Skip to content
/ OffensiveScripts Public

My collection of scripts, developed during CTFs, for exploiting vulnerabilities, chaining exploits, or automating tasks.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

byt3loss/OffensiveScripts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
CVE_Exploits
CVE_Exploits
 
 
Python_Werkzeug
Python_Werkzeug
 
 
SSRF/SSRF_Scout
SSRF/SSRF_Scout
 
 
.gitmodules
.gitmodules
 
 
README.md
README.md
 
 

Repository files navigation

Offensive Scripts

A collection of scripts written by me or modified versions of others' scripts, categorized by target or attack technique.

Index

CVE Exploits

CVE-2023-45878

Chains and automates Arbitrary File Write to RCE on Gibbon LMS through CVE-2023-45878 exploitation.

The script performs the following steps:

  1. Generates an msfvenom stageless reverse shell for Windows
  2. Uploads a webshell exploiting CVE-2023-45878
  3. Downloads the reverse shell on the target
  4. Executes the reverse shell

Usage: CVE-2023-45878.sh <lhost> <lport> <rhost[:rport]>.

Python Werkzeug

LFI_to_RCE

Exploits an LFI endpoint to read system files and generate the Werkzeug PIN.

SQLi_to_RCE

Exploits SQLi to read system files and generate Werkzeug PIN (from TryHackMe Advent Of Cyber 2023 Side Quest 4)

SSRF

SSRF_Scout

Tool to enumerate subdomains exposed locally thru a POST parameter vulnerable to SSRF. The script uses RawHTTPy, a python package written by me to parse raw HTTP requests.

About

My collection of scripts, developed during CTFs, for exploiting vulnerabilities, chaining exploits, or automating tasks.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages