├── Documents ├── Acrobat │ ├── CVE-2013-2729_#PoC#.zip │ ├── CVE-2018-4990_#PoC#.zip │ └── README.md ├── Office+Flash │ ├── CVE-2018-15982_#PoC#.zip │ ├── CVE-2018-4878_#PoC#.zip │ └── README.md └── Office │ ├── CVE-2017-11882_#PoC#.zip │ └── README.md ├── LICENSE ├── README.md └── Web ├── Flash ├── CVE-2015-5112_#PoC#.zip ├── CVE-2018-15982_#PoC#.zip ├── CVE-2018-4878_#PoC#.zip └── README.md ├── Javascript ├── CVE-2015-2419_#PoC#.zip └── README.md └── VBScript ├── CVE-2018-8174_#PoC#.zip ├── CVE-2019-0752_#PoC#.zip └── README.md /Documents/Acrobat/CVE-2013-2729_#PoC#.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smgorelik/Windows-RCE-exploits/98a7eeccfc070b74c617a33a716cfea6f90f70c8/Documents/Acrobat/CVE-2013-2729_#PoC#.zip -------------------------------------------------------------------------------- /Documents/Acrobat/CVE-2018-4990_#PoC#.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smgorelik/Windows-RCE-exploits/98a7eeccfc070b74c617a33a716cfea6f90f70c8/Documents/Acrobat/CVE-2018-4990_#PoC#.zip -------------------------------------------------------------------------------- /Documents/Acrobat/README.md: -------------------------------------------------------------------------------- 1 | # CVE-2013-2729 2 | 3 | Pop up a message box - tested on Acrobat 11.0.0.1 and below 4 | 5 | # CVE-2018-4990 6 | 7 | Pop up a message box - works on Acrobat Reader DC (17.00920044, 18.01120038) -------------------------------------------------------------------------------- /Documents/Office+Flash/CVE-2018-15982_#PoC#.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smgorelik/Windows-RCE-exploits/98a7eeccfc070b74c617a33a716cfea6f90f70c8/Documents/Office+Flash/CVE-2018-15982_#PoC#.zip -------------------------------------------------------------------------------- /Documents/Office+Flash/CVE-2018-4878_#PoC#.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smgorelik/Windows-RCE-exploits/98a7eeccfc070b74c617a33a716cfea6f90f70c8/Documents/Office+Flash/CVE-2018-4878_#PoC#.zip -------------------------------------------------------------------------------- /Documents/Office+Flash/README.md: -------------------------------------------------------------------------------- 1 | # CVE-2018-15982 2 | 3 | Pop up a calculator - tested with installation of flash activeX plugin 31.0.0.153 4 | 5 | # CVE-2018-4878 (flash exploit) 6 | 7 | Pop up a calculator - tested with installation of flash activeX plugin 28.0.0.137 8 | 9 | 10 | -------------------------------------------------------------------------------- /Documents/Office/CVE-2017-11882_#PoC#.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smgorelik/Windows-RCE-exploits/98a7eeccfc070b74c617a33a716cfea6f90f70c8/Documents/Office/CVE-2017-11882_#PoC#.zip -------------------------------------------------------------------------------- /Documents/Office/README.md: -------------------------------------------------------------------------------- 1 | # CVE-2017-11882 2 | 3 | Pop up a calculator - tested on non updated office 2013 and number of others. 4 | 5 | Exploits the equation editor 3. which was removed in one of the latest updates. 6 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 smgorelik 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ### My other github repo for vendor testing against fileless attacks - https://github.com/smgorelik/VendorSimTestScripts 2 | 3 | # Windows-RCE-exploits 4 | 5 | The exploit samples database is a repository for **RCE** (remote code execution) exploits and Proof-of-Concepts for **WINDOWS**, the samples are uploaded for education purposes for red and blue teams. 6 | 7 | Proof of Concepts are alwayes idetified by **#PoC#** in the name of the relevant exploit folder, and those samples will alwayes pop out a calculator or a message box and therefore will be easily identified by many AV's (which prevent the calculator shellcode). 8 | 9 | The respository is separated to categories and it's sub-categories based on the different attack vectors(e.g. Web attack vector contain known subcategories which are flash, silverlight or javascript). 10 | 11 | Each sub-category includes a list of folders that represent the different CVE's (vulerabilities). 12 | 13 | ### Please remember that some of the samples are live and dangerous! They come encrypted and locked for a reason! Do NOT run them unless you are absolutely sure of what you are doing! They are to be used only for educational purposes (and we mean that!) !!! 14 | 15 | All the samples are zipped with the password: infected 16 | -------------------------------------------------------------------------------- /Web/Flash/CVE-2015-5112_#PoC#.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smgorelik/Windows-RCE-exploits/98a7eeccfc070b74c617a33a716cfea6f90f70c8/Web/Flash/CVE-2015-5112_#PoC#.zip -------------------------------------------------------------------------------- /Web/Flash/CVE-2018-15982_#PoC#.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smgorelik/Windows-RCE-exploits/98a7eeccfc070b74c617a33a716cfea6f90f70c8/Web/Flash/CVE-2018-15982_#PoC#.zip -------------------------------------------------------------------------------- /Web/Flash/CVE-2018-4878_#PoC#.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smgorelik/Windows-RCE-exploits/98a7eeccfc070b74c617a33a716cfea6f90f70c8/Web/Flash/CVE-2018-4878_#PoC#.zip -------------------------------------------------------------------------------- /Web/Flash/README.md: -------------------------------------------------------------------------------- 1 | # Flash exploits 2 | 3 | All the exploits are swf files that can be opened by internet explorer browser 4 | 5 | ## CVE-2018-15982 6 | 7 | Pop up a calculator - requires Flash ActiveX 31.0.0.153 8 | 9 | ## CVE-2018-4878 10 | 11 | Pop up a calculator - Requires Flash ActiveX 28.0.0.137 12 | 13 | ## CVE-2015-5112 14 | 15 | Pop up a calculator - Requires Flash ActiveX 18.0.0.194 16 | 17 | 18 | 19 | 20 | -------------------------------------------------------------------------------- /Web/Javascript/CVE-2015-2419_#PoC#.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smgorelik/Windows-RCE-exploits/98a7eeccfc070b74c617a33a716cfea6f90f70c8/Web/Javascript/CVE-2015-2419_#PoC#.zip -------------------------------------------------------------------------------- /Web/Javascript/README.md: -------------------------------------------------------------------------------- 1 | # CVE-2015-2419 (javascript exploit) 2 | 3 | Pop up a calculator - tested on non updated Internet Explorer 11 4 | 5 | 6 | -------------------------------------------------------------------------------- /Web/VBScript/CVE-2018-8174_#PoC#.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smgorelik/Windows-RCE-exploits/98a7eeccfc070b74c617a33a716cfea6f90f70c8/Web/VBScript/CVE-2018-8174_#PoC#.zip -------------------------------------------------------------------------------- /Web/VBScript/CVE-2019-0752_#PoC#.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/smgorelik/Windows-RCE-exploits/98a7eeccfc070b74c617a33a716cfea6f90f70c8/Web/VBScript/CVE-2019-0752_#PoC#.zip -------------------------------------------------------------------------------- /Web/VBScript/README.md: -------------------------------------------------------------------------------- 1 | # CVE-2018-8174 (vbscript exploit) 2 | 3 | Pop up a calculator - tested on non updated Internet Explorer 11 Windows 7 64/32 4 | 5 | # CVE-2019-0752 (vbscript exploit) 6 | 7 | Pop up a calculator - tested on non updated Internet Explorer 11 Windows 7-10 (a bit slow on win10) 8 | --------------------------------------------------------------------------------