Sign in to follow this
Followers
0
-
Similar Content
-
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. OsCommerce Exploits 💥
– OsCommerce 2.x Core RCE
Drupal Exploits 💥
– Drupal Add admin
– Drupal BruteForcer
– Drupal Geddon2 Exploit – Upload shell + Index
Joomla Exploits 💥
– Joomla BruteForcer
– RCE joomla 1.x < 3.x
– Add Admin joomla 0day 3.x
– JCE Index + upload Shell Priv8
– jdownloads index + shell priv8
– com_media Index
– Com_fabrik index + Shell priv8
– com_alberghi Index
– Com_AdsManager index + Shell priv8 Method
– Com_MyBlog Index
– Com_CCkJseblod Config Download
– Com_Macgallery Config Download
– Com_Joomanager Config download
– Com_Hdflvplayer Config Download
– Com_s5_media_player Config Download
– Com_FoxContact UploadShell + Index
– Com_Jbcatalog Upload Index & Shell
– Com_SexyContactform Upload Index & Shell
– Com_rokdownloads Upload Index & Shell
– Com_extplorer Upload Index & Shell
– Com_jwallpapers Upload Index & Shell
– Com_facileforms Upload Index & Shell
WordPress Exploits 💥
– Wp 4.7 Content Injection
– Revslider css Index + Config + Shell Upload
– wp-user-frontend Exploit
– gravity-forms Exploit
– HD-webplayer Exploit
– wysija Exploit
– pagelines Exploit
– Headwaytheme Exploit
– addblockblocker Exploit
– cherry-plugin Exploit
– formcraft Exploit
– userpro take ADmin panel wordpress [priv8] Exploit
– wp-mobile-detector Exploit
– wp-job-manager Exploit
– woocomerce Exploit
– viral-optins Exploit
– WordPress Downloads-Manager Exploit Upload shell + Index
– WordPress Category-Page-icons Exploit
– wp_support_plus_responsive_ticket_system Download Config
– wp_miniaudioplayer Download Config
– eshop_magic Download Config
– ungallery Download Config
– barclaycart Upload Index & Shell
Prestashop Exploits 💥
– lib Prestashop Module Exploit
– psmodthemeoptionpanel Prestashop Module Exploit
– tdpsthemeoptionpanel Prestashop Module Exploit
– megamenu Prestashop Module Exploit
– nvn_export_orders Prestashop Module Exploit
– pk_flexmenu Prestashop Module Exploit
– wdoptionpanel Prestashop Module Exploit
– fieldvmegamenu Prestashop Module Exploit
– wg24themeadministration Prestashop Module Exploit
– videostab Prestashop Module Exploit
– cartabandonmentproOld Prestashop Module Exploit
– cartabandonmentpro Prestashop Module Exploit
– advancedslider Prestashop Module Exploit
– attributewizardpro_x Prestashop Module Exploit
– attributewizardpro3 Prestashop Module Exploit
– attributewizardpro2 Prestashop Module Exploit
– attributewizardpro Prestashop Module Exploit
– jro_homepageadvertise Prestashop Module Exploit
– homepageadvertise2 Prestashop Module Exploit
– homepageadvertise Prestashop Module Exploit
– productpageadverts Prestashop Module Exploit
– simpleslideshow Prestashop Module Exploit
– vtermslideshow Prestashop Module Exploit
– soopabanners Prestashop Module Exploit
– soopamobile Prestashop Module Exploit
– columnadverts Prestashop Module Exploit
Opencart Exploits 💥
– Opencart BruteForce
Hidden Content
Give reaction to this post to see the hidden content. -
By albar
Hello guys, I have a question. e.g
I have a rat and I created a payload then binded it with pdf file with the help of silent exploit but it is not fud. How can I obsfucate the binded virus? Is it possible or not?
-
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. pwndbg (/poʊndbæg/) is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.
Pwndbg has a lot of useful features. You can a list of all available commands at any time by typing the pwndbgcommand. Here’s a small subset which is easy to capture in screenshots.
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. This is a forked modified version of the great exploitation tool created by @welk1n. This tool can be used to start an HTTP Server, RMI Server, and LDAP Server to exploit java web apps vulnerable to JNDI Injection. Here is what I’ve updated on his tool:
Added support to serialized java payloads to LDAP payloads. This allows exploitation of any java version as long the classes are present in the application classpath ignoring completely the trustURLCodebase=false.
Added a proper menu with a help display and guidelines (and a fancy ascii banner just because :-p)
Added some command line parameters to modify the IP:PORT of the services. This helps in situations where the target can only access specific ports like 25, 53, 80, 443, etc.
Added standalone mode to all services, that way you can start only the JettyServer (HTTP), RMIServer, or LDAPServer. The HTTP address can also be changed on standalone mode to redirect requests to a different server. This is helpful in cases when the target can only access a single port (like port 53) and you need to jump across multiple servers in port 53 for successful exploitation.
Modified the ASMified Transformer payload (java bytecode) to detect the operating system where the exploit code will be detonated (windows or Unix like systems) and automatically runs the command into a proper terminal shell using the command Runtime.getRuntime().exec(String[] cmd) automatically mapping it to “cmd.exe /c command” or “/bin/bash -c command”. That way we can control pipes and write output to files, etc.
Added the JNDI bypass using groove published by @orangetw
Modified the Expression Language in the EL bypass to a more concise payload that detects the operational system and runs the command in a proper terminal (similar to the modified ASMified Transformer code).
Added two more JDK templates, JDK 1.6 and JDK 1.5. This is important in the case of legacy systems that have ancient Java versions.
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. http2smugl
This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server.
Hidden Content
Give reaction to this post to see the hidden content.
-