Search the Community

VFM is a simple and flexible plug-and-play file manager, easy to use and plenty of options. Send files to your customers, create new users with dedicated folders, or simply use it as your personal file cloud. Access from any device, manage users and general settings from an intuitive administration panel, customize it to your brand. [Hidden Content] [hide][Hidden Content]]

Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, might be a great way to make the traffic look legit. Workflow Teamserver Go to the specific Reddit Post & post a new comment with the command ("in: ") Read for new comment which includes the word "out:" If no such comment is found, go back to step 2 Parse the comment, decrypt it and read it's output Edit the existing comment to "executed", to avoid reexecuting it Client Go to the specific Reddit Post & read the latest comment which includes "in:" If no new comment is detected, go back to step 1 Parse the command out of the comment, decrypt it and execute it locally Encrypt the command's output and reply it to the respective comment ("out:" ) [Disclaimer]: Use of this project is for Educational/ Testing purposes only. Using it on unauthorised machines is strictly forbidden. If somebody is found to use it for illegal/ malicious intent, author of the repo will not be held responsible. [hide][Hidden Content]]

VFM is a simple and flexible plug-and-play file manager, easy to use and plenty of options. Send files to your customers, create new users with dedicated folders, or simply use it as your personal file cloud. Access from any device, manage users and general settings from an intuitive administration panel, customize it to your brand. [Hidden Content] [hide][Hidden Content]]

VFM is a simple and flexible plug-and-play file manager, easy to use and plenty of options. Send files to your customers, create new users with dedicated folders, or simply use it as your personal file cloud. Access from any device, manage users and general settings from an intuitive administration panel, customize it to your brand. [Hidden Content] [hide][Hidden Content]]

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing WAFs and other reverse proxies. How does it work? This tool will first make an HTTP request to the hostname that you provide and store the response, then it will make a request to every IP address that you provide via HTTP (80) and HTTPS (443), with the Host header set to the original host. Each HTTP response is then compared to the original using the Levenshtein algorithm to determine similarity. If the response is similar, it will be deemed a match. [hide][Hidden Content]]

VFM is a simple and flexible plug-and-play file manager, easy to use and plenty of options. Send files to your customers, create new users with dedicated folders, or simply use it as your personal file cloud. Access from any device, manage users and general settings from an intuitive administration panel, customize it to your brand. [Hidden Content] [hide][Hidden Content]]

VFM is a simple and flexible plug-and-play file manager, easy to use and plenty of options. Send files to your customers, create new users with dedicated folders, or simply use it as your personal file cloud. Access from any device, manage users and general settings from an intuitive administration panel, customize it to your brand. [Hidden Content] [hide][Hidden Content]]

VFM is a simple and flexible plug-and-play file manager, easy to use and plenty of options. Send files to your customers, create new users with dedicated folders, or simply use it as your personal file cloud. Access from any device, manage users and general settings from an intuitive administration panel, customize it to your brand. [Hidden Content] [hide][Hidden Content]]

VFM is a simple and flexible plug-and-play file manager, easy to use and plenty of options. Send files to your customers, create new users with dedicated folders, or simply use it as your personal file cloud. Access from any device, manage users and general settings from an intuitive administration panel, customize it to your brand. [Hidden Content] [hide][Hidden Content]]

ZipFile is a file hosting and sharing script. You can use this script to securely host your files to popular file hosting services or your own server and share by adding email address or link. [Hidden Content] [hide][Hidden Content]]

VFM is a simple and flexible plug-and-play file manager, easy to use and plenty of options. Send files to your customers, create new users with dedicated folders, or simply use it as your personal file cloud. Access from any device, manage users and general settings from an intuitive administration panel, customize it to your brand. [Hidden Content] [hide][Hidden Content]]

VFM is a simple and flexible plug-and-play file manager, easy to use and plenty of options. Send files to your customers, create new users with dedicated folders, or simply use it as your personal file cloud. Access from any device, manage users and general settings from an intuitive administration panel, customize it to your brand. [Hidden Content] [hide][Hidden Content]]

VFM is a simple and flexible plug-and-play file manager, easy to use and plenty of options. Send files to your customers, create new users with dedicated folders, or simply use it as your personal file cloud. Access from any device, manage users and general settings from an intuitive administration panel, customize it to your brand. [Hidden Content] [hide][Hidden Content]]

VFM is a simple and flexible plug-and-play file manager, easy to use and plenty of options. Send files to your customers, create new users with dedicated folders, or simply use it as your personal file cloud. Access from any device, manage users and general settings from an intuitive administration panel, customize it to your brand. Demo: [Hidden Content] [HIDE][Hidden Content]]

Host Header Attack Vulnerability Demonstration | POC | Penetration Testing Video Tutorial [Hidden Content]

GoAhead version 2.5.0 suffers from a host header injection vulnerability. View the full article

YzmCMS version 5.3 suffers from a host header injection vulnerability. View the full article

VFM is a simple and flexible plug-and-play file manager, easy to use and plenty of options. Send files to your customers, create new users with dedicated folders, or simply use it as your personal file cloud. Access from any device, manage users and general settings from an intuitive administration panel, customize it to your brand. Demo: [Hidden Content] [HIDE][Hidden Content]]

Cisco Content Security Virtual Appliance M380 IronPort remote cross site host modification demo exploit. View the full article

WordPress versions 5.2.3 and below remote cross site host modification proof of concept demo exploit. View the full article

The VMX process (vmware-vmx.exe) process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created with an elevated integrity level by the authentication daemon (vmware-authd.exe) which runs at SYSTEM. This prevents a non-administrator user opening the process and abusing its elevated access. Unfortunately the process is created as the desktop user which results in the elevated process sharing resources such as COM registrations with the normal user who can modify the registry to force an arbitrary DLL to be loaded into the VMX process. Affects VMware Workstation Windows version 14.1.5 (on Windows 10). Also tested on VMware Player version 15. View the full article

The VMX process (vmware-vmx.exe) process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created with an elevated integrity level by the authentication daemon (vmware-authd.exe) which runs at SYSTEM. This prevents a non-administrator user opening the process and abusing its elevated access. Unfortunately the process is created as the desktop user and follows the common pattern of impersonating the user while calling CreateProcessAsUser. This is an issue as the user has the ability to replace any drive letter for themselves, which allows a non-admin user to hijack the path to the VMX executable, allowing the user to get arbitrary code running as a trusted VMX process. Affects VMware Workstation Windows version 14.1.5 (on Windows 10). Also tested on VMware Player version 15.0.2. View the full article

Advanced Host Monitor version 11.92 Beta suffers from a buffer overflow vulnerability. View the full article

runc versions prior to 1.0-rc6 (Docker < 18.09.2 host command execution proof of concept exploit. View the full article

Advanced Host Monitor version 11.90 Beta registration number denial of service proof of concept exploit. View the full article