Skip to content

a-s-m-asadujjaman/exploitables

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
 
 
 
 
 
 

Repository files navigation

Exploitables

Ready to exploit environments for individual CVEs

CVE-2024-10924

The CVE requires two-factor authentication to be enabled which is disabled by default (even in this github repository). To enable:

  • Plugins > Really Simple Security > Settings > Settings > Login Protection > Enable Two-Factor Authentication
  • Then click the slide button to enable 2FA

Steps you need to reproduce:

  • Clone the repo and start the container using the command provided there
  • Navigate wordpress and enable 2FA
  • Obtain cookies using a script or Burp Suite
  • Set the cookies using Burp Suite or simply using chrome or firefox dev tools
  • go to wp-admin and it will let you in!

CVE-2025-29927

Detailed instruction to reproduce is given in the repo

CVE-2025-49113

After cloning the repo, use the commands in the Quick Installation (via Docker) section to start roundcube and then run the command given in the Run: section to test the exploit.

CVE-2023-38408

When someone from machine A is connected to machine B with agent forwarding enabled (i.e., ssh -A), an environment variable SSH_AUTH_SOCK which is blindly followed by SSH tools like ssh-add will be set to a fake socket that talks to the ssh-agent on machine A. Thus any ssh-add command on machine B will take effect on machine A. Now, ssh-add -s is meant to load PKCS#11` providers which come in the form of shared libraries. However, if a malicious user on machine B issues command to load a malicious library (instead of a legitimate PKCS#11 provider), the constructor of the library will execute anyway. This constructor may be leveraged to make the stack executable and eventually execute a shell code from there.

About

Ready to exploit environments for individual CVEs

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages