Giter Site home page Giter Site logo

sparkns's Projects

pltools icon pltools

整理一些内网常用渗透小工具

poc-exp icon poc-exp

收集或编写各种漏洞PoC、ExP

poclist icon poclist

Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE/金山-V8-终端安全系统/NCCloud-SQLinjection/ShowDoc-RCE

pocsploit icon pocsploit

a lightweight, flexible and novel open source poc verification framework

priv2admin icon priv2admin

Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.

r77-rootkit icon r77-rootkit

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

remotepotato0 icon remotepotato0

Just another "Won't Fix" Windows Privilege Escalation from User to Domain Admin.

responder icon responder

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

reverse_dirty icon reverse_dirty

更改的脏牛提权代码,可以往任意文件写入任意内容

roguepotato icon roguepotato

Another Windows Local Privilege Escalation from Service Account to System

safetykatz icon safetykatz

SafetyKatz是@gentilkiwi的Mimikatz项目和@subTee的.NET PE Loader 的略微修改版本的组合

sam-the-admin icon sam-the-admin

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

sharpdecryptpwd icon sharpdecryptpwd

对密码已保存在 Windwos 系统上的部分程序进行解析,包括:Navicat,TeamViewer,FileZilla,WinSCP,Xmangager系列产品(Xshell,Xftp)。

sharpdpapi icon sharpdpapi

SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.

sharpeventlog icon sharpeventlog

c# 读取登录过本机的登录失败或登录成功(4624,4625)的所有计算机信息,在内网渗透中快速定位运维管理人员。

sharpnetcheck icon sharpnetcheck

在内网渗透过程中,对可以出网的机器是十分渴望的。在收集大量弱口令的情况下,一个一个去测试能不能出网太麻烦了。所以就有了这个工具,可配合如wmiexec、psexec等横向工具进行批量检测,该工具可以在dnslog中回显内网ip地址和计算机名,可实现内网中的快速定位可出网机器。

sharpsqltools icon sharpsqltools

SharpSQLTools 和@Rcoil一起写的小工具,可上传下载文件,xp_cmdshell与sp_oacreate执行命令回显和clr加载程序集执行相应操作。

sharptoolsaggressor icon sharptoolsaggressor

内网渗透中常用的c#程序整合成cs脚本,直接内存加载。持续更新~

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.