This is a simple script to infect images with PHP Backdoors for local file inclusion attacks.
2417fa7ba59a45f47d8610a1495111a59f039bd586605208288ef92ac36d8906
Lost and Found Information System version 1.0 suffers from a cross site request forgery vulnerability.
4ff737e4c7ddd6c4daea85392f2433bdcd4507e42cfaa25ab1c7f2177389e147
Lost and Found Information System version 1.0 suffers from a reflective cross site scripting vulnerability.
075bae0f3073aeafd6f4cb516ed784fe8d11ba07aa216df25c0eb9c8235cf759
Lost and Found Information System version 1.0 suffers from a persistent cross site scripting vulnerability.
df973d3074e051a08dcb9a9e07fa3df6582f74a0030c02786fb1aedfa590b1c4
Lost and Found Information System version 1.0 suffers from an insecure direct object reference vulnerability that allows for account takeover.
37bf336b197bfc7b731eb17e7784ed7321a5aa6c943c3b7e16884d1780c1eca5
Lost and Found Information System version 1.0 suffers from a remote SQL injection vulnerability.
26d0f1deb4fda9d9af13364671a7e8c2b6885870a63d654ccb53313326691e2a
This is a simple proof of concept exploit for Drupal versions prior to 7.58 that demonstrate the drupalgeddon3 authenticated remote code execution vulnerability.
083d892c5eba86d29cd75e8b8e8af90103d767eb04a11f57033b9dd9088214a0
This is a simple perl script to perform dictionary attacks against the KeePass password manager.
6543608fbc7bd69c9aed01176048fc5dbb4c5cfcf6b3eb1751f46ee2b6e9c7cd
WordPress Direct Download for WooCommerce versions up to 1.15 suffer from a local file inclusion vulnerability.
c86f833ea2cb397491425f18175efc5680a0cebbd58bf33c3c099f1c010bedcf
The intent of this document is to help penetration testers and students identify and test LFI vulnerabilities on future penetration testing engagements by consolidating research for local file inclusion LFI penetration testing techniques. LFI vulnerabilities are typically discovered during web app penetration testing using the techniques contained within this document. Additionally, some of the techniques mentioned in this paper are also commonly used in CTF style competitions.
5e0f59932f1a0e50ca16efbe5fc14be1920860feb00a8731ba38a2383ae6c8bf
This is a simple set of things to grep for that will help identify potential vulnerabilities in PHP code.
8700fa18f507e86dc84f2e92e04b5abdb40ce92fcbade4663491cd4222cd6069
This is a simple reverse shell written in assembly for remote command execution on win32.
896d5235c9827973cc96df4bfde3554d14494a09f77c947ad44f5ed8f639a7a6
This is a simple perl script for setting up man-in-the-middle attacks on Linux.
d38e8956c0b99e7aff2b55fc10799e47aad7c2ed96fe26151631c149f50fbb5d
This perl script leverages /proc/self/environ to attempt getting code execution out of a local file inclusion vulnerability.
7ce9af081371d3aac6a99db29aef3d8887c46d12ee280d8061b70faa5799c0f2
This is a simple PHP script that checks to see if your D-Link device is vulnerable to the User-Agent backdoor.
b0f9b07e55de0f72f7056f20fafc5118ca5dbd0af300d0146663b52ab3d742d7
This is a simple PHP web shell backdoor.
aaad39e328e8da519232f1d7feb60cfd3c991f2aa486739cdba8df7d746a8994
This is a simple PHP backdoor using HTTP headers to inject the code as opposed to a GET or POST variable. Uses the fictional "Code: " header as an example, for learning purposes. This is not production code.
397d3f851a08bef7d13138eedf2b87ab8e732b35f14514f58a2162c103188aab
This is a simple python tool written to extract all web resources by leveraging an exposed .SVN folder.
2675f79a415d1f1f96f60a6a337e25c1fb941c47573e612e32d8468062080155
This is a simple perl script that will scan a given IP range and extract the Common Name from all SSL certificates. It is useful for discovery during penetration tests.
8bee3b0c0b06ba802a3816adb1b076af310701d747f2d5b5a2c0056512339dd9
This is a simple utility for exploiting command injection vulnerabilities in web applications. Supports POST and GET requests. Can deliver an "inline shell" or a (python) reverse shell.
2c82dcde1a7835fac49946c2d7c022271f0105c0e8c280133632994e909508cd
This is a simple script that looks for administrative web interfaces.
8b38d74ef497e3a86e7bc96c10d42b6295ff2d4263d94398896acce9df4f3109
This perl script leverages /proc/self/environ to attempt getting code execution out of a local file inclusion vulnerability.
bd77eecfb380be0b2302b89fd25fafe9ee987dadd671f7e40d057f74b0ce0ade
This is a simple snippet of c code that can be used for creating a denial of service condition against a DNS server.
23d955165e262da83e17e578062db6045a5487a02f461e22bbd4b3d9d5a162af
This is a simple python script for cracking MySQL MD5 passwords.
2eabc6d50aa0308a12f9f621132d81ab8133f46b0854377425c4d9b0bac9f450
This is a simple bash script for bruteforcing WordPress.
a04595fb1fae7483302800dc402320dae1656bd040d010c93927bb2d7e92208a
This is a simple script that leverages nmap to scan for RDP-Server.
396f47878b4ab500666868acb58cf5871826fd5090559209cb91564b55b243e6