0x00-0x00/FakePip

Stars
150
Rank 247,323 (Top 5 %)
Language
Python
Created over 6 years ago
Updated almost 2 years ago

0x00-0x00/FakePip

0x00-0x00

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Pip install exploit package

FakePip

Exploit sudoer with /usr/bin/pip install *

How to use

Simply download the setup.py file into remote target and execute this in local folder:

sudo /usr/bin/pip install . --upgrade --force-reinstall

Demonstration

Download the setup.py file into remote target

And execute the following command:

Then we get our shell back!

Author

This code is developed and maintained (if possible) by Andre Marques (@zc00l) Any misuse is not the author responsibility.

ShellPop

Pop shells like a master.

CVE-2019-0841-BYPASS

A fully automatic CVE-2019-0841 bypass targeting all versions of Edge in Windows 10.

CVE-2018-1000001

glibc getcwd() local privilege escalation compiled binaries

Shellkiller

A killer reverse-shell script that is able to use a lot of techniques to ensure your shell will pop back to you.

NamedPipes

Bind shell that uses Named Pipes as transport and execute PowerShell code through Runspaces.

CVE-2016-2098

Ruby On Rails unrestricted render() exploit

-CVE-2017-9805

Exploit script for Apache Struts2 REST Plugin XStream RCE (‎CVE-2017-9805)

CVE-2019-1064

CVE-2019-1064 Local Privilege Escalation Vulnerability

TelePreter

Telegram-based PowerShell Runspace Host

CVE-2018-12613

PHPMyAdmin v4.8.0 and v.4.8.1 LFI exploit

CVE-2016-10033

PHPMailer < 5.2.18 Remote Code Execution Exploit

XXE

My own repository used for testing XXE vulnerabilities in a more automated way.

CVE-2017-5638

Struts02 s2-045 exploit program

CVE-2018-10517

CMS Made Simple 2.2.7 RCE exploit

shemutils

Pythonic multi-task library of encryption, database, logging and checksum.

0x00-0x00.github.io

ctf_tools

Tools we (Watchers) use for CTF wargames.

CVE-2015-3224

Modification of Metasploit module for RCE in Ruby-On-Rails Console CVE-2015-3224

CVE-2014-6271

Shellshock exploitation script that is able to upload and RCE using any vector due to its versatility.

CVE-2018-10949

Zimbra Collaboration Suite Username Enumeration

gadreel-bot

Telegram bot to help with task management and CTF wargames

router_attack

wireless security audit repository

decryptor

A substitution cipher decryptor that uses the operator (user) to decrypt the cipher on-the-fly.

asyncspider

A URL brute-forcer to find hidden files from a target URL. AsyncIO.

CTF_SecurityWeekend

Data for FATEC's 1st SecurityWeekend CTF

hashfind

A simple program to request to decrypthash.com to decrypt the hash given by the user.

crypt

Crypt is a cryptography tool to protect all kinds of data using AES-256 and RSA-4096 algorithms.

shredder

C program to erase files securely overwritting data with random patterns.

CVE-2018-7422

Wordpress plugin Site-Editor v1.1.1 LFI exploit

nichide

NicHide is a pure-C program to hide your NIC hardware address.

autobackup

C program to handle rsync and SimplePush notifications easily for my own servers.

shell_scripts

My own shell scripts used for management.

ReverseEngineerPractice

Reverse Engineering Tutorial Files from Lena Course

proxypwn

ProxyPwn is a scanner and tunneler for open proxies.

netcracker

WiFi auditing tool to monitor, capture and crack WPA handshakes.

CVE-2018-15131

Zimbra Collaboration Suite Username Enumeration

pybackdoor

poc backdoor using python and threading

netwatch

NetWatch is a tool to monitor network hosts TCP ports, uptime and visualize scan logs.