r00t7oo2jm Goto Github PK

-cve-2024-21683-rce-in-confluence-data-center-and-server

This vulnerability allows an unauthenticated attacker to remotely execute arbitrary code on a vulnerable Confluence server. The vulnerability exists due to an improper validation of user-supplied input in the Confluence REST API. This allows an attacker to inject malicious code into the Confluence server, which can then be executed by the server

-shell

Msmap is a Memory WebShell Generator.

360tianqingrce

捕获攻击队0day 360tianqingRCE

a-sheep-assistant

羊了个羊助手，羊了个羊一键闯关，请勿将本项目的任何内容用于商业或非法目的，否则后果自负

ad-description-password-finder

Retrieve AD accounts description and search for password in it

am0n-eye

amon-eye

amsi-bypasses

This repository contains several AMSI bypasses. These bypasses are based on some very nice research that has been put out by some awesome people. I really recommend checking them out: https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Korkos-AMSI-and-Bypass.pdf and https://rastamouse.me/memory-patching-amsi-bypass/

anti-virus-evading-payloads

During the exploitation phase of a pen test or ethical hacking engagement, you will ultimately need to try to cause code to run on target system computers. Whether accomplished by phishing emails, delivering a payload through an exploit, or social engineering, running code on target computers is part of most penetration tests. That means that you will need to be able to bypass antivirus software or other host-based protection for successful exploitation. The most effective way to avoid antivirus detection on your target's computers is to create your own customized backdoor. Here is a simple way to evade anti-virus software when creating backdoors!

antihoneypot

一个拦截 XSSI & 识别Web蜜罐的Chrome扩展

apexldr

ApexLdr is a DLL Payload Loader written in C

bundler-bypass

免杀捆绑器，过主流杀软。A Bundler bypass anti-virus

burp2malleable

Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles

business-ctf-2024

Official writeups for Business CTF 2024: The Vault Of Hope

bypasspro

对权限绕过自动化bypass的burpsuite插件

callstackspoofer

A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)

centos-webpanel

Proof of concepts scripts for vulnerabilities in CentOS Web Panel

cobaltstrike-malleable-profile

CobaltStrike Malleable Profile

cobaltstrike4.5_cdf

cobaltstrike4.5版本破/解、去除checksum8特征、bypass BeaconEye、修复错误路径泄漏stage、增加totp双因子验证等

cs

cs-autopostchain

基于 OPSEC 的 CobaltStrike 后渗透自动化链

cve-2022-27925-poc

Zimbra RCE simple poc

cve-2022-40684-rce-poc

CVE-2022-40684-RCE-POC Fortinet Vulnerability

cve-2022-41352-zimbra-rce

Zimbra <9.0.0.p27 RCE

cve-2023-21554

cve-2023-24871

pocs & exploit for CVE-2023-24871 (rce + lpe)

cve-2024-20931

The Poc for CVE-2024-20931

cve-2024-21111

Oracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability

cve-2024-21378

This repository contains an exploit for targeting Microsoft Outlook through Exchange Online, leveraging a vulnerability to execute arbitrary code via COM DLLs. The exploit utilizes a modified version of Ruler to send a malicious form as an email, triggering the execution upon user interaction within the Outlook thick client.

cve-2024-21683-rce

CVE-2024-21683 Post Auth RCE