m3m0o / metabase-pre-auth-rce-poc
This is a script written in Python that allows the exploitation of the Metabase's software security flaw described in CVE-2023-38646.
☆23Updated 2 months ago
Related projects: ⓘ
- Joomla! < 4.2.8 - Unauthenticated information disclosure☆78Updated 8 months ago
- Script to retrieve the master password of a keepass database <= 2.53.1☆90Updated 5 months ago
- CVE-2023-2255 Libre Office☆52Updated last year
- This repo is a PoC with to exploit CVE-2023-51467 and CVE-2023-49070 preauth RCE vulnerabilities found in Apache OFBiz.☆72Updated 5 months ago
- GameOver(lay) Ubuntu Privilege Escalation☆112Updated 11 months ago
- Ghostscript command injection vulnerability PoC (CVE-2023-36664)☆116Updated last year
- Openfire Console Authentication Bypass Vulnerability with RCE plugin☆41Updated 6 months ago
- Evade the boys in blue and acquire a reverse shell using powercat v2.0☆49Updated last year
- Reverse Shell POC exploit for Dolibarr <= 17.0.0 (CVE-2023-30253), PHP Code Injection☆31Updated 3 months ago
- Demonized Shell is an Advanced Tool for persistence in linux.☆295Updated 3 weeks ago
- Unauthenticated Remote Code Execution – Bricks <= 1.9.6☆144Updated 6 months ago
- Collection of useful pre-compiled .NET binaries or other executables for penetration testing Windows Active Directory environments☆65Updated this week
- Joomla login bruteforce☆47Updated 2 months ago
- Reverse Shell Exploit for Searchor <= 2.4.2 (2.4.0)☆13Updated last year
- My WriteUps for HackTheBox CTFs, Machines, and Sherlocks.☆72Updated last month
- KeePass 2.X dumper (CVE-2023-32784)☆15Updated 10 months ago
- Repo containing cracked red teaming tools.☆109Updated 2 months ago
- Reverse TCP shell in PowerShell for fun. Made in spring 2020 with inspiration from (and a few fixes to) samratashok/nishang Invoke-PowerS…☆58Updated 4 months ago
- Interact with Hackthebox using your terminal - Be faster and more competitive !☆87Updated 4 months ago
- Create a list of possible usernames for bruteforcing☆56Updated 7 months ago
- CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support☆53Updated 2 months ago
- Exploits for some windows binaries :)☆42Updated last month
- ☆57Updated 9 months ago
- JetBrains TeamCity Authentication Bypass CVE-2023-42793 Exploit☆45Updated 3 months ago
- A webshell plugin and interactive shell for pentesting a WordPress website.☆67Updated last year
- SSTI Payload Generator☆87Updated 2 years ago
- Virtualized WiFi pentesting laboratory without the need for physical WiFi cards, using mac80211_hwsim. Docker version of WiFiChallenge La…☆163Updated last week
- POC for CVE-2021-41091☆65Updated last year
- Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - Expect Script POC☆148Updated 7 months ago
- SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions…☆62Updated 11 months ago