Skip to content

/ Exploits

Real world and CTFs exploiting web/binary POCs.

54 stars 24 forks
Star
Watch
master
1 branch 0 tags
Go to file
Code
Clone

Use Git or checkout with SVN using the web URL.

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
Challenges
 
 
Real World
 
 
README.md
 
 

README.md

Exploits

Real world and CTFs exploit POCs.

Real World

CVE Short description Exploit
CVE-2017-5343 Wordpress SQL Injection [POC]
CVE-2018-8880 Unauthenticated Lutron Quantum Bacnet v2 network info exfiltration POC
CVE-2018-11629 Default and unremovable credentials in Homeworks QS Lutron integration protocol. POC
CVE-2018-11653 Unauthenticated Netwave Camera information disclosure via network chipset data. POC
CVE-2018-11654 Unauthenticated Netwave Camera information disclosure. Check vulnerable hosts to CVE-2018-11653 POC
CVE-2018-11681 Default and unremovable credentials in Radio RA 2 Lutron integration protocol. POC
CVE-2018-11682 Default and unremovable credentials in Stanza Lutron integration protocol. POC
CVE-2018-12634 CirCarLife Scada < v4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. POC
CVE-2018-16668 CirCarLife Scada < v4.3 internal installation path disclosure. POC
CVE-2018-16669 Due to a clear-text stored credentials, an unprivileged user can gain access to other services with higher privileges exploiting a flaw on Open Charge Point Protocol web implementation. All versions prior to <1.5.0 are vulnerable. POC
CVE-2018-16670 CirCarLife Scada < v4.3 allows remote attackers to obtain the status of PLCs used at charge stations. POC
CVE-2018-16671 CirCarLife Scada < v4.3 allows remote attackers to obtain software and hardware versions. POC
CVE-2018-16672 CirCarLife Scada < v4.3 allows remote authenticated attackers to obtain critical details about the carge station including credentials for GPRS Router. POC
CVE-2018-7812 An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200. POC

Suites

Name Description POC
Cir-PWN-life Cir-PWN-life is proof of concept for exploiting multiple vulnerabilities affecting Circontrol products in an automated way. POC

Challenges

Type Description Link
ARM Protostar - Stack0 exploit
ARM Protostar - Stack1 exploit
HTB Hack the box - Frolic exploit

About

Real world and CTFs exploiting web/binary POCs.

Topics

exploit scada pwn scada-security scada-exploitation exploit-code pwned vulnerability

Resources

Readme

Releases

No releases published

Packages

No packages published

Languages

You can’t perform that action at this time.