the-Dakta
kjiwa
/ apache-james-exploit.py
Last active
December 8, 2022 08:50
An exploit for Apache James 2.3.2 that executes remote commands. https://crimsonglow.ca/~kjiwa/2016/06/exploiting-apache-james-2.3.2.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """An exploit for Apache James 2.3.2 that executes remote commands. | |
| This script creates a new user and enqueues a payload to be executed the next | |
| time a user logs in to the machine. The vulnerability is documented in | |
| CVE-2015-7611. | |
| For more details, see http://www.securityfocus.com/bid/76933 and | |
| https://www.exploit-db.com/exploits/35513/. | |
| """ |
eelsivart
/ heartbleed.py
Last active
June 7, 2024 02:16
— forked from sh1n0b1/ssltest.py
Heartbleed (CVE-2014-0160) Test & Exploit Python Script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Modified by Travis Lee | |
| # Last Updated: 4/21/14 | |
| # Version 1.16 | |
| # | |
| # -changed output to display text only instead of hexdump and made it easier to read | |
| # -added option to specify number of times to connect to server (to get more data) | |
| # -added option to send STARTTLS command for use with SMTP/POP/IMAP/FTP/etc... | |
| # -added option to specify an input file of multiple hosts, line delimited, with or without a port specified (host:port) |