JnuSimba

<?php
include './htmLawed.php';
$m1=array("'","\""," ","");
$m2=array("","","\"","'","<","","","","","","","","");
$mag=array("'","\""," ","</div>","/*","*/","\\","\\\"","\\\'",";",":","<",">","=","<div","\r\n","","&#","/","*","expression(","w:expression(alert(9));","style=w:expression(alert(9));","");
for($i=0;$i<10000;$i++)
{
$fname = "tc\\hush".$i.".html";
$fp = fopen($fname, "a");
$mtotran = "";

JnuSimba

#!/usr/bin/env perl

use strict;
use warnings;

sub file_contains ($$);

my $version;
for my $file (map glob, qw{ *.lua lib/*.lua lib/*/*.lua lib/*/*/*.lua lib/*/*/*/*.lua lib/*/*/*/*/*.lua }) {
    # Check the sanity of each .lua file

JnuSimba

//+---------------------------------------------------------------------+
//|                                                Blessing 3 v3.9.6.09 |
//|                                                   February 09, 2014 |
//|                     Copyright ?2007-2011, J Talon LLC/FiFtHeLeMeNt |
//|     In no event will authors be liable for any damages whatsoever.  |
//|                         Use at your own risk.                       |
//|                                                                     |
//|  This EA is dedicated to Mike McKeough, a member of the Blessing    |
//|  Development Group, who passed away on Saturday, 31st July 2010.    |

JnuSimba

#!/usr/bin/python

# Hut3 Cardiac Arrest - A script to check OpenSSL servers for the Heartbleed bug (CVE-2014-0160).
#
# DISCLAIMER: There have been unconfirmed reports that this script can render HP iLO unresponsive.
# This script complies with the TLS specification, so responsitivity issues are likely the result
# of a bad implementation of TLS on the server side. CNS Hut3 and Adrian Hayter do not accept
# responsibility if this script crashes a server you test it against. USE IT AT YOUR OWN RISK.
# As always, the correct way to test for the vulnerability is to check the version of OpenSSL
# installed on the server in question. OpenSSL 1.0.1 through 1.0.1f are vulnerable.

JnuSimba

# Source: http://blog.mindedsecurity.com/2010/10/breaking-net-encryption-with-or-without.html
 
#!/usr/bin/perl
#
#
#  Webconfig Bruter - exploit tool for downloading Web.config
#
#  FOr use this script you need Pudbuster.
#  Padbuster is a great tool and Brian Holyfield deserve all the credits.
#  Note from Exploit-db: This very first exploit was meant to work with Padbusterdornet or Padbuster v0.2.

JnuSimba

#!/usr/bin/perl
#
# PadBuster v0.3.3 - Automated script for performing Padding Oracle attacks
# Brian Holyfield - Gotham Digital Science ([email protected])
#
# Credits to J.Rizzo and T.Duong for providing proof of concept web exploit
# techniques and S.Vaudenay for initial discovery of the attack. Credits also
# to James M. Martin ([email protected]) for sharing proof of concept exploit
# code for performing various brute force attack techniques, and wireghoul (Eldar 
# Marcussen) for making code quality improvements.  

JnuSimba

LOCK /1.vbs HTTP/1.1
Host: localhost
Timeout: Infinite, Second-4100000000
Content-Type: text/xml; charset="utf-8"
Content-Length: 257
Authorization: Digest username="user",realm="[email protected]", nonce="...",uri="/1.vbs",response="...", opaque="..."

<?xml version="1.0" encoding="utf-8" ?>
<d:lockinfo xmlns:d="DAV:">
  <d:lockscope><d:exclusive/></d:lockscope>

JnuSimba

import urllib2,os,re,sys
argvs=sys.argv

url=argvs[1]
path=argvs[2]

listurl=[]
def getpath(url):
    try:
        c=urllib2.urlopen(url+'/.svn/entries').read()

JnuSimba

#!/usr/bin/php -q
<?php
/**
 * 本脚本用于下载.svn目录未作权限限制的网站源码,适用于现有的各种svn版本.
 * 请用php5.3+来运行本脚本.想支持更低版本,请自行修改源码.不必通知我.
 * 作者：小雨@乌云
 * http://蛋疼.com
 * changelog:
 * 2.1 2012-3-28
 * .svn不成功时尝试使用_svn目录

JnuSimba

#define _CRT_SECURE_NO_DEPRECATE
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <winsock2.h> 
#include <io.h>
#include <signal.h>
#pragma comment(lib, "ws2_32.lib")
#define VERSION                        "1.10"
#define TIMEOUT                        300