ba0z1's repositories
CDK
CDK is an open-sourced container penetration toolkit, offering stable exploitation in different slimmed containers without any OS dependency. It comes with penetration tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily.
cve-2020-0688
cve-2020-0688
CVE-2020-0787-EXP-ALL-WINDOWS-VERSION
Support ALL Windows Version
CVE-2022-0995
CVE-2022-0995 exploit
CVE-2022-39197
CobaltStrike <= 4.7.1 RCE
DnfHelper-C
C++ 地下城与勇士-辅助
DnfHelper-Python
Python-地下城与勇士-dnf工具
exchange-ssrf-rce
exchange-ssrf-rce
follina.py
Quick POC to replicate the 'Follina' Office RCE vulnerability for local testing purposes
goproxy
Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port forwarding, SSH forwarding.Proxy是golang实现的高性能http,https,websocket,tcp,socks5代理服务器,支持内网穿透,链式代理,通讯加密,智能HTTP,SOCKS5代理,黑白名单,限速,限流量,限连接数,跨平台,KCP支持,认证API。
H
H是一款强大的资产收集管理平台
jackson-rce-via-spel
An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions
Java
关于学习java安全的一些知识,正在学习中ing,欢迎fork and star
javasec
自己学习java安全的一些总结,主要是安全审计相关
JNDI-Inject-Exploit
解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用,探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入
ProxyLogon
ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)
RabR
Redis-Attack By Replication (通过主从复制攻击Redis)
requests-html
Pythonic HTML Parsing for Humans™
shiro_attack
shiro反序列化漏洞综合利用,包含(回显执行命令/注入内存马)
ShortPayload
如何将Java反序列化Payload极致缩小
StopDefender
Stop Windows Defender programmatically
vnote
A pleasant note-taking platform.
yaml-payload-for-ruoyi
A memory shell for ruoyi
zsxq
Hacking自动化就是好玩的星球相关