• Stars
    star
    270
  • Rank 152,189 (Top 3 %)
  • Language
    Python
  • Created over 5 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

POC of https://research.checkpoint.com/extracting-code-execution-from-winrar/

acefile

poc file of extracting-code-execution-from-winrar

check the file use command:

python acefile.py --headers 1.rar

When the 1.rar is unzipped, a file named demo2.txt will be released to dir c:\c2\demo123\.

Modification of acefile.py:

      if ace_crc16(buf) != hcrc:
            print("[+] right_hdr_crc : {} | struct {} ".format(hex(ace_crc16(buf)),struct.pack('<H', ace_crc16(buf))))
            print("[*] current_hdr_crc : {} | struct {}".format(hex(hcrc),struct.pack('<H', hcrc)))

output acefile right crc for change the rar file ~

thx for the author of acefile.py @droe

More Repositories

1

Intranet_Penetration_Tips

2018年初整理的一些内网渗透TIPS,后面更新的慢,所以整理出来希望跟小伙伴们一起更新维护~
4,089
star
2

noPac

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
Python
567
star
3

CVE-2017-11882

CVE-2017-11882 from https://github.com/embedi/CVE-2017-11882
Python
531
star
4

Pentest

tools
C
524
star
5

Exchange2domain

CVE-2018-8581
Python
358
star
6

cve-2020-0688

cve-2020-0688
Python
315
star
7

CVE-2019-1040

CVE-2019-1040 with Exchange
Python
237
star
8

Mailget

通过脉脉用户猜测企业邮箱
Python
227
star
9

get_ip_by_ico

从shodan获取使用了相同favicon.ico的网站
Python
190
star
10

CVE-2018-15982_EXP

exp of CVE-2018-15982
Python
181
star
11

PySQLTools

Mssql利用工具
Python
165
star
12

RTF_11882_0802

PoC for CVE-2018-0802 And CVE-2017-11882
Python
164
star
13

owa_info

获取Exchange信息的小工具
Python
160
star
14

RelayX

NTLM relay test.
Python
156
star
15

CS_Chinese_support

Cobalt strike 修改支持回显中文。
145
star
16

MyJSRat

This is JSRat.ps1 in Python
Python
134
star
17

AMSI_bypass

XSLT
78
star
18

SharpAddDomainMachine

SharpAddDomainMachine
C#
68
star
19

proxyshell_payload

proxyshell payload generate
Python
67
star
20

cs_custom_404

Cobalt strike custom 404 page
HTML
61
star
21

GhostPotato

Just pick out the code we need.
Python
52
star
22

pyForgeCert

pyForgeCert is a Python equivalent of the ForgeCert.
Python
51
star
23

DomainHiding

external c2 use domainhiding.
Go
48
star
24

hackredis

Python
42
star
25

p12tool

A simple Go script to brute force or parse a password-protected PKCS#12 (PFX/P12) file.
Go
39
star
26

MSSQL_CLR

MSSQL CLR for pentest.
C#
35
star
27

CVE-2019-1040-dcpwn

CVE-2019-1040 with Kerberos delegation
Python
32
star
28

WebDAV

Set Up WebDAV Server for Remote File Sharing and more
Shell
31
star
29

warp_proxy

cloudflare socks5 server
Shell
31
star
30

atexec-pro

Fileless atexec, no more need for port 445
Python
29
star
31

tshtun

Py写的tsh的流量加解密过程。
C
25
star
32

xslt_poc

Execute codes From XSLT
XSLT
17
star
33

mousejack_replay

mousejack hack
Python
11
star
34

Python_Codes

some python codes
Python
9
star
35

Cortana

Some Cortana scripts
Ruby
3
star
36

comment

orz..
2
star
37

gitTun

GIt tun
Python
1
star
38

Ridter

1
star