Skip to content

Instantly share code, notes, and snippets.

View rudSarkar's full-sized avatar
:electron:
Negatively Charged

Rudra Sarkar rudSarkar

:electron:
Negatively Charged
View GitHub Profile
@rudSarkar
rudSarkar / webmin_rce.py
Created August 13, 2025 06:48
CVE-2022-36446 - Webmin 1.996 Remote Code Execution
# Exploit Title: Webmin < 1.997 - Remote Code Execution (RCE) (Authenticated)
# Date: 2022-07-25
# Exploit Author: Emir Polat
# Vendor Homepage: https://www.webmin.com/
# Software Link: https://www.webmin.com/download.html
# Version: < 1.997
# Tested On: Version 1.996 - Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-122-generic x86_64)
# CVE: CVE-2022-36446
import argparse
# Exploit Title: Anuko Time Tracker - SQLi (Authenticated)
# Date: 2022-05-03
# Exploit Author: Altelus
# Vendor Homepage: https://www.anuko.com/
# Software Link: https://github.com/anuko/timetracker/tree/0924ef499c2b0833a20c2d180b04fa70c6484b6d
# Version: Anuko Time Tracker 1.20.0.5640
# Tested on: Linux
# CVE : CVE-2022-24707
# Reference: https://www.exploit-db.com/exploits/50915
@rudSarkar
rudSarkar / wsdl_sql_injection.py
Created August 10, 2025 19:35
Web Service & API Attacks - Skills Assessment
"""
Submit the password of the user that has a username of "admin". Answer format: FLAG{string}. Please note that the service will respond successfully only after submitting the proper SQLi payload, otherwise it will hang or throw an error.
"""
import requests
url = "http://10.129.247.185:3002/wsdl"
username = "admin' or '1'='"
password = "password"
@rudSarkar
rudSarkar / docker-compose.yaml
Created July 31, 2025 04:44
Bloodhound docker
# Copyright 2023 Specter Ops, Inc.
#
# Licensed under the Apache License, Version 2.0
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@rudSarkar
rudSarkar / main.go
Created April 20, 2025 15:41
Add missing one number/word at the end of the md5, it's for HTB Skills Assessment - Using Web Proxies
package main
import (
"encoding/base64"
"encoding/hex"
"fmt"
"strings"
)
func main() {
@rudSarkar
rudSarkar / install_python2.7.sh
Created April 16, 2025 09:17
Install python2.7 from source
#!/bin/bash
"""
Run this script as sudo
"""
wget https://www.python.org/ftp/python/2.7/Python-2.7.tgz
tar xvzf Python-2.7.tgz
cd Python-2.7/
./configure
@rudSarkar
rudSarkar / CVE-2025-29927.bcheck
Created March 27, 2025 10:43 — forked from fourcube/CVE-2025-29927.bcheck
Burp BCheck for CVE-2025-29927 (Next.js middleware bypass)
metadata:
language: v2-beta
name: "CVE-2025-29927 - Next.js middleware bypass"
description: "Checks for differences in responses when using different x-middleware-subrequest header paths"
author: "Chris Grieger - blueredix.com"
tags: "next.js", "middleware"
run for each:
middleware_value = "pages/_middleware",
"middleware",
{
"keys": [
{
"alg": "RS256",
"kty": "RSA",
"use": "sig",
"e": "AQAB",
"n": "l0mVxbXIkEzcxc35apZ2TakAc8PSjk7xWsA94zBPq2tWqrFcZjdrG7Fs9gxIFHvYqDCUk4f_WD6EpriemIDxUaMaJkTM7LM279h-kBff4DqlGQmuEZIKnS_Z6Fm2cuoXTIf-NW9J5GVllkawSMStCcqRXcRwh3QisOJV9ZUSXVNK_n6qpZEwoAanw-qpsqKIvpZ3spdZRL1VDpYWs8dDaI6gENBwnZjPOCPWklvkV3Fhk3CPSynGRPF07Nhajgo4k-xR1F3LZFkYXaHrGaXS8WMrDg9fPSC1q36s0N8c4ZX0UaQtGswpR6T6iPO9Tqlm_u_gjM2OKZ9dWN6jOH6xUQ",
"kid": "0bd77b48-a5a2-49e3-9a30-5962f875bfa3"
}
#!/bin/bash
# John 1.9.0 Jumbo-1
apt-get update && apt-get install -y git build-essential libssl-dev zlib1g-dev yasm libgmp-dev libpcap-dev libbz2-dev libgomp1 && git clone https://github.com/magnumripper/JohnTheRipper.git /jtr && rm -rf /jtr/.git && cd /jtr/src && ./configure && make -s clean && make -sj4 && make install && apt-get -y remove --purge git build-essential libssl-dev zlib1g-dev yasm libgmp-dev libpcap-dev libbz2-dev && apt-get -y autoremove && apt-get -y clean && rm -rf /var/lib/apt/lists/*
@rudSarkar
rudSarkar / git_branch_delete.sh
Created June 17, 2024 17:43
delete branch except main
git branch | grep -v 'main' | xargs git branch -d