0xsha

## Solarwinds_Orion_LFD.py
# CVE-2020-10148  (local file disclosure PoC for SolarWinds Orion aka door to SuperNova ? )
# @0xSha
# (C) 2020 0xSha.io

# Advisory : https://www.solarwinds.com/securityadvisory
# Mitigation : https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip
# Details : https://kb.cert.org/vuls/id/843464

# C:\inetpub\SolarWinds\bin\OrionWeb.DLL
# According to SolarWinds.Orion.Web.HttpModules

## CVE-2020-8515.go
package main


/*
CVE-2020-8515: DrayTek pre-auth remote root RCE

Mon Mar 30 2020 -  0xsha.io


Affected:

## CVE-2019-16278_mass.py
# CVE-2019-16278 nhttpd (nostromo) < 1.9.7 pre-auth RCE
# Based on https://git.sp0re.sh/sp0re/Nhttpd-exploits
# Write-up : https://www.sudokaikan.com/2019/10/cve-2019-16278-unauthenticated-remote.html
# Copyright (C) 2020 0xsha.io <me@0xsha.io>

"""

python3 cve_2019_16278.py

[~] Trying ... 62.138.23.XXX 53

## async-1.py
# 0xsha.io
# 11/2019

import aiohttp
import asyncio
import time


urls = ["https://0xsha.io","https://twitter.com", "https://google.com", "https://yahoo.com", "https://facebook.com", "https://msn.com",
        "https://bing.com", "https://golang.org", "https://twitter.com", "https://netflix.com",

## dirbuster-asyncio.py
# dirbuster Asyncio example
# © 0xSha.io
# 11/2019

import asyncio

from aiohttp import ClientSession

import time

## tesla-stub-decrypt.cs
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;


// Tesla Decrypt
// © 0xSha.io
	# CVE-2020-10148 (local file disclosure PoC for SolarWinds Orion aka door to SuperNova ? )
	# @0xSha
	# (C) 2020 0xSha.io

	# Advisory : https://www.solarwinds.com/securityadvisory
	# Mitigation : https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip
	# Details : https://kb.cert.org/vuls/id/843464

	# C:\inetpub\SolarWinds\bin\OrionWeb.DLL
	# According to SolarWinds.Orion.Web.HttpModules
	package main


	/*
	CVE-2020-8515: DrayTek pre-auth remote root RCE

	Mon Mar 30 2020 - 0xsha.io


	Affected:
	# CVE-2019-16278 nhttpd (nostromo) < 1.9.7 pre-auth RCE
	# Based on https://git.sp0re.sh/sp0re/Nhttpd-exploits
	# Write-up : https://www.sudokaikan.com/2019/10/cve-2019-16278-unauthenticated-remote.html
	# Copyright (C) 2020 0xsha.io <me@0xsha.io>

	"""

	python3 cve_2019_16278.py

	[~] Trying ... 62.138.23.XXX 53
	# 0xsha.io
	# 11/2019

	import aiohttp
	import asyncio
	import time


	urls = ["https://0xsha.io","https://twitter.com", "https://google.com", "https://yahoo.com", "https://facebook.com", "https://msn.com",
	"https://bing.com", "https://golang.org", "https://twitter.com", "https://netflix.com",
	# dirbuster Asyncio example
	# © 0xSha.io
	# 11/2019

	import asyncio

	from aiohttp import ClientSession

	import time
	using System;
	using System.Collections.Generic;
	using System.IO;
	using System.Linq;
	using System.Security.Cryptography;
	using System.Text;


	// Tesla Decrypt
	// © 0xSha.io