Skip to content

Instantly share code, notes, and snippets.

@0xsha
0xsha / Prisma_exp.sol
Created March 29, 2024 14:21
PrismaFi Incident PoC
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.19;
import {Test, console2} from "forge-std/Test.sol";
// @KeyInfo - Total Lost: ~$11M
// Attacker: 0x7e39e3b3ff7adef2613d5cc49558eab74b9a4202
// Attack Contract: 0xd996073019c74b2fb94ead236e32032405bc027c
// Vulnerable Contract: 0xcc7218100da61441905e0c327749972e3cbee9ee
// Attack Tx: https://etherscan.io/tx/0x00c503b595946bccaea3d58025b5f9b3726177bbdc9674e634244135282116c7
@0xsha
0xsha / rescue.ts
Created August 23, 2022 08:34
Paradigm CTF 2022 - rescue
// paradigm CTF 2022 - rescue
// @0xSha
import { loadFixture, time } from "@nomicfoundation/hardhat-network-helpers";
import { expect } from "chai";
import { ethers } from "hardhat";
describe("Deploy with 10 ETH", function () {
async function deploySetup() {
// Contracts are deployed using the first signer/account by default
@0xsha
0xsha / CVE-2021-44142.py
Last active October 3, 2023 13:34
CVE-2021-44142 PoC Samba 4.15.0 OOB Read/Write
# CVE-2021-44142 PoC Samba 4.15.0 OOB Read/Write
# (C) 2022 - 0xSha.io - @0xSha
# This PoC is un-weaponized and for educational purposes only .
# To learn how to use the PoC please read the writeup :
# https://0xsha.io/blog/a-samba-horror-story-cve-2021-44142
# requires samba4-python
# Refrences :
# https://www.thezdi.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin
# Patch : https://attachments.samba.org/attachment.cgi?id=17092
@0xsha
0xsha / Solarwinds_Orion_LFD.py
Last active September 24, 2024 05:28
Solarwinds_Orion_LFD local file disclosure PoC for SolarWinds Orion aka door to SuperNova?)
# CVE-2020-10148 (local file disclosure PoC for SolarWinds Orion aka door to SuperNova ? )
# @0xSha
# (C) 2020 0xSha.io
# Advisory : https://www.solarwinds.com/securityadvisory
# Mitigation : https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip
# Details : https://kb.cert.org/vuls/id/843464
# C:\inetpub\SolarWinds\bin\OrionWeb.DLL
# According to SolarWinds.Orion.Web.HttpModules
@0xsha
0xsha / CVE-2020-8515.go
Last active March 30, 2024 20:52
CVE-2020-8515: DrayTek pre-auth remote root RCE
package main
/*
CVE-2020-8515: DrayTek pre-auth remote root RCE
Mon Mar 30 2020 - 0xsha.io
Affected:
@0xsha
0xsha / CVE-2019-16278_mass.py
Created January 4, 2020 10:33
CVE-2019-16278 nhttpd (nostromo) < 1.9.7 pre-auth RCE
# CVE-2019-16278 nhttpd (nostromo) < 1.9.7 pre-auth RCE
# Based on https://git.sp0re.sh/sp0re/Nhttpd-exploits
# Write-up : https://www.sudokaikan.com/2019/10/cve-2019-16278-unauthenticated-remote.html
# Copyright (C) 2020 0xsha.io <me@0xsha.io>
"""
python3 cve_2019_16278.py
[~] Trying ... 62.138.23.XXX 53
# 0xsha.io
# 11/2019
import aiohttp
import asyncio
import time
urls = ["https://0xsha.io","https://twitter.com", "https://google.com", "https://yahoo.com", "https://facebook.com", "https://msn.com",
"https://bing.com", "https://golang.org", "https://twitter.com", "https://netflix.com",
# dirbuster Asyncio example
# © 0xSha.io
# 11/2019
import asyncio
from aiohttp import ClientSession
import time
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
// Tesla Decrypt
// © 0xSha.io