adamyordan
/ CVE-2019-1003000-Jenkins-RCE-POC.py
Last active
July 29, 2019 09:29
CVE-2019-1003000-Jenkins-RCE-POC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Author: Adam Jordan | |
| # Date: 2019-02-15 | |
| # Repository: https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc | |
| # PoC for: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative) | |
| import argparse | |
| import jenkins |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| import random | |
| import argparse | |
| import sys | |
| from io import BytesIO | |
| # Referrer: https://github.com/wuyunfeng/Python-FastCGI-Client | |
| PY2 = True if sys.version_info.major == 2 else False |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Author: Evilcg, Twitter: @Evilcg | |
| Step One: | |
| PS C:\> [psobject].Assembly.Location | |
| C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | |
| Step Two: | |
| C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /reference:"C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /out:MS16_032.exe MS16_032.cs | |
| Windows 10 reference may be Here: C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35 |
RickGray
/ phpwind_hash_length_extension_attack.py
Created
May 26, 2016 07:13
PHPWind Hash-Length-Extension-Attack
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # author: RickGray | |
| # update: 2016-05-25 | |
| # >>>>>>>>>>> | |
| # requests, hashpumpy modules required | |
| # : pip install requests hashpumpy | |
| import re | |
| import json | |
| import time |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| query IntrospectionQuery { | |
| __schema { | |
| queryType { name } | |
| mutationType { name } | |
| subscriptionType { name } | |
| types { | |
| ...FullType | |
| } | |
| directives { |