Search the Community

Showing results for tags 'exploit'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Pentesting Premium
  • Modders Section
  • PRIV8-Section
  • Pentesting Zone PRIV8
  • Carding Zone PRIV8
  • Recycle Bin
  • Null3D's Nulled Group

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 67 results

  1. Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution) Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 (docx file) You need to install lcab first (sudo apt-get install lcab) Check REPRODUCE.md for manual reproduce steps If your generated cab is not working, try pointing out exploit.html URL to calc.cab Finally try the docx in a Windows Virtual Machine: [hide][Hidden Content]]
  2. Description ـــــــــــــــــــــــــــــــــــــ In this Reverse Engineering and Exploit Development training course, expert author Philip Polstra will teach you about common software vulnerabilities and how to find them, as well as how the vulnerabilities differ between various operating systems. This course is designed for beginners who are looking to get started in security, penetration testing, and reverse engineering. You will start by learning about reversing compiled Windows applications, including using fuzzing, stack overflows, and heap overflows. From there, Philip will teach you how to reverse compiled OS X, Linux, and Android applications. This video tutorial also covers how to find other vulnerabilities, including website and database vulnerabilities. Finally, you will learn about simple exploits, web exploitation, and ARM exploitation. Once you have completed this computer based training course, you will be fully capable of finding vulnerabilities and developing exploits for them. Working files are included, allowing you to follow along with the author throughout the lessons. Who this course is for: ــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ Anyone interested in Reverse Engineering and Exploit Development Requirements ـــــــــــــــــــــــــــــــــــــــــــ This course is designed for beginners who are looking to get started in security, penetration testing, and reverse engineering. [hide][Hidden Content]]
  3. Disclaimer Aurthor assumes that the users would use Gr3eNoX Vulnerabilitie scanner legally. Aurthor won't be responsible in case of any damage caused by any user using this source code. This code is open sourced for educational purpose. Features SQLI Scanner SQLI Simple SQLI Complex LFI Scanner LFI Fuzz XSS Scanner Custom domain Tested On Windows 10 (64 bits) Windows 10 (32 bits) Windows 7 [hide][Hidden Content]]
  4. Introduction to Arm exploitation Part one What you'll learn Arm exploitation Binary exploitation Reverse engineering Basic arm instructions Gdb primer Patching binaries Ghidra,Binary ninja,Hopper etc Exploit development Format string vulnerabilities Ret2zp Attack Nx Bypass Buffer overflow Requirements A PC Basic programming concept(not necessary) Some interest Description Hello, Welcome to the cheapest and first course of Arm exploitation in Udemy.This course is purely for beginners.As you all know arm based devices are becoming more and more prominent these days so its important to learn about the securing them.i made this course highly practical so that it doesn't bore you as you go.This course Only requires just a PC we shouldn't be needing any raspberry pi or anything we will using emulated labs .This course is very basic and if you are already familiar with buffer overflows and format string exploitation this wouldn't be much help to you but still this can help you as a primer and as an introduction to ARM exploitation. This course is focused on Arm v6 vulnerabilities and Exploitation (32 bit ).We will start off with some basic arm instructions and will move to the practical exploitation.The core sections of these course is Reverse engineering and binary exploitation.We will reverse and modify the behaviour of simple crackme programs using Ghidra,Binary ninja,Hopper etc.Then we will move into exploiting various binaries using format string vulnerabilities and buffer overflows.After that we will be look at the protections used by the binaries and bypassing them.We will be using ctf style examples mostly.As this is the part one of the course we will cover everything from the scratch.This course has a 30 day refund policy so even if you dont like this course you can just surely get your money 100%. (NB : Its a ongoing course new contents will be added) I suggest you to watch the sample videos and then deciding to buy this. Who this course is for: Anyone Interested in learning binary exploitation Hackers Ctf players Reverse engineers [Hidden Content] [hide][Hidden Content]]
  5. What you'll learn Students will learn assembly language fundamentals for x64 processors Students will learn how to write shellcode on Linux for x64 processors Students will learn practical Linux exploit development concepts for x64 processors Students will learn how to bypass Linux exploit mitigation techniques such as NX, Stack Cookies and ASLR Requirements A computer with administrative access, if you want to follow the hands-on exercises. It is good to have knowledge basic on exploit development Description This course teaches exploit development for Linux (x86_64). This course introduces students to the exploit development concepts associated with Linux x86_64 binaries. This is an entry level to intermediate level course and we encourage you to take this course if you are interested to learn exploit development specifically for 64 bit intel processors. However, remember that the course involves a lot of assembly language and debugging using a debugger. So, you need patience and passion to learn the concepts taught in the course. This course makes use of a variety of techniques on exploit development and brace yourself if you are willing to learn by sitting in front of a computer. After successfully completing this course, you will be ready to attempt several industry leading practical cyber security certification exams. [IMPORTANT NOTES]: This is an ongoing course and new content will be uploaded progressively. Who this course is for: Bug bounty hunters Penetration testers Security Auditors Red Team Operators Anyone interested in security. [Hidden Content] [hide][Hidden Content]]
  6. Description We will be looking at the OWASP Top 10 web attacks 2017. Students are going to understand each attack by practicing them on their own with the help of this course. We will use Mutillidae 2 Vulnerable Web Application for all attack practice. We will start from setting up the lab to exploiting each vulnerability. This course not just focuses on attacks but also helps understanding the mitigations for each vulnerability. Students will understand the mitigations through Secure Source Codes and Best Practices provided in this course that should be followed by the developers to protect their web application from these vulnerabilities. What you’ll learn Web Application Pentesting Completing 20 exercise of Mutillidae Vulnerable Web Application OWASP top 10 2017 Mitigations for each vulnerability Secure code for mitigation Are there any course requirements or prerequisites? This course is for beginners Basic knowledge of OWASP top 10 Basics of using Burp Suite and Proxy Burpsuite and Browser Setup Who this course is for: Beginner ethical hacking students Students who want to learn Web Application Pentesting Students who want to perform exercises on Mutillidae Vulnerable Application Students who want to learn about the Mitigations of each vulnerability in OWASP top 10 2017 [Hidden Content]
  7. What you'll learn Getting Comfortable with Kali Linux The Essential Tools Passive Information Gathering Linux Buffer Overflow Exploitation Working with Exploits Client Side Attacks Requirements No prerequisites for this course - A computer with Internet Description With the skills you gain here, you’re equipped to pursue the Security+ certification from CompTIA.The Security+ Certification by CompTIA is an international and vendor-neutral certification that has been endorsed and recognized by industry computing manufacturers and organizations. This course provides foundational knowledge of the principles, techniques, and tools needed to successfully prepare for the SY0-401 exam. With the skills you gain here, you’re equipped to pursue a number of security certifications including the Security+ from CompTIA and the CEH from EC-Council. Who this course is for: Beginner hackers [Hidden Content] [hide][Hidden Content]]
  8. peda PEDA – Python Exploit Development Assistance for GDB Key Features: Enhance the display of gdb: colorize and display disassembly codes, registers, memory information during debugging. Add commands to support debugging and exploit development (for a full list of commands use peda help): aslr — Show/set ASLR setting of GDB checksec — Check for various security options of binary dumpargs — Display arguments passed to a function when stopped at a call instruction dumprop — Dump all ROP gadgets in the specific memory range elfheader — Get headers information from debugged ELF file elfsymbol — Get non-debugging symbol information from an ELF file lookup — Search for all addresses/references to addresses which belong to a memory range patch — Patch memory start at an address with string/hexstring/int pattern — Generate, search or write a cyclic pattern to memory procinfo — Display various info from /proc/pid/ pshow — Show various PEDA options and other settings pset — Set various PEDA options and other settings readelf — Get headers information from an ELF file ropgadget — Get common ROP gadgets of binary or library ropsearch — Search for ROP gadgets in memory searchmem|find — Search for a pattern in memory; support regex search shellcode — Generate or download common shellcodes. skeleton — Generate python exploit code template vmmap — Get virtual mapping address ranges of section(s) in debugged process xormem — XOR a memory region with a key Changelog v1.2 Bug fixes [hide][Hidden Content]]
  9. SUDO_KILLER is a tool that can be used for privilege escalation on the Linux environment by abusing SUDO in several ways. The tool helps to identify misconfiguration within sudo rules, vulnerability within the version of sudo being used (CVEs and vulns), and the use of dangerous binary, all of these could be abused to elevate privilege to ROOT. SUDO_KILLER will then provide a list of commands or local exploits which could be exploited to elevate privilege. It is worth noting that the tool does not perform any exploitation on your behalf, the exploitation will need to be performed manually and this is intended. Features Some of the checks/functionalities that are performed by the tool. Misconfigurations Dangerous Binaries Vulnerable versions of sudo – CVEs Dangerous Environment Variables Credential Harvesting Writable directories where scripts reside Binaries that might be replaced Identify missing scripts What version 2 of SK includes: New checks and/or scenarios CVE-2019-14287 – runas No CVE yet – sudoedit – absolute path CVE-2019-18634 – pwfeedback User Impersonation list of users in sudo group Performance improved Bugs corrected (checks, export, report,…) Continous improvement of the way output presented New videos will be added soon Annonying password input several time removed New functionality: offline mode – ability to extract the required info from audited system and run SK on host. Testing environment : A docker to play with the tool and different scenarios, you can also train on PE. [hide][Hidden Content]]
  10. itsMe

    HTA Exploit Builder

    Download And Execute File With Fud HTA Payload [hide][Hidden Content]] Payload.hta Scan [Hidden Content]
  11. ★ Description: ● Engines: [Google apis cache] Bing Ask Yandex Sogou Exalead Shodan ● Mass Dork Search ● Multiple instant scans. ● Mass Exploitation ● Use proxy. ● Random user agent. ● Random engine. ● Mass Extern commands execution. ● Exploits and issues search. ● XSS / SQLI / LFI / AFD scanner. ● Filter wordpress & Joomla sites. ● Wordpress theme and plugin detection. ● Find Admin page. ● Decode / Encode Base64 / MD5 ● Ports scan. ● Collect IPs ● Collect E-mails. ● Auto detect errors. ● Auto detect forms. ● Auto detect Cms. ● Post data. ● Auto sequence repeater. ● Validation. ● Post and Get method ● IP Localisation ● Issues and Exploit search ● Interactive and Normal interface. ● And more... [hide][Hidden Content]]
  12. Advanced Search / Dork / Mass Exploitation Scanner Description Search engine Google / Bing / Ask / Yandex / Sogou ● Mass Dork Search ● Multiple instant scans. ● Mass Exploitation ● Use proxy. ● Random user agent. ● Random engine. ● Extern commands execution. ● XSS / SQLI / LFI / AFD scanner. ● Filter wordpress and Joomla sites on the server. ● Find Admin page. ● Decode / Encode Base64 / MD5 ● Ports scan. ● Extract IPs ● Extract E-mails. ● Auto-detect errors. ● Auto-detect Cms. ● Post data. ● Auto sequence repeater. ● Validation. ● Post and Get method ● And more… CHANGES: v17.0.1 – Fix bug extern process. [hide][Hidden Content]]
  13. It generates the XML payloads, and automatically starts a server to serve the needed DTD’s or to do data exfiltration. Some notes: If you choose to use OOB or CDATA mode, XXExploiter will generate the necessary dtd to be included and will start a server to host them. Have in mind that if you use these options you should set the server address If you include content in the body of the XML have in mind that XML restricted characters like ‘<‘ may break the parsing so be sure to use CDATA or PHP’s base64encode Most of the languages limit the number of entity expansion, or the total length of the content expanded, so make sure you test XEE on your machine first, with the same conditions as the target. [hide][Hidden Content]]
  14. Key Features Understand how systems can be bypassed both at the operating system and network level with shellcode, assembly, and Metasploit Learn to write and modify 64-bit shellcode along with kernel-level shellcode concepts A step-by-step guide that will take you from low-level security skills to covering loops with shellcode Book Description Security is always a major concern for your application, your system, or your environment. This book’s main goal is to build up your skills for low-level security exploits, enabling you to find vulnerabilities and cover loopholes with shellcode, assembly, and Metasploit. This book covers topics ranging from memory management and assembly to compiling and extracting shellcode and using syscalls and dynamically locating functions in memory. This book also covers how to compile 64-bit shellcode for Linux and Windows along with Metasploit shellcode tools. Lastly, this book will also show you to how to write your own exploits with intermediate techniques, using real-world scenarios. By the end of this book, you will have become an expert in shellcode and will understand how systems are compromised both at the operating system and at the network level. What you will learn Create an isolated lab to test and inject Shellcodes (Windows and Linux) Understand both Windows and Linux behavior in overflow attacks Learn the assembly programming language Create Shellcode using assembly and Metasploit Detect buffer overflows Debug and reverse-engineer using tools such as gdb, edb, and immunity (Windows and Linux) Exploit development and Shellcode injections (Windows and Linux) Prevent and protect against buffer overflows and heap corruption Who this book is for This book is intended to be read by penetration testers, malware analysts, security researchers, forensic practitioners, exploit developers, C language programmers, software testers, and students in the security field. Readers should have a basic understanding of OS internals (Windows and Linux). Some knowledge of the C programming language is essential, and a familiarity with the Python language would be helpful. Table of Contents Introduction Lab Setup Assembly Language in Linux Reverse Engineering Creating Shellcode Buffer Overflow Attacks Exploit Development – Part 1 Exploit Development – Part 2 Real World scenarios part 1 Real World scenarios part 2 Real World scenarios part 3 Detection and Prevention [Hidden Content] [hide][Hidden Content]]
  15. Reverse Engineering and Exploit Development Application Penetration Testing for Security Professionals What you'll learn Learn more about various reversing tools Learn more about common vulnerabilities and how to find them You will become more familiar with simple exploits, web exploitation, and ARM exploitation [Hidden Content] [hide][Hidden Content]]
  16. Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets. [HIDE][Hidden Content]]
  17. NekoBot is an auto exploit tool to facilitate the penetration of one or many websites (Wordpress, Joomla, Drupal, Magento, Opencart,and Etc). Features : [+] Wordpress : 1- Cherry-Plugin 2- download-manager Plugin 3- wysija-newsletters 4- Slider Revolution [Revslider] 5- gravity-forms 6- userpro 7- wp-gdpr-compliance 8- wp-graphql 9- formcraft 10- Headway 11- Pagelines Plugin 12- WooCommerce-ProductAddons 13- CateGory-page-icons 14- addblockblocker 15- barclaycart 16- Wp 4.7 Core Exploit 17- eshop-magic 18- HD-WebPlayer 19- WP Job Manager 20- wp-miniaudioplayer 21- wp-support-plus 22- ungallery Plugin 23- WP User Frontend 24- Viral-options 25- Social Warfare 26- jekyll-exporter 27- cloudflare plugin 28- realia plugin 29- woocommerce-software 30- enfold-child Theme 31- contabileads plugin 32- prh-api plugin 33- dzs-videogallery plugin 34- mm-plugin 35- Wp-Install 36- Auto BruteForce [+] Joomla 1- Com_adsmanager 2- Com_alberghi 3- Com_CCkJseblod 4- Com_extplorer 5- Com_Fabric 6- Com_facileforms 7- Com_Hdflvplayer 8- Com_Jbcatalog 9- Com_JCE 10- Com_jdownloads 11- Com_Joomanager 12- Com_Macgallery 13- Com_media 14- Com_Myblog 15- Com_rokdownloads 16- Com_s5_media_player 17- Com_SexyContactform 18- Joomla core 3.x RCE 19- Joomla core 3.x RCE [2019] 20 - Joomla Core 3.x Admin Takeover 21 - Auto BruteForce 22 - Com_b2jcontact 23 - Com_bt_portfolio 24 - Com_civicrm 25 - Com_extplorer 26 - Com_facileforms 27 - Com_FoxContent 28 - Com_jwallpapers 29 - Com_oziogallery 30 - Com_redmystic 31 - Com_simplephotogallery 32 - megamenu module 33 - mod_simplefileuploadv1 [+] Drupal : 1- Drupal Add admin geddon1 2- Drupal RCE geddon2 3- Drupal 8 RCE RESTful 4- Drupal mailchimp 5- Drupal php-curl-class 6- BruteForce 7- Drupal SQL Add Admin 8- Drupal 7 RCE 9- bartik 10- Avatarafd Config 11- Drupal 8 12- Drupal Default UserPass [+] Magento : 1- Shoplift 2- Magento Default user pass [+] Oscommerce 1- OsCommerce Core 2.3 RCE Exploit opencart [+] OTHER : 1- Env Exploit 2- SMTP CRACKER 3- CV [HIDE][Hidden Content]]
  18. XCat is a command line tool to exploit and investigate blind XPath injection vulnerabilities. For a complete reference read the documentation here: [Hidden Content] It supports an large number of features: Auto-selects injections (run xcat injections for a list) Detects the version and capabilities of the xpath parser and selects the fastest method of retrieval Built in out-of-bound HTTP server Automates XXE attacks Can use OOB HTTP requests to drastically speed up retrieval Custom request headers and body Built in REPL shell, supporting: Reading arbitrary files Reading environment variables Listing directories Uploading/downloading files (soon TM) Optimized retrieval Uses binary search over unicode codepoints if available Fallbacks include searching for common characters previously retrieved first Normalizes unicode to reduce the search space [HIDE][Hidden Content]]
  19. XCat XCat is a command-line tool to exploit and investigate blind XPath injection vulnerabilities. It supports a large number of features: Auto-selects injections (run xcat injections for a list) Detects the version and capabilities of the xpath parser and selects the fastest method of retrieval Built-in out-of-bound HTTP server Automates XXE attacks Can use OOB HTTP requests to drastically speed up retrieval Custom request headers and body Built-in REPL shell, supporting: Reading arbitrary files Reading environment variables Listing directories Uploading/downloading files (soon TM) [HIDE][Hidden Content]]
  20. F B I

    BadMod auto exploit tool

    [Hidden Content]
  21. BlueKeep CVE-2019-0708 is a critical Remote Code Execution vulnerability in Microsoft’s RDP service. This only targets Windows 2008 R2 and Windows 7 SP1. [Hidden Content]
  22. Descripción In this Reverse Engineering and Exploit Development training course, expert author Philip Polstra will teach you about common software vulnerabilities and how to find them, as well as how the vulnerabilities differ between various operating systems. This course is designed for beginners who are looking to get started in security, penetration testing, and reverse engineering. You will start by learning about reversing compiled Windows applications, including using fuzzing, stack overflows, and heap overflows. From there, Philip will teach you how to reverse compiled OS X, Linux, and Android applications. This video tutorial also covers how to find other vulnerabilities, including website and database vulnerabilities. Finally, you will learn about simple exploits, web exploitation, and ARM exploitation. Once you have completed this computer based training course, you will be fully capable of finding vulnerabilities and developing exploits for them. Working files are included, allowing you to follow along with the author throughout the lessons. [Hidden Content] [HIDE][Hidden Content]]
  23. dEEpEst

    Binary Exploit Cheatsheet

    [hide] [Hidden Content] [/Hide[
  24. cve_2019_0708_bluekeep_rce.rb > /usr/share/metasploit-framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb rdp.rb > /usr/share/metasploit-framework/lib/msf/core/exploit/rdp.rb rdp_scanner.rb > /usr/share//metasploit-framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb cve_2019_0708_bluekeep.rb > /usr/share/metasploit-framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb [Hidden Content] Source: [Hidden Content]