vysecurity/IIS_exploit vysecurity/IIS_exploit

  • Stars
    star
    2
  • Language
    Python
  • Created over 7 years ago
  • Updated almost 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
vysecurity/IIS_exploit
github

vysecurity

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.

More Repositories

1

RedTips

Red Team Tips as posted by @vysecurity on Twitter
1,015
star
2

LinkedInt

LinkedIn Recon Tool
Python
941
star
3

DomLink

A tool to link a domain with registered organisation names and emails, to other domains.
Python
781
star
4

DomainFrontingLists

A list of Domain Frontable Domains by CDN
532
star
5

morphHTA

morphHTA - Morphing Cobalt Strike's evil.HTA
Python
500
star
6

ANGRYPUPPY

Bloodhound Attack Path Automation in CobaltStrike
PowerShell
307
star
7

IPFuscator

IPFuscator - A tool to automatically generate alternative IP representations
Python
238
star
8

Aggressor-VYSEC

PowerShell
195
star
9

CVE-2017-8759

CVE-2017-8759 - A vulnerability in the SOAP WDSL parser.
174
star
10

ps1-toolkit

Obfuscated Penetration Testing PowerShell scripts
PowerShell
123
star
11

genHTA

Generates anti-sandbox analysis HTA files without payloads
Python
114
star
12

CVE-2018-4878

Aggressor Script to launch IE driveby for CVE-2018-4878
88
star
13

checkO365

checkO365 is a tool to check if a target domain is using O365
Python
84
star
14

CobaltSplunk

Splunk Dashboard for CobaltStrike logs
Python
83
star
15

ATT-CK_Analysis

Repository for my ATT&CK analysis research.
Python
70
star
16

FSharp-Shellcode

F# Implementation to spawn shellcode
F#
45
star
17

Invoke-ProcessScan

Gives context to a system. Uses EQGRP shadow broker leaked list to give some descriptions to processes.
PowerShell
42
star
18

AzureAppC2

A script that can be deployed to Azure App for C2 / Proxy / Redirector
Python
27
star
19

basicAuth

Basic Auth Phish page
PHP
25
star
20

ShellcodeConversion

A collection of shell code conversion scripts that I have written over time for repetitive tasks
Python
18
star
21

RDPInception

A script to attack users who are RDPing into a machine and recurse this attack. For security testers and attack simulations.
Batchfile
18
star
22

Office365TenantsList

Office365 Tenants List
16
star
23

WindfarmDynamite-CNA

CobaltStrike Aggressor Script to utilise FuzzySec's Windows Notification Framework Research to Spawn a Shell under Explorer.exe
15
star
24

EmpireAMSI

PowerShell
13
star
25

DoH-Servers

DNS over HTTPS Servers
12
star
26

BadIP

Bad Security Vendor IPs
Shell
10
star
27

wepwnise

A generator to weaponize Macro payloads that can evade EMET and utilises native VB migration.
Python
9
star
28

PWNDB

Parse PWNDB
Python
8
star
29

autovpn

Easily connect to a VPN in a country of your choice
Go
7
star
30

CloudServiceLists

Tenants list for each cloud service.
6
star
31

CVE-2020-0796

CVE-2020-0796 - Working PoC - 20200313
6
star
32

vysecurity

6
star
33

PacketParser

A cap/pcap packet parser to make life easier when performing stealth/passive reconnaissance.
Python
5
star
34

SCTPersistence

Create COM Objects backed by Scripts, not DLLs
JavaScript
5
star
35

nuclei-templates-notags

5
star
36

CVE-2021-40444

3
star
37

DriverVulnCheck

Takes Bruteratel `drivers` output and checks it against loldrivers.io
Python
3
star
38

Linkedin_Connect_NEWUI

A Python Script that controls Selenium to automate the process of connecting on LinkedIn
Python
2
star
39

malleable-profiles

2
star
40

test-conf

1
star
41

Archive

Archive
1
star
42

vysecurity.github.io

HTML
1
star
43

DomainFrontingProxies

A list of Domain Fronting Proxies that are known to permit or break Domain Fronting
1
star
44

HOLYWATER

1
star
45

nextjs-blog-theme

1
star