evi1cg

Elite
@Ridter

持一颗清静无为平淡心,宠辱不惊,来去不忧。

Intranet_Penetration_Tips. 2018年初整理的一些内网渗透TIPS,后面更新的慢,所以整理出来希望跟小伙伴们一起更新维护~

4.6k

noPac. Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

1k

redis-rce. Redis 4.x/5.x RCE

980

Pentest. tools

543

CVE-2017-11882. CVE-2017-11882 from https://github.com/embedi/CVE-2017-11882

538

atexec-pro. Fileless atexec, no more need for port 445

413

Exchange2domain. CVE-2018-8581

370

cve-2020-0688. cve-2020-0688

326

PySQLTools. Mssql利用工具

278

acefile. POC of https://research.checkpoint.com/extracting-code-execution-from-winrar/

265

CVE-2019-1040. CVE-2019-1040 with Exchange

251

Mailget. 通过脉脉用户猜测企业邮箱

237

owa_info. 获取Exchange信息的小工具

233

TorProxy. 利用Tor搭建Socks5代理,动态切换IP

217

RelayX. NTLM relay test.

195

get_ip_by_ico. 从shodan获取使用了相同favicon.ico的网站

186

CVE-2018-15982_EXP. exp of CVE-2018-15982

178

RTF_11882_0802. PoC for CVE-2018-0802 And CVE-2017-11882

167

CS_Chinese_support. Cobalt strike 修改支持回显中文。

144

MyJSRat. This is JSRat.ps1 in Python

141

cf_workers_proxy. Use cloudflare workers to build socks5 proxy service

90

AMSI_bypass. XSLT

77

proxyshell_payload. proxyshell payload generate

74

SharpAddDomainMachine. SharpAddDomainMachine

69

pyForgeCert. pyForgeCert is a Python equivalent of the ForgeCert.

69

cs_custom_404. Cobalt strike custom 404 page

66

GhostPotato. Just pick out the code we need.

66

netsync. Use the Netlogon Remote Protocol (MS-NRPC) to dump the target hash.

62

GetMail. 利用NTLM Hash读取Exchange邮件

60

MSSQL_CLR. MSSQL CLR for pentest.

56

DomainHiding. external c2 use domainhiding.

49

p12tool. A simple Go script to brute force or parse a password-protected PKCS#12 (PFX/P12) file.

44

VcenterKit. Vcenter综合渗透利用工具包 | Vcenter Comprehensive Penetration and Exploitation Toolkit

43

hackredis. Python

42

warp_proxy. cloudflare socks5 server

40

webshell. This is a webshell open source project

37

WebDAV. Set Up WebDAV Server for Remote File Sharing and more

35

CVE-2019-1040-dcpwn. CVE-2019-1040 with Kerberos delegation

33

tshtun. Py写的tsh的流量加解密过程。

28

xslt_poc. Execute codes From XSLT

15

mousejack_replay. mousejack hack

13

Awesome-Hacking-Resources. A collection of hacking / penetration testing resources to make you better!

13

pentest_study.

11

Python_Codes. some python codes

9

RealBlindingEDR. Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...

8

2023Hvv. 2023 HVV情报速递~

7

Red-Team-Infrastructure-Wiki. Wiki to collect Red Team infrastructure hardening resources

7

0day. 各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC 该项目将不断更新

6

cf. Cloud Exploitation Framework 云环境利用框架,方便安全人员在获得 AK 的后续工作

6

awesome-pentest. A collection of awesome penetration testing resources, tools and other shiny things

5

FastJsonParty. FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本),主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用

5

RedisModules-ExecuteCommand. Tools, utilities and scripts to help you write redis modules!

5

CVE-2018-8581. CVE-2018-8581 | Microsoft Exchange Server Elevation of Privilege Vulnerability

4

nextnet. nextnet is a pivot point discovery tool written in Go.

4

r77-rootkit. Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

3

AD-Attack-Defense. Active Directory Security For Red & Blue Team

3

PayloadsAllTheThings. A list of useful payloads and bypass for Web Application Security and Pentest/CTF

3

wsMemShell. 一种全新的内存马

3

SharpMemshell. HttpListener shell in csharp.

3
59
Apply