Skip to content

Instantly share code, notes, and snippets.

View 1N3's full-sized avatar

xer0dayz 1N3

3.3k followers · 37 following
View GitHub Profile
@1N3
1N3 / reverse-engineering-wordpress-0day-exploit.txt
Last active September 26, 2020 19:46
Reverse Engineering a Critical Wordpress 0day Exploit
REVERSE ENGINEERING CRITICAL WORDPRESS 0day EXPLOIT
This past weekend, I noticed an interesting alert from my mod_security logs for a request being made to my Wordpress site. Although the request was un-successful, I decided to dig deeper to understand what this was request was actually trying to do. After time, I've concluded that this is possibly a new 0day exploit attempt against Wordpress or a related Wordpress plugin (iThemes Security??). I'm still trying to uncover the exact flaw being exploited here so if anyone has any further details, feel free to contact me at 1N3@hushmail.com or twitter @CrowdShield.
ORIGINAL MOD-SECURITY REUQUEST
==> /var/log/apache2/error.log <==
[Sat Aug 15 19:00:10 2015] [error] [client 46.148.18.226] ModSecurity: Warning.
@1N3
1N3 / Enumer8-v20150705
Created July 6, 2015 00:32
Enumer8 by 1N3 v20150705
#!/bin/bash
# Enumer8 by 1N3 v20150705
# http://crowdshield.com
#
TARGET="$1"
LHOST="192.168.1.132"
LOOT_DIR="/pentest/loot"
FINDSPLOIT_DIR="/pentest/findsploit"
KEY_PATH="/pentest/linux/ssh/dsa/1024"
@1N3
1N3 / gist:de48ab54edd831cb12fb
Created July 2, 2015 09:31
Open Redirect Fuzz List
http://google.com
//google.com
\\google.com
\/google.com
\/\/google.com
/\google.com
/\/\google.com
|/google.com
/%09/google.com
/google.com