hack tools

ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)

phpMyAdmin XSS

The great Microsoft exchange hack: A penetration tester’s guide (exchange penetration testing)

https://medium.com/@mansoorr/exploiting-cve-2020-25213-wp-file-manager-wordpress-plugin-6-9-3f79241f0cd8

【Lazy Artifact】A graphical tool that collects urls in batches, and performs various nday detections on the collected urls in batches. It can be used for src mining, cnvd mining, 0day exploitation, building your own arsenal and other scenarios.

It embeds the executable file or payload inside the zip/rar file. It can use two different methods. The first method embeds the executable or payload in the zip/rar file without any action. In this way, it can be triggered and run by documents in the compressed file or in the same folder. The second method encrypts the executable file or payloa…

Proof of Concept of CVE-2022-30190

The Common Vulnerabilities Exposures (CVE) Database

Advanced WinRAR Path Traversal Exploit Tool for CVE-2025-8088

Blocking smartscreen, security center, forensic processes and 3rd party security applications on Windows Operating Systems

Metabase Pre-auth RCE (CVE-2023-38646)!!

Bolster NEO API - Artificial intelligence based zero-hour phishing detection

Trophy list of zero-day vulnerabilities that I discovered

ProxyLogon (CVE-2021-26855+CVE-2021-27065) Exchange Server RCE (SSRF->GetWebShell)

AKQ_0D_PE is a lightweight and powerful Zero-day local privilege escalation exploit targeting a critical vulnerability in the Linux PipeFS subsystem.

Metabase Pre-auth RCE (CVE-2023-38646)

This repo documents a vulnerability in Siri Shortcuts and Shared Web Credentials (SWC) allowing malformed payloads to persistently execute, trigger retry storms, bypass TLS validation, and request unauthorized entitlements. Confirmed on iOS 18.6.2 with potential iCloud-based propagation.

Sharepoint ToolPane - PoC

CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065