Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

Last update: Dec 22, 2022

Overview

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

Known issues

it will not work outside kali , i will update it later on :)

Check out

Owner

Hossam

cyber pharaoh to be

GitHub Repository

log4j2 passive burp rce scanning tool get post cookie full parameter recognition

log4j2_burp_scan 自用脚本log4j2 被动 burp rce扫描工具 get post cookie 全参数识别，在ceye.io api速率限制下，最大线程扫描每一个参数，记录过滤已检测地址，重复地址 token替换为你自己的http://ceye.io/ token 和域名地址

5 Dec 10, 2021

CVE-2021-40346 integer overflow enables http smuggling

CVE-2021-40346-POC CVE-2021-40346 integer overflow enables http smuggling Reference: https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021

34 Nov 15, 2022

Docker Compose based system for running remote browsers (including Flash and Java support) connected to web archives

pywb Remote Browsers This repository provides a simple configuration for deploying any pywb with remote browsers provided by OWT/Shepherd Remote Brows

10 Jul 28, 2022

Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.

9 Sep 27, 2022

A bitcoin private keys brute-forcing tool. Educational purpose only.

BitForce A bitcoin private keys brute-forcing tool. If you have an average computer, his will take decades to find a private key with balance. Run Mak

2 Dec 20, 2022

Proof of concept to check if hosts are vulnerable to CVE-2021-41773

CVE-2021-41773 PoC Proof of concept to check if hosts are vulnerable to CVE-2021-41773. Description (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV

43 Nov 09, 2022

AttractionFinder - 2022 State Qualified FBLA Attraction Finder Application

Attraction Finder Developers: Riyon Praveen, Aaron Bijoy, & Yash Vora How It Wor

2 Feb 09, 2022

A toolkit for web reconnaissance, it's fast and easy to use.

A toolkit for web reconnaissance, it's fast and easy to use. File Structure httpsuite/ main.py init.py db/ db.py init.py subdomains_db directories_db

22 Jul 22, 2022

A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs. Fuzzing for more

4 Aug 08, 2022

A knockoff social-engineer toolkit

The Python SE Dopp Kit is a social engineering toolkit with many purposes. It contains 5 different modules designed to be of assistance in different s

48 Nov 26, 2022

This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature

rpckiller This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature and with that you can further try to escalate

33 Sep 23, 2022

Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead (< v3.6.5) if the CGI is enabled and a CGI program is dynamically linked.

GoAhead RCE Exploit Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead ( v3.6.5) if the CGI is enabled and a CGI program is dynamic

2 Dec 12, 2021

DomainMonitor is a web project that has a RESTful API to get a domain's subdomains and whois data.

2 Feb 05, 2022

A simple python script for hosting a Snowflake Proxy in your python program or with it's standalone cli

snowflake-cli Snowflake is a system to defeat internet censorship, made by Tor Project. The system works by volunteers who run the snowflake extension

6 Jul 14, 2022

A simple way to store your passwords without requiring third party applications

SimplePasswordManager A simple way to store your passwords without requiring third party applications Simple To Use. Store Your Passwords For Each Web

1 Dec 23, 2021

Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potential blockers.

Fuzz introspector Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potenti

221 Jan 01, 2023

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

Related tags

Overview

Known issues

Check out

Owner

Hossam

log4j2 passive burp rce scanning tool get post cookie full parameter recognition

CVE-2021-40346 integer overflow enables http smuggling

Docker Compose based system for running remote browsers (including Flash and Java support) connected to web archives

Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.

A bitcoin private keys brute-forcing tool. Educational purpose only.

Proof of concept to check if hosts are vulnerable to CVE-2021-41773

AttractionFinder - 2022 State Qualified FBLA Attraction Finder Application

A toolkit for web reconnaissance, it's fast and easy to use.

A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

A knockoff social-engineer toolkit

This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature

Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead (< v3.6.5) if the CGI is enabled and a CGI program is dynamically linked.

DomainMonitor is a web project that has a RESTful API to get a domain's subdomains and whois data.

A simple python script for hosting a Snowflake Proxy in your python program or with it's standalone cli

A simple way to store your passwords without requiring third party applications

Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potential blockers.

A traceroute tool that also displays IP information

CVE-2021-26855: PoC (Not a HoneyPoC for once!)

Notebooks, slides and dataset of the CorrelAid Machine Learning Winter School

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user