Docu for encrypt and decrypt a large file with AES and RSA
//generates a private Key with 8196 Bit.
openssl genrsa -out private.pem 8196
license: mit |
# | |
# | |
# ms12-020 "chinese shit" PoC v2 (wireshark version) | |
# | |
# tested on winsp3 spanish, reported to work on Win7, win 2008 | |
# | |
# original source: http://115.com/file/be27pff7 | |
# | |
# |
#!/usr/bin/env python3 | |
# CVE-2019-6340 Drupal <= 8.6.9 REST services RCE PoC | |
# 2019 @leonjza | |
# Technical details for this exploit is available at: | |
# https://www.drupal.org/sa-core-2019-003 | |
# https://www.ambionics.io/blog/drupal8-rce | |
# https://twitter.com/jcran/status/1099206271901798400 |
#!/usr/bin/env python | |
""" | |
MS12-020/CVE-2012-0002 Vulnerability Tester | |
based on sleepya's version @ http://pastebin.com/Ks2PhKb4 | |
""" | |
import socket | |
import struct | |
import sys |
$ cd to_my_dir
source is everything in my_dir
show progress for large files |
| dir to exclude | dir on remote computer to sync up
| | | |
$ rsync -avz -P ssh --exclude Downloads . too@128.95.155.147:/media/two/LaCie/My\\ Documents
| | |
var JSZip = require('jszip'), | |
Q = require('q'); | |
var downloadFile = function(url) { | |
var defer = Q.defer(); | |
var xhr = new XMLHttpRequest(); | |
xhr.open('GET', url, true); | |
xhr.responseType = 'arraybuffer'; | |
xhr.onreadystatechange = function() { | |
if (xhr.readyState === 4) { |
// HTTP forward proxy server that can also proxy HTTPS requests | |
// using the CONNECT method | |
// requires https://github.com/nodejitsu/node-http-proxy | |
var httpProxy = require('http-proxy'), | |
url = require('url'), | |
net = require('net'), | |
http = require('http'); |
Windows Registry Editor Version 5.00 | |
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskdl.exe] | |
"Debugger"="taskkill /F /IM " | |
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskse.exe] | |
"Debugger"="taskkill /F /IM " | |
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wannacry.exe] | |
"Debugger"="taskkill /F /IM " |
Having a functionality of file upload or other function that is parsing input xml-type data that will later flow through the XMLDecoder component of Java Beans, one could try to play around it's known deserialization issue. In order to test that issue there should be specially crafted XML-payload used that would invoke arbitrary Java interfaces and methods with supplied parameters.
When one would like to start a bind shell on the target machine, he could use the payload like the following one:
Runtime.getRuntime().exec(new java.lang.String[]{"/usr/bin/nc", "-l", "-p", "4444", "-e", "/bin/bash"});