This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script> | |
| /* In old browsers this worked: <img src=javascript:alert(1)> , tried it for DOM-XSS | |
| in the latest Chrome and it's not working. Any payload I can set to | |
| "user_controlled_variable" to have javascript execution? | |
| Reference for old browsers: https://html5sec.org/#63 | |
| .mario mentioned that it is possible to DoS firefox by setting the img.src to "javascript:while(1){}";. | |
| * Confirmed with latest Firefox | |
| * alert() calls are not allowed |
andresriancho
/ w3af-console.txt
Last active
August 29, 2015 14:06
w3af can now find shell shock vulnerabilities
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| w3af>>> plugins | |
| w3af/plugins>>> audit shell_shock | |
| w3af/plugins>>> back | |
| w3af>>> target | |
| w3af/config:target>>> set target http://.../test-env.cgi | |
| w3af/config:target>>> back | |
| The configuration has been saved. | |
| w3af>>> start | |
| Shell shock was found at: "http://.../test-env.cgi", using HTTP method GET. | |
| The modified header was: "User-Agent" and it's value was: "() { test; }; ping -c 3 localhost". |
andresriancho
/ w3af-console-shell-shock-exploit.txt
Last active
August 29, 2015 14:06
w3af can now exploit shell shock!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| w3af>>> plugins | |
| w3af/plugins>>> audit shell_shock | |
| w3af/plugins>>> back | |
| w3af>>> target | |
| w3af/config:target>>> set target http://shellshock.notsosecure.com/cgi-bin/status | |
| w3af/config:target>>> back | |
| The configuration has been saved. | |
| w3af>>> start | |
| Shell shock was found at: "http://shellshock.notsosecure.com/cgi-bin/status", using HTTP method GET. | |
| The modified header was: "User-Agent" and it's value was: "() { :;}; echo "shellshock: check"". |
andresriancho
/ gist:d972b7f0769095737891
Created
December 31, 2014 15:22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [pablo:/tmp] [test2] $ pip install scapy-real==2.2.0-dev0 | |
| Downloading/unpacking scapy-real==2.2.0-dev0 | |
| Downloading scapy-real-2.2.0-dev.tar.gz (1.1MB): 1.1MB downloaded | |
| Running setup.py (path:/tmp/test2/build/scapy-real/setup.py) egg_info for package scapy-real | |
| Installing collected packages: scapy-real | |
| Running setup.py install for scapy-real | |
| changing mode of build/scripts-2.7/scapy from 664 to 775 | |
| changing mode of build/scripts-2.7/UTscapy from 664 to 775 | |
andresriancho
/ gist:6ed7ffb866f0707c6017
Created
January 27, 2015 15:03
Top lines where w3af does mallocs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Measurement #4 | |
| Top 15 lines | |
| 1 : encodings/utf_8.py :16 - 110620.0 KiB | |
| 2 : python2.7/gzip.py :331 - 57050.0 KiB | |
| 3 : multiprocessing/pool.py :380 - 52507.0 KiB | |
| 4 : python2.7/socket.py :404 - 36179.0 KiB | |
| 5 : python2.7/socket.py :380 - 10197.0 KiB | |
| 6 : misc/ordereddict.py :15 - 7760.0 KiB | |
| 7 : parsers/url.py :210 - 7116.0 KiB | |
| 8 : generic/data_container.py :36 - 6796.0 KiB |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import time | |
| import threading | |
| import multiprocessing | |
| def worker(main_threads): | |
| for thread, frame in sys._current_frames().items(): | |
| if thread in main_threads: | |
| print 'Thread %s is in main and visible from worker' % thread |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Unfortunately, the main ipython launch script historically had no | |
| # "if __name__ == '__main__'" guard, so we work around that | |
| # by treating it like a __main__.py file | |
| # See https://github.com/ipython/ipython/issues/4698 | |
| main_name = os.path.splitext(os.path.basename(main_path))[0] | |
| if main_name == 'ipython': | |
| return |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| import ssl | |
| sock = socket.create_connection(('dadario.com.br', 443)) | |
| sock = ssl.wrap_socket(sock, None, None, ssl_version=ssl.PROTOCOL_TLSv1) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| >>> import hashlib | |
| >>> secret = 'areallylongsecret' | |
| >>> data = 'product_id=321&price=890.99' | |
| >>> hashlib.md5(secret + data).hexdigest() | |
| '99180b25a0c8a2b4e4981165a7223a8b' | |
| $ hashpump | |
| Input Signature: 99180b25a0c8a2b4e4981165a7223a8b | |
| Input Data: product_id=321&price=890.99 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import time | |
| import requests | |
| while 1: | |
| try: | |
| time.sleep(0.1) | |
| except KeyboardInterrupt: | |
| break |