Pinned Repositories
checkAVProc
Check if there is any anti-software process in current operating environment
CVE-2021-31166
PoC for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely. Although it was defined as remote command execution, it can only cause the system to crash.
DesertFox
Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang
html-Absorber
一款可批量提取url或本地html文件中注释、属性及标签内容的工具
iscsicpl_bypassUAC
UAC bypass for x64 Windows 7 - 11(无弹窗版)
Pentest_MindMap
个人翻译/总结渗透测试思维导图
Three-EyedRaven
内网探测工具(Internal network detection tool that not contain any exploit code)
Tools
多啦A梦的百宝箱:gift:
weakenDefenderPriv
Without closing windows defender, to make defender useless by removing its token privileges and lowering the token integrity.
Windows-ReverseShell
Simple reverse shell to avoid Windows defender and kaspersky detection
zha0gongz1's Repositories
zha0gongz1/iscsicpl_bypassUAC
UAC bypass for x64 Windows 7 - 11(无弹窗版)
zha0gongz1/DesertFox
Implement load Cobalt Strike & Metasploit&Sliver shellcode with golang
zha0gongz1/Three-EyedRaven
内网探测工具(Internal network detection tool that not contain any exploit code)
zha0gongz1/weakenDefenderPriv
Without closing windows defender, to make defender useless by removing its token privileges and lowering the token integrity.
zha0gongz1/Pentest_MindMap
个人翻译/总结渗透测试思维导图
zha0gongz1/Windows-ReverseShell
Simple reverse shell to avoid Windows defender and kaspersky detection
zha0gongz1/CVE-2021-31166
PoC for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely. Although it was defined as remote command execution, it can only cause the system to crash.
zha0gongz1/html-Absorber
一款可批量提取url或本地html文件中注释、属性及标签内容的工具
zha0gongz1/Tools
多啦A梦的百宝箱:gift:
zha0gongz1/checkAVProc
Check if there is any anti-software process in current operating environment
zha0gongz1/Fortinet-FortiWeb-OS-Command-Injection
An OS command injection vulnerability in FortiWeb's management interface (version 6.3.11 and prior) can allow a remote, authenticated attacker to execute arbitrary commands on the system, via the SAML server configuration page.
zha0gongz1/WebSourceCodeVerificationScan
The tool is used to match and scan the website directory when the source code is known
zha0gongz1/icons
Under Windows NT, icon files
zha0gongz1/cf
Cloud Exploitation Framework 云环境利用框架,方便安全人员在获得 AK 的后续工作
zha0gongz1/CodeWork
Code written in the course of work
zha0gongz1/metasploit-framework
Metasploit Framework
zha0gongz1/CallbackHell
PoC (DoS) for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)
zha0gongz1/Conferences
Conference slides
zha0gongz1/CVE-2021-37980
PoC CVE-2021-37980 : Inappropriate implementation in Sandbox (windows only)
zha0gongz1/ExtractedDefender
zha0gongz1/log4shell
Operational information regarding the vulnerability in the Log4j logging library.
zha0gongz1/thc-tips-tricks-hacks-cheat-sheet
Various tips & tricks
zha0gongz1/zha0gongz1