Photos from National Cyber Security Services's post
CVE-2019-18935:-- #RCE #exploit for a .NET #deserialization #vulnerability in #Telerik UI for ASP.NET AJAX.
This exploit leverages #encryption logic from RAU_crypto. The RAUCipher class within RAU_crypto.py depends on PyCryptodome, a drop-in replacement for the dead PyCrypto module. #PyCryptodome and #PyCrypto create problems when installed in the same environment, so the best way to satisfy this dependency is to install the module within a virtual environment, as shown above.
#Download #Link:-
https://github.com/noperator/CVE-2019-18935
CVE-2019-18935:-- #RCE #exploit for a .NET #deserialization #vulnerability in #Telerik UI for ASP.NET AJAX.
This exploit leverages #encryption logic from RAU_crypto. The RAUCipher class within RAU_crypto.py depends on PyCryptodome, a drop-in replacement for the dead PyCrypto module. #PyCryptodome and #PyCrypto create problems when installed in the same environment, so the best way to satisfy this dependency is to install the module within a virtual environment, as shown above.
#Download #Link:-
https://github.com/noperator/CVE-2019-18935
GitHub
GitHub - noperator/CVE-2019-18935: RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX.
RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX. - noperator/CVE-2019-18935
Photos from National Cyber Security Services's post
Morpheus:-- Automated #Ettercap TCP/ #IP (MITM-hijacking Tool).
#Morpheus it's a Man-In-The-Middle (#MITM) suite that allows users to manipulate
#TCP/ #UDP data using #Ettercap, urlsnarf, msgsnarf, and tcpkill as backend applications.
but this tool main objective it's not to provide an easy way to #exploit/ #sniff targets,
but rather a call of attempting to TCP/UDP manipulations technics (etter filters)
Version release: v2.2 - STABLE
Author: Pedro #ubuntu [ r00t-3xp10it ]
Codename: Oneiroi Phobetor (The mithologic dream Greek god)
#Distros Supported: #Linux Ubuntu, #Kali, #Debian, #BackBox, #ParrotOS
#Download #Link:-
https://github.com/r00t-3xp10it/morpheus
Morpheus:-- Automated #Ettercap TCP/ #IP (MITM-hijacking Tool).
#Morpheus it's a Man-In-The-Middle (#MITM) suite that allows users to manipulate
#TCP/ #UDP data using #Ettercap, urlsnarf, msgsnarf, and tcpkill as backend applications.
but this tool main objective it's not to provide an easy way to #exploit/ #sniff targets,
but rather a call of attempting to TCP/UDP manipulations technics (etter filters)
Version release: v2.2 - STABLE
Author: Pedro #ubuntu [ r00t-3xp10it ]
Codename: Oneiroi Phobetor (The mithologic dream Greek god)
#Distros Supported: #Linux Ubuntu, #Kali, #Debian, #BackBox, #ParrotOS
#Download #Link:-
https://github.com/r00t-3xp10it/morpheus
NekoBot:-- Auto #Exploiter With 500+ #Exploit 2000+ #Shell.
#NekoBot is an auto exploit #tool to facilitate the #penetration of one or many #websites (#Wordpress, #Joomla, #Drupal, #Magento, #Opencart, and Etc).
Features :
[+] Wordpress :
1- Cherry-Plugin
2- download-manager Plugin
3- wysija-newsletters
4- Slider Revolution [#Revslider]
5- gravity-forms
etc.
[+] Joomla
1- Com_adsmanager
2- Com_alberghi
3- Com_CCkJseblod
4- Com_extplorer
5- Com_Fabric
etc.
[+] Drupal :
1- Drupal Add admin geddon1
2- Drupal #RCE geddon2
3- Drupal 8 RCE RESTful
4- Drupal #MailChimp
5- Drupal Php-curl-class
etc.
[+] Magento :
1- Shoplift
2- Magento Default user pass
[+] Oscommerce
1- OsCommerce Core 2.3 RCE Exploit
opencart
[+] OTHER :
1- Env Exploit
2- #SMTP CRACKER
3- CV
#Download #Link:-
https://github.com/tegal1337/NekoBotV1
NekoBot:-- Auto #Exploiter With 500+ #Exploit 2000+ #Shell.
#NekoBot is an auto exploit #tool to facilitate the #penetration of one or many #websites (#Wordpress, #Joomla, #Drupal, #Magento, #Opencart, and Etc).
Features :
[+] Wordpress :
1- Cherry-Plugin
2- download-manager Plugin
3- wysija-newsletters
4- Slider Revolution [#Revslider]
5- gravity-forms
etc.
[+] Joomla
1- Com_adsmanager
2- Com_alberghi
3- Com_CCkJseblod
4- Com_extplorer
5- Com_Fabric
etc.
[+] Drupal :
1- Drupal Add admin geddon1
2- Drupal #RCE geddon2
3- Drupal 8 RCE RESTful
4- Drupal #MailChimp
5- Drupal Php-curl-class
etc.
[+] Magento :
1- Shoplift
2- Magento Default user pass
[+] Oscommerce
1- OsCommerce Core 2.3 RCE Exploit
opencart
[+] OTHER :
1- Env Exploit
2- #SMTP CRACKER
3- CV
#Download #Link:-
https://github.com/tegal1337/NekoBotV1
#NekoBot is an auto exploit #tool to facilitate the #penetration of one or many #websites (#Wordpress, #Joomla, #Drupal, #Magento, #Opencart, and Etc).
Features :
[+] Wordpress :
1- Cherry-Plugin
2- download-manager Plugin
3- wysija-newsletters
4- Slider Revolution [#Revslider]
5- gravity-forms
etc.
[+] Joomla
1- Com_adsmanager
2- Com_alberghi
3- Com_CCkJseblod
4- Com_extplorer
5- Com_Fabric
etc.
[+] Drupal :
1- Drupal Add admin geddon1
2- Drupal #RCE geddon2
3- Drupal 8 RCE RESTful
4- Drupal #MailChimp
5- Drupal Php-curl-class
etc.
[+] Magento :
1- Shoplift
2- Magento Default user pass
[+] Oscommerce
1- OsCommerce Core 2.3 RCE Exploit
opencart
[+] OTHER :
1- Env Exploit
2- #SMTP CRACKER
3- CV
#Download #Link:-
https://github.com/tegal1337/NekoBotV1
NekoBot:-- Auto #Exploiter With 500+ #Exploit 2000+ #Shell.
#NekoBot is an auto exploit #tool to facilitate the #penetration of one or many #websites (#Wordpress, #Joomla, #Drupal, #Magento, #Opencart, and Etc).
Features :
[+] Wordpress :
1- Cherry-Plugin
2- download-manager Plugin
3- wysija-newsletters
4- Slider Revolution [#Revslider]
5- gravity-forms
etc.
[+] Joomla
1- Com_adsmanager
2- Com_alberghi
3- Com_CCkJseblod
4- Com_extplorer
5- Com_Fabric
etc.
[+] Drupal :
1- Drupal Add admin geddon1
2- Drupal #RCE geddon2
3- Drupal 8 RCE RESTful
4- Drupal #MailChimp
5- Drupal Php-curl-class
etc.
[+] Magento :
1- Shoplift
2- Magento Default user pass
[+] Oscommerce
1- OsCommerce Core 2.3 RCE Exploit
opencart
[+] OTHER :
1- Env Exploit
2- #SMTP CRACKER
3- CV
#Download #Link:-
https://github.com/tegal1337/NekoBotV1
PokemonTowerExploit:-- Enabling and automating an #exploit in #Pokémon Tower Battle.
This #script loads up the game in a #window and #injects some #javascript code to change the #CSS of the page which allows the game window to stretch. Stretching the game window introduces an exploit which can force both game participants to win. I have automated the exploit process by reading #pixel #data of the window and moving the mouse. The author found the exploit on 2020/01/10.
Controls
1. F5 = refresh the page, in case it doesn't load properly, or the game gets stuck
2. F6 = toggle automatic exploitation (uses mouse control, keep the focus on the window)
3. Ctrl + Q = Stop GUI
#Downlod #Link:-
https://github.com/manstie/PokemonTowerExploit
PokemonTowerExploit:-- Enabling and automating an #exploit in #Pokémon Tower Battle.
This #script loads up the game in a #window and #injects some #javascript code to change the #CSS of the page which allows the game window to stretch. Stretching the game window introduces an exploit which can force both game participants to win. I have automated the exploit process by reading #pixel #data of the window and moving the mouse. The author found the exploit on 2020/01/10.
Controls
1. F5 = refresh the page, in case it doesn't load properly, or the game gets stuck
2. F6 = toggle automatic exploitation (uses mouse control, keep the focus on the window)
3. Ctrl + Q = Stop GUI
#Downlod #Link:-
https://github.com/manstie/PokemonTowerExploit
This #script loads up the game in a #window and #injects some #javascript code to change the #CSS of the page which allows the game window to stretch. Stretching the game window introduces an exploit which can force both game participants to win. I have automated the exploit process by reading #pixel #data of the window and moving the mouse. The author found the exploit on 2020/01/10.
Controls
1. F5 = refresh the page, in case it doesn't load properly, or the game gets stuck
2. F6 = toggle automatic exploitation (uses mouse control, keep the focus on the window)
3. Ctrl + Q = Stop GUI
#Downlod #Link:-
https://github.com/manstie/PokemonTowerExploit
PokemonTowerExploit:-- Enabling and automating an #exploit in #Pokémon Tower Battle.
This #script loads up the game in a #window and #injects some #javascript code to change the #CSS of the page which allows the game window to stretch. Stretching the game window introduces an exploit which can force both game participants to win. I have automated the exploit process by reading #pixel #data of the window and moving the mouse. The author found the exploit on 2020/01/10.
Controls
1. F5 = refresh the page, in case it doesn't load properly, or the game gets stuck
2. F6 = toggle automatic exploitation (uses mouse control, keep the focus on the window)
3. Ctrl + Q = Stop GUI
#Downlod #Link:-
https://github.com/manstie/PokemonTowerExploit