| <?xml version="1.0"?> | |
| <!-- | |
| API Monitor Filter | |
| (c) 2010-2013, Rohitab Batra <[email protected]> | |
| http://www.rohitab.com/apimonitor/ | |
| --> | |
| <ApiMonitor> | |
| <CaptureFilter> | |
| <Module Name="Advapi32.dll"> | |
| <Api Name="ControlService"/> |
| #!/usr/bin/python | |
| # | |
| # Simple Blind XXE server intended to handle incoming requests for | |
| # malicious DTD file, that will subsequently ask for locally stored file, | |
| # like file:///etc/passwd. | |
| # | |
| # This program has been tested with PlayFramework 2.1.3 XXE vulnerability, | |
| # to be run as follows: | |
| # |
| #!/usr/bin/env ruby | |
| require "webrick" | |
| =begin | |
| WEBrick is a Ruby library that makes it easy to build an HTTP server with Ruby. | |
| It comes with most installations of Ruby by default (it’s part of the standard library), | |
| so you can usually create a basic web/HTTP server with only several lines of code. | |
| The following code creates a generic WEBrick server on the local machine on port 1234, |
| #!/usr/bin/env python | |
| """ | |
| Very simple HTTP server in python. | |
| Usage:: | |
| ./dummy-web-server.py [<port>] | |
| Send a GET request:: | |
| curl http://localhost |
| #!/usr/bin/python | |
| import requests | |
| import datetime | |
| import string | |
| import sys | |
| ALPHABET = string.printable | |
| RETRIES = 1 |
| #!/usr/bin/python | |
| # | |
| # Pickle deserialization RCE payload. | |
| # To be invoked with command to execute at it's first parameter. | |
| # Otherwise, the default one will be used. | |
| # | |
| import cPickle | |
| import sys | |
| import base64 |
Apacje Struts is a open source framework utilizing JavaEE web applications and encouraging to employ MVC (Model View Controller) architecture. When having the application developed in so-called devMode as set in the struts.xml file:
<constant name="struts.devMode" value="true" />
Then the middleware will be handling additional parameters passed to every function invocation.
Having a functionality of file upload or other function that is parsing input xml-type data that will later flow through the XMLDecoder component of Java Beans, one could try to play around it's known deserialization issue. In order to test that issue there should be specially crafted XML-payload used that would invoke arbitrary Java interfaces and methods with supplied parameters.
When one would like to start a bind shell on the target machine, he could use the payload like the following one:
Runtime.getRuntime().exec(new java.lang.String[]{"/usr/bin/nc", "-l", "-p", "4444", "-e", "/bin/bash"});
| #!/bin/bash | |
| echo -e "\n\nSimple SSL/TLS self-signed CA Certificate generator\n\n" | |
| if [ -z $1 ]; then | |
| echo "Usage: $0 [file_name]" | |
| echo -e "\nGoing with default name: './rogue_server'\n\n" | |
| fi | |
| FILENAME=${1:-rogue_server} |
| #!/bin/bash | |
| # | |
| # Simple vm-specific management bash functions and aliases. | |
| # Coming with basic functionality of starting, stopping and status checking | |
| # routines. Easy to change to manage other type of VMs. | |
| # | |
| # Providing commands for: | |
| # - starting/stopping selected VM | |
| # - checking whether selected VM is running | |
| # - easily ssh'ing to the selected VM |