• Stars
    star
    51
  • Rank 568,706 (Top 12 %)
  • Language
    Java
  • Created over 3 years ago
  • Updated over 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Tool to encrypt/decrypt backup packages created by Huawei Hisuite.

More Repositories

1

gcp-dhcp-takeover-code-exec

Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent
Go
532
star
2

curlshell

reverse shell using curl
Python
444
star
3

ADB-Backup-APK-Injection

Android ADB backup APK Injection POC
138
star
4

dfwfw

Docker Firewall Framework
Perl
130
star
5

jackson-rce-via-spel

An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions
Java
121
star
6

CVE-2020-1313

Proof of concept exploit of Windows Update Orchestrator Service Elevation of Privilege Vulnerability
C++
120
star
7

CVE-2020-0728

Proof of Concept code for CVE-2020-0728
C++
46
star
8

apache-openoffice-rce-via-uno-links

35
star
9

php-bypass-disable-functions

Demo project how to bypass the disable_functions security control of PHP on Linux
PHP
24
star
10

microsoft-diagcab-rce-poc

Proof of concept about a path traversal vulnerability in Microsoft's Diagcab technology that could lead to remote code execution
Perl
22
star
11

CVE-2020-1967

Proof of concept exploit about OpenSSL signature_algorithms_cert DoS flaw (CVE-2020-1967)
19
star
12

lgosp-poc

LG On Screen Phone authentication bypass PoC (CVE-2014-8757)
Perl
14
star
13

struts-any-results

Demonstrating why Dynamic Method Invocation with unrestricted method names (the old default of Struts) is dangerous.
Java
12
star
14

golang-insecureskipverify-patch

Simple patcher tool to turn off TLS handshake validation in golang binaries
C
12
star
15

google-osconfig-privesc

Proof of concept about the privilege escalation flaw identified in Google's Osconfig
Python
10
star
16

CVE-2022-20128

Android Debug Bridge (adb) was vulnerable to directory traversal attacks that could have been mounted by rogue/compromised adb daemons during an adb pull operation.
Python
8
star
17

microsoft-diaghub-case-sensitivity-eop-cve

Proof of concept code about the Microsoft Diaghub case sensitivity Elevation of Privileges vulnerability
C#
8
star
18

tcp-http-proxy

A potential solution for OpenWRT + Mitmproxy
C
5
star
19

gnu-patch-vulnerabilities

The GNU patch utility was prone vulnerable to multiple attacks through version 2.7.6. You can find my related PoC files here.
5
star
20

mysql-load-data-local-abuse

Abusing MySQL's LOAD DATA LOCAL feature
Perl
4
star
21

golang-http2debug-onthefly

Tool to activate http2debug feature of golang on the fly.
Shell
3
star
22

go-reproto

An experimental tool to reconstruct proto definitions based on golang binaries
Perl
3
star
23

cloud-sql-auth-proxy-iam-mitm

PoC tool to demonstrate an MitM attack against Google's Cloud SQL authentication proxy product.
Go
2
star
24

pcap-proxy

A simple userland TCP proxy application that captures the network flow into a .pcap file
Perl
2
star
25

CVE-2022-3168-adb-unexpected-reverse-forwards

Proof of concept code to exploit flaw in adb that allowed opening network connections on the host to arbitrary destinations
Python
2
star
26

icedtea-web-vulnerabilities

Hosting proof of concept exploit code of the remote code execution vulnerabilities in the IcedTea-Web Java webstart implementation.
2
star
27

postgres-proxy-cloudsql-iam-vuln

A PoC proxy script that allowed me to extract access tokens from the Postgres wire messages in Google Cloud SQL.
Perl
1
star
28

cloud-shell-ssrf

Google Cloud Shell SSRF feature PoC tool
Python
1
star
29

grpcurl-for-android

gRPCurl precompiled binaries for Android
1
star
30

rdiff-backup

Simple docker image around rdiff-backup
Shell
1
star
31

raiffeisen-direktnet

Transaction parser for the Raiffeisen Direktnet banking website
Perl
1
star
32

hikvision-motion

SMTP server to receive HikVision camera/NVR notifications in order to post process the stream/images with GCP Vision AI (object tagging). Push notification to your device.
Python
1
star
33

p1x1

Open-source web application for cataloging and archiving private photos in S3 compatible stores, protecting content via a full-browser, client-side encryption logic.
TypeScript
1
star
34

proftpd-mysql-password

Support for MySQL PASSWORD() in Proftpd's SQLAuthTypes
C
1
star