gcp-dhcp-takeover-code-exec. Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent
534curlshell. reverse shell using curl
476ADB-Backup-APK-Injection. Android ADB backup APK Injection POC
141dfwfw. Docker Firewall Framework
130CVE-2020-1313. Proof of concept exploit of Windows Update Orchestrator Service Elevation of Privilege Vulnerability
124jackson-rce-via-spel. An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions
122Huawei-Hisuite-KobackupCipherTool. Tool to encrypt/decrypt backup packages created by Huawei Hisuite.
62CVE-2020-0728. Proof of Concept code for CVE-2020-0728
46apache-openoffice-rce-via-uno-links.
35php-bypass-disable-functions. Demo project how to bypass the disable_functions security control of PHP on Linux
27microsoft-diagcab-rce-poc. Proof of concept about a path traversal vulnerability in Microsoft's Diagcab technology that could lead to remote code execution
21CVE-2020-1967. Proof of concept exploit about OpenSSL signature_algorithms_cert DoS flaw (CVE-2020-1967)
20lgosp-poc. LG On Screen Phone authentication bypass PoC (CVE-2014-8757)
15microsoft-diaghub-case-sensitivity-eop-cve. Proof of concept code about the Microsoft Diaghub case sensitivity Elevation of Privileges vulnerability
12struts-any-results. Demonstrating why Dynamic Method Invocation with unrestricted method names (the old default of Struts) is dangerous.
12golang-insecureskipverify-patch. Simple patcher tool to turn off TLS handshake validation in golang binaries
11google-osconfig-privesc. Proof of concept about the privilege escalation flaw identified in Google's Osconfig
10CVE-2022-20128. Android Debug Bridge (adb) was vulnerable to directory traversal attacks that could have been mounted by rogue/compromised adb daemons during an adb pull operation.
8tcp-http-proxy. A potential solution for OpenWRT + Mitmproxy
8gnu-patch-vulnerabilities. The GNU patch utility was prone vulnerable to multiple attacks through version 2.7.6. You can find my related PoC files here.
5mysql-load-data-local-abuse. Abusing MySQL's LOAD DATA LOCAL feature
4golang-http2debug-onthefly. Tool to activate http2debug feature of golang on the fly.
3CVE-2022-3168-adb-unexpected-reverse-forwards. Proof of concept code to exploit flaw in adb that allowed opening network connections on the host to arbitrary destinations
3go-reproto. An experimental tool to reconstruct proto definitions based on golang binaries
3broker-ari. This is an experiment to host an MQTT broker for Ariston water heater devices so it is possible to manage them over LAN.
2Eternal-Blue. REPTILEHAUS' simplified build process of Worawit Wang' (@sleepya_) version of EternalBlue.. The NSA exploit brought to you by the ShadowBrokers for exploiting MS17-010
2cloud-sql-auth-proxy-iam-mitm. PoC tool to demonstrate an MitM attack against Google's Cloud SQL authentication proxy product.
2pcap-proxy. A simple userland TCP proxy application that captures the network flow into a .pcap file
2cstorm_fishycerts.vuln.party. The Repository Formerly Known As Fishycerts, vuln.party is a place to study & share SSL certificates & other CA-based crypto-buffonery for fun and... more fun. Also for Science!
1raiffeisen-direktnet. Transaction parser for the Raiffeisen Direktnet banking website
1proftpd-mysql-password. Support for MySQL PASSWORD() in Proftpd's SQLAuthTypes
1cloud-shell-ssrf. Google Cloud Shell SSRF feature PoC tool
1rdiff-backup. Simple docker image around rdiff-backup
1dirstalk. Modern alternative to dirbuster/dirb
1dvb-d. DVB over DLNA - stream DVB channels over your local network/wifi
1hikvision-motion. SMTP server to receive HikVision camera/NVR notifications in order to post process the stream/images with GCP Vision AI (object tagging). Push notification to your device.
1cubieboard-livesuite. Livesuite instructions and prebuilt binaries for Cubieboard NAND flashing
1icedtea-web-vulnerabilities. Hosting proof of concept exploit code of the remote code execution vulnerabilities in the IcedTea-Web Java webstart implementation.
1protojson-mapper. Tool to reconstruct the proto file used behind protojson based APIs
1g. Shell
1gcpdocs. Repository to archive GCP Documentation for local use
1pool-ari. Ariston proxy
1Notes.
1pubsub-monitor. Simple tool to subscribe to Google Pub/Sub topics and save their events for later analysis.
1grpcurl-for-android. gRPCurl precompiled binaries for Android
1p1x1. Open-source web application for cataloging and archiving private photos in S3 compatible stores, protecting content via a full-browser, client-side encryption logic.
1ezinject. Modular binary injection framework, successor of libhooker
1postgres-proxy-cloudsql-iam-vuln. A PoC proxy script that allowed me to extract access tokens from the Postgres wire messages in Google Cloud SQL.
1