Search the Community

LazyCSRF LazyCSRF is a more useful CSRF PoC generator that runs on Burp Suite. Motivation Burp Suite is an intercepting HTTP Proxy, and it is the defacto tool for performing web application security testing. The feature of Burp Suite that I like the most is Generate CSRF PoC. However, it does not support JSON parameters. It also uses the <form>, so it cannot send PUT/DELETE requests. In addition, multibyte characters that can be displayed in Burp Suite itself are often garbled in the generated CSRF PoC. Those were the motivations for creating LazyCSRF. Features Support JSON parameter (like a request to the API) Support PUT/DELETE (only work with CORS enabled with an unrestrictive policy) Support displaying multibyte characters (like Japanese) Generating CSRF PoC with Burp Suite Community Edition (of course, it also works in Professional Edition) The difference in the display of multibyte characters The following image shows the difference in the display of multibyte characters between Burp’s CSRF PoC generator and LazyCSRF. LazyCSRF can generate PoC for CSRF without garbling multibyte characters. This is only the case if the characters are not garbled on Burp Suite. [hide][Hidden Content]]

Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets. [HIDE][Hidden Content]]

Host Header Attack Vulnerability Demonstration | POC | Penetration Testing Video Tutorial [Hidden Content]

Bluekeep PoC This repo contains research concerning CVE-2019-0708. Bluekeep or CVE-2019-0708 is an RCE exploit that effects the following versions of Windows systems: Windows 2003 Windows XP Windows Vista Windows 7 Windows Server 2008 Windows Server 2008 R2 The vulnerability occurs during pre-authorization and has the potential to run arbitrary malicious code in the NT Authority\system user security context. How it works By sending a specially crafted packet an attacker is able to set the value for the Channel ID to something the RDP service isn't expecting, this causes a memory corruption bug that will create the conditions for Remote Code Execution to occur. Should the attacker choose to follow up with packets designed to take advantage of this flaw remote code execution can be achieved with System user privileges. Setup [Hidden Content] That should do what you need done and fix any issue you have. [HIDE][Hidden Content]]

[Hidden Content]

[Hidden Content]

[Hidden Content]

Download: [HIDE][Hidden Content]] Password: level23hacktools.com