Skip to content

1N3/Exploits

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

A collection of exploits developed by @xer0dayz @Sn1perSecurity https://sn1persecurity.com

  • Vulnserver.exe GMON SEH Overflow Exploit
  • FreeFloat FTP Server HOST Buffer Overflow (ASLR Bypass)
  • CoolPlayer+ Portable 2.19.6 Stack Overflow (ASLR Bypass)
  • HTTPoxy Exploit/PoC Scanner
  • Ability FTP 2.34 Buffer Overflow Exploit
  • Aruba AP-205 Buffer Overflow Denial of Service PoC
  • Brainpan1 CTF Buffer Overflow Exploit
  • CesarFTP 0.99g Buffer Overflow Exploit
  • Apache 2.2.x Range Header Denial of Service Exploit
  • GHOST Glibc Gethostbyname Buffer Overflow Exploit
  • PHP Serialization Injection Remote Code Execution Exploit
  • CrikeyConCTF Koala Gallery Exploit
  • Webmin 1.920 Unauthenticated RCE Metasploit Exploit

Bug Bounty Profiles

Public Exploits

Blogs

Social Media

Websites

Public Exploits/PoC's/CVE's/Bug Bounties/CTF's

2018:

2017:

  • Recieved Offensive Security Certified Expert (OSCE) cerfication 12/2017
  • Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WEMO HomeKit Bridge ($3,000 bounty) 9/2017
  • Stored Cross-Site Scripting (XSS) vulnerability in WEMO HomeKit Bridge ($500 bounty) 9/2017
  • Systemic Stored XSS vulnerability in WEMO HomeKit Android Application ($1,500 bounty) 9/2017
  • Systemic Local File Inclusion in DEMO HomeKit Android Application ($3,000 bounty) 9/2017
  • Placed 7th in ToorConCTF CTF 8/2017
  • Stored XSS in ModSecurity App for Splunk (Full Disclosure) 8/2017
  • Directory Traversal in PSPDFKit/Atlassian Jira Cloud Android application Bug Bounty 7/2017
  • Recieved Android Security For Penetration Testers (ASFP) certification from SecurityTube 5/2017
  • Gave talk at ISSA/OWASP Phoenix to 90+ attendees titled "Man In The Browser Advanced Client Side Exploitation" (https://www.slideshare.net/1N3/man-in-the-browser-advanced-client-side-exploitation-using-beef) 4/2017
  • PSV-2017-0227: Cross-Site Tracing Vulnerability in NETGEAR Arlo CVE 2/2017
  • Directory traversal + multiple CSRF + multiple stored and reflected XSS in NETGEAR M4300-8X8F switches ($3,000+ bounty) 3/2017
  • Recieved Department of Defense HackerOne Challenge coin for the Hack The Army Bug Bounty Program 2/2017
  • Listed on the BugCrowd 2016 MVP list 1/2017

2016:

2015:

  • Made the top 10 researcher list on BugCrowd 11/2015
  • Wordpress XMLRPC System Multicall Brute Force Exploit (0day) Exploit/PoC 10/2015
  • Aruba AP-205 Remote Command Injection Vulnerability ($750 bounty) (https://www.youtube.com/watch?v=TZqDkN1NQf4) 10/2015
  • Apache Range Header Denial of Service Exploit (CVE-2011-3192) Exploit/PoC 8/2015
  • Listed on AT&T's Bug Bounty Hall of Fame Bug Bounty (https://bugbounty.att.com/hof.php) 8/2015
  • Won the InfoSec Institute Practical Web CTF #2 Challenge (https://resources.infosecinstitute.com/ctf-2-practical-web-hacking-winners/#gref) 8/2015
  • HP Photosmart 7520 Printers Stored Cross Site Scripting (0day) Exploit/CVE 7/2015
  • Supermicro IPMI/BMC Cleartext Password Scanner Exploit/PoC 3/2015
  • WebFOCUS 533 Server XSS & Directory Traversal Vulnerabilities (0day) Exploit/CVE 2/2015
  • Imgur Server Side Request Forgery (SSRF) ($1600 bounty) (https://hackerone.com/reports/91816) 1/2015
  • CVE-2015-0235 GHOST glibc gethostbyname buffer overflow Exploit (https://www.exploit-db.com/exploits/35951) 1/2015
  • Hak5 Wifi PinnappleV Remote Code Execution Exploit/CVE 1/2015
  • Hak5 Wifi PinnappleV SSLSplit Cross Site Scripting Exploit/CVE 1/2015

2014: