IngressNightmare POC. world first non-blind remote execution exploitation with multi-advanced exploitation methods. allow on disk exploitation. CVE-2025-24514 - auth-url injection, CVE-2025-1097 - auth-tls-match-cn injection, CVE-2025-1098 – mirror UID injection -- all available.
☆97May 6, 2025Updated last year
Alternatives and similar repositories for ingressNightmare-CVE-2025-1974-exps
Users that are interested in ingressNightmare-CVE-2025-1974-exps are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Zero Privilege Kubernetes Penetration Testing problem solver☆273Jul 29, 2025Updated 11 months ago
- Kubernetes has its “ADCS” -- How To Backdoor a Kubernetes in silence and more persistent?☆41Nov 16, 2025Updated 7 months ago
- ☆53Mar 25, 2025Updated last year
- Open Source XSS exploitation tool. using http proxy to access the browser which executed js. [Engineering Experimental]☆37Nov 22, 2024Updated last year
- Post-exploit a compromised etcd, gain persistence and remote shell to nodes.☆93May 7, 2024Updated 2 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- ☆79Nov 22, 2024Updated last year
- Let sliver use msf payload!☆25Mar 23, 2025Updated last year
- Use the Netlogon Remote Protocol (MS-NRPC) to dump the target hash.☆62Feb 25, 2025Updated last year
- portreuse reuseport 端口复用☆61Aug 27, 2023Updated 2 years ago
- A tool specifically designed for Kubernetes environments aims to efficiently and automatically discover hidden vulnerable APIs within clu…☆105May 20, 2025Updated last year
- Extract entire function source code based on giving line number using Javaparser☆21Jul 15, 2025Updated 11 months ago
- Some ReadObject Sink With JDBC☆245May 8, 2024Updated 2 years ago
- PolicyKit CVE-2021-3560 Exploit (Authentication Agent)☆116May 2, 2022Updated 4 years ago
- Weaponized VSCode Extensions☆19May 7, 2026Updated last month
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Proof of Concept for Authentication Bypass in JetBrains TeamCity Pre-2023.11.4☆36Mar 5, 2024Updated 2 years ago
- Exploits a flaw in Remote Desktop Plus by monitoring and decrypting temporary .rdp files in %localappdata%/Temp, revealing credentials us…☆18Jul 3, 2025Updated 11 months ago
- CVE-2022-25845(fastjson1.2.80) exploit in Spring Env!☆108Nov 7, 2024Updated last year
- A VSCode Workspace based hacking environment utils. Starting your Note-Driven Hacking experience.☆111Aug 21, 2025Updated 10 months ago
- Here is a common vulnerability when Kubernetes Controller designed.☆10Dec 11, 2023Updated 2 years ago
- 多组件客户端☆74May 1, 2025Updated last year
- Active Directory Authentication Library☆95May 12, 2026Updated last month
- LC(List Cloud)是一个多云攻击面资产梳理工具☆647Oct 6, 2024Updated last year
- This is a PoC code to exploit the IngressNightmare vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974).☆250Mar 26, 2025Updated last year
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.☆11Mar 18, 2019Updated 7 years ago
- 构造字节在ASCII范围内的jar☆142Feb 14, 2022Updated 4 years ago
- 一款基于James Forshaw的.NET Remoting反序列化工具升级版在TypeFilterLevel.Low模式无文件payload任意代码执行poc的开发心得☆48Jan 23, 2025Updated last year
- MetaDataSacker(元数据掠夺者):可将其他官方exe中数字签名,图标,详细信息复制到没有签名的EXE中,作为免杀,权限维持,伪装的一种小手段☆24Aug 20, 2024Updated last year
- ☆17Feb 14, 2025Updated last year
- ☆248May 5, 2024Updated 2 years ago
- 一款专注于 Java 主流 Web 中间件的内存马快速生成工具,致力于简化安全研究人员和红队成员的工作流程,提升攻防效率☆1,521Jun 13, 2026Updated 2 weeks ago
- PortBender修改为exe版本☆32Jul 24, 2023Updated 2 years ago
- 《深入JDBC安全:特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Explo…☆590Feb 7, 2026Updated 4 months ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Basic code for creating the Alibaba FastJson + Spring gadget chain, as used to exploit Apache Dubbo in CVE-2019-17564 - more information …☆16Dec 10, 2022Updated 3 years ago
- 不那么一样的 Java Agent 内存马☆290Nov 27, 2023Updated 2 years ago
- ☆36Mar 4, 2025Updated last year
- ☆312Feb 27, 2025Updated last year
- Tool for Active Directory Certificate Services enumeration and abuse☆167Apr 17, 2025Updated last year
- 基于多种策略, 对已有 JAR 包中的全限定类名进行变换, 无限生成高度相似的虚假类名☆18Jul 30, 2025Updated 10 months ago
- 致远OA通过发送特殊请求获取管理员cookie,再通过文件上传接口上传webshell压缩文件,最后发送解压请求获取webshell☆10Apr 11, 2021Updated 5 years ago