MrFk's starred repositories
SpringBoot-Scan
针对SpringBoot的开源渗透框架,以及Spring相关高危漏洞利用工具
Supershell
Supershell C2 远控平台,基于反向SSH隧道获取完全交互式Shell
HiddenDesktop
HVNC for Cobalt Strike
520apkhook
将安卓远控Apk附加进普通的App中,运行新生成的App时,普通App正常运行,远控正常上线。Attach the Android remote control APK to a regular app. When the newly generated app is launched, the regular app operates as normal while the remote control goes online seamlessly.
mysql-fake-server
MySQL Fake Server (纯Java实现,支持GUI版和命令行版,提供Dockerfile,支持多种常见JDBC利用)
CVE-2023-21839
Weblogic CVE-2023-21839 / CVE-2023-21931 / CVE-2023-21979 一键检测
S-BlastingDictionary
自己搜集的爆破字典,包括常用用户名、密码弱口令、SQL万能密码等
Windows_LPE_AFD_CVE-2023-21768
LPE exploit for CVE-2023-21768
DirCreate2System
Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting
SSH-Harvester
Harvest passwords automatically from OpenSSH server
elevationstation
elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative
Arbitrium-RAT
Arbitrium is a cross-platform, fully undetectable remote access trojan, to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding rules
PassTheChallenge
Recovering NTLM hashes from Credential Guard
evil_minio
EXP for CVE-2023-28434 MinIO unauthorized to RCE
HexDnsEchoT
命令执行不回显但DNS协议出网的命令回显场景解决方案(修改为使用ceye接收请求,添加自定义DNS服务器)
CallStackMasker
A PoC implementation for dynamically masking call stacks with timers.
CobaltWhispers
CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process injection, persistence and more, leveraging direct syscalls (SysWhispers2) to bypass EDR/AV
CVE-2023-0179-PoC
针对(CVE-2023-0179)漏洞利用 该漏洞被分配为CVE-2023-0179,影响了从5.5到6.2-rc3的所有Linux版本,该漏洞在6.1.6上被测试。 漏洞的细节和文章可以在os-security上找到。
zentaopms_poc
禅道相关poc
CVE-2022-1040
This vulnerability allows an attacker to gain unauthorized access to the firewall management space by bypassing authentication