This is your work, valued
Intranet_Penetration_Tips. 2018年初整理的一些内网渗透TIPS,后面更新的慢,所以整理出来希望跟小伙伴们一起更新维护~
4.6knoPac. Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
1kredis-rce. Redis 4.x/5.x RCE
980Pentest. tools
543CVE-2017-11882. CVE-2017-11882 from https://github.com/embedi/CVE-2017-11882
538atexec-pro. Fileless atexec, no more need for port 445
413Exchange2domain. CVE-2018-8581
370cve-2020-0688. cve-2020-0688
326PySQLTools. Mssql利用工具
278acefile. POC of https://research.checkpoint.com/extracting-code-execution-from-winrar/
265CVE-2019-1040. CVE-2019-1040 with Exchange
251Mailget. 通过脉脉用户猜测企业邮箱
237owa_info. 获取Exchange信息的小工具
233TorProxy. 利用Tor搭建Socks5代理,动态切换IP
217RelayX. NTLM relay test.
195get_ip_by_ico. 从shodan获取使用了相同favicon.ico的网站
186CVE-2018-15982_EXP. exp of CVE-2018-15982
178RTF_11882_0802. PoC for CVE-2018-0802 And CVE-2017-11882
167CS_Chinese_support. Cobalt strike 修改支持回显中文。
144MyJSRat. This is JSRat.ps1 in Python
141cf_workers_proxy. Use cloudflare workers to build socks5 proxy service
90AMSI_bypass. XSLT
77proxyshell_payload. proxyshell payload generate
74SharpAddDomainMachine. SharpAddDomainMachine
69pyForgeCert. pyForgeCert is a Python equivalent of the ForgeCert.
69cs_custom_404. Cobalt strike custom 404 page
66GhostPotato. Just pick out the code we need.
66netsync. Use the Netlogon Remote Protocol (MS-NRPC) to dump the target hash.
62GetMail. 利用NTLM Hash读取Exchange邮件
60MSSQL_CLR. MSSQL CLR for pentest.
56DomainHiding. external c2 use domainhiding.
49p12tool. A simple Go script to brute force or parse a password-protected PKCS#12 (PFX/P12) file.
44VcenterKit. Vcenter综合渗透利用工具包 | Vcenter Comprehensive Penetration and Exploitation Toolkit
43hackredis. Python
42warp_proxy. cloudflare socks5 server
40webshell. This is a webshell open source project
37WebDAV. Set Up WebDAV Server for Remote File Sharing and more
35CVE-2019-1040-dcpwn. CVE-2019-1040 with Kerberos delegation
33tshtun. Py写的tsh的流量加解密过程。
28xslt_poc. Execute codes From XSLT
15mousejack_replay. mousejack hack
13Awesome-Hacking-Resources. A collection of hacking / penetration testing resources to make you better!
13pentest_study.
11Python_Codes. some python codes
9RealBlindingEDR. Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
82023Hvv. 2023 HVV情报速递~
7Red-Team-Infrastructure-Wiki. Wiki to collect Red Team infrastructure hardening resources
70day. 各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC 该项目将不断更新
6cf. Cloud Exploitation Framework 云环境利用框架,方便安全人员在获得 AK 的后续工作
6awesome-pentest. A collection of awesome penetration testing resources, tools and other shiny things
5FastJsonParty. FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本),主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
5RedisModules-ExecuteCommand. Tools, utilities and scripts to help you write redis modules!
5CVE-2018-8581. CVE-2018-8581 | Microsoft Exchange Server Elevation of Privilege Vulnerability
4nextnet. nextnet is a pivot point discovery tool written in Go.
4r77-rootkit. Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
3AD-Attack-Defense. Active Directory Security For Red & Blue Team
3PayloadsAllTheThings. A list of useful payloads and bypass for Web Application Security and Pentest/CTF
3wsMemShell. 一种全新的内存马
3SharpMemshell. HttpListener shell in csharp.
3