IngressNightmare POC. world first non-blind remote execution exploitation with multi-advanced exploitation methods. allow on disk exploitation. CVE-2025-24514 - auth-url injection, CVE-2025-1097 - auth-tls-match-cn injection, CVE-2025-1098 – mirror UID injection -- all available.
☆92May 6, 2025Updated 11 months ago
Alternatives and similar repositories for ingressNightmare-CVE-2025-1974-exps
Users that are interested in ingressNightmare-CVE-2025-1974-exps are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Powerful+Fast+Low Privilege Kubernetes discovery tools☆272Jul 29, 2025Updated 8 months ago
- Kubernetes has its “ADCS” -- How To Backdoor a Kubernetes in silence and more persistent?☆41Nov 16, 2025Updated 5 months ago
- ☆53Mar 25, 2025Updated last year
- Open Source XSS exploitation tool. using http proxy to access the browser which executed js. [Engineering Experimental]☆37Nov 22, 2024Updated last year
- Post-exploit a compromised etcd, gain persistence and remote shell to nodes.☆92May 7, 2024Updated last year
- Wordpress hosting with auto-scaling - Free Trial • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- ☆79Nov 22, 2024Updated last year
- Let sliver use msf payload!☆25Mar 23, 2025Updated last year
- Use the Netlogon Remote Protocol (MS-NRPC) to dump the target hash.☆62Feb 25, 2025Updated last year
- portreuse reuseport 端口复用☆61Aug 27, 2023Updated 2 years ago
- A tool specifically designed for Kubernetes environments aims to efficiently and automatically discover hidden vulnerable APIs within clu…☆105May 20, 2025Updated 10 months ago
- Weaponized VSCode Extensions☆15Updated this week
- A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.☆10Mar 18, 2019Updated 7 years ago
- Extract entire function source code based on giving line number using Javaparser☆21Jul 15, 2025Updated 9 months ago
- Some ReadObject Sink With JDBC☆245May 8, 2024Updated last year
- Serverless GPU API endpoints on Runpod - Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- PolicyKit CVE-2021-3560 Exploit (Authentication Agent)☆117May 2, 2022Updated 3 years ago
- Proof of Concept for Authentication Bypass in JetBrains TeamCity Pre-2023.11.4☆36Mar 5, 2024Updated 2 years ago
- Exploits a flaw in Remote Desktop Plus by monitoring and decrypting temporary .rdp files in %localappdata%/Temp, revealing credentials us…☆17Jul 3, 2025Updated 9 months ago
- CVE-2022-25845(fastjson1.2.80) exploit in Spring Env!☆108Nov 7, 2024Updated last year
- A VSCode Workspace based hacking environment utils. Starting your Note-Driven Hacking experience.☆110Aug 21, 2025Updated 7 months ago
- Here is a common vulnerability when Kubernetes Controller designed.☆10Dec 11, 2023Updated 2 years ago
- Active Directory Authentication Library☆93Nov 7, 2025Updated 5 months ago
- 多组件客户端☆74May 1, 2025Updated 11 months ago
- LC(List Cloud)是一个多云攻击面资产梳理工具☆641Oct 6, 2024Updated last year
- Wordpress hosting with auto-scaling - Free Trial • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- 构造字节在ASCII范围内的jar☆140Feb 14, 2022Updated 4 years ago
- This is a PoC code to exploit the IngressNightmare vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974).☆249Mar 26, 2025Updated last year
- 一款基于James Forshaw的.NET Remoting反序列化工具升级版在TypeFilterLevel.Low模式无文件payload任意代码执行poc的开发心得☆48Jan 23, 2025Updated last year
- MetaDataSacker(元数据掠夺者):可将其他官方exe中数字签名,图标,详细信息复制到没有签名的EXE中,作为免杀,权限维持,伪装的一种小手段☆24Aug 20, 2024Updated last year
- ☆17Feb 14, 2025Updated last year
- ☆245May 5, 2024Updated last year
- PortBender修改为exe版本☆29Jul 24, 2023Updated 2 years ago
- ysoserial.net docker image☆30Sep 23, 2024Updated last year
- 一款专注于 Java 主流 Web 中间件的内存马快速生成工具,致力于简化安全研究人员和红队成员的工作流程,提升攻防效率☆1,411Apr 9, 2026Updated last week
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- 《深入JDBC安全:特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Explo…☆575Feb 7, 2026Updated 2 months ago
- Basic code for creating the Alibaba FastJson + Spring gadget chain, as used to exploit Apache Dubbo in CVE-2019-17564 - more information …☆16Dec 10, 2022Updated 3 years ago
- 不那么一样的 Java Agent 内存马☆290Nov 27, 2023Updated 2 years ago
- ☆36Mar 4, 2025Updated last year
- ☆309Feb 27, 2025Updated last year
- Tool for Active Directory Certificate Services enumeration and abuse☆165Apr 17, 2025Updated last year
- 基于多种策略, 对已有 JAR 包中的全限定类名进行变换, 无限生成高度相似的虚假类名☆18Jul 30, 2025Updated 8 months ago