Unauthenticated Sqlinjection that leads to dump data base but this one impersonated Admin and drops a interactive shell

Last update: Nov 09, 2022

Overview

CVE-2021-32099 Pandora_v7.0NG.742

Unauthenticated Sqlinjection that leads to dump database but this one impersonated Admin and drops a interactive shell

Official Blog by the Author

Blog https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained

Usage :

usage: sqlpwn.py [-h] -t TARGET [-f FILENAME]

Exploiting Sqlinjection To impersonate Admin

optional arguments:
-h, --help            show this help message and exit
-t TARGET, --target TARGET
                      Host Ip for the Exploiting with target Port 
-f FILENAME, --filename FILENAME
                      Filename for Shell Upload with php extension

Owner

sam

Pentester | fsociety

GitHub Repository

Check for breached passwords with k-anonymity

passwnd Check for breached passwords with k-anonymity Usage To get prompted to enter the password securely, simply run: passwnd.py Alternatively, you

1 Feb 08, 2022

Cookiecutter for creating open source Python packages

Cookiecutter for rapidly developing new open source Python packages. Best practices with all the modern bells and whistles included.

177 Dec 22, 2022

TCP/UDP port scanner on python, usong scapy and multiprocessin

Port Scanner TCP/UDP port scanner on python, usong scapy and multiprocessing. Usage python3 scanner.py [OPTIONS] IP_ADDRESS [{tcp|udp}[/[PORT|PORT-POR

1 Dec 05, 2021

web指纹识别工具

前言一直苦于没有用的顺手的web指纹识别工具，学习前辈s7ckTeam的Glass和broken5的WebAliveScan优秀开源程序开发的轻量型web指纹工具。

966 Dec 26, 2022

Brainly-Scrambler - Brainly Scrambler With Python

Brainly-Scrambler Untuk admin brainly jangan lupa pasang captcha mu Note: Kamu

8 Feb 24, 2022

Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).

What is Spray365? Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD). How is Spray3

246 Dec 28, 2022

Official repository for Pyew.

pyew Pyew is a (command line) python tool to analyse malware. It does have support for hexadecimal viewing, disassembly (Intel 16, 32 and 64 bits), PE

362 Nov 28, 2022

An automated header extensive scanner for detecting log4j RCE CVE-2021-44228

log4j An automated header extensive scanner for detecting log4j RCE CVE-2021-44228 Usage $ python3 log4j.py -l urls.txt --dns-log REPLACE_THIS.dnslog.

2 Dec 16, 2021

2022-bridge - Example code belonging to the Bridge pattern video

Let's Take The Bridge Pattern To The Next Level This video covers how the bridge

11 Jun 14, 2022

JumpServer远程代码执行漏洞检测利用脚本

Jumpserver-EXP JumpServer远程代码执行漏洞检测利用脚本

181 Dec 20, 2022

Simple and easy framework for phishing 🎣

👋 It's in beta, I'm still building How to install Linux and Termux: Clone Rp: git clone https://github.com/J4c5/superfish.git Install the dependencie

4 Jan 27, 2022

MD5-CRACKER - A gmail brute force app created with python3

MD5-CRACKER So this is my first app i created with python3 . if you guys downloa

2 Nov 10, 2022

Webpack自动化信息收集

Webpack-信息收集工具郑重声明：文中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用，任何人不得将其用于非法用途以及盈利等目的，否则后果自行承担。 0x01 介绍作者：小洲团队：横戈安全团队，未来一段时间将陆续开源工具，欢迎关注微信公众号：定位：协助红队人员快速的信息收集，测绘目

214 Dec 19, 2022

Tool-X is a kali linux hacking Tool installer.

Tool-X is a kali linux hacking Tool installer. Tool-X developed for termux and other Linux based systems. using Tool-X you can install almost 370+ hacking tools in termux app and other linux based di

4.2k May 29, 2022

Yara Based Detection Engine for web browsers

Yobi Yara Based Detection for web browsers System Requirements Yobi requires python3 and and right now supports only firefox and other Gecko-based bro

44 Nov 20, 2022

Brute force attack tool for Azure AD Autologon/Seamless SSO

Brute force attack tool for Azure AD Autologon

89 Jan 02, 2023

Cryptick is a stock ticker for cryptocurrency tokens, and a physical NFT.

Cryptick is a stock ticker for cryptocurrency tokens, and a physical NFT. This repository includes tools and documentation for the Cryptick device.

1 Dec 31, 2021

Python library to remotely extract credentials on a set of hosts.

1.5k Dec 31, 2022

Python lib to automate basic QFT calculations like Wick-contractions.

QFTools Python lib to automate basic QFT calculations like Wick-contractions. Features Wick contractions for real scalar fields Wick contractions for

2 Aug 21, 2022

Unicode fuzzer for various purposes

UnicodeToy Unicode fuzzer for various purposes Unicode based on version 14.0 features Generate the shortest xss domain payload Generate unicode str, u

33 Nov 27, 2022