Skip to content

Real world and CTFs exploiting web/binary POCs.

Notifications You must be signed in to change notification settings

SadFud/Exploits

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

55 Commits
 
 
 
 
 
 

Repository files navigation

Exploits

Real world and CTFs exploit POCs.

Real World

CVE Short description Exploit
CVE-2017-5343 Wordpress SQL Injection [POC]
CVE-2018-8880 Unauthenticated Lutron Quantum Bacnet v2 network info exfiltration POC
CVE-2018-11629 Default and unremovable credentials in Homeworks QS Lutron integration protocol. POC
CVE-2018-11653 Unauthenticated Netwave Camera information disclosure via network chipset data. POC
CVE-2018-11654 Unauthenticated Netwave Camera information disclosure. Check vulnerable hosts to CVE-2018-11653 POC
CVE-2018-11681 Default and unremovable credentials in Radio RA 2 Lutron integration protocol. POC
CVE-2018-11682 Default and unremovable credentials in Stanza Lutron integration protocol. POC
CVE-2018-12634 CirCarLife Scada < v4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. POC
CVE-2018-16668 CirCarLife Scada < v4.3 internal installation path disclosure. POC
CVE-2018-16669 Due to a clear-text stored credentials, an unprivileged user can gain access to other services with higher privileges exploiting a flaw on Open Charge Point Protocol web implementation. All versions prior to <1.5.0 are vulnerable. POC
CVE-2018-16670 CirCarLife Scada < v4.3 allows remote attackers to obtain the status of PLCs used at charge stations. POC
CVE-2018-16671 CirCarLife Scada < v4.3 allows remote attackers to obtain software and hardware versions. POC
CVE-2018-16672 CirCarLife Scada < v4.3 allows remote authenticated attackers to obtain critical details about the carge station including credentials for GPRS Router. POC
CVE-2018-7812 An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200. POC

Suites

Name Description POC
Cir-PWN-life Cir-PWN-life is proof of concept for exploiting multiple vulnerabilities affecting Circontrol products in an automated way. POC

Challenges

Type Description Link
ARM Protostar - Stack0 exploit
ARM Protostar - Stack1 exploit
HTB Hack the box - Frolic exploit