CVE-2018-8120 - CVE-2018-8120 Windows LPE exploit

  •        31

Supports both x32 and x64. Tested on: Win7 x32, Win7 x64, Win2008 x32, Win2008 R2 x32, Win2008 R2 Datacenter x64, Win2008 Enterprise x64.

https://github.com/unamer/CVE-2018-8120

Tags
Implementation
License
Platform

   




Related Projects

CVE-2018-7600 - 💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002

  •    Python

IMPORTANT: Is provided only for educational or information purposes. CVE-2018-7600 / SA-CORE-2018-002 Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

spectre-meltdown-checker - Spectre & Meltdown vulnerability/mitigation checker for Linux

  •    Shell

A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018. For Linux systems, the script will detect mitigations, including backported non-vanilla patches, regardless of the advertised kernel version number and the distribution (such as Debian, Ubuntu, CentOS, RHEL, Fedora, openSUSE, Arch, ...), it also works if you've compiled your own kernel.

SpecuCheck - SpecuCheck is a Windows utility for checking the state of the software mitigations against CVE-2017-5754 (Meltdown) and hardware mitigations against CVE-2017-5715 (Spectre)

  •    C

SpecuCheck is a Windows utility for checking the state of the software and hardware mitigations against CVE-2017-5754 (Meltdown), CVE-2017-5715 (Spectre v2), CVE-2018-3260 (Foreshadow), and CVE-2018-3639 (Spectre v4). It uses two new information classes that were added to the NtQuerySystemInformation API call as part of the recent patches introduced in January 2018 and reports the data as seen by the Windows Kernel. An official Microsoft Powershell Cmdlet Module now exists as well, which is the recommended and supported way to get this information.


NXLoader - My first Android app: Launch Fusée Gelée payloads from stock Android (CVE-2018-6242)

  •    Java

This app is currently in "Alpha" state, it's my first Android app and there is some rather disgusting code (Potentially blocking tasks on the UI thread 🤢). This will be improved soon™. For anyone who wants to look at the exploit source, the magic happens here.

CVE-2018-9995_dvr_credentials - (CVE-2018-9995) Get DVR Credentials

  •    Python

(CVE-2018-9995) Get DVR Credentials

CVE-2018-8897 - Arbitrary code execution with kernel privileges using CVE-2018-8897.

  •    C++

Demo exploitation of the POP SS vulnerability (CVE-2018-8897), leading to unsigned code execution with kernel privilages.

CVE-2017-8759-Exploit-sample - Running CVE-2017-8759 exploit sample.

  •    

Running CVE-2017-8759 exploit sample. If all is good mspaint should run.

Am-I-affected-by-Meltdown - Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a

  •    C++

Checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN. The basic idea is that user will know whether or not the running system is properly patched with something like KAISER patchset (https://lkml.org/lkml/2017/10/31/884) for example.

awesome-cve-poc - ✍️ A curated list of CVE PoCs.

  •    

✍️ A curated list of CVE PoCs.Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you might also want to check out awesome-web-security.

tpwn - xnu local privilege escalation via cve-2015-???? & cve-2015-???? for 10

  •    Objective-C

xnu local privilege escalation via cve-2015-???? & cve-2015-???? for 10.10.5, 0day at the time | poc or gtfo

pacemaker - Heartbleed (CVE-2014-0160) client exploit

  •    Python

Attempts to abuse OpenSSL clients that are vulnerable to Heartbleed (CVE-2014-0160). Compatible with Python 2 and 3. Subsequent lines full of NUL bytes are folded into one with an * thereafter (like the xxd tool).

CVE-2016-0051 - EoP (Win7) & BSoD (Win10) PoC for CVE-2016-0051 (MS-016)

  •    CSharp

Proof-of-concept BSoD (Blue Screen of Death) and Elevation of Privilege (to SYSTEM) code for my CVE-2016-0051 (MS-016).

pcileech - Direct Memory Access (DMA) Attack Software

  •    C

PCILeech uses PCIe hardware devices to read and write from the target system memory. This is achieved by using DMA over PCIe. No drivers are needed on the target system. PCILeech works without hardware together with memory dump files and the Windows 7/2008R2 x64 Total Meltdown / CVE-2018-1038 vulnerability.

Bad-Pdf - Steal Net-NTLM Hash using Bad-PDF

  •    Python

Bad-PDF create malicious PDF file to steal NTLM(NTLMv1/NTLMv2) Hashes from windows machines, it utilize vulnerability disclosed by checkpoint team to create the malicious PDF file. Bad-Pdf reads the NTLM hashes using Responder listener. This method work on all PDF readers(Any version) and java scripts are not required for this attack, most of the EDR/Endpoint solution fail to detect this attack.

cvechecker

  •    C

cvechecker is an application that allows you to pull in the (latest) CVE entries and match these against your own system. The application attempts to discover the installed versions and lists those that are a potential target for an existing CVE.

cvebrowser - A CVE web browser

  •    Java

COMMON VULNERABILITIES AND EXPOSURES (CVEŽ) DATABASE BROWSER, CVEBROWSER A web search engine for the CVE dictionary, targeted to be used on a intranet. CVEBrowser uses Java Servlets / JSP and MySQL and its designed to work well on RedHat

CVE

  •    

CVE is a collaborative virtual environment for education, especially computer science, a combination of a Multiuser Online 3D world and a collaborative integrated development environment.

Heartbleed - A checker (site and tool) for CVE-2014-0160

  •    Go

A checker (site and tool) for CVE-2014-0160.See the online FAQ for an explanation of error messages including TIMEOUT and BROKEN PIPE.





We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.