Link to this headingExploits
https://github.com/zacbrown/PowerKrabsEtw
Generate metasploit payloads that bypass common anti-virus solutions
Random Exploits
Tool for exploration and tracing of the Windows kernel
Abusing File-streams in libc
CVE-2017-7269 Exploit from fuzzbunch
CTF framework and exploit development library
Meltdown/Spectre
Meltdown EXPLOIT POC linux
Windows Spectre PoC
Linux Spectre PoC
Checking mitigations of Meltdown and Spectre
Intel Active Management Technology (AMT):
- https://www.coalfire.com/The-Coalfire-Blog/April-2019/The-Death-Metal-Suite
- https://github.com/Coalfire-Research/DeathMetal
Link to this headingBuffer overflows
Best Explanation of Buffer overflow
Link to this headingMacOS/iOS Exploits
Exploit in iMessage 7.X.X to install a backdoor
Link to this headingWindows Exploits
https://github.com/51x/WHP
https://github.com/nccgroup/winpayloads
https://github.com/SecWiki/windows-kernel-exploits
Exploits:
MS03-026 - Microsoft RPC DCOM Interface Overflow (kaht2.zip)
MS05-039 - Microsoft Plug and Play Service Overflow, Works with SSDP too
MS08-067 - Remote Stack Overflow Vulnerability Exploit (srvscv)
MS10-015/CVE-2010-0232 - Windows NT/2K/XP/2K3/VISTA/2K8/7 x32 ONLY - NtVdmControl()->KiTrap0d local ring0 exploit
CVE: 2010-4398 Elevation of Privileges (UAC Bypass)
MS11-080 - AFD.sys
MS14-058 - TrackPopupMenu Privilege Escalation
MS15-051 - Win32k LPE vulnerability used in APT attack “taihou32”
MS15-134 - Microsoft Windows Media Center Library Parsing RCE Vulnerability aka “self-executing” MCL File
MS11-046/CVE-2011-1249 - Windows x86 (all versions) Afd.sys Privilege Escalation Exploit.MS11-046 - the SYSTEM shell will spawn within the invoking shell/process
MS11-060/CVE-2011-1974 - Windows x86 (XP SP3 / 2003 SP2) Vulnerability in Remote Access Service NDISTAPI Driver
MS11-080/CVE-2011-2005 - XP|2K3 Afd.sys Privilege Escalation Exploit.MS11-080-Add-User - for use in non-interactive meterpreter shell
MS14-002/CVE-2013-5065 - NDProxy - Privilege Escalation XP SP3 x86 and 2003 SP2 x86 python2exe version demo
MS14-058/CVE-2014-4113 Win7 x32 Kernel Win32k.sys Privilege Escalation Exploit info & Win 8/8.1 Python script info
MS14-040/CVE-2014-1767 AFD.sys dangling pointer - Win7 x32 MS14-40-x32.py exampleinfo
MS14-058/CVE-2014-4113 Windows 2K3/VISTA/2K8/7/8/2k12 PandaHurricane Kernel-Mode Driver exploit example
MS14-070/CVE-2014-4076 - Windows 2k3 SP2 TCP/IP IOCTL Privilege Escalation
MS15-010/CVE-2015-0057 Tested Win8.1 x64 - win32k Local Privilege Escalation
MS15-051/CVE-2015-1701 ClientCopyImage Win32k Exploit - exploits improper object handling in the win32k.sys kernel mode driver. x32 Version
MS15-061/CVE-2015-1723 Windows XP/2K3/VISTA/2K8/7 use-after-free vulnerability in the win32k.sys driver.
MS15-076/CVE-2015-2370 - Win7/8.1 Copies a file to any privileged location on disk. More info.
MS16-008/CVE-2015-2553 - Sandboxed Mount Reparse Point Creation Mitigation Bypass Win8.1 Win10
MS16-016/CVE-2015-0051 - Microsoft Windows WebDAV Local Privilege Escalation Vulnerability Win7 x32 info example
MS16-135/CVE-2016-7255 Fancy Bear POC - Requirements: Intel Processor (Haswell or newer) & Windows 10 x64. more info Newer Powershell POC which works on 7/8/8.1/10
KB4018556/CVE-2017-0213 COM Aggregate Marshaler/IRemUnknown2 Type Confusion EoP, due to how the COM Marshaller processes interface requests. Should work x32/x64 version of 7,8,10,2k8,2k12,2k16
Link to this headingEternal Blue (MS17-010)
Eternal Blue Exploit
Older Windows Exploits
Module of Metasploit to exploit the vulnerability Eternalblue-Doublepulsar.
Link to this headingHot potato
Hot Potato (nbns spoof + wpad + smb ntlm)
Smashed Potato:
Mod to Hot Potato that bypasses Applocker and creates new user and courtesy shell requires .NET 4.x - made a pimp one-liner for easier pwnage. Here
Tater:
Powershell implementation of Hot Potato that gets loaded into memory. (for Win10 change -Trigger 2) Here
Link to this headingMS16-032/CVE-2016-0099
Powershell:
C# 64bit:
C# 32bit:
Link to this headingProtocols
Link to this headingFreeBSD Kernel
PS4 4.55 BPF Race Condition Kernel Exploit Writeup
PS4 5.05 BPF Double Free Kernel Exploit Writeup
Link to this headingLinux Kernel
CVE-2017-11176: A step-by-step Linux Kernel exploitation
CVE-2016-5195: Dirty Cow root privilege write exploit
Exploits:
https://github.com/SecWiki/linux-kernel-exploits
CVE–2018–18955 (Linux 4.15.x-4.19.2) - map_write() in kernel/user_namespace.c allows privilege escalation
CVE–2018–1000001 (glibc <= 2.26)
CVE-2017-1000367 (Sudo 1.8.6p7 - 1.8.20)
CVE-2017-1000112 - a memory corruption due to UFO to non-UFO path switch
CVE-2017-16995 (Linux < 4.14 - 4.4) - Memory corruption caused by BPF verifier
CVE-2017-16939 (Linux < 4.13.11) - UAF in Netlink socket subsystem – XFRM
CVE-2017-7494 (Samba 3.5.0-4.6.4/4.5.10/4.4.14) - Samba Remote execution
CVE-2017-7308 (Linux < 4.10.6) - a signedness issue in AF_PACKET sockets
CVE-2017-6074 (Linux < 4.9.11) - a double-free in DCCP protocol
CVE-2017-5123 (Linux 4.14.0-rc4+) - ‘waitid()’
CVE-2016-9793 (Linux < 4.8.14) - a signedness issue with SO_SNDBUFFORCE and SO_RCVBUFFORCE socket options
CVE-2016-5195 (Linux > 2.6.22) - Dirty Cow
CVE-2016-2384 (Linux < 4.5) - a double-free in USB MIDI driver
CVE-2016-0728 (3.4.0-3.13.1) - pp_key
CVE-2015-7547 (Glibc < 2.9) - glibc getaddrinfo
CVE-2015-1328 (3.13, 3.16.0, 3.19.0) - overlayfs
CVE-2014-5284 (Linux == 2.8) - OSSEC
CVE-2014-4699 (Linux < 3.15.4) - ptrace
CVE-2014-4014 (Linux < 3.14.8) - Local Privilege Escalation
CVE-2014-3153 (Linux == 3.3.2-5, 3.2.13, 3.2.9, 3.2.1-2, 3.1.8, 3.0.1-5, 2.6.32-39, 2.6.9-4, 3.0.0-18) - futex
CVE-2014-0196 (Linux == 2.6.31-39, 3.14-15) - rawmodePTY
CVE-2014-0038 (Linux == 3.4-3.13.1) - timeoutpwn
CVE-2013-2094 (Linux == 3.0.0-3.8.9) - perf_swevent
CVE-2013-1858 (Linux == 3.3-3.8) - clown-newuser
CVE-2013-1763 (Linux < 3.8.3) - __sock_diag_rcv_msg
CVE-2013-0268 (Linux == 2.6.18-39, 3.0-3.7) - msr
CVE-2012-3524 (libdbus < 1.5.x) - libdbus
CVE-2012-0056 (Linux == 2.6.39, 3.0.0-6, 3.1.0) - memodipper
CVE-2010-4347 (Linux == 2.6.0-36) - american-sign-language
CVE-2010-4258 (Linux == 2.6.31-37) - full-nelson
CVE-2010-4073 (Linux == 2.6.0-36) - half_nelson
CVE-2010-3904 (Linux == 2.6.30-36) - rds
CVE-2010-3437 (Linux == 2.6.0-36) - pktcdvd
CVE-2010-3301 (Linux == 2.6.26-34) - ptrace_kmod2
CVE-2010-3081 (Linux == 2.6.0-33) - video4linux
CVE-2010-2959 (Linux == 2.6.18-36) - can_bcm
CVE-2010-1146 (Linux == 2.6.18-34)- reiserfs
CVE-2010-0415 (Linux == 2.6.18-31) - do_pages_move
CVE-2009-3547 (Linux == 2.4.4-37, 2.6.15-31) - pipe.c_32bit
CVE-2009-2698 (Linux == 2.6.1-19) - udp_sendmsg_32bit
CVE-2009-2692 (Linux == 2.4.4-37, 2.6.0-30) - sock_sendpage
CVE-2009-2692 (Linux == 2.4.4-37, 2.6.0-30) - sock_sendpage2
CVE-2009-1337 (Linux == 2.6.25-29)- exit_notify
CVE-2009-1185 (Linux == 2.6.25-29)- udev
CVE-2008-4210 (Linux == 2.6.11-22)- ftrex
CVE-2008-0600 (Linux == 2.6.23-24)- vmsplice2
CVE-2008-0600 (Linux == 2.6.17-24.1) - vmsplice1
CVE-2006-3626 (Linux == 2.6.8-16) - h00lyshit
CVE-2006-2451 (Linux == 2.6.13-17) - raptor_prctl
CVE-2005-0736 (Linux == 2.6.5-11) - krad3
CVE-2005-1263 (Linux == 2.0-2.2.27-rc2, 2.4.0-31-pre1, 2.6.0-12-rc4) - binfmt_elf.c
CVE-2004-1235 (Linux == 2.4.29)- elflbl
CVE-N/A (Linux == 2.6.34-36)- caps_to_root
CVE-2004-0077 (Linux == 2.4.20, 2.2.24-2.4.27) - mremap_pte
Link to this headingLinux Privilege Escalation
Link to this headingOffice Exploits
Office for Mac Macro Payload Generator
Obfuscate Office documents to bypass antimalware detection
Generate Office documents embedded with the DDE, macro-less command execution technique.
Link to this headingBackdoors
Backdoor any python script
Injecting fake backdoored updates
Link to this headingApps
How a double-free bug in WhatsApp turns to RCE
Link to this headingHTTP
Deliver Encrypted Browser Exploits
Remote Code execution with JBOSS
XSS:
XXS to RCE
Link to this headingWriting Exploits
Shellcode Database
Old Shellcode Archive
Malware FUD Cryptor
Writing Malware For Fun and Profit
http://blog.trailofbits.com/2013/05/14/writing-exploits-with-the-elderwood-kit-part-1/
Primer on Return-Oriented Programming
NSA’s Metasploit in Python
Shellcode/Obfuscate Code Generator
Shell Code generator and helper
Examples:
Simple linux keylogger in C
Link to this headingGenerate Exploits
Multi Platform payload generator
MSFvenom Payload Creator
(metasploit) shellcode generator/compiler/listener
Crypt Exploits:
Crypt msfvenom output
Link to this headingMalware Programing
Malware techniques used to detect Virtual Machine, Emulation, Debuggers, Sandbox detection.
Injecting Code in to another process and create a thread
Build your own botnet
botnet source codes
Link to this headingJoke Exploits
Jurassic Park hacking scene
Man in the Middle JSCrypto Miner for Wifi networks
Morpheus - Funny MITM attacks