is accomplished using HTTP headers under standard client requests and web server’s relative responses, tunneled through a tiny polymorphic backdoor: <?php @eval($_SERVER[‘HTTP_PHPSPL01T’]); ?> Quick Start git clone https://github.com/nil0x42/phpsploit cd phpsploit/ pip3 […]

Cisco 7937G All-In-One Exploiter

August 12, 2020August 12, 2020 Admin

XSSer Automated Detection, Exploitation, and Reporting Framework for XSS Vulnerabilities

July 27, 2020September 29, 2020 Admin

Cross Site “Scripter” (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. It provides several options to try to bypass certain filters and various special techniques for code […]

PowerZure

July 24, 2020September 29, 2020 Admin

What is PowerZure? PowerZure is a PowerShell project created to assess and exploit resources within Microsoft’s cloud platform, Azure. PowerZure was created out of the need for a framework that can both perform reconnaissance and […]

Wing FTP Server 6.3.8 Remote Code Execution

July 17, 2020 Admin

# Exploit Title: Wing FTP Server 6.3.8 – Remote Code Execution (Authenticated) # Date: 2020-06-26 # Exploit Author: v1n1v131r4 # Vendor Homepage: https://www.wftpserver.com/ # Software Link: https://www.wftpserver.com/download.htm # Version: 6.3.8 # Tested on: Windows 10 […]

Archery – A Security Tool

March 8, 2019September 29, 2020 Admin

Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It […]

OpenSSH SCP Client – Write Arbitrary Files

March 8, 2019March 8, 2019 Admin

Title: SSHtranger Things Author: Mark E. Haase mhaase@hyperiongray.com Homepage: https://www.hyperiongray.com Date: 2019-01-17 CVE: CVE-2019-6111, CVE-2019-6110 Advisory: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt Tested on: Ubuntu 18.04.1 LTS, OpenSSH client 7.6p1 We have nicknamed this “SSHtranger Things” because the bug is […]

KPOT Botnet – File Download/Source Code Disclosure Vulnerability

December 1, 2018 Admin

################################ # Exploit Title: KPOT Botnet – File Download/Source Code Disclosure Vulnerability # Google Dork: n/a # Date: 26/11/2018 # Exploit Author: n4pst3r # Vendor Homepage: unkn0wn # Software Link: https://bhf.io/threads/515432/ # Version: unkn0wn # […]

Apache Spark – Unauthenticated Command Execution (Metasploit)

December 1, 2018December 1, 2018 Admin

This module exploits an unauthenticated command execution vulnerability in Apache Spark with standalone cluster mode through REST API. It uses the function CreateSubmissionRequest to submit a malious java class and trigger it. [su_quote] ## # […]