NativePayloads
https://github.com/DamonMohammadbagher/NativePayloads
https://github.com/DamonMohammadbagher/NativePayloads
GitHub
GitHub - DamonMohammadbagher/NativePayloads: All my Source Codes (Repos) for Red-Teaming & Pentesting + Blue Teaming
All my Source Codes (Repos) for Red-Teaming & Pentesting + Blue Teaming - DamonMohammadbagher/NativePayloads
Local privilege escalation via PetitPotam (perfectly on Windows 21H2 10.0.20348.1547)
https://github.com/wh0amitz/PetitPotato
https://github.com/wh0amitz/PetitPotato
GitHub
GitHub - wh0amitz/PetitPotato: Local privilege escalation via PetitPotam (Abusing impersonate privileges).
Local privilege escalation via PetitPotam (Abusing impersonate privileges). - wh0amitz/PetitPotato
POC code to exploit the Heap overflow in Fortinet's SSLVPN daemon
https://github.com/scrt/cve-2022-42475
https://github.com/scrt/cve-2022-42475
GitHub
GitHub - scrt/cve-2022-42475: POC code to exploit the Heap overflow in Fortinet's SSLVPN daemon
POC code to exploit the Heap overflow in Fortinet's SSLVPN daemon - scrt/cve-2022-42475
Windows x64 handcrafted token stealing kernel-mode shellcode
https://github.com/winterknife/PINKPANTHER
https://github.com/winterknife/PINKPANTHER
GitHub
GitHub - winterknife/PINKPANTHER: Windows x64 handcrafted token stealing kernel-mode shellcode
Windows x64 handcrafted token stealing kernel-mode shellcode - winterknife/PINKPANTHER
CVE-2023-23415
Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability
https://github.com/wh-gov/CVE-2023-23415
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415/
Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability
https://github.com/wh-gov/CVE-2023-23415
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415/
Arbitrary File Disclosure Vulnerability in Icinga Web 2 <2.8.6, <2.9.6, <2.10
https://github.com/JacobEbben/CVE-2022-24716
https://github.com/JacobEbben/CVE-2022-24716
GitHub
GitHub - JacobEbben/CVE-2022-24716: Arbitrary File Disclosure Vulnerability in Icinga Web 2 <2.8.6, <2.9.6, <2.10
Arbitrary File Disclosure Vulnerability in Icinga Web 2 <2.8.6, <2.9.6, <2.10 - GitHub - JacobEbben/CVE-2022-24716: Arbitrary File Disclosure Vulnerability in Icinga Web 2 &...
EXP for CVE-2023-28434 MinIO unauthorized to RCE
https://github.com/AbelChe/evil_minio
https://github.com/AbelChe/evil_minio
GitHub
GitHub - AbelChe/evil_minio: EXP for CVE-2023-28434 MinIO unauthorized to RCE
EXP for CVE-2023-28434 MinIO unauthorized to RCE. Contribute to AbelChe/evil_minio development by creating an account on GitHub.
CaveCarver - PE backdooring tool which utilizes and automates code cave technique
https://github.com/XaFF-XaFF/CaveCarver
https://github.com/XaFF-XaFF/CaveCarver
GitHub
GitHub - XaFF-XaFF/CaveCarver: CaveCarver - PE backdooring tool which utilizes and automates code cave technique
CaveCarver - PE backdooring tool which utilizes and automates code cave technique - XaFF-XaFF/CaveCarver
HardHat C2،A cross-platform, collaborative, Command & Control framework written in C#, designed for red teaming and ease of use.
https://github.com/DragoQCC/HardHatC2
https://github.com/DragoQCC/HardHatC2
GitHub
GitHub - DragoQCC/CrucibleC2: A C# Command & Control framework
A C# Command & Control framework . Contribute to DragoQCC/CrucibleC2 development by creating an account on GitHub.
https://github.com/BeichenDream/GodPotato
Based on the history of Potato privilege escalation for 6 years, from the beginning of RottenPotato to the end of JuicyPotatoNG, I discovered a new technology by researching DCOM, which enables privilege escalation in Windows 2012 - Windows 2022, now as long as you have "ImpersonatePrivilege" permission. Then you are "NT AUTHORITY\SYSTEM", usually WEB services and database services have "ImpersonatePrivilege" permissions.
Based on the history of Potato privilege escalation for 6 years, from the beginning of RottenPotato to the end of JuicyPotatoNG, I discovered a new technology by researching DCOM, which enables privilege escalation in Windows 2012 - Windows 2022, now as long as you have "ImpersonatePrivilege" permission. Then you are "NT AUTHORITY\SYSTEM", usually WEB services and database services have "ImpersonatePrivilege" permissions.
GitHub
GitHub - BeichenDream/GodPotato
Contribute to BeichenDream/GodPotato development by creating an account on GitHub.
runascs new version with remote impersonation
https://github.com/antonioCoco/RunasCs/releases/tag/v1.5
https://github.com/antonioCoco/RunasCs/releases/tag/v1.5
GitHub
Release RunasCs version 1.5 · antonioCoco/RunasCs
Added
Added flag --remote-impersonation that will spawn the new process with the main thread impersonating the requested user logon. This can facilitate some IL escape scenarios, e.g. elevation fr...
Added flag --remote-impersonation that will spawn the new process with the main thread impersonating the requested user logon. This can facilitate some IL escape scenarios, e.g. elevation fr...
Proof of Concept Code for CVE-2023-32353: Local privilege escalation via iTunes in Windows
https://github.com/86x/CVE-2023-32353-PoC
https://github.com/86x/CVE-2023-32353-PoC
GitHub
GitHub - 86x/CVE-2023-32353-PoC: Proof of Concept Code for CVE-2023-32353: Local privilege escalation via iTunes in Windows
Proof of Concept Code for CVE-2023-32353: Local privilege escalation via iTunes in Windows - 86x/CVE-2023-32353-PoC
elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative
https://github.com/g3tsyst3m/elevationstation
https://github.com/g3tsyst3m/elevationstation
GitHub
GitHub - g3tsyst3m/elevationstation: elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative
elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative - g3tsyst3m/elevationstation
CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent:
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt