• Stars
    star
    389
  • Rank 110,500 (Top 3 %)
  • Language
    C
  • License
    Other
  • Created over 5 years ago
  • Updated about 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

exploits and proof-of-concept vulnerability demonstration files from the team at Hacker House

Exploits

Exploits and proof-of-concept code from the team at Hacker House.

Filename Description
AirWatchMDMJailbreakBypass.txt Bypass jailbreak detection on mobile device management AirWatch for IOS
adobe-psp.tgz Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow PSP bypass (metasploit)
aix53l-libc.c AIX 5.3L libc locale environment handling local root exploit
aix53l-lquerypv.c AIX 5.3L /usr/sbin/lquerypv local root privilege escalation
amanda-amstar.txt Advanced Maryland Automatic Network Disk Archiver local root privilege escalation exploit
amanda-backup.txt Advanced Maryland Automatic Network Disk Archiver local root privilege escalation exploit
applejack.c PonyOS 3.0 & below tty ioctl() kernel local root exploit
asus_B1M_projector_root.png ASUS B1M projector remote root command injection (unpatchable)
BTCPE.txt British Telecom Huawei UART root access weakness
charybdis.tgz Firefox & IE exploits implant dropper for Windows & Linux
cisco-asa-sslbypass.py Cisco ASA 8.x & below VPN SSL module Clientless URL-list control bypass
cisco-XSS-wget-me.txt Cisco IOS 11.x web interface XSS vulnerability
cmd_gpbypass.exe cmd.exe patched to run even when disabled via Group Policy
cpg15x-dirtraversal.txt Coppermine 1.5.44 & below directory traversal vulnerability
cve-2003-0001.py CVE-2003-0001.py Etherleak information leak exploit, silently fixed in Cisco ASA PSIRT-0669464365
CVE-2012-4681.tgz Oracle Java SE 7 Update 6 & below remote polymorphic exploit (evades PSP)
CVE-2014-0160.py Heartbleed mass-scanning proof-of-concept tool
cve-2016-1531.sh Exim 4.84-3 local root exploit
cve-2019-10149.py Exim between 4.87 & 4.91 local root exploit
CVE-2020-0601.xdb XCA database of private keys for trusted CA exploit CVE-2020-0601
CVE-2020-3950.tgz EvilOSX trojan exploit plugin for CVE-2020-3950 VMware Fusion 11.5.2 & below local root
d3_decimator.txt SedSystems D3 decimator multiple vulnerabilities allow for remote root
dllpack.tgz MS15-051 / MS15-010 exploits with reflective DLL loading support (hacked from public code)
drupal-CVE-2014-3660.py Drupal XXE libxml2 Services exploit
dtappgather-poc.sh dtappgather local root exploit proof-of-concept (EXTREMEPARR)
fluttershy.py PonyOS 4.0 runtime linker local root exploit
FreeBSD-pftp-dirtraversal.txt Peters Anonymous FTP on FreeBSD directory traversal vulnerability
getlogin.c Tru64 V5.1B & below getlogin() kernel information leak
gionight.py GIO Linux embedded remote root exploit
gns3super-osx.sh GNS-3 OS-X local root exploit
goodnight.c Linux kernel 2.6.37 & below denial-of-service exploit CVE-2010-4165
heartbleed-bin static bin heartbleed exploit (fun trivia, Large Hadron Collider tested with this code)
heartbleed.c Heartbleed exploit using OpenSSL to encrypt the exploit for stealth
heartbleed-keyscan.py RSA prime factorization exploit for use with heartbleed
hfirixwfcmd.sh SGI IRIX <= 6.5.22 WebForce post-auth Remote Command Injection
hfsunsshdx.tgz SunSSH Solaris 10-11.0 x86 libpam remote root exploit CVE-2020-14871
hpwhytry.py HP XPe embedded devices remote command execution exploit
iis_search.pl IIS WebDAV & Indexing service directory traversal attack
inetutils-telnet.txt Multiple BSD based telnet implementations vulnerable to memory corruption.
iPwn.tgz IOS default root user "alpine" exploit to harvest data via SSH
irix-captest.c SGI IRIX <= 6.5.22 capability hijacking "eip" proof-of-concept (SGI XFS)
irix-ftpd-ls.txt SGI IRIX <= 6.5.22 ftpd "/bin/ls" root privilege escalation
irix-mediarecorder.txt SGI IRIX <= 6.5.22 CAP_SCHED_MGT "mediarecorder" privilege escalation
irix-onyx-syssgi.c SGI IRIX <= 6.5.5 syssgi() Onyx IP19/IP21/IP25 kernel information leak exploit
irix-rldx.sh SGI IRIX <= 6.4.x run-time linker file creation exploit
irix-runpriv-cap.png SGI IRIX <= 6.5.x screenshot showing "capabilities" exploit via runpriv
irix-setsockopt.c SGI IRIX <= 6.5.22 kernel mbuf corruption due to integer signedness comparison
irix-syssgi-panic.c SGI IRIX <= 6.5.22 syssgi() SGI_ENUMASHS null ptr kernel panic
irix-tapex.c SGI IRIX <= 6.5.22 "tsdaemon" root arbitrary file creation exploit
irssi-irc-fuzzer.pl irssi plugin IRC client fuzzing tool
jackrabbit.tgz RedStar OS 3.0 Naenara browser exploit
jdwp-exploit.txt Java JDWP exploitation for remote code execution
Kronos.tgz Java Signed Applet exploit and web management tool
lbreakout-exploit.c lbreakout2 PoC exploit for ARM (drops privileges)
leehseinloong.cpp Sudoku2 exploit written for Lee Hsien Loong. (.sg PM)
linux-ia32.c Linux Kernel 2.6.32 ia32entry emulation x86_64 exploit
lotus_exp.py Lotus Domino IMAP4 Server Release 6.5.4 win2k remote exploit
mikrotik-jailbreak.txt Mikrotik 6.40 & below "telnet" jailbreak exploit
mirc-DoS-Script.ini Mirc 6.12 & 6.11 denial-of-service IRC script
mobileiron0day.txt MobileIron Virtual Smartphone Platform local root exploit
MobileIronBypass.tgz MobileIron mobile device management jailbreak detection bypass
mulftpdos.zip Serv-U / G6 / WarFTPD denial-of-service exploit in asm
neogeox.txt NeoGeo Gold X games console jailbreak via UART root shell
NetBSD-sa-2016-003-howto-abuse-cpp.png NetBSD 6.1.5 calendar local root exploit PoC
openbsd-0day-cve-2018-14665.sh OpenBSD 6.4 Xorg local root exploit
prdelka-vs-AEP-smartgate.c AEP Smartgate V4.3B arbitrary file download exploit
prdelka-vs-APPLE-chpass.sh OS-X 10.6.3 & below chpass arbitrary file creation exploit
prdelka-vs-APPLE-ptracepanic.c OS-X 10.6.1 & below ptrace() mutex handling kernel panic
prdelka-vs-BSD-ptrace.tar.gz NetBSD 2.1 ptrace() local root exploit
prdelka-vs-CISCO-httpdos.zip Cisco IOS 12.2 & below HTTP denial-of-service exploit
prdelka-vs-CISCO-vpnftp.c Cisco VPN Concentrator 3000 FTP remote exploit
prdelka-vs-GNU-adabas2.txt Adabas D 13.01 SQL injection & directory traversal
prdelka-vs-GNU-adabas.c Adabas D 13.01 local root exploit Linux
prdelka-vs-GNU-chpasswd.c SquirrelMail 3.1 Change_passwd plugin & below local root exploit
prdelka-vs-GNU-citadel.tar.gz Citadel SMTP 7.10 & below remote code execution exploit
prdelka-vs-GNU-exim.c Exim 4.43-r2 & below host_aton() local root exploit (Linux)
prdelka-vs-GNU-lpr.c Slackware 1.01 stack overflow local root exploit (Linux)
prdelka-vs-GNU-mbsebbs.c mbse-bbs 0.70.0 & below local root exploit (Linux)
prdelka-vs-GNU-peercast.c PeerCast v0.1216 remote root exploit (linux)
prdelka-vs-GNU-sudo.c sudo 1.6.8p9 race condition local root exploit (Linux)
prdelka-vs-GNU-tin.c Slackware 1.01 local root exploit (Linux)
prdelka-vs-HPUX-libc.c HP-UX 11.11 & below libc local root exploit (hppa)
prdelka-vs-HPUX-swask.c HP-UX 11.11 & below swask format string local root exploit (hppa)
prdelka-vs-HPUX-swmodify.c HP-UX 11.11 & below swmodify local root exploit (hppa)
prdelka-vs-HPUX-swpackage.c HP-UX 11.11 & below swpackage local root exploit (hppa)
prdelka-vs-http-fuzz.tar.gz HTTP fuzzing tool & example Savant 3.1 vulnerability
prdelka-vs-LINUS-fchown.tar Linux kernel 2.4.x/2.6.6 & below fchown() file ownership exploit
prdelka-vs-MISC-massftp.tar.gz Mass scanning ftp exploiter tool
prdelka-vs-MS-hotmail.txt Microsoft Hotmail Authentication Bypass vulnerability
prdelka-vs-MS-IE-6.0.2800.1106.XPSP1.rar Internet Explorer 6.0 IFRAME Windows XP exploit
prdelka-vs-MS-rshd.tar.gz Windows RSH daemon 1.8 & below remote exploit
prdelka-vs-MS-winzip.c WinZip 10.0.7245 Win32 & below exploit (the one that angered CERT)
prdelka-vs-SCO-enable SCO OpenServer 5.0.7 enable local root exploit
prdelka-vs-SCO-netwarex.c SCO OpenServer 5.0.7 netware printing local "lp" exploit
prdelka-vs-SCO-ptrace.c SCO Unixware 7.1.3 ptrace() linux kernel emulation local root exploit
prdelka-vs-SCO-tcpdos SCO OpenServer 5.0.7 TCP RST denial-of-service exploit
prdelka-vs-SCO-termshx.c SCO OpenServer 5.0.7 termsh local gid "auth" exploit
prdelka-vs-SGI-xrunpriv SGI IRIX 6.5 runpriv local root exploit
prdelka-vs-SUN-sysinfo.c Solaris 10 sysinfo() local kernel memory information leak
prdelka-vs-SUN-telnetd.c Solaris in.telnetd 8.0 & 7.0 remote exploit (sparc)
prdelka-vs-SUN-virtualbox.sh Sun VirtualBox 3.0.6 local root exploit
prdelka-vs-THC-vmap THC vmap DoS exploit
prdelka-vs-UNIX-permissions.tar.gz UNIX file permissions generic directory exploit
r00t2.tgz Linux kernel 2.6.29 ptrace_attach() ported to ARM for "google phone"
rainbowdash.tgz PonyOS 3.0 & below kernel ELF loader local root exploit
rarity.c PonyOS 3.0 VFS file permissions local root exploit
raspbian.txt Raspbian vulnerabilities for sgid "games"
redstar2.0-localroot.png RedStar OS 2.0 local root privilege escalation exploit
redstar3.0-localroot.png RedStar OS 3.0 local root privilege escalation exploit
rshx.c rsh exploit - inject commands via rsh
rsshellshock.py RedStar OS server BEAM & RSSMON shellshock exploit
s7300cpustart.py Siemens S7-300 PLC CPU start command
s7300stop.py Siemens S7-300 PLC CPU stop command
shoryuken.c Linux kernel 2.6.29 ptrace_attach() local root race condition exploit
skyexp.py Sky 1.5 Sagem F@ST 2504 router infoleak & remote command injection
smartmaildos.tgz Smartmail 10.x pop3 & SMTP denial-of-service exploits (in ASM)
sp-email.py Sharepoint username enumeration exploit
spiltmilk.c Linux kernel 2.6.37-rc1 & below serial_core TIOCGICOUNT information leak exploit
ssh-dsa1024-rsa2048-keys-CVE-2008-0166.tgz Debian SSH insecure 'prng' SSH keys (released during Manchester riots)
sun-su-bug.txt Solaris 10 'su' local NULL pointer vulnerability CVE-2010-3503
telnet_term_0day.py Multiple BSD-based telnet.c IAC malformed options remote crash
trendmicro_IWSVA_shellshock.py TrendMicro InterScan Web Security Virtul Appliance shellshock exploit
UNICOS-cray.txt Cray UNICOS 9.0 local root vulnerabilities & shellcode PoC
vncscan.py RealVNC auth bypass CVE-2006-2369 scanner
vxlgiobye.py VXL Gio Linux remote command execution exploit
w32-fps.txt Microsoft Frontpage Personal WebServer ver 3.0.2.926 exploit
w32-grpconv.txt Windows XP SP1 grpconv.exe buffer overflow
w32-netcat.tgz "netcat" buffer overflow for Windows 98 exploit
w32-netcat.txt "netcat" buffer overflow for Windows 98 advisory
w32-progman.txt Windows XP "progman" buffer overflow
winnuke2011.sh MS11-083 Win7/Vista/2008 ICMP refCount denial-of-service flaw
wysewig.py Wyse embedded XP remote SYSTEM command execution exploit
xclm-exploit.c Microchip XC local root exploit (Linux) (installed by defcon 26 attendees)
zte-emode.txt ZTE Blade Vantage Z839 Emode.APK android.uid.system LPE exploit

These files are available under a Attribution-NonCommercial-NoDerivatives 4.0 International license.

More Repositories

1

iscsicpl_bypassUAC

UAC bypass for x64 Windows 7 - 11
C++
727
star
2

Marble

The CIA's Marble Framework is designed to allow for flexible and easy-to-use obfuscation when developing tools.
C++
224
star
3

SignToolEx

Patching "signtool.exe" to accept expired certificates for code-signing.
C++
219
star
4

Stinger

CIA UAC bypass implementation of Stinger that obtains the token from an auto-elevated process, modifies it, and reuses it to execute as Administrator.
C++
205
star
5

OffensiveLua

Offensive Lua.
Lua
146
star
6

Artillery

CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administrator.
C
146
star
7

ColorDataProxyUACBypass

Exploits undocumented elevated COM interface ICMLuaUtil via process spoofing to edit registry then calls ColorDataProxy to trigger UAC bypass. Win 7 & up.
C
130
star
8

WMIProcessWatcher

A CIA tradecraft technique to asynchronously detect when a process is created using WMI.
C++
113
star
9

tools

A collection of tools created for computer security research purposes.
Python
108
star
10

cve-2018-10933

cve-2018-10933 libssh authentication bypass
Dockerfile
107
star
11

backdoors

Tools for maintaining access to systems and proof-of-concept demonstrations.
Python
103
star
12

CompMgmtLauncher_DLL_UACBypass

CompMgmtLauncher & Sharepoint DLL Search Order hijacking UAC/persist via OneDrive
C++
100
star
13

MsSettingsDelegateExecute

Bypass UAC on Windows 10/11 x64 using ms-settings DelegateExecute registry key.
C++
74
star
14

pyongyang_2407

Pyongyang 2407 - Android ROM from North Korea, modified to run on WBW5511_MAINBOARD_P2 devices. Releases contains an archived ROM with all needed tools to boot DPRK Android on compatible hardware. This repository contains installation instructions, hardware documentation and exploits for disabling censorship tools of North Korea Android.
C
66
star
15

envschtasksuacbypass

Bypass UAC elevation on Windows 8 (build 9600) & above.
C++
53
star
16

documents

Papers, presentations and documents from the team at Hacker House.
Perl
47
star
17

shellcode

shellcode are codes designed to be injected into the memory space of another process during exploitation.
C
42
star
18

electionhacking

Diebold Accuvote-TSx Election Machine Hacking
C++
34
star
19

NoFaxGiven

Code Execution & Persistence in NETWORK SERVICE FAX Service
C++
30
star
20

Gigabyte_ElevatePersist

Giga-byte Control Center (GCC) is a software package designed for improved user experience of Gigabyte hardware, often found in gaming and performance PC's. A UAC elevation vulnerability exists that can be used for persistence in a novel fashion.
C++
30
star
21

AESCrypt

AES-256 Microsoft Cryptography API Example Use.
C++
27
star
22

rebirth

rebirth IOS11 - 11.3.1 jailbreak security research utility
C
22
star
23

cve-2021-34527

CVE-2021-34527 AddPrinterDriverEx() Privilege Escalation
C++
18
star
24

hackerhouse-opensource

Github profile
11
star
25

hfioquake3_DoS

ioquake3 engine is vulnerable to a remotely exploitable off-by-one overflow due to a miscalculated array index within the privileged admin console command banaddr. Attacker needs the rcon password to exploit this vulnerability.
Python
5
star