CVE-2021-22005 - VMWare vCenter Server File Upload to RCE

Last update: Aug 05, 2022

Overview

CVE-2021-22005 - VMWare vCenter Server File Upload to RCE

Analyze

Usage

-------------------------------------------------------------
[*] CVE-2021-22005 - VMWare vCenter Server File Upload to RCE
[*] Github: https://github.com/r0ckysec
[*] Twitter: https://twitter.com/r0cky6861636b
[*] Author: r0cky
-------------------------------------------------------------


Usage: ./cve-2021-22005_exp -u <http://target>

Optional Arguments:
  -h help         Show This Help Message And Exit
  -u url          Will Send Payload To Target URL
  -s shell        One-click GetShell
  -p proxy        Specific Request Proxy

GetShell

Owner

r0cky

GitHub Repository

DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by launching a dictionary based attack against a webserver and analyse its response.

DirBruter DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by laun

12 Dec 17, 2022

Automatically download all 10,000 CryptoPunk NFTs.

CryptoPunk Stealer The sole purpose of this script is to download the entire CryptoPunk NFT collection. How does it work? Basically, the website where

7 Oct 22, 2022

A simple python code for hacking profile views

This code for hacking profile views. Not recommended to adding profile views in profile. This code is not illegal code. This code is for beginners.

3 Nov 28, 2021

A small Python Script To get all levels of subdomains from a list

getlevels A small Python Script To get all levels of subdomains Easily get 1st level, 2nd level, 3rd level, 4th level .... nth level subdomains Usag

9 Feb 15, 2022

🔍 IRIS: An open-source intelligence framework

IRIS is an open-source OSINT framework, consisting of modules to find information about a target by scraping sites and fetching data from APIs.

79 Dec 20, 2022

大宝剑-信息收集和资产梳理工具（红队、蓝队、企业组织架构、子域名、Web资产梳理、Web指纹识别、ICON_Hash资产匹配）

835 Jan 05, 2023

A blind SQL injection script that uses binary search aka bisection method to dump datas from database.

Blind SQL Injection I wrote this script to solve PortSwigger Web Security Academy's particular Blind SQL injection with conditional responses lab. Bec

2 Oct 29, 2022

Extendable payload obfuscation and delivery framework

NSGenCS What Is? An extremely simple, yet extensible framework to evade AV with obfuscated payloads under Windows. Installation Requirements Currently

123 Dec 19, 2022

Instagram brute force tool that uses tor as its proxy connections

Insta-crack This is a instagram brute force tool that uses tor as its proxy connections, keep in mind that you should not do anything illegal with thi

3 Jan 28, 2022

This respository contains the source code of the printjack and phonejack attacks.

Printjack-Phonejack This repository contains the source code of the printjack and phonejack attacks. The Printjack directory contains the script to ca

2 Feb 12, 2022

JumpServer远程代码执行漏洞检测利用脚本

Jumpserver-EXP JumpServer远程代码执行漏洞检测利用脚本

181 Dec 20, 2022

OMIGOD! OM I GOOD? A free scanner to detect VMs vulnerable to one of the

omigood (OM I GOOD?) This repository contains a free scanner to detect VMs vulnerable to one of the "OMIGOD" vulnerabilities discovered by Wiz's threa

13 Jul 13, 2022

Simple python script for generating custom high-secure passwords for securing your social-apps ❤️

Opensource Project Simple Python Password Generator This repository is just for peoples who want to generate strong-passwords for there social-account

15 Dec 01, 2022

🐎🖥《赛马娘》（ウマ娘: Pretty Derby）辅助脚本

auto-derby 自动化养马育成结果 Nurturing result 功能支持客户端 DMM （前台）实验性安卓 ADB 连接（后台）开发基于 1080x1920 分辨率团队赛 (Team race) 有胜利确定奖励时吃帕菲日常赛 (Daily race) PvP 活动赛 (Cha

376 Jan 01, 2023

A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers within industrial environments. Utilizing multithreaded processing, Automator-Terminator delivers a powerful wave of spoofed ethernet packets to a null MAC address.

Automator-Terminator A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers (PLCs) w

25 Oct 10, 2022

CVE-2021-22005 - VMWare vCenter Server File Upload to RCE

Related tags

Overview

CVE-2021-22005 - VMWare vCenter Server File Upload to RCE

Analyze

Usage

GetShell

Owner

r0cky

DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by launching a dictionary based attack against a webserver and analyse its response.

Automatically download all 10,000 CryptoPunk NFTs.

A simple python code for hacking profile views

A small Python Script To get all levels of subdomains from a list

🔍 IRIS: An open-source intelligence framework

大宝剑-信息收集和资产梳理工具（红队、蓝队、企业组织架构、子域名、Web资产梳理、Web指纹识别、ICON_Hash资产匹配）

A blind SQL injection script that uses binary search aka bisection method to dump datas from database.

Extendable payload obfuscation and delivery framework

Instagram brute force tool that uses tor as its proxy connections

This respository contains the source code of the printjack and phonejack attacks.

JumpServer远程代码执行漏洞检测利用脚本

OMIGOD! OM I GOOD? A free scanner to detect VMs vulnerable to one of the

Simple python script for generating custom high-secure passwords for securing your social-apps ❤️

🐎🖥《赛马娘》（ウマ娘: Pretty Derby）辅助脚本

A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers within industrial environments. Utilizing multithreaded processing, Automator-Terminator delivers a powerful wave of spoofed ethernet packets to a null MAC address.

Scan publicly accessible assets on your AWS cloud environment

Use FOFA automatic vulnerability scanning tool

APKLeaks - Scanning APK file for URIs, endpoints & secrets.

Proof of Concept Exploit for vCenter CVE-2021-21972

Early days of an Asset Discovery tool.