Dor Tumarkin's repositories
CVE-2021-25641-Proof-of-Concept
Apache/Alibaba Dubbo <= 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Data; Affects Versions <= 2.7.6 With Different Gadgets
CVE-2019-17564-FastJson-Gadget
Basic code for creating the Alibaba FastJson + Spring gadget chain, as used to exploit Apache Dubbo in CVE-2019-17564 - more information available at https://www.checkmarx.com/blog/apache-dubbo-unauthenticated-remote-code-execution-vulnerability
Browserat
A POC reverse shell that can utilize multiple major web-browsers to provide remote access. Intended to demonstrate remote control of an endpoint within a high security network, if that endpoint is configured to use a web-proxy to access the internet without a whitelist.
ActivitySurrogateSelector-.NET-3.5-Exploit-Generator
Simple tool to create deserialization attack gadget chains for older .NET 3.5 applications using BinaryFormatter, ObjectStateFormatter, SoapFormatter or LosFormatter. Original ActivitySurrogateSelectorGenerator by James Forshaw.
MSMQ-BinaryMessageFormatter-Exploit-for-.NET-3.5
This exploit was demonstrated in the talk "(DE)SERIAL KILLERS" in BSides Las Vegas 2018. It demonstrates exploitation in .NET 3.5 against demo code provided by Microsoft for BinaryMessageFormatter, at https://msdn.microsoft.com/en-us/library/system.messaging.binarymessageformatter(v=vs.110).aspx and the LargeMessageQueue demo app by Microsoft at https://github.com/Microsoft/Windows-classic-samples/tree/master/Samples/Win7Samples/netds/messagequeuing/LargeMessageQueue/CS
MSMQ-BinaryMessageFormatter-Exploit-for-.NET-4.5
This exploit was demonstrated in the talk "(DE)SERIAL KILLERS" in BSides Las Vegas 2018. It demonstrates exploitation against demo code provided by Microsoft for BinaryMessageFormatter, at https://msdn.microsoft.com/en-us/library/system.messaging.binarymessageformatter(v=vs.110).aspx in .NET 4.5