spaze

#!/bin/bash
# Find files in CVE-2020-15227 nette/application issue
# by @spazef0rze
# Run with `bash find-cve-2020-15227.sh`, works on Linux, FreeBSD, tested on Ubuntu 18.04, FreeBSD 11.4

# This is a universal finder for all affected versions.

# Requirements: find, grep, bash (might work with your default shell but YMMV)

# The fixes:

pikpikcu

POST Request with burpsuite

POST /wls-wsat/CoordinatorPortType HTTP/1.1
Host: 127.0.0.1
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
Content-Type: text/xml
SOAPAction: ""
Content-Length: 175816
CMD: cat /etc/passwd
Connection: close

dwisiswant0

nucleir() {
	local TPL="$HOME/Documents/nuclei-templates"

	[[ -z "${1}" ]] && { echo "-target/-l ?"; return; }
	[[ -z "${2}" ]] && { echo "Input target?"; return; }

	local T=""

	for i in `ls -1d ${TPL}/*/`; do
		if [[ ! "${i}" =~ (brute-force|examples|payloads) ]]; then

98lenvi

Create your own site in the dark web.

There is a lot of misconception around the dark web, and most of the people think that it is not possible to create their own website on Dark web (The Onion network). Today we will set up a website in the Onion/Tor network for free.

As you can see above, I have created my own website in the Tor network, and I've accessed it using the Tor Browser.

This tutorial consists of three steps

hakluke

#!/usr/bin/python3

import ssl,sys,json

cert = ssl.get_server_certificate((sys.argv[1], 443)) #Retrieve SSL server certificate
cert = ssl.PEM_cert_to_DER_cert(cert) #Convert certificate to DER format
begin = cert.rfind(b'\x06\x03\x55\x04\x03') + 7 #Find the last occurence of this byte string indicating the CN, add 7 bytes to startpoint to account for length of byte string and padding
end = begin + cert[begin - 1] #Set endpoint to startpoint + the length of the CN
jsondata = {"ip": sys.argv[1], "cn": cert[begin:end].decode('utf-8')}
print(json.dumps(jsondata))

mariuszpoplwski

CVE-2020-13484

https://gist.github.com/mariuszpoplawski/26e1fbde8f9a607478bee1de90daa329



------------------------------------------

 Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in
 the services/main/ajax.php?action=attachUrlPreview url parameter, if

imran-parray

cat temp.txt| while read line ; do echo "QUIT"|openssl s_client -connect $line:443 2>&1|grep 'server extension "heartbeat" (id=15)' || echo $line: safe; done

SwitHak

CVE-2020-11651 AKA SaltStack RCE

• Currently no cool name, what are you doing @GossiTheDog ? ;)

General

• A critical vulnerability have been discovered by FSECURE Labs team in the SaltStack product.
• The vulnerability is a Remote Code Execution with the higher CVSS number possible 10/10 and the CVE number is CVE-2020-11651.
• there's also another vulnerability referenced under the CVE-2020-11652, discovered in the same time also per FSECURE.
• The vulnerability is actively exploited (Some says since Saturday morning 2020-05-02) and several exploits are in the wild.
• We currently knows at least 5 victims, even big names are concerned.
• This is not a drill or something you can patch later, act now.

0xsha

package main


/*
CVE-2020-8515: DrayTek pre-auth remote root RCE

Mon Mar 30 2020 -  0xsha.io


Affected:

pikpikcu

#!/bin/sh
#
# CloudFlare Dynamic DNS
#
# Updates CloudFlare records with the current public IP address
#
# Takes the same basic arguments as A/CNAME updates in the CloudFlare v4 API
# https://www.cloudflare.com/docs/client-api.html#s5.2
#
# Use with cron jobs etc.