utkutugrul/Exploit-Exercises

Python

Exploit Exercises

Disclaimer: This is for research purposes only.

Advanced Web Attack

HTML Injection and XSS
LFI To RCE

Shellcode Encoding

[Slink] (https://github.com/ihack4falafel/Slink)

[Code caver miner] (https://github.com/Antonin-Deniau/cave_miner)

[Subencoder] (https://github.com/jamesduv9/subencode)

[BetaEncoder] (https://github.com/puniaze/BettaEncoder)

Backdooring PE

[Backdoor PE - New Section Header] (https://capt-meelo.github.io/exploitdev/osceprep/2018/07/16/backdoor101-part1.html) [Backdoor PE - Code Cave] (https://capt-meelo.github.io//exploitdev/osceprep/2018/07/21/backdoor101-part2.html) [Automated Code Cave Finder] (https://github.com/jamesduv9/backdoorHelper)

AV Bypass

[PeCloak - Av Bypass] (https://www.securitysift.com/pecloak-py-an-experiment-in-av-evasion/)

[RotN - Shellcode Encoder] (https://www.abatchy.com/2017/05/rot-n-shellcode-encoder-linux-x86)

[Muts - Encoder ] (https://github.com/sagishahar/scripts/blob/master/muts_encoder.py)

[SubRosa] (https://github.com/ihack4falafel/SubRosa)

ASLR Bypass

non-ASLR enabled libraries
Partial EIP overwrite
Single Byte Overwrite
Address Space Brute Force

Fuzzing

Egghunting

SEH Bypass