RCE 0-day for GhostScript 9.50 - Payload generator

Overview

RCE-0-day-for-GhostScript-9.50

PoC for RCE 0-day for GhostScript 9.50 - Payload generator

The PoC in python generates payload when exploited for a 0-day of GhostScript 9.50. This 0-day exploit affect to ImageMagick with the default settings from Ubuntu repository (Tested with default settings of ImageMagick on Ubuntu 20.04)

This project is created only for educational purposes and cannot be used for law violation or personal gain.

The author of this project is not responsible for any possible harm caused by the materials of this project.

Original finding and awesome research from Emil Lerner: https://twitter.com/emil_lerner/status/1430502815181463559

Usage: python IM-RCE-via-GhostScript-9.5.py <CMD> <Exploit-File>

Demo

Noted for php-imagemagick, sometime you must find the correct fd/<number>. The easiest way for doing this stuff is fuzzylogic and something like this (Tested with Ubuntu 20.04 and default php-imagemagick installed).

Owner
Just another web warrior โš”๏ธ
๐Ÿƒ Python Solutions of All Problems in FHC 2021 (In Progress)

FacebookHackerCup-2021 Python solutions of Facebook Hacker Cup 2021. Solution begins with * means it will get TLE in the largest data set (total compu

kamyu 14 Oct 15, 2022
Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228)

log4j-finder A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228) It scans recursively both on disk

Fox-IT 431 Dec 22, 2022
A knockoff social-engineer toolkit

The Python SE Dopp Kit is a social engineering toolkit with many purposes. It contains 5 different modules designed to be of assistance in different s

48 Nov 26, 2022
Worm/Trojan/Ransomware/apt/Rootkit/Virus Database

Pestilence - The Malware Database [] Screenshot Pestilence is a project created to make the possibility of malware analysis open and available to the

*ERR0R* 47 Dec 21, 2022
You can crack any zip file and get the password.

Zip-Cracker Video Lesson : This is a Very powerfull Zip File Crack tool for termux users. Check 500 000 Passwords in 30 seconds Unique Performance Che

Razor Kenway 13 Oct 24, 2022
๐™พ๐š™๐šŽ๐š— ๐š‚๐š˜๐šž๐š›๐šŒ๐šŽ ๐š‚๐šŒ๐š›๐š’๐š™๐š - ๐™ฝ๐š˜ ๐™ฒ๐š˜๐š™๐šข๐š›๐š’๐š๐š‘๐š - ๐šƒ๐šŽ๐šŠ๐š– ๐š†๐š˜๐š›๐š” - ๐š‚๐š’๐š–๐š™๐š•๐šŽ ๐™ฟ๐šข๐š๐š‘๐š˜๐š— ๐™ฟ๐š›๐š˜๐š“๐šŽ๐šŒ๐š - ๐™ฒ๐š›๐šŽ๐šŠ๐š๐šŽ๐š ๐™ฑ๐šข : ๐™ฐ๐š•๐š• ๐šƒ๐šŽ๐šŠ๐š– - ๐™ฒ๐š˜๐š™๐šข๐™ฟ๐šŠ๐šœ๐š ๐™ฒ๐šŠ๐š— ๐™ฝ๐š˜๐š ๐™ผ๐šŠ๐š”๐šŽ ๐šˆ๐š˜๐šž ๐š๐šŽ๐šŠ๐š• ๐™ฟ๐š›๐š˜๐š๐š›๐šŠ๐š–๐š–๐šŽ๐š›

๐™พ๐š™๐šŽ๐š— ๐š‚๐š˜๐šž๐š›๐šŒ๐šŽ ๐š‚๐šŒ๐š›๐š’๐š™๐š - ๐™ฝ๐š˜ ๐™ฒ๐š˜๐š™๐šข๐š›๐š’๐š๐š‘๐š - ๐šƒ๐šŽ๐šŠ๐š– ๐š†๐š˜๐š›๐š” - ๐š‚๐š’๐š–๐š™๐š•๐šŽ ๐™ฟ๐šข๐š๐š‘๐š˜๐š— ๐™ฟ๐š›๐š˜๐š“๐šŽ๐šŒ๐š - ๐™ฒ๐š›๐šŽ๐šŠ๐š๐šŽ๐š ๐™ฑ๐šข : ๐™ฐ๐š•๐š• ๐šƒ๐šŽ๐šŠ๐š– - ๐™ฒ๐š˜๐š™๐šข๐™ฟ๐šŠ๐šœ๐š ๐™ฒ๐šŠ๐š— ๐™ฝ๐š˜๐š ๐™ผ๐šŠ๐š”๐šŽ ๐šˆ๐š˜๐šž ๐š๐šŽ๐šŠ๐š• ๐™ฟ๐š›๐š˜๐š๐š›๐šŠ๐š–๐š–๐šŽ๐š›

CodeX-ID 2 Oct 27, 2022
Wonk is a tool for combining a set of AWS policy files into smaller compiled policy sets.

Wonk is a tool for combining a set of AWS policy files into smaller compiled policy sets.

Amino, Inc 140 Dec 16, 2022
A collection of intelligence about Log4Shell and its exploitation activity

Log4Shell-IOCs Members of the Curated Intelligence Trust Group have compiled a list of IOC feeds and threat reports focused on the recent Log4Shell ex

Curated Intel 172 Nov 17, 2022
Subdomain enumeration,Web scraping and finding usernames automation script written in python

Subdomain enumeration,Web scraping and finding usernames automation script written in python

Syam 12 Nov 22, 2022
NS-LOOKUP - A python script for scanning website for getting ip address of a website

NS-LOOKUP A python script for scanning website for getting ip address of a websi

Spider Anongreyhat 5 Aug 02, 2022
A Python Tool that uses Shodan API's to perform quick recon for vulnerabilities

Shodan Quick Recon A Python Tool that uses Shodan API's to perform quick recon for vulnerabilities Configuration You must edit the python code, and in

Black Hat Ethical Hacking 5 Aug 09, 2022
CVE-2021-22986 & F5 BIG-IP RCE

Vuln Impact This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management

Al1ex 85 Dec 02, 2022
A Modified version of TCC's Osprey poc framework......

fierce-fish fierce-fishๆ˜ฏ็”ฑTCC(ๆ–—่ฑก่ƒฝๅŠ›ไธญๅฟƒ)ๅ‡บๅ“ๅนถ็ปดๆŠค็š„ๅผ€ๆบๆผๆดžๆฃ€ๆต‹ๆก†ๆžถosprey็š„ๆ”นๅ†™๏ผŒๅŽปๆމ่‡ƒ่‚ฟๅŠŸ่ƒฝ็š„็ฒพ็ฎ€็‰ˆๆœฌpocๆก†ๆžถ PS๏ผš็œŸ็š„็”จไธๆƒฏๅ…ถๅฎƒ่‡ƒ่‚ฟ็š„ๅŠŸ่ƒฝ๏ผŒไธ่ฟ‡ไฝœไธบไธ€ไธชๆ”ถ้›†ๆผๆดžpoc && exp็š„ๆก†ๆžถ่ฟ˜ๆ˜ฏ้žๅธธไธ้”™็š„๏ผ๏ผ๏ผ osprey For beginners fr

lUc1f3r11 10 Dec 30, 2022
This repository detects a system vulnerable to CVE-2022-21907 and protects against this vulnerability if desired

This repository detects a system vulnerable to CVE-2022-21907 and protects against this vulnerability if desired

26 Dec 26, 2022
GDID (Google Dorks for Information Disclosure)

GDID (Google Dorks for Information Disclosure) Script made for your recon automation in Bug Bounty or Pentest. It will help you to find Information Di

Nischacid 5 Mar 10, 2022
Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures

Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and auto-completion to your preferred editor once it is configured.

Stamus Networks 39 Nov 28, 2022
Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts.

Oh365 User Finder Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts. The tool parses responses to ident

Joe Helle 414 Jan 02, 2023
pythonๅ†™็š„ไธ€ๆฌพๅ…ๆ€ๅทฅๅ…ท๏ผˆshellcodeๅŠ ่ฝฝๅ™จ๏ผ‰BypassAV๏ผŒๅ›ฝๅ†…ๆ€่ฝฏๅ…จ่ฟ‡๏ผˆwindows denfend๏ผ‰

pythonๅ†™็š„ไธ€ๆฌพๅ…ๆ€ๅทฅๅ…ท๏ผˆshellcodeๅŠ ่ฝฝๅ™จ๏ผ‰BypassAV๏ผŒๅ›ฝๅ†…ๆ€่ฝฏๅ…จ่ฟ‡๏ผˆwindows denfend๏ผ‰

1frame 266 Jan 02, 2023
ๅจ่ƒๆƒ…ๆŠฅๆ’ญๆŠฅ

Threat-Broadcast ๅจ่ƒๆƒ…ๆŠฅๆ’ญๆŠฅ ่ฟ่กŒ็Žฏๅขƒ ้กน็›ฎไป‹็ป ไปŽไปฅไธ‹ๅ…ฌๅผ€็š„ๅจ่ƒๆƒ…ๆŠฅๆฅๆบ็ˆฌๅ–ๅนถๆ•ดๅˆๆœ€ๆ–ฐไฟกๆฏ๏ผš 360๏ผšhttps://cert.360.cn/warning ๅฅ‡ๅฎ‰ไฟก๏ผšhttps://ti.qianxin.com/advisory/ ็บขๅŽ๏ผšhttps://redqueen.tj-u

ไธœๆ–นๆœ‰้ฑผๅไธบๅ’ธ 148 Nov 09, 2022
To explore creating an application that detects available connections at once from wifi and bluetooth

Signalum A Linux Package to detect and analyze existing connections from wifi and bluetooth. Also checkout the Desktop Application. Signalum Installat

BISOHNS 56 Mar 03, 2021