Mayank Deshmukh's Projects
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
This Bufferflow Guide includes instructions and the scripts necessary for Buffer Overflow Exploitation. This guide is a supplement for TheCyberMentor's walkthrough. Please watch his walkthrough if you're confused. Feel free to implement Pull Requests or raise Issues.
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Various code snippets
Writeups for infosec Capture the Flag events by team Galaxians
Exploit Code for CVE-2019-11447 aka CuteNews 2.1.2 Avatar upload RCE (Authenticated)
Bludit <= 3.9.2 - Authentication Bruteforce Mitigation Bypass Exploit/PoC
POC - Apache Tomcat Deserialization Vulnerability (CVE-2020-9484)
Atlassian Confluence Server 7.5.1 Pre-Authorization Arbitrary File Read vulnerability (CVE-2021-26085)
Atlassian Jira Server/Data Center 8.4.0 - Arbitrary File read (CVE-2021-26086)
POC for CVE-2021-34429 - Eclipse Jetty 11.0.5 Sensitive File Disclosure
POC for Infamous Log4j CVE-2021-44228
POC for CVE-2022-24124
Atlassian Confluence OGNL Injection Remote Code Execution (RCE) Vulnerability (CVE-2022-26134)
Atlassian Bitbucket Server and Data Center - Command Injection Vulnerability (CVE-2022-36804)
Control Web Panel 7 (CWP7) Remote Code Execution (RCE) (CVE-2022-44877) (Unauthenticated)
This tool scans for a number of common, vulnerable components (openssl, libpng, libxml2, expat and a few others) to let you know if your system includes common libraries with known vulnerabilities.
Digital Implementation of High Striker using FSR with PIC18F4550 Micro-controller
A simple PHP application deployed using Docker
The Backdrop CMS in a Docker Container.
Writeups for HacktheBox 'boot2root' machines
Tutorials and Things to Do while Hunting Vulnerability.
Keycloak 12.0.1 - 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated)
Authenticated Memcached Keys Brute force Script
Scripts that I wrote & used in HackTheBox and other CTF's
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228