Ticketbleed - This is a tool for exploiting Ticketbleed (CVE-2016-9244) vulnerability.

  •        394

This tool is for exploiting Ticketbleed (CVE-2016-9244) vulnerability, the Ticketbleed library inside src folder is a modified version of go's crypto/tls, it has few changes inside handshake_client.go, tls.go, common.go files but it is almost same. Ticketbleed (CVE-2016-9244) is a software vulnerability in the TLS stack of certain F5 products that allows a remote attacker to extract up to 31 bytes of uninitialized memory at a time, which can contain any kind of random sensitive information, like in Heartbleed.

https://github.com/EgeBalci/Ticketbleed

Tags
Implementation
License
Platform

   




Related Projects

testssl.sh - Testing TLS/SSL encryption anywhere on any port

  •    Shell

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. Or help yourself downloading the ZIP archive https://github.com/drwetter/testssl.sh/archive/2.9dev.zip. testssl.sh --help will give you some help upfront. More help: see doc directory with man pages. Older sample runs are at https://testssl.sh/.

Exploit-Writeups - A collection where my current and future writeups for exploits/CTF will go

  •    

Welcome to my collection of exploit writeups. This repo is where my current and future writeups for public exploits, vulnerability research, and CTF challenge solves will go. Below is a directory of the current writeups that I've published. An overview of the PS4 kernel exploit codenamed "namedobj", which targets a type confusion vulnerability in the sys_namedobj_* Sony system calls. This overview covers the basic exploit strategy required to leverage the type confusion bug into a fully fledged exploit.

ghostunnel - A simple SSL/TLS proxy with mutual authentication for securing non-TLS services

  •    Go

Ghostunnel is a simple TLS proxy with mutual authentication support for securing non-TLS backend applications.Ghostunnel supports two modes, client mode and server mode. Ghostunnel in server mode runs in front of a backend server and accepts TLS-secured connections, which are then proxied to the (insecure) backend. A backend can be a TCP domain/port or a UNIX domain socket. Ghostunnel in client mode accepts (insecure) connections through a TCP or UNIX domain socket and proxies them to a TLS-secured service. In other words, ghostunnel is a replacement for stunnel.

scapy-ssl_tls - SSL/TLS layers for scapy the interactive packet manipulation tool

  •    Python

SSL/TLS layers for scapy the interactive packet manipulation tool. SSL/TLS and DTLS layers and TLS utiltiy functions for Scapy.

gef - GEF - GDB Enhanced Features for exploit devs & reversers

  •    Python

GEF is a kick-ass set of commands for X86, ARM, MIPS, PowerPC and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploiters and reverse-engineers, to provide additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development. It has full support for both Python2 and Python3 indifferently (as more and more distros start pushing gdb compiled with Python3 support).


linux-exploit-suggester - Linux privilege escalation auditing tool

  •    Shell

Often during the penetration test engagement the security analyst faces the problem of identifying privilege escalation attack vectors on tested Linux machine(s). One of viable attack vectors is using publicly known Linux exploit to gain root privileges on tested machine. Of course in order to do that the analyst needs to identify the right PoC exploit, make sure that his target is affected by the associated vulnerability and finally modify the exploit to suit his target. The linux-exploit-suggester.sh tool is designed to help with these activities. In this mode the analyst simply provides kernel version (--kernel switch) or uname -a command output (--uname switch) and receives list of candidate exploits for a given kernel version.

mesalink - MesaLink is a memory-safe and OpenSSL-compatible TLS library.

  •    Rust

MesaLink is a memory-safe and OpenSSL-compatible TLS library. Since 2014, the industry has seen a huge impact and loss due to memory vulnerabilities in TLS stacks; such as the infamous "Heartbleed" bug. MesaLink is born with the goal of eradicating memory vulnerabilities in TLS stacks; and it is written in Rust, a programming language that guarantees memory safety. This significantly reduces the attack surfaces; which further facilitates auditing and restricting the remaining attack surfaces. MesaLink is cross-platform and provides OpenSSL-compatible APIs. It works seamlessly in desktop, mobile, and IoT devices. With the growth of the ecosystem, MesaLink would also be adopted in the server environment in the future. To get better functionality along with strong security guarantees, MesaLink follows the following rules-of-thumb for hybrid memory-safe architecture designing proposed by the Rust SGX SDK project.

wolfssl - (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud

  •    C

The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support.

exploit-database - The official Exploit Database repository

  •    C

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits, shellcode and papers gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and Proof-of-Concepts rather than advisories, making it a valuable resource for those who need actionable data right away. You can learn more about the project here (about) and here (history). This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary exploits repository.

exploit-database-bin-sploits - Exploit Database binary exploits located in the /sploits directory

  •    Python

Binary exploits are located in the /bin-sploits/ directory. The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits, shellcode and papers gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and Proof-of-Concepts rather than advisories, making it a valuable resource for those who need actionable data right away. You can learn more about the project here (about) and here (history).

exploit-database-papers - exploit-database-papers

  •    Shell

The papers are located in the /docs/and /papers/ directories and /ezines/ contains various magazines. An index of the paper archives can be found in /files_papers.csv. The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits, shellcode and papers gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and Proof-of-Concepts rather than advisories, making it a valuable resource for those who need actionable data right away. You can learn more about the project here (about) and here (history).

OWASP-Xenotix-XSS-Exploit-Framework - OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework

  •    Python

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation. Antivirus Solutions may detect it as a threat. However it is due to the features in the exploitation framework.

PS4-4.05-Kernel-Exploit - A fully implemented kernel exploit for the PS4 on 4.05FW

  •    Javascript

In this project you will find a full implementation of the "namedobj" kernel exploit for the PlayStation 4 on 4.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This release however, does not contain any code related to defeating anti-piracy mechanisms or running homebrew. This exploit does include a loader that listens for payloads on port 9020 and will execute them upon receival. You can find fail0verflow's original write-up on the bug here, you can find my technical write-up which dives more into implementation specifics here.

PS4-4.55-Kernel-Exploit - A fully implemented kernel exploit for the PS4 on 4.55FW

  •    Javascript

In this project you will find a full implementation of the "bpf" kernel exploit for the PlayStation 4 on 4.55. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This release however, does not contain any code related to defeating anti-piracy mechanisms or running homebrew. This exploit does include a loader that listens for payloads on port 9020 and will execute them upon receival. This bug was discovered by qwertyoruiopz, and can be found hosted on his website here.

PS4-5.05-Kernel-Exploit - A fully implemented kernel exploit for the PS4 on 5.05FW

  •    Javascript

In this project you will find a full implementation of the second "bpf" kernel exploit for the PlayStation 4 on 5.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This exploit also contains autolaunching code for Mira and Vortex's HEN payload. Subsequent loads will launch the usual payload launcher. This bug was discovered by qwertyoruiopz, and can be found hosted on his website here. The GitHub Pages site automatically generated from this repository should also work.

php-exploit-scripts - A collection of PHP exploit scripts, found when investigating hacked servers

  •    PHP

A collection of PHP exploit scripts, found when investigating hacked servers. These are stored for educational purposes and to test fuzzers and vulnerability scanners. Feel free to contribute. Yes, obviously. Don't copy them and store them on your own server. These are scripts found on hacked systems, so they're used to exploit the server and abuse some kind of vulnerability.

Findsploit - Find exploits in local and online databases instantly

  •    Shell

Findsploit is a simple bash script to quickly and easily search both local and online exploit databases. This repository also includes "copysploit" to copy any exploit-db exploit to the current directory and "compilesploit" to automatically compile and run any C exploit (ie. ./copysploit 1337.c && ./compilesploit 1337.c). This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use.

h4cker - This repository is primarily maintained by Omar Santos and includes resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more

  •    Java

This repository includes thousands of cybersecurity-related references and resources and it is maintained by Omar Santos. This GitHub repository has been created to provide supplemental material to several books, video courses, and live training created by Omar Santos and other co-authors. It provides over 6,000 references, scripts, tools, code, and other resources that help offensive and defensive security professionals learn and develop new skills. This GitHub repository provides guidance on how build your own hacking environment, learn about offensive security (ethical hacking) techniques, vulnerability research, exploit development, reverse engineering, malware analysis, threat intelligence, threat hunting, digital forensics and incident response (DFIR), includes examples of real-life penetration testing reports, and more. These courses serve as comprehensive guide for any network and security professional who is starting a career in ethical hacking and penetration testing. It also can help individuals preparing for the Offensive Security Certified Professional (OSCP), the Certified Ethical Hacker (CEH), CompTIA PenTest+ and any other ethical hacking certification. This course helps any cyber security professional that want to learn the skills required to becoming a professional ethical hacker or that want to learn more about general hacking methodologies and concepts.

pwntools - CTF framework and exploit development library

  •    Python

Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible. You can now do a live demo of Pwntools, right in your browser.