Pinned Repositories
Apache-Struts-Shodan-Exploit
This tool takes advantage of CVE-2018-11776 and Shodan to perform mass exploitation of verified and vulnerable Apache Struts servers.
APT38-DYEPACK
Reverse engineered APT38 DYEPACK samples used to empty SWIFT banking servers. Use caution when handling live binaries.
BroadPWN
This Exploit allows arbitrary memory writes and reads. Running the specified payload within this package will write to the device's main CPU kernel, causing it to crash. More information about its origins here: http://boosterok.com/blog/broadpwn2/
Chrome-Sandbox-Exploit
[Patched] Sandbox escape Chrome exploit. Allows the execution of local binaries, read/write functions and exfiltration of Chrome OAuth tokens to remote server. More info: https://bugs.chromium.org/p/chromium/issues/detail?id=386988
Crash-iOS-Exploit
Repository dedicated to storing a multitude of iOS/macOS/OSX/watchOS crash bugs. Some samples need to be viewed as raw in order to see the Unicode. Please do not intentionally abuse these exploits.
Crashcast-Exploit
This tool allows you mass play any YouTube video, terminate apps and rename Chromecast device(s) obtained from Shodan.io
Memcrashed-DDoS-Exploit
DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API
Memfixed-Mitigation-Tool
DDoS mitigation tool for sending flush or shutdown commands to vulnerable Memcached servers obtained using Shodan API
Netscraped-Exploit
Framework for obtaining all the credentials stored in vulnerable Netwave IP cameras. Can be used to break into IP cameras, use for research only.
Onity-Lock-Bypass
Upload this sketch to any Arduino and break into millions of Onity hotel locks worldwide. DC (coaxial) barrel connector required. For more info visit: http://demoseen.com/bhpaper.html
649's Repositories
649/Memfixed-Mitigation-Tool
DDoS mitigation tool for sending flush or shutdown commands to vulnerable Memcached servers obtained using Shodan API
649/BroadPWN
This Exploit allows arbitrary memory writes and reads. Running the specified payload within this package will write to the device's main CPU kernel, causing it to crash. More information about its origins here: http://boosterok.com/blog/broadpwn2/
649/Chrome-Sandbox-Exploit
[Patched] Sandbox escape Chrome exploit. Allows the execution of local binaries, read/write functions and exfiltration of Chrome OAuth tokens to remote server. More info: https://bugs.chromium.org/p/chromium/issues/detail?id=386988
649/Onity-Lock-Bypass
Upload this sketch to any Arduino and break into millions of Onity hotel locks worldwide. DC (coaxial) barrel connector required. For more info visit: http://demoseen.com/bhpaper.html
649/TOR-0day
JavaScript exploit : Firefox version 41 - 50 are affected. Easy fix by disabling JavaScript (use NoScript for better leverage). Victim must visit website using correct version of Tor in order to be potentially deanonymized.
649/FuzzBunch
The ORIGINAL decrypted copies of the Shadow Broker's Lost In Translation release. Contains FuzzBunch, DanderSpritz, and all the other NSA [Equation Group] toolkits. Please use them only for researching purposes.
649/EquationDrug
The ORIGINAL decrypted copies of the Shadow Broker's equation_drug release. Contains Equation group's espionage DLL implants library. Use for research purposes only.
649/EQGRP-Warez
The ORIGINAL decrypted copies of the Shadow Broker's Don't Forget Your Base release. Contains Equation group's collection of tools primarily for compromising Linux/Unix based environments. Use for research purposes only. (ref: eqgrp-auction-file.tar.xz)
649/EQGRP-TrickOrTreat
The ORIGINAL decrypted copies of the Shadow Broker's Trick Or Treat release. Contains a list of servers, supposedly compromised by Equation Group as well as references to seven supposedly undisclosed tools (DEWDROP, INCISION, JACKLADDER, ORANGUTAN, PATCHICILLIN, RETICULUM, SIDETRACK AND STOCSURGEON) also used by the threat actor.
649/Invisible-Login-Forms
Stealing user credentials by injecting invisible login forms that the native browser autofills data to. More info: https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/
649/Pybomb
Python 3 script that compiles into a >32TB .pyc-file. Execute to deplete RAM, or compile for full 32TB file output: "python -m py_compile ./Pybomb.py"
649/CVE-2017-5415
Addressbar spoofing through blob URL (Firefox browser). An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by blob: as the protocol, leading to user confusion and further spoofing attacks.
649/Telnet-Chatroom
Turn your Arduino (UNO) into a telnet chatroom server! Good for sharing links between multiple computers, or just chatting.
649/Basic-Keylogger
Windows based keylogger (written in C++). Collects all keystrokes and places them in a file "LOG.txt" in the same directory as its binaries.
649/Leonardo-HID-Payload-v1.0
Human Interface Device Payload that allows your Arduino Leonardo board to execute commands by emulating a keyboard and accessing a terminal with elevated privileges on Windows based machines.
649/Leonardo-HID-Payload-v2.2
Less code, faster execution, clean UAC bypass, clears execution history, and more button and LED functions added. (HID Payload for Arduino, see previous version)
649/Linked-List
A linked list is a linear data structure where each element is a separate object. Each element (we will call it a node) of a list is comprising of two items - the data and a reference to the next node. The last node has a reference to null. The entry point into a linked list is called the head of the list.
649/Binary-Search
Binary search is a search algorithm that finds the position of a target value within a sorted array.
649/Retro-SNAKE-Game
The old retro snake game ported over to the Arduino. Tested with Arduino Uno + LCD Shield. (requires LCDKeypad library)