EternalBlueC – EternalBlue Suite Remade In C/C++ Which Includes: MS17-010 Exploit, EternalBlue Vulnerability Detector, DoublePulsar Detector And DoublePulsar Shellcode & DLL Uploader

[*]EternalBlue suite remade in C which includes: MS17-010 Exploit, EternalBlue/MS17-010 vulnerability detector, DoublePulsar detector and DoublePulsar UploadDLL & Shellcode[*] ms17_vuln_status.cpp – This program sends 4 SMB packets. 1 negociation packet and 3 requests. This program reads the NT_STATUS response from a TransNamedPipeRequest ( PeekNamedPipe request ) and determines if NT_STATUS = 0xC0000205 ( STATUS_INSUFF_SERVER_RESOURCES ).Read More

hackerEnv – An Automation Tool That Quickly And Easily Sweep IPs And Scan Ports, Vulnerabilities And Exploit Them

hackerEnv is an automation tool that quickly and easily sweep IPs and scan ports, vulnerabilities and exploit them. Then, it hands you an interactive shell for further testing. Also, it generates HTML and docx reports. It uses other tools such as nmap, nikto, metasploit and hydra. Works in kali linux and Parrot OS. Do notRead More

RMIScout – Wordlist And Bruteforce Strategies To Enumerate Java RMI Functions And Exploit RMI Parameter Unmarshalling Vulnerabilities

RMIScout performs wordlist and bruteforce attacks against exposed Java RMI interfaces to safely guess method signatures without invocation.On misconfigured servers, any known RMI signature using non-primitive types (e.g., java.lang.String), can be exploited by replacing the object with a serialized payload. This is a fairly common misconfiguration (e.g., VMWare vSphere Data Protection + vRealize Operations Manager,Read More

Tentacle – A POC Vulnerability Verification And Exploit Framework

Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets. (Still in DEV…)Install pip3 install -r requestment.txt UsageWhen you run it for the first time, the configuration fileRead More

CVE-2020-0796 – Windows SMBv3 LPE Exploit #SMBGhost

Windows SMBv3 LPE Exploit Authors Daniel García Gutiérrez (@danigargu) Manuel Blanco Parajón (@dialluvioso_) References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 https://www.synacktiv.com/posts/exploit/im-smbghost-daba-dee-daba-da.html https://www.fortinet.com/blog/threat-research/cve-2020-0796-memory-corruption-vulnerability-in-windows-10-smb-server.html#.Xndfn0lv150.twitter https://www.mcafee.com/blogs/other-blogs/mcafee-labs/smbghost-analysis-of-cve-2020-0796/ http://blogs.360.cn/post/CVE-2020-0796.html https://blog.zecops.com/vulnerabilities/vulnerability-reproduction-cve-2020-0796-poc/ Download CVE-2020-0796

R00Kie-Kr00Kie – PoC Exploit For The CVE-2019-15126 Kr00K Vulnerability

[*] DisclaimerThis is a PoC exploit for the CVE-2019-15126 kr00k vulnerability.This project is intended for educational purposes only and cannot be used for law violation or personal gain.The author of this project is not responsible for any possible harm caused by the materials. RequirementsTo use these scripts, you will need a WiFi card supporting theRead More

XXExploiter – Tool To Help Exploit XXE Vulnerabilities

I wrote this tool to help me testing XXE vulnerabilities.It generates the XML payloads, and automatically starts a server to serve the needed DTD’s or to do data exfiltration.IMPORTANT: This tool is still under development and although most of its features are already working, some may have not been tested properly.Building & RunningThis is aRead More

xShock – Shellshock Exploit

xShock ShellShock (CVE-2014-6271)This tool exploits shellshock. Written by Hulya KarabagVersion 1.0.0Instagram: Capture the RootScreenshots How to use Read MeAll founded directories will be saved in vulnurl.txt file. The results of the executed commands are saved in response.txt. FeaturesThis tool include: CGI VULNERABILITY DIRECTORY SCAN RUN COMMAND WITH FOUNDED CGI SHOW VULNERABLE URLS UPDATE PROXY InstallationRead More

Entropy Toolkit – A Set Of Tools To Exploit Netwave And GoAhead IP Webcams

Entropy Toolkit is a set of tools to exploit Netwave and GoAhead IP Webcams. Entropy is a powerful toolkit for webcams penetration testing. Getting started Entropy installation cd entropy chmod +x install.sh ./install.sh Entropy uninstallation cd entropy chmod +x uninstall.sh ./uninstall.sh Entropy Toolkit execution entropy -h usage: entropy [-h] [-b [1|2]] [-o <outputfile>] [–timeout <timeout>]Read More

SUDO_KILLER – A Tool To Identify And Exploit Sudo Rules’ Misconfigurations And Vulnerabilities Within Sudo

Linux Privilege Escalation through SUDO abuse.If you like the tool and for my personal motivation so as to develop other tools please a +1 star *The tool can be used by pentesters, system admins, CTF players, students, System Auditors and trolls :). INTRO**WARNING: SUDO_KILLER is part of the KILLER project. SUDO_KILLER is still under developmentRead More

X