This is your work, valued

irsl

Elite
@irsl

gcp-dhcp-takeover-code-exec. Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent

534

curlshell. reverse shell using curl

476

ADB-Backup-APK-Injection. Android ADB backup APK Injection POC

141

dfwfw. Docker Firewall Framework

130

CVE-2020-1313. Proof of concept exploit of Windows Update Orchestrator Service Elevation of Privilege Vulnerability

124

jackson-rce-via-spel. An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions

122

Huawei-Hisuite-KobackupCipherTool. Tool to encrypt/decrypt backup packages created by Huawei Hisuite.

62

CVE-2020-0728. Proof of Concept code for CVE-2020-0728

46

apache-openoffice-rce-via-uno-links.

35

php-bypass-disable-functions. Demo project how to bypass the disable_functions security control of PHP on Linux

27

microsoft-diagcab-rce-poc. Proof of concept about a path traversal vulnerability in Microsoft's Diagcab technology that could lead to remote code execution

21

CVE-2020-1967. Proof of concept exploit about OpenSSL signature_algorithms_cert DoS flaw (CVE-2020-1967)

20

lgosp-poc. LG On Screen Phone authentication bypass PoC (CVE-2014-8757)

15

microsoft-diaghub-case-sensitivity-eop-cve. Proof of concept code about the Microsoft Diaghub case sensitivity Elevation of Privileges vulnerability

12

struts-any-results. Demonstrating why Dynamic Method Invocation with unrestricted method names (the old default of Struts) is dangerous.

12

golang-insecureskipverify-patch. Simple patcher tool to turn off TLS handshake validation in golang binaries

11

google-osconfig-privesc. Proof of concept about the privilege escalation flaw identified in Google's Osconfig

10

CVE-2022-20128. Android Debug Bridge (adb) was vulnerable to directory traversal attacks that could have been mounted by rogue/compromised adb daemons during an adb pull operation.

8

tcp-http-proxy. A potential solution for OpenWRT + Mitmproxy

8

gnu-patch-vulnerabilities. The GNU patch utility was prone vulnerable to multiple attacks through version 2.7.6. You can find my related PoC files here.

5

mysql-load-data-local-abuse. Abusing MySQL's LOAD DATA LOCAL feature

4

golang-http2debug-onthefly. Tool to activate http2debug feature of golang on the fly.

3

CVE-2022-3168-adb-unexpected-reverse-forwards. Proof of concept code to exploit flaw in adb that allowed opening network connections on the host to arbitrary destinations

3

go-reproto. An experimental tool to reconstruct proto definitions based on golang binaries

3

broker-ari. This is an experiment to host an MQTT broker for Ariston water heater devices so it is possible to manage them over LAN.

2

Eternal-Blue. REPTILEHAUS' simplified build process of Worawit Wang' (@sleepya_) version of EternalBlue.. The NSA exploit brought to you by the ShadowBrokers for exploiting MS17-010

2

cloud-sql-auth-proxy-iam-mitm. PoC tool to demonstrate an MitM attack against Google's Cloud SQL authentication proxy product.

2

pcap-proxy. A simple userland TCP proxy application that captures the network flow into a .pcap file

2

cstorm_fishycerts.vuln.party. The Repository Formerly Known As Fishycerts, vuln.party is a place to study & share SSL certificates & other CA-based crypto-buffonery for fun and... more fun. Also for Science!

1

raiffeisen-direktnet. Transaction parser for the Raiffeisen Direktnet banking website

1

proftpd-mysql-password. Support for MySQL PASSWORD() in Proftpd's SQLAuthTypes

1

cloud-shell-ssrf. Google Cloud Shell SSRF feature PoC tool

1

rdiff-backup. Simple docker image around rdiff-backup

1

dirstalk. Modern alternative to dirbuster/dirb

1

dvb-d. DVB over DLNA - stream DVB channels over your local network/wifi

1

hikvision-motion. SMTP server to receive HikVision camera/NVR notifications in order to post process the stream/images with GCP Vision AI (object tagging). Push notification to your device.

1

cubieboard-livesuite. Livesuite instructions and prebuilt binaries for Cubieboard NAND flashing

1

icedtea-web-vulnerabilities. Hosting proof of concept exploit code of the remote code execution vulnerabilities in the IcedTea-Web Java webstart implementation.

1

protojson-mapper. Tool to reconstruct the proto file used behind protojson based APIs

1

g. Shell

1

gcpdocs. Repository to archive GCP Documentation for local use

1

pool-ari. Ariston proxy

1

Notes.

1

pubsub-monitor. Simple tool to subscribe to Google Pub/Sub topics and save their events for later analysis.

1

grpcurl-for-android. gRPCurl precompiled binaries for Android

1

p1x1. Open-source web application for cataloging and archiving private photos in S3 compatible stores, protecting content via a full-browser, client-side encryption logic.

1

ezinject. Modular binary injection framework, successor of libhooker

1

postgres-proxy-cloudsql-iam-vuln. A PoC proxy script that allowed me to extract access tokens from the Postgres wire messages in Google Cloud SQL.

1