原创 Linux - mysql sql injection
mysql runs the syntax from left to right. select user from user where user='ro' 'ot'=0; When user is root, it shou
2020-02-21 10:27:47
原创 Python - rq / mrq / Celery
rq Simple job queues for Python http://python-rq.org Please read the results from redis server. mrq Mr. Queue - A
2020-02-21 10:27:47
原创 Linux - rpcclient
Demo root@kali:~/reports# rpcclient -U "" 10.11.1.227 Enter 's password: rpcclient $> help --------------- ---
2020-02-21 10:27:47
原创 vuln - SugarCRM 6.5.23 - REST PHP Object Injection Exploit
Deploy a vuln lab Please install docker yourself. #!/bin/bash docker build -t sugarcrm:CVE-2016-7124 -f Dockerfile
2020-02-21 10:27:47
原创 PowerShell - PowerShell’s Security Guiding Principles
PS C:\Users\test\Desktop\PowerSploit-master\Exfiltration> Set-ExecutionPolicy Default Execution Policy Change The
2020-02-21 10:27:47
原创 Pentest - mysql udf privilege escalation
How to compile UDF DLL #include <stdio.h> #include <stdlib.h> enum Item_result {STRING_RESULT, REAL_RESULT, INT_RE
2020-02-21 10:27:46
原创 Metasploit - ERROR: cannot discover where libxml2 is located on your system
metasploit-framework [rapid7-master] ->> rvm list rvm rubies =* ruby-2.3.3 [ x86_64 ] # => - current # =* - curren
2018-12-26 00:57:15
1
原创 exploit - CVE-2017-5638 - Apache Struts2 S2-045
Metasploit-Framework Exp Code #!/usr/bin/python # -*- coding: utf-8 -*- import urllib2 import httplib def exploit(
2018-09-04 02:25:19
1
原创 Exploit - RFID
RFID Hacking Prepare Install Proxmark3 Check Proxmark3 / card status Crack Keys PRNG Attack NESTED Attack Dump data &
2018-09-04 02:25:06
5
原创 Compile zmap in Mac OSX
The quickest way to install zmap in Mac OSX is : $ brew install zmap But, it may fails at sometimes. ex: $ time zmap -o
2018-09-04 02:25:06
原创 Burpsuite - Extension: SQLipy
References https://github.com/codewatchorg/sqlipy/blob/master/SQLiPy.py https://www.codewatch.org/blog/?p=402 http
2018-09-04 02:25:05
5
原创 Linux - openvpn seutp automatically
How to setup a vpn service ? If you want to setup a vpn service, please try the following bash script. root@sh:/tmp/op
2018-09-04 02:25:05
原创 Python - decode ip header
#!/usr/bin/python # -*- coding: utf-8 -*- from ctypes import * import socket import struct class IP(Structure):
2018-09-04 02:25:05
原创 Burpsuite - Extension: Get All Proxied Hosts
How to get all proxied hosts from burpsuite sitemap ? from burp import IBurpExtender from burp import IContextMenuFacto
2018-09-04 02:25:05
1
原创 Android - Application Reversing
How to pwn cocon.apk ? A CTF Android apk called cocon.apk, and we need to decrypt the hash value (ctf flag). Please pre
2018-09-04 02:25:05