Weblogic CVE-2023-21839
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.
https://github.com/Scarehehe/Weblogic-CVE-2023-21839
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.
https://github.com/Scarehehe/Weblogic-CVE-2023-21839
GitHub
GitHub - DXask88MA/Weblogic-CVE-2023-21839
Contribute to DXask88MA/Weblogic-CVE-2023-21839 development by creating an account on GitHub.
A modular web reconnaissance tool and vulnerability scanner.
https://github.com/CERT-Polska/Artemis
https://github.com/CERT-Polska/Artemis
GitHub
GitHub - CERT-Polska/Artemis: A modular vulnerability scanner with automatic report generation capabilities.
A modular vulnerability scanner with automatic report generation capabilities. - CERT-Polska/Artemis
A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk
https://github.com/Octoberfest7/MemFiles
https://github.com/Octoberfest7/MemFiles
GitHub
GitHub - Octoberfest7/MemFiles: A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk
A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk - Octoberfest7/MemFiles
powershell and bash noscript use api of chatgpt for bypassing chatgpt’s restrictions
CVE-2023-21768 Local Privilege Escalation POC
https://github.com/xforcered/Windows_LPE_AFD_CVE-2023-21768
https://github.com/xforcered/Windows_LPE_AFD_CVE-2023-21768
GitHub
GitHub - xforcered/Windows_LPE_AFD_CVE-2023-21768: LPE exploit for CVE-2023-21768
LPE exploit for CVE-2023-21768. Contribute to xforcered/Windows_LPE_AFD_CVE-2023-21768 development by creating an account on GitHub.
NativePayloads
https://github.com/DamonMohammadbagher/NativePayloads
https://github.com/DamonMohammadbagher/NativePayloads
GitHub
GitHub - DamonMohammadbagher/NativePayloads: All my Source Codes (Repos) for Red-Teaming & Pentesting + Blue Teaming
All my Source Codes (Repos) for Red-Teaming & Pentesting + Blue Teaming - DamonMohammadbagher/NativePayloads
Local privilege escalation via PetitPotam (perfectly on Windows 21H2 10.0.20348.1547)
https://github.com/wh0amitz/PetitPotato
https://github.com/wh0amitz/PetitPotato
GitHub
GitHub - wh0amitz/PetitPotato: Local privilege escalation via PetitPotam (Abusing impersonate privileges).
Local privilege escalation via PetitPotam (Abusing impersonate privileges). - wh0amitz/PetitPotato
POC code to exploit the Heap overflow in Fortinet's SSLVPN daemon
https://github.com/scrt/cve-2022-42475
https://github.com/scrt/cve-2022-42475
GitHub
GitHub - scrt/cve-2022-42475: POC code to exploit the Heap overflow in Fortinet's SSLVPN daemon
POC code to exploit the Heap overflow in Fortinet's SSLVPN daemon - scrt/cve-2022-42475
Windows x64 handcrafted token stealing kernel-mode shellcode
https://github.com/winterknife/PINKPANTHER
https://github.com/winterknife/PINKPANTHER
GitHub
GitHub - winterknife/PINKPANTHER: Windows x64 handcrafted token stealing kernel-mode shellcode
Windows x64 handcrafted token stealing kernel-mode shellcode - winterknife/PINKPANTHER
CVE-2023-23415
Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability
https://github.com/wh-gov/CVE-2023-23415
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415/
Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability
https://github.com/wh-gov/CVE-2023-23415
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415/
Arbitrary File Disclosure Vulnerability in Icinga Web 2 <2.8.6, <2.9.6, <2.10
https://github.com/JacobEbben/CVE-2022-24716
https://github.com/JacobEbben/CVE-2022-24716
GitHub
GitHub - JacobEbben/CVE-2022-24716: Arbitrary File Disclosure Vulnerability in Icinga Web 2 <2.8.6, <2.9.6, <2.10
Arbitrary File Disclosure Vulnerability in Icinga Web 2 <2.8.6, <2.9.6, <2.10 - GitHub - JacobEbben/CVE-2022-24716: Arbitrary File Disclosure Vulnerability in Icinga Web 2 &...
EXP for CVE-2023-28434 MinIO unauthorized to RCE
https://github.com/AbelChe/evil_minio
https://github.com/AbelChe/evil_minio
GitHub
GitHub - AbelChe/evil_minio: EXP for CVE-2023-28434 MinIO unauthorized to RCE
EXP for CVE-2023-28434 MinIO unauthorized to RCE. Contribute to AbelChe/evil_minio development by creating an account on GitHub.
CaveCarver - PE backdooring tool which utilizes and automates code cave technique
https://github.com/XaFF-XaFF/CaveCarver
https://github.com/XaFF-XaFF/CaveCarver
GitHub
GitHub - XaFF-XaFF/CaveCarver: CaveCarver - PE backdooring tool which utilizes and automates code cave technique
CaveCarver - PE backdooring tool which utilizes and automates code cave technique - XaFF-XaFF/CaveCarver
HardHat C2،A cross-platform, collaborative, Command & Control framework written in C#, designed for red teaming and ease of use.
https://github.com/DragoQCC/HardHatC2
https://github.com/DragoQCC/HardHatC2
GitHub
GitHub - DragoQCC/CrucibleC2: A C# Command & Control framework
A C# Command & Control framework . Contribute to DragoQCC/CrucibleC2 development by creating an account on GitHub.
https://github.com/BeichenDream/GodPotato
Based on the history of Potato privilege escalation for 6 years, from the beginning of RottenPotato to the end of JuicyPotatoNG, I discovered a new technology by researching DCOM, which enables privilege escalation in Windows 2012 - Windows 2022, now as long as you have "ImpersonatePrivilege" permission. Then you are "NT AUTHORITY\SYSTEM", usually WEB services and database services have "ImpersonatePrivilege" permissions.
Based on the history of Potato privilege escalation for 6 years, from the beginning of RottenPotato to the end of JuicyPotatoNG, I discovered a new technology by researching DCOM, which enables privilege escalation in Windows 2012 - Windows 2022, now as long as you have "ImpersonatePrivilege" permission. Then you are "NT AUTHORITY\SYSTEM", usually WEB services and database services have "ImpersonatePrivilege" permissions.
GitHub
GitHub - BeichenDream/GodPotato
Contribute to BeichenDream/GodPotato development by creating an account on GitHub.