Skip to content
/ Exploits Public

Real world and CTFs exploiting web/binary POCs.

79 stars 30 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SadFud/Exploits

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

55 Commits
Challenges
Challenges
 
 
Real World
Real World
 
 
README.md
README.md
 
 

Repository files navigation

Exploits

Real world and CTFs exploit POCs.

Real World

CVE Short description Exploit
CVE-2017-5343 Wordpress SQL Injection [POC]
CVE-2018-8880 Unauthenticated Lutron Quantum Bacnet v2 network info exfiltration POC
CVE-2018-11629 Default and unremovable credentials in Homeworks QS Lutron integration protocol. POC
CVE-2018-11653 Unauthenticated Netwave Camera information disclosure via network chipset data. POC
CVE-2018-11654 Unauthenticated Netwave Camera information disclosure. Check vulnerable hosts to CVE-2018-11653 POC
CVE-2018-11681 Default and unremovable credentials in Radio RA 2 Lutron integration protocol. POC
CVE-2018-11682 Default and unremovable credentials in Stanza Lutron integration protocol. POC
CVE-2018-12634 CirCarLife Scada < v4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. POC
CVE-2018-16668 CirCarLife Scada < v4.3 internal installation path disclosure. POC
CVE-2018-16669 Due to a clear-text stored credentials, an unprivileged user can gain access to other services with higher privileges exploiting a flaw on Open Charge Point Protocol web implementation. All versions prior to <1.5.0 are vulnerable. POC
CVE-2018-16670 CirCarLife Scada < v4.3 allows remote attackers to obtain the status of PLCs used at charge stations. POC
CVE-2018-16671 CirCarLife Scada < v4.3 allows remote attackers to obtain software and hardware versions. POC
CVE-2018-16672 CirCarLife Scada < v4.3 allows remote authenticated attackers to obtain critical details about the carge station including credentials for GPRS Router. POC
CVE-2018-7812 An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200. POC

Suites

Name Description POC
Cir-PWN-life Cir-PWN-life is proof of concept for exploiting multiple vulnerabilities affecting Circontrol products in an automated way. POC

Challenges

Type Description Link
ARM Protostar - Stack0 exploit
ARM Protostar - Stack1 exploit
HTB Hack the box - Frolic exploit

About

Real world and CTFs exploiting web/binary POCs.

Topics

exploit vulnerability pwn scada pwned exploit-code scada-security scada-exploitation

Resources

Readme
Activity

Stars

79 stars

Watchers

5 watching

Forks

30 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages