3Years - TotoroLMva 浪迹在上海的信息安全大学狗 我信仰的是信仰

11月 01

Redis未授权漏洞测试工具

1、安装Redis
2、编辑/etc/redis.conf

vim /etc/redis.conf

2.1、去掉ip绑定,允许除本地外的主机远程登录redis服务
去掉ip绑定,允许除本地外的主机远程登录redis服务:

2.2、关闭保护模式,允许远程连接redis服务:
关闭保护模式,允许远程连接redis服务:

redis-cli -h XXX.XXX.XXX.XXX 
05月 28

Google语法搜索漏洞

1目录遍历漏洞

语法为: site:jiebao8.top intitle:index.of

2 配置文件泄露

语法为: site:jiebao8.top ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini

3数据库文件泄露

site:jiebao8.top ext:sql | ext:dbf | ext:mdb

4日志文件泄露

site:jiebao8.top ext:log

5备份和历史文件

site:jiebao8.top ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup

6 SQL错误

site:jiebao8.top intext:”sql syntax near” | intext:”syntax error has occurred” | intext:”incorrect syntax near” | intext:”unexpected end of SQL command” | intext:”Warning: mysql_connect()” | intext:”Warning: mysql_query()” | intext:”Warning: pg_connect()”

7 公开文件信息

site:jiebao8.top ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv

8 phpinfo() site:jiebao8.top ext:php intitle:phpinfo “published by the PHP Group”

05月 24

漏洞练习平台总结

原文地址:https://www.cnblogs.com/hotboy/p/6396387.html

漏洞及渗透练习平台:

 WebGoat漏洞练习环境

https://github.com/WebGoat/WebGoat

https://github.com/WebGoat/WebGoat-Legacy

 

Damn Vulnerable Web Application(漏洞练习平台)

https://github.com/RandomStorm/DVWA

 

数据库注入练习平台  

https://github.com/Audi-1/sqli-labs

 

用node编写的漏洞练习平台,like OWASP Node Goat

https://github.com/cr0hn/vulnerable-node

 

花式扫描器 :

端口扫描器Nmap

https://github.com/nmap/nmap

 

本地网络扫描器

https://github.com/SkyLined/LocalNetworkScanner

 

子域名扫描器

https://github.com/lijiejie/subDomainsBrute

 

漏洞路由扫描器

https://github.com/jh00nbr/Routerhunter-2.0

 

 

迷你批量信息泄漏扫描脚本

https://github.com/lijiejie/BBScan

 

Waf类型检测工具

https://github.com/EnableSecurity/wafw00f

 

信息搜集工具 :

社工插件,可查找以email、phone、username的注册的所有网站账号信息

https://github.com/n0tr00t/Sreg

 

Github信息搜集,可实时扫描查询git最新上传有关邮箱账号密码信息

https://github.com/sea-god/gitscan

 

github Repo信息搜集工具

https://github.com/metac0rtex/GitHarvester

 

WEB:

webshell大合集

https://github.com/tennc/webshell

 

渗透以及web攻击脚本

https://github.com/brianwrf/hackUtils

 

web渗透小工具大合集

https://github.com/rootphantomer/hack_tools_for_me

 

XSS数据接收平台

https://github.com/firesunCN/BlueLotus_XSSReceiver

 

XSS与CSRF工具

https://github.com/evilcos/xssor

 

Short for command injection exploiter,web向命令注入检测工具

https://github.com/stasinopoulos/commix

 

数据库注入工具

https://github.com/sqlmapproject/sqlmap

 

Web代理,通过加载sqlmap api进行sqli实时检测

https://github.com/zt2/sqli-hunter

 

新版中国菜刀

https://github.com/Chora10/Cknife

 

.git泄露利用EXP

https://github.com/lijiejie/GitHack

 

浏览器攻击框架

https://github.com/beefproject/beef

 

自动化绕过WAF脚本

https://github.com/khalilbijjou/WAFNinja

 

http命令行客户端,可以从命令行构造发送各种http请求(类似于Curl)

https://github.com/jkbrzt/httpie

 

浏览器调试利器

https://github.com/firebug/firebug

 

一款开源WAF

https://github.com/SpiderLabs/ModSecurity

 

windows域渗透工具:

windows渗透神器

https://github.com/gentilkiwi/mimikatz

 

Powershell渗透库合集

https://github.com/PowerShellMafia/PowerSploit

 

Powershell tools合集

https://github.com/clymb3r/PowerShell

 

Fuzz:
Web向Fuzz工具

https://github.com/xmendez/wfuzz

 

HTTP暴力破解,撞库攻击脚本

https://github.com/lijiejie/htpwdScan

 

漏洞利用及攻击框架:

msf

https://github.com/rapid7/metasploit-framework

 

Poc调用框架,可加载Pocsuite,Tangscan,Beebeeto等

https://github.com/erevus-cn/pocscan

 

Pocsuite

https://github.com/knownsec/Pocsuite

 

Beebeeto

https://github.com/n0tr00t/Beebeeto-framework

 

漏洞POC&EXP:

ExploitDB官方git版本

https://github.com/offensive-security/exploit-database

 

php漏洞代码分析

https://github.com/80vul/phpcodz

 

Simple test for CVE-2016-2107

https://github.com/FiloSottile/CVE-2016-2107

 

CVE-2015-7547 POC

https://github.com/fjserna/CVE-2015-7547

 

JAVA反序列化POC生成工具

https://github.com/frohoff/ysoserial

 

JAVA反序列化EXP

https://github.com/foxglovesec/JavaUnserializeExploits

 

Jenkins CommonCollections EXP

https://github.com/CaledoniaProject/jenkins-cli-exploit

 

CVE-2015-2426 EXP (windows内核提权)

https://github.com/vlad902/hacking-team-windows-kernel-lpe

 

use docker to show web attack(php本地文件包含结合phpinfo getshell 以及ssrf结合curl的利用演示)

https://github.com/hxer/vulnapp

 

php7缓存覆写漏洞Demo及相关工具

https://github.com/GoSecure/php7-opcache-override

 

XcodeGhost木马样本

https://github.com/XcodeGhostSource/XcodeGhost

 

中间人攻击及钓鱼
中间人攻击框架

https://github.com/secretsquirrel/the-backdoor-factory

https://github.com/secretsquirrel/BDFProxy

https://github.com/byt3bl33d3r/MITMf

 

Inject code, jam wifi, and spy on wifi users

https://github.com/DanMcInerney/LANs.py

 

可扩展的中间人代理工具

https://github.com/intrepidusgroup/mallory

 

wifi钓鱼

https://github.com/sophron/wifiphisher

 

密码破解:

密码破解工具

https://github.com/shinnok/johnny

 

本地存储的各类密码提取利器

https://github.com/AlessandroZ/LaZagne

 

二进制及代码分析工具:

二进制分析工具

https://github.com/devttys0/binwalk

 

系统扫描器,用于寻找程序和库然后收集他们的依赖关系,链接等信息

https://github.com/quarkslab/binmap

 

rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O (doesn't support the FAT binaries) x86/x64 binaries.

https://github.com/0vercl0k/rp

 

Windows Exploit Development工具

https://github.com/lillypad/badger

 

二进制静态分析工具(python)

https://github.com/bdcht/amoco

 

Python Exploit Development Assistance for GDB

https://github.com/longld/peda

 

对BillGates Linux Botnet系木马活动的监控工具

https://github.com/ValdikSS/billgates-botnet-tracker

 

木马配置参数提取工具

https://github.com/kevthehermit/RATDecoders

 

Shellphish编写的二进制分析工具(CTF向)

https://github.com/angr/angr

 

针对python的静态代码分析工具

https://github.com/yinwang0/pysonar2

 

一个自动化的脚本(shell)分析工具,用来给出警告和建议

https://github.com/koalaman/shellcheck

 

基于AST变换的简易Javascript反混淆辅助工具

https://github.com/ChiChou/etacsufbo

 

EXP编写框架及工具:

二进制EXP编写工具

https://github.com/t00sh/rop-tool

 

CTF Pwn 类题目脚本编写框架

https://github.com/Gallopsled/pwntools

 

an easy-to-use io library for pwning development

https://github.com/zTrix/zio

 

跨平台注入工具( Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.)

https://github.com/frida/frida

 

隐写:

隐写检测工具

https://github.com/abeluck/stegdetect

 

各类安全资料:

域渗透教程

https://github.com/l3m0n/pentest_study

 

python security教程(原文链接http://www.primalsecurity.net/tutorials/python-tutorials/)

https://github.com/smartFlash/pySecurity

 

data_hacking合集

https://github.com/ClickSecurity/data_hacking

 

mobile-security-wiki

https://github.com/exploitprotocol/mobile-security-wiki

 

书籍《reverse-engineering-for-beginners》

https://github.com/veficos/reverse-engineering-for-beginners

 

一些信息安全标准及设备配置

https://github.com/luyg24/IT_security

 

APT相关笔记

https://github.com/kbandla/APTnotes

 

Kcon资料

https://github.com/knownsec/KCon

 

ctf及黑客资源合集

https://github.com/bt3gl/My-Gray-Hacker-Resources

 

ctf和安全工具大合集

https://github.com/zardus/ctf-tools

 

《DO NOT FUCK WITH A HACKER》

https://github.com/citypw/DNFWAH

 

各类CTF资源
近年ctf writeup大全

https://github.com/ctfs/write-ups-2016

https://github.com/ctfs/write-ups-2015

https://github.com/ctfs/write-ups-2014

 

fbctf竞赛平台Demo

https://github.com/facebook/fbctf

 

ctf Resources

https://github.com/ctfs/resources

 

各类编程资源:

大礼包(什么都有)

https://github.com/bayandin/awesome-awesomeness

 

bash-handbook

https://github.com/denysdovhan/bash-handbook

 

python资源大全

https://github.com/jobbole/awesome-python-cn

 

git学习资料

https://github.com/xirong/my-git

 

安卓开源代码解析

https://github.com/android-cn/android-open-project-analysis

 

python框架,库,资源大合集

https://github.com/vinta/awesome-python

 

JS 正则表达式库(用于简化构造复杂的JS正则表达式)

https://github.com/VerbalExpressions/JSVerbalExpressions

 

Python:
python 正则表达式库(用于简化构造复杂的python正则表达式)

https://github.com/VerbalExpressions/PythonVerbalExpressions

 

python任务管理以及命令执行库

https://github.com/pyinvoke/invoke

 

python exe打包库

https://github.com/pyinstaller/pyinstaller

 

py3 爬虫框架

https://github.com/orf/cyborg

 

一个提供底层接口数据包编程和网络协议支持的python库

https://github.com/CoreSecurity/impacket

 

python requests 库

https://github.com/kennethreitz/requests

 

python 实用工具合集

https://github.com/mahmoud/boltons

 

python爬虫系统

https://github.com/binux/pyspider

 

ctf向 python工具包

https://github.com/P1kachu/v0lt

 

科学上网:

科学上网工具

https://github.com/XX-net/XX-Net

 

福利:

微信自动抢红包动态库

https://github.com/east520/AutoGetRedEnv

 

微信抢红包插件(安卓版)

https://github.com/geeeeeeeeek/WeChatLuckyMoney

 

神器

https://github.com/yangyangwithgnu/hardseed
05月 17

大牛总结的Linux提权Exp合集

项目下载地址:https://github.com/SecWiki/linux-kernel-exploits




#CVE  #Description  #Kernels
 
CVE-2017-1000367  [Sudo]
(Sudo 1.8.6p7 - 1.8.20)
 
CVE-2017-7494  [Samba Remote execution]
(Samba 3.5.0-4.6.4/4.5.10/4.4.14)
 
CVE-2016-5195  [Dirty cow]
(Linux kernel>2.6.22 (released in 2007))
 
CVE-2016-0728  [pp_key]
(3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.8.7, 3.8.8, 3.8.9, 3.9, 3.10, 3.11, 3.12, 3.13, 3.4.0, 3.5.0, 3.6.0, 3.7.0, 3.8.0, 3.8.5, 3.8.6, 3.8.9, 3.9.0, 3.9.6, 3.10.0, 3.10.6, 3.11.0, 3.12.0, 3.13.0, 3.13.1)
 
CVE-2015-7547  [glibc getaddrinfo]
(before Glibc 2.9)
 
CVE-2015-1328  [overlayfs]
(3.13, 3.16.0, 3.19.0)
 
CVE-2014-5284  [OSSEC]
(2.8)
 
CVE-2014-4699  [ptrace]
(before 3.15.4)
 
CVE-2014-4014  [Local Privilege Escalation]
(before 3.14.8)
 
CVE-2014-3153  [futex]
(3.3.5 ,3.3.4 ,3.3.2 ,3.2.13 ,3.2.9 ,3.2.1 ,3.1.8 ,3.0.5 ,3.0.4 ,3.0.2 ,3.0.1 ,2.6.39 ,2.6.38 ,2.6.37 ,2.6.35 ,2.6.34 ,2.6.33 ,2.6.32 ,2.6.9 ,2.6.8 ,2.6.7 ,2.6.6 ,2.6.5 ,2.6.4 ,3.2.2 ,3.0.18 ,3.0 ,2.6.8.1)
 
CVE-2014-0196  [rawmodePTY]
(2.6.31, 2.6.32, 2.6.33, 2.6.34, 2.6.35, 2.6.36, 2.6.37, 2.6.38, 2.6.39, 3.14, 3.15)
 
CVE-2014-0038  [timeoutpwn]
(3.4, 3.5, 3.6, 3.7, 3.8, 3.8.9, 3.9, 3.10, 3.11, 3.12, 3.13, 3.4.0, 3.5.0, 3.6.0, 3.7.0, 3.8.0, 3.8.5, 3.8.6, 3.8.9, 3.9.0, 3.9.6, 3.10.0, 3.10.6, 3.11.0, 3.12.0, 3.13.0, 3.13.1)
 
CVE-2013-2094  [perf_swevent]
(3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.1.0, 3.2, 3.3, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.4.6, 3.4.8, 3.4.9, 3.5, 3.6, 3.7, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.8.7, 3.8.8, 3.8.9)
 
CVE-2013-0268  [msr]
(2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34, 2.6.35, 2.6.36, 2.6.37, 2.6.38, 2.6.39, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.1.0, 3.2, 3.3, 3.4, 3.5, 3.6, 3.7.0, 3.7.6)
 
CVE-2012-3524  [libdbus]
(libdbus 1.5.x and earlier)
 
CVE-2012-0056  [memodipper]
(2.6.39, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.1.0)
 
CVE-2010-4347  [american-sign-language]
(   2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34, 2.6.35, 2.6.36)
 
CVE-2010-4258  [full-nelson]
(2.6.31, 2.6.32, 2.6.35, 2.6.37)
 
CVE-2010-4073  [half_nelson]
(2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34, 2.6.35, 2.6.36)
 
CVE-2010-3904  [rds]
(2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34, 2.6.35, 2.6.36)
 
CVE-2010-3437  [pktcdvd]
(2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34, 2.6.35, 2.6.36)
 
CVE-2010-3301  [ptrace_kmod2]
(2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34)
 
CVE-2010-3081  [video4linux]
(2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33)
 
CVE-2010-2959  [can_bcm]
(2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34, 2.6.35, 2.6.36)
 
CVE-2010-1146  [reiserfs]
(2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34)
 
CVE-2010-0415  [do_pages_move]
(2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31)
 
CVE-2009-3547  [pipe.c_32bit]
(2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.4.14, 2.4.15, 2.4.16, 2.4.17, 2.4.18, 2.4.19, 2.4.20, 2.4.21, 2.4.22, 2.4.23, 2.4.24, 2.4.25, 2.4.26, 2.4.27, 2.4.28, 2.4.29, 2.4.30, 2.4.31, 2.4.32, 2.4.33, 2.4.34, 2.4.35, 2.4.36, 2.4.37, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31)
 
CVE-2009-2698  [udp_sendmsg_32bit]
(2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19)
 
CVE-2009-2692  [sock_sendpage]
(2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.4.14, 2.4.15, 2.4.16, 2.4.17, 2.4.18, 2.4.19, 2.4.20, 2.4.21, 2.4.22, 2.4.23, 2.4.24, 2.4.25, 2.4.26, 2.4.27, 2.4.28, 2.4.29, 2.4.30, 2.4.31, 2.4.32, 2.4.33, 2.4.34, 2.4.35, 2.4.36, 2.4.37, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30)
 
CVE-2009-2692  [sock_sendpage2]
(2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.4.14, 2.4.15, 2.4.16, 2.4.17, 2.4.18, 2.4.19, 2.4.20, 2.4.21, 2.4.22, 2.4.23, 2.4.24, 2.4.25, 2.4.26, 2.4.27, 2.4.28, 2.4.29, 2.4.30, 2.4.31, 2.4.32, 2.4.33, 2.4.34, 2.4.35, 2.4.36, 2.4.37, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30)
 
CVE-2009-1337  [exit_notify]
(2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29)
 
CVE-2009-1185  [udev]
(2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29)
 
CVE-2008-4210  [ftrex]
(2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22)
 
CVE-2008-0600  [vmsplice2]
(2.6.23, 2.6.24)
 
CVE-2008-0600  [vmsplice1]
(2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.24.1)
 
CVE-2006-3626  [h00lyshit]
(2.6.8, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16)
 
CVE-2006-2451  [raptor_prctl]
(2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17)
 
CVE-2005-0736  [krad3]
(2.6.5, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11)
 
CVE-2004-1235  [elflbl]
(2.4.29)
 
CVE-N/A  [caps_to_root]
(2.6.34, 2.6.35, 2.6.36)
 
CVE-2004-0077  [mremap_pte]
(2.4.20, 2.2.24, 2.4.25, 2.4.26, 2.4.27)
05月 09

大牛总结的Window提权Exp合集

项目下载地址;https://github.com/SecWiki/windows-kernel-exploits
漏洞列表
 
#Security Bulletin   #KB     #Description    #Operating System
 
CVE-2017-0213  [Windows COM Elevation of Privilege Vulnerability]  (windows 10/8.1/7/2016/2010/2008)
MS17-010  [KB4013389]  [Windows Kernel Mode Drivers]  (windows 7/2008/2003/XP)
MS16-135  [KB3199135]  [Windows Kernel Mode Drivers]  (2016)
MS16-098  [KB3178466]  [Kernel Driver]  (Win 8.1)
MS16-075  [KB3164038]  [Hot Potato]  (2003/2008/7/8/2012)
MS16-032  [KB3143141]  [Secondary Logon Handle]  (2008/7/8/10/2012)
MS16-016  [KB3136041]  [WebDAV]  (2008/Vista/7)
MS15-097  [KB3089656]  [remote code execution]  (win8.1/2012)
MS15-076  [KB3067505]  [RPC]  (2003/2008/7/8/2012)
MS15-077  [KB3077657]  [ATM]  (XP/Vista/Win7/Win8/2000/2003/2008/2012)
MS15-061  [KB3057839]  [Kernel Driver]  (2003/2008/7/8/2012)
MS15-051  [KB3057191]  [Windows Kernel Mode Drivers]  (2003/2008/7/8/2012)
MS15-010  [KB3036220]  [Kernel Driver]  (2003/2008/7/8)
MS15-015  [KB3031432]  [Kernel Driver]  (Win7/8/8.1/2012/RT/2012 R2/2008 R2)
MS15-001  [KB3023266]  [Kernel Driver]  (2008/2012/7/8)
MS14-070  [KB2989935]  [Kernel Driver]  (2003)
MS14-068  [KB3011780]  [Domain Privilege Escalation]  (2003/2008/2012/7/8)
MS14-058  [KB3000061]  [Win32k.sys]  (2003/2008/2012/7/8)
MS14-040  [KB2975684]  [AFD Driver]  (2003/2008/2012/7/8)
MS14-002  [KB2914368]  [NDProxy]  (2003/XP)
MS13-053  [KB2850851]  [win32k.sys]  (XP/Vista/2003/2008/win 7)
MS13-046  [KB2840221]  [dxgkrnl.sys]  (Vista/2003/2008/2012/7)
MS13-005  [KB2778930]  [Kernel Mode Driver]  (2003/2008/2012/win7/8)
MS12-042  [KB2972621]  [Service Bus]  (2008/2012/win7)
MS12-020  [KB2671387]  [RDP]  (2003/2008/7/XP)
MS11-080  [KB2592799]  [AFD.sys]  (2003/XP)
MS11-062  [KB2566454]  [NDISTAPI]  (2003/XP)
MS11-046  [KB2503665]  [AFD.sys]  (2003/2008/7/XP)
MS11-011  [KB2393802]  [kernel Driver]  (2003/2008/7/XP/Vista)
MS10-092  [KB2305420]  [Task Scheduler]  (2008/7)
MS10-065  [KB2267960]  [FastCGI]  (IIS 5.1, 6.0, 7.0, and 7.5)
MS10-059  [KB982799]   [ACL-Churraskito]  (2008/7/Vista)
MS10-048  [KB2160329]  [win32k.sys]  (XP SP2 & SP3/2003 SP2/Vista SP1 & SP2/2008 Gold & SP2 & R2/Win7)
MS10-015  [KB977165]   [KiTrap0D]  (2003/2008/7/XP)
MS09-050  [KB975517]   [Remote Code Execution]  (2008/Vista)
MS09-020  [KB970483]   [IIS 6.0]  (IIS 5.1 and 6.0)
MS09-012  [KB959454]   [Chimichurri]  (Vista/win7/2008/Vista)
MS08-068  [KB957097]   [Remote Code Execution]  (2000/XP)
MS08-067  [KB958644]   [Remote Code Execution]  (Windows 2000/XP/Server 2003/Vista/Server 2008)
MS08-025  [KB941693]   [Win32.sys]  (XP/2003/2008/Vista)
MS06-040  [KB921883]   [Remote Code Execution]  (2003/xp/2000)
MS05-039  [KB899588]   [PnP Service]  (Win 9X/ME/NT/2000/XP/2003)
MS03-026  [KB823980]   [Buffer Overrun In RPC Interface]  (/NT/2000/XP/2003)