Pinned Repositories
PingCastle-Notify
Monitor your PingCastle scans to highlight the rule diff between two scans
BackupOperatorToDA
From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller
ByP-SOP
🏴☠️ Bypass Same Origin Policy with DNS-rebinding to retrieve local server files 🏴☠️
CVE-2019-0192
RCE on Apache Solr using deserialization of untrusted data via jmx.serviceUrl
CVE-2019-5418
CVE-2019-5418 - File Content Disclosure on Ruby on Rails
Padding-oracle-attack
:unlock: Padding oracle attack against PKCS7 :unlock:
poodle-PoC
:poodle: Poodle (Padding Oracle On Downgraded Legacy Encryption) attack CVE-2014-3566 :poodle:
Rails-doubletap-RCE
RCE on Rails 5.2.2 using a path traversal (CVE-2019-5418) and a deserialization of Ruby objects (CVE-2019-5420)
Spring-Boot-Actuator-Exploit
Spring Boot Actuator (jolokia) XXE/RCE
NetExec
The Network Execution Tool
mpgn's Repositories
mpgn/CVE-2019-0192
RCE on Apache Solr using deserialization of untrusted data via jmx.serviceUrl
mpgn/ByP-SOP
🏴☠️ Bypass Same Origin Policy with DNS-rebinding to retrieve local server files 🏴☠️
mpgn/CVE-2019-7238
🐱💻 Poc of CVE-2019-7238 - Nexus Repository Manager 3 Remote Code Execution 🐱💻
mpgn/BEAST-PoC
:muscle: Proof Of Concept of the BEAST attack against SSL/TLS CVE-2011-3389 :muscle:
mpgn/CVE-2019-9580
CVE-2019-9580 - StackStorm: exploiting CORS misconfiguration (null origin) to gain RCE
mpgn/CVE-2019-3799
CVE-2019-3799 - Spring Cloud Config Server: Directory Traversal < 2.1.2, 2.0.4, 1.4.6
mpgn/CRIME-poc
:hocho: CRIME attack PoC : a compression oracle attacks CVE-2012-4929 :hocho:
mpgn/CVE-2018-19276
CVE-2018-19276 - OpenMRS Insecure Object Deserialization RCE
mpgn/DllInjectExec
:syringe: Dll injection for executable file :syringe:
mpgn/Slanger-RCE
RCE in Slanger using deserialization of Ruby objects
mpgn/CVE-2019-9978
CVE-2019-9978 - RCE on a Wordpress plugin: Social Warfare < 3.5.3
mpgn/CVE-2018-11686
CVE-2018-11686 - FlexPaper PHP Publish Service RCE <= 2.3.6
mpgn/ShareP0wn
ShareP0wn
mpgn/copper-jekyll-theme
Copper Jekyll theme - simple and useful
mpgn/DllInjectService
:syringe: Dll ready to be injected into a service :syringe:
mpgn/YTC-ID
:pushpin: Get the YouTube channel ID ! :pushpin:
mpgn/AChat-Reverse-TCP-Exploit
Tested on AChat 0.150 Beta 7 Windows 7/8/10 x86/x64
mpgn/Invoke-MetasploitPayload
Powershell script to download and kick off Metasploit payloads. Relies on the exploit/multi/scripts/web_delivery metasploit module.
mpgn/Ipsum
Small app for YouTube Network. Get a free submit form for YouTube Channel who want join your network. With AngularJS
mpgn/Pyrox
For Youtube Network with YouTube API V3 Public
mpgn/swindle
Swindle is a project for YouTube Network
mpgn/actuator-testbed
A vulnerable application exposing Spring Boot Actuators
mpgn/discourse-ldap-auth
:cop: Discourse plugin to enable LDAP/Active Directory authentication :cop:
mpgn/mnk-game-test
Automatic test of the mnk-game
mpgn/SerialBrute
Java serialization brute force attack tool.
mpgn/tid-jekyll-theme
TID is a simple and minimalist jekyll theme with tag