nu11secur1ty nu11secur1ty

## xss_clean.php
<?php
/*
 * XSS filter, recursively handles HTML tags & UTF encoding
 * Optionally handles base64 encoding
 *
 * ***DEPRECATION RECOMMENDED*** Not updated or maintained since 2011
 * A MAINTAINED & BETTER ALTERNATIVE => kses
 * https://github.com/RichardVasquez/kses/
 *
 * This was built from numerous sources

## AGO_PullHostedFeatures.py
import os, urllib, urllib2, datetime, arcpy, json


## ============================================================================== ##
## function to update a field - basically converts longs to dates for date fields ##
## since json has dates as a long (milliseconds since unix epoch) and geodb wants ##
## a proper date, not a long.
## ============================================================================== ##
def updateValue(row,field_to_update,value):
    outputfield=next((f for f in fields if f.name ==field_to_update),None)  #find the output field

## get_oauth2_token.py
'''
    This script will attempt to open your webbrowser,
    perform OAuth 2 authentication and print your access token.

    It depends on two libraries: oauth2client and gflags.

    To install dependencies from PyPI:

    $ pip install python-gflags oauth2client

## Mikrotik RouterOS sshd (ROSSSH) - Remote Unauthenticated Heap Corruption
During an audit the Mikrotik RouterOS sshd (ROSSSH) has been identified to have a remote previous to authentication heap corruption in its sshd component.

Exploitation of this vulnerability will allow full access to the router device.

This analysis describes the bug and includes a way to get developer access to recent versions of Mikrotik RouterOS
using the /etc/devel-login file. This is done by forging a modified NPK file using a correct signature and logging
into the device with username ‘devel’ and the password of the administrator. This will drop into a busybox shell for
further researching the sshd vulnerability using gdb and strace tools that have been compiled for the Mikrotik busybox
platform.

## Kernels.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                nu11secur1ty
                / Kernels.md
            
            
              Created
              December 18, 2016 21:30
            
          
    Ядра
В компютърния свят, ядрото е фундаментална част от операционната система. То е част от софтуера, отговорен за предоставянето на сигурен достъп на програмите до хардуера на машината. Тъй като има много програми и достъпът до хардуера е ограничен, ядрото е също отговорно за решаването кога и колко дълго една програма ще бъде допусната да използва част от хардуера. Осигуряването на директен достъп до хардуера може също така да бъде много сложно, затова ядрата обикновено имплементират серия от хардуерни абстракции. Тези абстракции са начин, чрез който се скрива сложността, и се доставя ясен и непроменлив интерфейс към подлежащия хардуер, което улеснява живота на програмистта.
Има четири вида ядра:
Монолитните ядра осигуряват богата и мощна абстракция от хардуера
Микро ядрата осигуряват малка серия от прости хардуерни абстракции и използват програми наречени драйвери, за да се сдобият с повече функционалност

Хибридните ядра са почти като микро ядрата, с изключение на това, че имат повече код в

  
## Kernel and Types of kernels.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                nu11secur1ty
                / Kernel and Types of kernels.md
            
            
              Last active
              December 16, 2016 12:58
            
          
    1. What Is Kernel?

A kernel is a central component of an operating system. It acts as an interface between the user applications and the hardware.
The sole aim of the kernel is to manage the communication between the software (user level applications) and the hardware (CPU, disk memory etc). The main tasks of the kernel are :
Process management
Device management
Memory management
Interrupt handling

I/O communication

  
## Print of certain line in the file on Linux
Using perl:
$ perl -ne 'print if $.>=3 and $.<=5;' /etc/passwd
  or
$ perl -ne 'print if $.>=3; last if $.>5' /etc/passwd
(The second variant is, again, more efficient.)
---------------------------------------

Using sed:
$ sed -n '3,5p' /etc/passwd
 or

## Perl Operators Precedence
left	terms and list operators (leftward)
left	->
nonassoc	++ --
right	**
right	! ~ \ and unary + and -
left	=~ !~
left	* / % x
left	+ - .
left	<< >>
nonassoc	named unary operators

## MySQL 5.1_5.5 (Windows) - 'MySQLJackpot' Remote Root Exploit
***
FARLiGHT ELiTE HACKERS LEGACY R3L3ASE
***

Attached is the MySQL Windows Remote Exploit (post-auth, udf
technique) including the previously released mass scanner.
The exploit is mirrored at the farlight website http://www.farlight.org.

Oracle MySQL on Windows Remote SYSTEM Level Exploit zeroday
All owned By Kingcope

## Makefile
obj-m += rootkit.o

all:
	make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules

clean:
	make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean
	<?php
	/*
	* XSS filter, recursively handles HTML tags & UTF encoding
	* Optionally handles base64 encoding
	*
	* *DEPRECATION RECOMMENDED* Not updated or maintained since 2011
	* A MAINTAINED & BETTER ALTERNATIVE => kses
	* https://github.com/RichardVasquez/kses/
	*
	* This was built from numerous sources
	import os, urllib, urllib2, datetime, arcpy, json


	## ============================================================================== ##
	## function to update a field - basically converts longs to dates for date fields ##
	## since json has dates as a long (milliseconds since unix epoch) and geodb wants ##
	## a proper date, not a long.
	## ============================================================================== ##
	def updateValue(row,field_to_update,value):
	outputfield=next((f for f in fields if f.name ==field_to_update),None) #find the output field
	'''
	This script will attempt to open your webbrowser,
	perform OAuth 2 authentication and print your access token.

	It depends on two libraries: oauth2client and gflags.

	To install dependencies from PyPI:

	$ pip install python-gflags oauth2client
	During an audit the Mikrotik RouterOS sshd (ROSSSH) has been identified to have a remote previous to authentication heap corruption in its sshd component.

	Exploitation of this vulnerability will allow full access to the router device.

	This analysis describes the bug and includes a way to get developer access to recent versions of Mikrotik RouterOS
	using the /etc/devel-login file. This is done by forging a modified NPK file using a correct signature and logging
	into the device with username ‘devel’ and the password of the administrator. This will drop into a busybox shell for
	further researching the sshd vulnerability using gdb and strace tools that have been compiled for the Mikrotik busybox
	platform.
	Using perl:
	$ perl -ne 'print if $.>=3 and $.<=5;' /etc/passwd
	or
	$ perl -ne 'print if $.>=3; last if $.>5' /etc/passwd
	(The second variant is, again, more efficient.)
	---------------------------------------

	Using sed:
	$ sed -n '3,5p' /etc/passwd
	or
	left terms and list operators (leftward)
	left ->
	nonassoc ++ --
	right **
	right ! ~ \ and unary + and -
	left =~ !~
	left * / % x
	left + - .
	left << >>
	nonassoc named unary operators
	***
	FARLiGHT ELiTE HACKERS LEGACY R3L3ASE
	***

	Attached is the MySQL Windows Remote Exploit (post-auth, udf
	technique) including the previously released mass scanner.
	The exploit is mirrored at the farlight website http://www.farlight.org.

	Oracle MySQL on Windows Remote SYSTEM Level Exploit zeroday
	All owned By Kingcope
	obj-m += rootkit.o

	all:
	make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules

	clean:
	make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean