IngressNightmare POC. world first non-blind remote execution exploitation with multi-advanced exploitation methods. allow on disk exploitation. CVE-2025-24514 - auth-url injection, CVE-2025-1097 - auth-tls-match-cn injection, CVE-2025-1098 – mirror UID injection -- all available.
☆92May 6, 2025Updated last year
Alternatives and similar repositories for ingressNightmare-CVE-2025-1974-exps
Users that are interested in ingressNightmare-CVE-2025-1974-exps are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Zero Privilege Kubernetes Penetration Testing problem solver☆274Jul 29, 2025Updated 9 months ago
- Kubernetes has its “ADCS” -- How To Backdoor a Kubernetes in silence and more persistent?☆41Nov 16, 2025Updated 5 months ago
- ☆53Mar 25, 2025Updated last year
- Open Source XSS exploitation tool. using http proxy to access the browser which executed js. [Engineering Experimental]☆37Nov 22, 2024Updated last year
- Post-exploit a compromised etcd, gain persistence and remote shell to nodes.☆92May 7, 2024Updated 2 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- ☆78Nov 22, 2024Updated last year
- Let sliver use msf payload!☆25Mar 23, 2025Updated last year
- Use the Netlogon Remote Protocol (MS-NRPC) to dump the target hash.☆62Feb 25, 2025Updated last year
- portreuse reuseport 端口复用☆61Aug 27, 2023Updated 2 years ago
- A tool specifically designed for Kubernetes environments aims to efficiently and automatically discover hidden vulnerable APIs within clu…☆106May 20, 2025Updated 11 months ago
- Extract entire function source code based on giving line number using Javaparser☆21Jul 15, 2025Updated 9 months ago
- Some ReadObject Sink With JDBC☆246May 8, 2024Updated 2 years ago
- PolicyKit CVE-2021-3560 Exploit (Authentication Agent)☆117May 2, 2022Updated 4 years ago
- Weaponized VSCode Extensions☆17Updated this week
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- Proof of Concept for Authentication Bypass in JetBrains TeamCity Pre-2023.11.4☆36Mar 5, 2024Updated 2 years ago
- Exploits a flaw in Remote Desktop Plus by monitoring and decrypting temporary .rdp files in %localappdata%/Temp, revealing credentials us…☆17Jul 3, 2025Updated 10 months ago
- CVE-2022-25845(fastjson1.2.80) exploit in Spring Env!☆109Nov 7, 2024Updated last year
- A VSCode Workspace based hacking environment utils. Starting your Note-Driven Hacking experience.☆111Aug 21, 2025Updated 8 months ago
- Here is a common vulnerability when Kubernetes Controller designed.☆10Dec 11, 2023Updated 2 years ago
- 多组件客户端☆74May 1, 2025Updated last year
- Active Directory Authentication Library☆93Apr 23, 2026Updated 2 weeks ago
- LC(List Cloud)是一个多云攻击面资产梳理工具☆641Oct 6, 2024Updated last year
- This is a PoC code to exploit the IngressNightmare vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974).☆250Mar 26, 2025Updated last year
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- 构造字节在ASCII范围内的jar☆141Feb 14, 2022Updated 4 years ago
- A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.☆11Mar 18, 2019Updated 7 years ago
- 一款基于James Forshaw的.NET Remoting�反序列化工具升级版在TypeFilterLevel.Low模式无文件payload任意代码执行poc的开发心得☆48Jan 23, 2025Updated last year
- MetaDataSacker(元数据掠夺者):可将其他官方exe中数字签名,图标,详细信息复制到没有签名的EXE中,作为免杀,权限维持,伪装的一种小手段☆24Aug 20, 2024Updated last year
- ☆17Feb 14, 2025Updated last year
- ☆246May 5, 2024Updated 2 years ago
- ysoserial.net docker image☆30Sep 23, 2024Updated last year
- 一款专注于 Java 主流 Web 中间件的内存马快速生成工具,致力于简化安全研究人员和红队成员的工作流程,提升攻防效率☆1,444Apr 26, 2026Updated 2 weeks ago
- 《深入JDBC安全:特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Explo��…☆579Feb 7, 2026Updated 3 months ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- PortBender修改为exe版本☆31Jul 24, 2023Updated 2 years ago
- Basic code for creating the Alibaba FastJson + Spring gadget chain, as used to exploit Apache Dubbo in CVE-2019-17564 - more information …☆16Dec 10, 2022Updated 3 years ago
- 不那么一样的 Java Agent 内存马☆289Nov 27, 2023Updated 2 years ago
- ☆36Mar 4, 2025Updated last year
- ☆309Feb 27, 2025Updated last year
- Tool for Active Directory Certificate Services enumeration and abuse☆167Apr 17, 2025Updated last year
- 基于多种策略, 对已有 JAR 包中的全限定类名进行变换, 无限生成高度相似的虚假类名☆18Jul 30, 2025Updated 9 months ago