Skip to content
/ PoC Public

Proof-of-Concept Exploits Based On Known CVE's

License

Notifications You must be signed in to change notification settings

SirCryptic/PoC

Repository files navigation

Proof-of-Concept Exploits

This repository contains a collection of PoC exploits for various vulnerabilities in popular software and systems. These PoCs are intended for educational and research purposes only, and should never be used to target or exploit systems without explicit permission from the owner.

Available PoCs

The following PoCs are currently available in this repository:

Description: Microsoft Exchange Server ProxyShell vulnerability (CVE-2022-20855) allows an attacker to execute arbitrary code on a Microsoft Exchange server by sending a specially crafted HTTP request to the server.

Description: The GNU Bash shell is vulnerable to a command injection vulnerability (CVE-2022-24115) that allows an attacker to execute arbitrary commands on a vulnerable system by sending a specially crafted HTTP request with a malicious user agent header.

Description: The Struts2 framework is vulnerable to a remote code execution vulnerability (CVE-2017-9834) that allows an attacker to execute arbitrary code on a vulnerable server by sending a specially crafted Content-Type header in a HTTP request.

This is a proof of concept (PoC) for the Windows Kernel Elevation of Privilege Vulnerability (CVE-2023-21773).

Description: The vulnerability allows a local attacker to elevate privileges on a vulnerable system. The vulnerability exists due to an incorrect implementation of the kernel access control list (ACL) check. A local attacker can exploit this vulnerability by running a specially crafted application and gaining elevated privileges. The PoC demonstrates how to exploit the vulnerability to elevate privileges on a vulnerable system. The PoC uses the NtSetInformationProcess function to modify the access token of the current process, granting the process SeDebugPrivilege. The PoC then spawns a new process with the elevated privileges using the CreateProcessWithTokenW function.

If i dont update the readme with CVE's available or info on them i genuinly cba , im sure you can understand if not meh yolo

Disclaimer

The author of this repository is not responsible for any damage caused by the use or misuse of these PoC exploits. These PoCs are intended for educational and research purposes only, and should never be used to target or exploit systems without explicit permission from the owner.

About

Proof-of-Concept Exploits Based On Known CVE's

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Sponsor this project

Packages

No packages published