ProxyLogon – PoC Exploit for Microsoft Exchange

PoC Exploit for Microsoft Exchange Launche Original PoC: https://github.com/testanull How to use: python proxylogon.py <name or IP of server> <[email protected]> Example: python proxylogon.py primary [email protected] If successful you will be dropped into a webshell. exit or quit to escape from the webshell (or ctrl+c) By default, it will create a file test.aspx. This can beRead More

Taken – Takeover AWS Ips And Have A Working POC For Subdomain Takeover

Takeover AWS ips and have a working POC for Subdomain Takeover. Idea is simple Get subdomains. Do reverse lookups to only save AWS ips. Restart EC2 instance every min. and public ip gets rotated on each restart. Match it with your existing list of subdomain ips and you have a working subdomain takeover POC. NotifyRead More

Phirautee – A PoC Crypto Virus To Spread User Awareness About Attacks And Implications Of Ransomwares

A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanently encrypts/deletes the organisation data.Phirautee is a Living off the Land (LotL)Read More

TrustJack – Yet Another PoC For Hijacking DLLs in Windows

Yet another PoC for https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windowsBlogpost: https://redteamer.tips/?p=108To be used with a cmd that does whatever the F you want, for a dll that pops cmd, https://github.com/jfmaes/CMDLL. check the list in wietze’s site to check how you should call your dll.will automatically create c:Windows System32 and drop your dll and chosen binary in there, followed by execution.Read More

TokenBreaker – JSON RSA To HMAC And None Algorithm Vulnerability POC

[*] Token Breaker is focused on 2 particular vulnerability related to JWT tokens. None Algorithm RSAtoHMAC Refer to this link about insights of the vulnerability and how an attacker can forge the tokensTry out this vulnerability hereTheNone Usage usage: TheNone.py [-h] -t TOKENTokenBreaker: 1.TheNoneAlgorithmoptional arguments: -h, –help show this help message and exitrequired arguments: -tRead More

Tentacle – A POC Vulnerability Verification And Exploit Framework

Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets. (Still in DEV…)Install pip3 install -r requestment.txt UsageWhen you run it for the first time, the configuration fileRead More

CVE-2020-0796 – CVE-2020-0796 Pre-Auth POC

(c) 2020 ZecOps, Inc. – https://www.zecops.com – Find Attackers’ Mistakes POC to check for CVE-2020-0796 / “SMBGhost” Expected outcome: Blue Screen Intended only for educational and testing in corporate environments. ZecOps takes no responsibility for the code, use at your own risk. Please contact [email protected] if you are interested in agent-less DFIR tools for Servers,Read More

R00Kie-Kr00Kie – PoC Exploit For The CVE-2019-15126 Kr00K Vulnerability

[*] DisclaimerThis is a PoC exploit for the CVE-2019-15126 kr00k vulnerability.This project is intended for educational purposes only and cannot be used for law violation or personal gain.The author of this project is not responsible for any possible harm caused by the materials. RequirementsTo use these scripts, you will need a WiFi card supporting theRead More

X