RCE 0-day for GhostScript 9.50 - Payload generator

Last update: Dec 14, 2022

Overview

RCE-0-day-for-GhostScript-9.50

PoC for RCE 0-day for GhostScript 9.50 - Payload generator

The PoC in python generates payload when exploited for a 0-day of GhostScript 9.50. This 0-day exploit affect to ImageMagick with the default settings from Ubuntu repository (Tested with default settings of ImageMagick on Ubuntu 20.04)

This project is created only for educational purposes and cannot be used for law violation or personal gain.

The author of this project is not responsible for any possible harm caused by the materials of this project.

Original finding and awesome research from Emil Lerner: https://twitter.com/emil_lerner/status/1430502815181463559

Usage: `python IM-RCE-via-GhostScript-9.5.py <CMD> <Exploit-File>`

Demo

Noted for php-imagemagick, sometime you must find the correct `fd/<number>`. The easiest way for doing this stuff is fuzzylogic and something like this (Tested with Ubuntu 20.04 and default php-imagemagick installed).

Owner

Just another web warrior ⚔️

GitHub Repository

DomainMonitor is a web project that has a RESTful API to get a domain's subdomains and whois data.

2 Feb 05, 2022

This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

webapp-wordlists This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version co

396 Jan 08, 2023

Automatic SQL injection and database takeover tool

sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of

25.7k Jan 08, 2023

A python base script from which you can hack or clone any person's facebook friendlist or followers accounts which have simple password

Hcoder This is a python base script from which you can hack or clone any person's facebook friendlist or followers accounts which have simple password

3 Dec 06, 2021

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Pupy Installation Installation instructions are on the wiki, in addition to all other documentation. For maximum compatibility, it is recommended to u

7.4k Jan 04, 2023

Magicspoofing - A python3 script for search possible misconfiguration in a DNS related to security protections of email service from the domain name

A python3 script for search possible misconfiguration in a DNS related to security protections of email service from the domain name. This project is for educational use, we are not responsible for i

20 Dec 02, 2022

Time Discretization-Invariant Safe Action Repetition for Policy Gradient Methods

Time Discretization-Invariant Safe Action Repetition for Policy Gradient Methods This repository is the official implementation of Seohong Park, Jaeky

6 Aug 02, 2022

Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬

mailcat The only cat who can find existing email addresses by nickname. Usage First install requirements: pip3 install -r requirements.txt Then just

282 Dec 30, 2022

RCE 0-day for GhostScript 9.50 - Payload generator

Related tags

Overview

RCE-0-day-for-GhostScript-9.50

PoC for RCE 0-day for GhostScript 9.50 - Payload generator

The PoC in python generates payload when exploited for a 0-day of GhostScript 9.50. This 0-day exploit affect to ImageMagick with the default settings from Ubuntu repository (Tested with default settings of ImageMagick on Ubuntu 20.04)

This project is created only for educational purposes and cannot be used for law violation or personal gain.

The author of this project is not responsible for any possible harm caused by the materials of this project.

Original finding and awesome research from Emil Lerner: https://twitter.com/emil_lerner/status/1430502815181463559

Usage: `python IM-RCE-via-GhostScript-9.5.py <CMD> <Exploit-File>`

Demo

Noted for php-imagemagick, sometime you must find the correct `fd/<number>`. The easiest way for doing this stuff is fuzzylogic and something like this (Tested with Ubuntu 20.04 and default php-imagemagick installed).

Owner

DomainMonitor is a web project that has a RESTful API to get a domain's subdomains and whois data.

This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

Automatic SQL injection and database takeover tool

A python base script from which you can hack or clone any person's facebook friendlist or followers accounts which have simple password

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Magicspoofing - A python3 script for search possible misconfiguration in a DNS related to security protections of email service from the domain name

Time Discretization-Invariant Safe Action Repetition for Policy Gradient Methods

Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬

Script checks provided domains for log4j vulnerability

ADExplorerSnapshot.py is an AD Explorer snapshot ingestor for BloodHound.

A (completely native) python3 wifi brute-force attack using the 100k most common passwords (2021)

A python implementation of the windows 95 product key check.

Dark-Fb No Login 100% safe

PoC for CVE-2021-45897 aka SCRMBT-#180 - RCE via Email-Templates (Authenticated only) in SuiteCRM <= 8.0.1

A simple python code for hacking profile views

Infection Monkey - An automated pentest tool

Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability

A Fast Broken Link Hijacker Tool written in Python

A set of blender assets created for the $yb NFT project.

一款Web在线自动免杀工具

RCE 0-day for GhostScript 9.50 - Payload generator

Related tags

Overview

RCE-0-day-for-GhostScript-9.50

PoC for RCE 0-day for GhostScript 9.50 - Payload generator

The PoC in python generates payload when exploited for a 0-day of GhostScript 9.50. This 0-day exploit affect to ImageMagick with the default settings from Ubuntu repository (Tested with default settings of ImageMagick on Ubuntu 20.04)

This project is created only for educational purposes and cannot be used for law violation or personal gain.

The author of this project is not responsible for any possible harm caused by the materials of this project.

Original finding and awesome research from Emil Lerner: https://twitter.com/emil_lerner/status/1430502815181463559

Usage: python IM-RCE-via-GhostScript-9.5.py <CMD> <Exploit-File>

Demo

Noted for php-imagemagick, sometime you must find the correct fd/<number>. The easiest way for doing this stuff is fuzzylogic and something like this (Tested with Ubuntu 20.04 and default php-imagemagick installed).

Owner

DomainMonitor is a web project that has a RESTful API to get a domain's subdomains and whois data.

This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

Automatic SQL injection and database takeover tool

A python base script from which you can hack or clone any person's facebook friendlist or followers accounts which have simple password

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Magicspoofing - A python3 script for search possible misconfiguration in a DNS related to security protections of email service from the domain name

Time Discretization-Invariant Safe Action Repetition for Policy Gradient Methods

Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬

Script checks provided domains for log4j vulnerability

ADExplorerSnapshot.py is an AD Explorer snapshot ingestor for BloodHound.

A (completely native) python3 wifi brute-force attack using the 100k most common passwords (2021)

A python implementation of the windows 95 product key check.

Dark-Fb No Login 100% safe

PoC for CVE-2021-45897 aka SCRMBT-#180 - RCE via Email-Templates (Authenticated only) in SuiteCRM <= 8.0.1

A simple python code for hacking profile views

Infection Monkey - An automated pentest tool

Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability

A Fast Broken Link Hijacker Tool written in Python

A set of blender assets created for the $yb NFT project.

一款Web在线自动免杀工具

Usage: `python IM-RCE-via-GhostScript-9.5.py <CMD> <Exploit-File>`

Noted for php-imagemagick, sometime you must find the correct `fd/<number>`. The easiest way for doing this stuff is fuzzylogic and something like this (Tested with Ubuntu 20.04 and default php-imagemagick installed).