Skip to content

Instantly share code, notes, and snippets.

Avatar
👾
Coding Harder : Getting Stronger ;

Shalinda Fernando shafdo

👾
Coding Harder : Getting Stronger ;
View GitHub Profile
@shafdo
shafdo / sources.list
Created Sep 16, 2021
Ubuntu 16.04 LTS sources.list
View sources.list
#deb cdrom:[Ubuntu 16.04.2 LTS _Xenial Xerus_ - Release amd64 (20170215.2)]/ xenial main restricted
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://us.archive.ubuntu.com/ubuntu/ xenial main restricted
# deb-src http://us.archive.ubuntu.com/ubuntu/ xenial main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb http://us.archive.ubuntu.com/ubuntu/ xenial-updates main restricted
@shafdo
shafdo / struts2rce.py
Last active Aug 13, 2021
A script to exploit Struts 2.x RCE
View struts2rce.py
'''
The following versions of Struts are affected:
Struts 2.3.5
Struts 2.3.31
Struts 2.5
Struts 2.5.10
'''
import requests
@shafdo
shafdo / RSA_2_HS256.py
Created Aug 4, 2021
A simple token crafter script to use when the server not verifying jwt algorithm.
View RSA_2_HS256.py
#!/usr/bin/python3
import requests
import base64
import hmac
import hashlib
# Controls
keyFilePath = "KEY GOES HERE"
@shafdo
shafdo / cve-2013-0156.py
Created Aug 1, 2021
CVE-2013-0156: Rails Object Injection (Detailed POC)
View cve-2013-0156.py
#!/usr/bin/python3
'''
Date: Monday, August 2, 2021
Description: CVE-2013-0156: Rails Object Injection (Detailed POC)
Created By: ShaFdo (twitter: @ShalindaFdo)
-----------------------------------------------
Dependencies: requests
Usage: ./cve-2013-0156.py
Additional Notes: Make sure you mark "cve-2013-0156.py" as an executable before running it :).