Kr0ff's Repositories

My dotfiles from blackarch setup

⭐ 0 🌐 Public

Dump credentials and decrypt them for active directory (mssql)

⭐ 1 🌐 Public

:scream: A curated list of amazingly awesome OSINT

⭐ 0 🌐 Public

Bypass MDM Setup for MacOS, up to Sonoma 14.4.1 (23E224).

⭐ 1 🌐 Public

cobaltstrike4.4_cdf

cobaltstrike4.4\4.3版本破解、去除checksum8特征、bypass BeaconEye

⭐ 0 🌐 Public

Retrieve information about breached accounts from "Combination Of Many Breaches" database (from proxynova.com)

⭐ 3 🌐 Public

⭐ 0 🌐 Public

cobaltstrike手机客户端,cobaltstrike手机版,cs手机版，cobaltstrike android

⭐ 0 🌐 Public

Everything needed for doing CTFs

⭐ 0 🌐 Public

(Nhttpd) Nostromo 1.9.6 RCE due to Directory Traversal

⭐ 1 🌐 Public

Log4Shell Proof of Concept (CVE-2021-44228)

⭐ 4 🌐 Public

CVE-2023-20198-RCE

CVE-2023-20198-RCE, support adding/deleting users and executing cli commands/system commands.

⭐ 0 🌐 Public

⭐ 0 🌐 Public

Python exploit and checker script for CVE-2024-3400 Palo Alto Command Injection and Arbitrary File Creation

⭐ 0 🌐 Public

Deploy-ElasticEDR

Just a janky bash script with templated yaml files to deploy elasticEDR (elasticsearch + kibana) on a host for testing purposes

⭐ 0 🌐 Public

A djb2 string hashing program which can be used to get the hash value of the name of an NTDLL function. Can be used with Hell's Gate or any of the *Gate variants

⭐ 1 🌐 Public

DogWhispererHandbook

This is the "Dog Whisperer Handbook" made by @SadProcessor

⭐ 2 🌐 Public

⭐ 0 🌐 Public

Retrieve information about a given IP address from "iplocation.net"

⭐ 0 🌐 Public

HackTheBox-Writeups

HackTheBox.eu Writeups

⭐ 0 🌐 Public

Hellokitty-Ransomware-Sourcecode

Hellokitty Ransomware Sourcecode leaked

⭐ 1 🌐 Public

IIS-8-ASPwebshell-

⭐ 0 🌐 Public

⭐ 0 🌐 Public

Kentico-12-RCE-via-SyncServer

Kentico <=12.0.14 is vulnerable to a remote code execution via the SyncServer

⭐ 10 🌐 Public

⭐ 0 🌐 Public

kr0ff.github.io

⭐ 0 🌐 Public

⭐ 2 🌐 Public

Malware development

⭐ 2 🌐 Public

maldevacademy-challenges

My take on the maldevacademy challenges

⭐ 0 🌐 Public

Shellcode execution by loading a "vulnerable" third-party module containing RWX section.

⭐ 1 🌐 Public

A simple tool to grab quickly pentest tools or similar from GitHub/Gitlab.

⭐ 2 🌐 Public

OpenNetAdmin-18.1.1-Remote-Code-Execution

OpenNetAdmin 18.1.1 is vulnerable to Remote Code Execution

⭐ 0 🌐 Public

Shellcode loader written in C with various AV/EDR bypassing features

⭐ 3 🌐 Public

A PasteBin scrapper that doesnt rely on the PasteBin scrape API

⭐ 73 🌐 Public

⭐ 0 🌐 Public

A script to build either Blackarch, Kali linux or ParrotOS Docker container which has the ability to provide desktop environment access either via X2Go or VNC

⭐ 39 🌐 Public

Linux Sleep Obfuscation

⭐ 1 🌐 Public

PhreeBooksERP5.2.3-RCE

PhreeBooks ERP 5.2.3 Remote Code Execution due to authenticated unrestricted file upload

⭐ 4 🌐 Public

A python tool to search Shodan using the Shodan API

⭐ 1 🌐 Public

rConfig-3.9.4-Chained-RCE

rConfig 3.9.4 is vulnerable to SQL injection leading to a Remote Code Execution

⭐ 0 🌐 Public

A terraform based project to automatically create a cloud environment for red team or phishing engagements

⭐ 2 🌐 Public

⭐ 0 🌐 Public

SeoPanel-4.6.0-RCE

SeoPanel 4.6.0 is vulnerable to authenticated remote code execute

⭐ 2 🌐 Public

SharpNoteRestore

Identify and restore temporary and backup text files from Notepad++

⭐ 0 🌐 Public

SQL-Injection-Payloads

A list of payloads for SQL Injection testing

⭐ 3 🌐 Public

SyncBreeze-10.0.28-Remote-BoF

Sync Breeze Enterprise v10.0.28 is vulnerable to remote buffer overflow in the username field of HTTP POST requests

⭐ 0 🌐 Public

SystemFunction040

Using the SystemFunction040 API to encrypt shellcode in memory and decrypt

⭐ 3 🌐 Public

Using Thread Description To Hide Shellcode

⭐ 0 🌐 Public

Tiger is v3 initial access payload in C

⭐ 1 🌐 Public

Enable full screen for linux VMs in vmware with open-vm-tools

⭐ 13 🌐 Public

Various methods of executing shellcode

⭐ 73 🌐 Public

WorkItemLoadLibrary_CRC32B

This a method of using WorkItem API to queue them to load a module. This version was modified to support string hashing via CRC32B.

⭐ 2 🌐 Public