Browse code added some stuff master
1 parent 63357f7 commit c2dd18da9e592a7da68718bd524fde9b47264e5d root authored on 12 Nov 2019

Showing 13 changed files

• +39-0
  ■■■■■
  BurpManiProxy.php
• +9-2
  ■■■■■
  README.md
• +29-0
  ■■■■■
  ReportToolz/README.md
• +344-0
  ■■■■■
  ReportToolz/classes/CommandArgumentFilter.php
• +390-0
  ■■■■■
  ReportToolz/classes/CommandLineArgumentDefinition.php
• +435-0
  ■■■■■
  ReportToolz/rep2.php
• crack_zip.sh
• evilsvgfile.svg
• privesc/LinEnum.sh
• privesc/linuxprivchecker.py
• privesc/windows-privesc-check2.exe
• privesc/windows_privesc_check.py
• search_dump.sh

Ignore Space Show notes View 39 ■■■■■ BurpManiProxy.php 0 → 100755

<?php if(isset($_POST['payload'])){   $target = "https://www.pwnme.com";     /*** * manipulate dataz herre */ $encoded = base64_encode($_POST['payload']); $dataz = '{"serviceHeader":{"actionId":"11d2cd49-9b6f-4349-9f97-1b13e48d8ab6","authenticator":"Android_WB_RSA2048","deviceFootprint":"RqxMV8A==","deviceModel":"unknown Android SDK built for x86","deviceOS":"Android 6.0","token":"NkI3Mzc5QkI3OURFOQckQrMlZVQjd5VU9GNFc4Ui80dzRwRHZ1dz0="},"params":{"challengeId":"d3d7bb1a-3d93ab4","opData":"'.$encoded.'","signedChallenge":"HGnm62fhJzQRzJ3D5LwJoM4LcoYozMfxXaeQQZ1rmQ666k1eqDnRgUEHe4Qcebb1cy2/5Vg5034EH7FnTh13LIfMYw57RJ+jebYqIkKIqBzmFrToqeOd8w=="}}';   $headers = ['UserAgent' => 'okhttp/3.9.0', 'app' => 'ANDROID', 'key' => '123'];   $variable = getdataz($target, $headers, $dataz); echo $variable; // or do manipulation etc.   /*** * Leave me */   function getdataz($target, $headers, $dataz){ $ch = curl_init($target);   curl_setopt($ch, CURLOPT_HEADER, $headers); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_POSTFIELDS,$dataz); curl_setopt($ch, CURLOPT_PROXY, '127.0.0.1:8080'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);   $result = curl_exec($ch); curl_close($ch);   return $result; } }   ?>

Ignore Space Show notes View 11 ■■■■■ README.md
DirtyScripts =============== This repo comes as-is!!   It is just a dump of stuff, maybe useful, probably not.   Without warranty or documentation.   If you can't read the code then this isn't for you.   Please do not ask for help regarding anything here, you will be ignored

Ignore Space Show notes View 29 ■■■■■ ReportToolz/README.md 0 → 100644

``` ╰» ./rep2.php -d "/mnt/hgfs/Pentest/pentests/2019/Precise/J34562.6 Company Web Application Technical Report 1.1.odt" _____ _____ _____ 2 ||_// ||== ||_// || \ ||___ ||   [!] doc: /mnt/hgfs/Pentest/pentests/2019/Company/J12345.6 Company Web Application Technical Report 1.1.odt [+] doc extracted [=] fonts found: 23 [+] vulnerabilities identified [+] temp files removed [+] created directory /mnt/hgfs/Pentest/pentests/2019/Company/rep2/ [+] medium issues: /mnt/hgfs/Pentest/pentests/2019/Company/rep2/findings_serious.csv [+] low issues: /mnt/hgfs/Pentest/pentests/2019/Company/rep2/findings_serious.csv [+] all issues: /mnt/hgfs/Pentest/pentests/2019/Company/rep2/findings_all.csv [+] remediation table: /mnt/hgfs/Pentest/pentests/2019/Company/rep2/remediation.csv [+] OWASP table: /mnt/hgfs/Pentest/pentests/2019/Company/rep2/owasp.csv [=] Serious = 0, High = 0, Medium = 4, Low = 3   Ref | Title | Risk | CVSS | Remediation | OWASP -------|-----------------------------------|--------|--------|---------------|------------------------------ 5.1.1 |Missing Security Headers |Medium |5.1 |Configuration |A6 Security Misconfiguration 5.1.2 |Insecure SSL Certificate Detected |Medium |4.8 |Configuration |A6 Security Misconfiguration 5.1.3 |Missing Cookie Attributes |Medium |4.7 |Configuration |A6 Security Misconfiguration 5.1.4 |jQuery Vulnerabilities |Medium |4.3 |Configuration |A9 Components with Known Vulne 5.2.1 |Software Version Numbers Disclosed |Low |5.3 |Configuration |A6 Security Misconfiguration 5.2.2 |Verbose Error Reporting Enabled |Low |5.3 |Configuration |A6 Security Misconfiguration 5.2.3 |Wildcard SSL Certificate |Low |3.7 |Configuration |A6 Security Misconfiguration ```

Ignore Space Show notes View 344 ■■■■■ ReportToolz/classes/CommandArgumentFilter.php 0 → 100644

<?php /** * Filters an array and extracts and validates command line arguments * * @author Patrick Forget <patforg at webtrendi.com> */   namespace Clapp;   /** * Filters an array and extracts and validates command line arguments * * @author Patrick Forget <patforg at webtrendi.com> */ class CommandArgumentFilter { /** * Command line arguments * @var array */ private $arguments = array(); /** * Definition of allowed parameters * @var \Clapp\CommandLineArgumentDefinition */ private $definitions = null;   /** * Flag if arguments have been parsed in to params * @var boolean */ private $parsed = false;   /** * Parsed params * @var array */ private $params = array();   /** * Trailing values * @var string */ private $trailingValues = ""; /** * program name * @var string */ private $programName = "";   /** * class constructor * * @author Patrick Forget <patforg at webtrendi.com> * * @param \Clapp\CommandLineDefinition $definitions contains list of allowed parameters * @param array $args list of arguments to filter. */ public function __construct(\Clapp\CommandLineArgumentDefinition $definitions, $args) { if (is_array($args)) { $this->arguments = $args; } //if   $this->definitions = $definitions; } // __construct()   /** * returns parameter matching provided name * * @author Patrick Forget <patforg at webtrendi.com> * * @param string name of the paramter to retreive * * @return mixed if param the param appears only once the method will * return 1 if the parameter doesn't take a value. The specified value * for that param will returned if it does take value. * * If many occurence of the param appear the number of occurences will * be returned for params that do not take values. An array of values * will be returned for the parameters that do take values. * * If the parameter is not present null if it takes a value and false if * it's not present and doesn't allow values */ public function getParam($name) { if (!$this->parsed) { $this->parseParams(); } //if   $longName = strlen($name) === 1 ? $this->definitions->getLongName($name) : $name; if (isset($this->params[$longName])) { return $this->params[$longName]; } else { if ($this->definitions->allowsValue($longName)) { return null; } else { return false; } //if } //if   } // getParam()   /** * retreive the program name * * @author Patrick Forget <patforg at webtrendi.com> */ public function getProgramName() { if (!$this->parsed) { $this->parseParams(); } //if   return $this->programName; } // getProgramName() /** * retreive the trailing values * * @author Patrick Forget <patforg at webtrendi.com> */ public function getTrailingValues() { if (!$this->parsed) { $this->parseParams(); } //if   return $this->trailingValues; } // getTrailingValues()   /** * extracts params from arguments * * @author Patrick Forget <patforg at webtrendi.com> */ protected function parseParams() {   $argumentStack = $this->arguments;   $expectingValue = false; $currentLongName = null; $currentValue = null; $trailingValues = ""; $endOfDashedArguments = false; $addParam = false; $argumentsLeft = sizeof($argumentStack); $multiShortParams = array();   $this->programName = array_shift($argumentStack); // remove first argument which is the program name   while ($currentArgument = array_shift($argumentStack)) { $argumentsLeft--; $currentArgumentLength = strlen($currentArgument);   // arguments that don't start with a dash if (substr($currentArgument, 0, 1) !== '-') { if ($expectingValue) { $currentValue = $currentArgument; $addParam = true; } else { $trailingValues .= " ". $currentArgument; $endOfDashedArguments = true; } //if   // double dash detected } elseif (substr($currentArgument, 1, 1) === '-') { if ($expectingValue) { throw new \UnexpectedValueException("Parameter {$currentLongName} expects a values"); } //if   /* stop parsing arguments if double dash only param is encountered */ if ($currentArgumentLength == 2) { if ($trailingValues !== "") { throw new \UnexpectedValueException("Trailing values must appear after double dash"); } //if   $trailingValues = " ". implode(" ", $argumentStack); $argumentStack = array(); $endOfDashedArguments = true; break; } //if   $longNameParts = explode("=", substr($currentArgument, 2), 2);   $currentLongName = $longNameParts[0];   if (sizeof($longNameParts) > 1) { $currentValue = $longNameParts[1]; $addParam = true; } elseif ($this->definitions->allowsValue($currentLongName)) { $expectingValue = true; } else { $addParam = true; } //if   // single dash } else { if ($expectingValue) { throw new \UnexpectedValueException("Parameter {$currentLongName} expects a values"); } //if   $shortNameParts = explode("=", substr($currentArgument, 1), 2);   $shortName = $shortNameParts[0];   if (strlen($shortName) <= 1) { $currentLongName = $this->definitions->getLongName($shortName);   if ($currentLongName === null) { throw new \InvalidArgumentException("Unable to find name with ". "provided parameter ({$shortName})"); } //if   if (sizeof($shortNameParts) > 1) { $currentValue = $shortNameParts[1]; $addParam = true; } elseif ($this->definitions->allowsValue($currentLongName)) { $expectingValue = true; } else { $addParam = true; } //if   } else { $multiShortParams = str_split($shortName);   /* process the last one (which is the only one that can have a value) */ $lastParam = array_pop($multiShortParams); $currentLongName = $this->definitions->getLongName($lastParam); if (sizeof($shortNameParts) > 1) { $currentValue = $shortNameParts[1]; $addParam = true; } elseif ($this->definitions->allowsValue($lastParam)) { $expectingValue = true; } else { $addParam = true; } //if   } //if } //if   if ($addParam) { if ($endOfDashedArguments) { throw new \UnexpectedValueException("Unexpected argument after undashed values"); } //if   /* Not sure how this could happen */ // @codeCoverageIgnoreStart if ($currentLongName === false || $currentLongName === null) { throw new \UnexpectedValueException("Missing argument name"); } //if // @codeCoverageIgnoreEnd   if (!$this->definitions->paramExists($currentLongName)) { throw new \InvalidArgumentException("Invalid argument name"); } //if   $allowsMultiple = $this->definitions->allowsMultiple($currentLongName); $allowsValue = $this->definitions->allowsValue($currentLongName);   if (isset($this->params[$currentLongName]) && !$allowsMultiple) { throw new \UnexpectedValueException("Multiple instace of parameter {$currentLongName} not allowed"); } //if   if ($allowsValue) { /* Missing values should always be detected before addParam is true */ // @codeCoverageIgnoreStart if ($currentValue === null) { throw new \UnexpectedValueException("Parameter {$currentLongName} expects a values"); } //if // @codeCoverageIgnoreEnd   } elseif ($currentValue !== null) { throw new \UnexpectedValueException("Parameter {$currentLongName} does not accept values");   } else { $currentValue = true; } //if   if ($allowsMultiple) { if ($allowsValue) { if (!isset($this->params[$currentLongName])) { $this->params[$currentLongName] = array(); } //if   $this->params[$currentLongName][] = $currentValue;   } else { if (!isset($this->params[$currentLongName])) { $this->params[$currentLongName] = 0; } //if   $this->params[$currentLongName]++;   } //if   } else { $this->params[$currentLongName] = $currentValue; } //if   foreach ($multiShortParams as $shortName) { $argumentStack[] = "-{$shortName}"; $argumentsLeft++; } //foreach   /* reset stuff for next param */ $expectingValue = false; $currentLongName = null; $currentValue = null; $addParam = false; $multiShortParams = array();   } //if   } //while   if ($expectingValue !== false) { throw new \UnexpectedValueException("Parameter {$currentLongName} expects a values"); } //if   /* Not sure how this could happen */ // @codeCoverageIgnoreStart if ($currentLongName !== null || $addParam !== false || $currentValue !== null || sizeof($multiShortParams) !== 0) { throw new \UnexpectedValueException("Unable to process some parameters"); } //if // @codeCoverageIgnoreEnd   if ($trailingValues !== "") { $this->trailingValues = substr($trailingValues, 1); // remove extra space at the begging } //if   $this->parsed = true; } // parseParams() }

Ignore Space Show notes View 390 ■■■■■ ReportToolz/classes/CommandLineArgumentDefinition.php 0 → 100644

<?php /** * Defines list and formats of command line arguments * * @author Patrick Forget <patforg at webtrendi.com> */   namespace Clapp;   /** * Defines list and formats of command line arguments * * @author Patrick Forget <patforg at webtrendi.com> */ class CommandLineArgumentDefinition {   /** * @var array */ private $definitions = array();   /** * long names as keys and array of properties as values * * properties are as follows * * string "shortName" one letter char to the corresponding short name * * boolean "isMultipleAllowed" true if mutliple instances of the param are allowed * * mixed "parameterType" false if paramters are not alloweda value, * otherwise a string with the value "integer" or "string" * * string "description" description of the parameter * @var array */ private $longNames = array(); /** * list of short names as keys and their long name equivalent as values * @var array */ private $shortNames = array();   /** * Flag if arguments have been parsed in to params * @var boolean */ private $isParsed = false;   /** * class constructor * * @author Patrick Forget <patforg at webtrendi.com> * * @param array $definitions contains list of allowed parameters * the key is the long name of the parameter followed by a pipe (|) * then a single character specifying the short name. * * If the parameter allows for arguments then an equal sign (=) * follows and then the type of paramter. * * Allowed types are either i, int or integer for integer types * and s, str or string for string types. * * If a parameter can appear more than once the last character of * the key should be a plus character (+). * * The value of the entry is the definition of what the paramter * does. */ public function __construct($definitions) { if (is_array($definitions)) { $this->definitions = $definitions; } //if } // __construct()   /** * checks if parameter is allowed * * @author Patrick Forget <patforg at webtrendi.com> * * @param string $name either short or long name of the parameter to check * * @return boolean true if definition exisits, false otherwise */ public function paramExists($name) { if (!$this->isParsed) { $this->parseDefinitions(); } //if   if (strlen($name) == 1) { return isset($this->shortNames[$name]); } else { return isset($this->longNames[$name]); } //if } // paramExists($name)   /** * checks if parameter allows a value if so what type * * @author Patrick Forget <patforg at webtrendi.com> * * @param string $name either short or long name of the parameter to check * * @return boolean|string false doesn't allow value, The value "string" or "integer" depending which type it allows */ public function allowsValue($name) { if (!$this->isParsed) { $this->parseDefinitions(); } //if   $longName = (strlen($name) == 1 ? ( isset($this->shortNames[$name]) ? $this->shortNames[$name] : '') : $name);   if (isset($this->longNames[$longName])) { return $this->longNames[$longName]['parameterType'] !== false ? true : false; } else { return false; } //if } // allowsValue() /** * returns the type of value allowed * * @author Patrick Forget <patforg at webtrendi.com> */ public function getValueType($name) { if (!$this->isParsed) { $this->parseDefinitions(); } //if   $longName = (strlen($name) == 1 ? ( isset($this->shortNames[$name]) ? $this->shortNames[$name] : '') : $name);   if (isset($this->longNames[$longName]['parameterType']) && $this->longNames[$longName]['parameterType'] !== false) { return $this->longNames[$longName]['parameterType']; } else { return ''; } //if } // getValueType()   /** * checks if pamultiple instance of parameter are allowed * * @author Patrick Forget <patforg at webtrendi.com> * * @param string $name either short or long name of the parameter to check * * @return boolean false if parameter doesn't allow multiple values, true if it does */ public function allowsMultiple($name) { if (!$this->isParsed) { $this->parseDefinitions(); } //if   $longName = (strlen($name) == 1 ? ( isset($this->shortNames[$name]) ? $this->shortNames[$name] : '') : $name);   if (isset($this->longNames[$longName])) { return $this->longNames[$longName]['isMultipleAllowed']; } else { return false; } //if } // allowsMultiple()   /** * retreive short name of a parameter using its long name * * @author Patrick Forget <patforg at webtrendi.com> * * @param string $name long name of the parameter to check * * @return string character of the short name or null if it doesn't exist */ public function getShortName($name) { if (!$this->isParsed) { $this->parseDefinitions(); } //if   if (isset($this->longNames[$name])) { return $this->longNames[$name]['shortName']; } else { return null; } //if } // getShortName($name) /** * retreive long name of a parameter using its short name * * @author Patrick Forget <patforg at webtrendi.com> * * @param string $name short name of the parameter to check * * @return string long name or null if it doesn't exist */ public function getLongName($name) { if (!$this->isParsed) { $this->parseDefinitions(); } //if   if (isset($this->shortNames[$name])) { return $this->shortNames[$name]; } else { return null; } //if } // getLongName($name)   /** * retreive description of a paramter * * @author Patrick Forget <patforg at webtrendi.com> * * @param string $name either short or long name of the parameter to check * * @return string description or null if it doesn't exist */ public function getDescription($name) { if (!$this->isParsed) { $this->parseDefinitions(); } //if   $longName = (strlen($name) == 1 ? ( isset($this->shortNames[$name]) ? $this->shortNames[$name] : '') : $name);   if (isset($this->longNames[$longName])) { return $this->longNames[$longName]['description']; } else { return null; } //if } // getDescription() /** * builds a usage definition based on definition of params * * @author Patrick Forget <patforg at webtrendi.com> */ public function getUsage() { if (!$this->isParsed) { $this->parseDefinitions(); } //if   /* build list of argument names and calculate the first column width so we can pad to align definitions */ $firstCol = array(); $longestDef = 0; foreach (array_keys($this->longNames) as $longName) { ob_start(); echo "--{$longName}|-{$this->getShortName($longName)}";   if ($this->allowsValue($longName)) { echo "={$this->getValueType($longName)}"; } //if   if ($this->allowsMultiple($longName)) { echo "+"; } //if   $defLength = ob_get_length();   $longestDef = max($longestDef, $defLength);   $firstCol[$longName] = ob_get_contents(); ob_end_clean();   } //foreach   $firstColMaxWidth = $longestDef + 4;   ob_start();   foreach ($firstCol as $longName => $def) { $currentDefLength = strlen($def);   $padding = str_repeat(" ", $firstColMaxWidth - $currentDefLength);   echo "{$def}{$padding}{$this->getDescription($longName)}", PHP_EOL; } //foreach   echo PHP_EOL;   $usage = ob_get_contents(); ob_end_clean(); return $usage;   } // getUsage()   /** * parses the definitions * * @author Patrick Forget <patforg at webtrendi.com> */ protected function parseDefinitions() { foreach ($this->definitions as $nameDef => $description) { $nameParts = explode("|", $nameDef);   if (sizeof($nameParts) !== 2) { throw new \UnexpectedValueException("Unexpected argument name definition expecting \"longName|char\""); } //if   $longName = $nameParts[0]; $isMulti = false; $parameterType = false;   $shortNameLength = strlen($nameParts[1]);   if ($shortNameLength == 1) { $shortName = $nameParts[1]; } else { $secondChar = substr($nameParts[1], 1, 1);   switch ($secondChar) { case '=': $shortNameParts = explode("=", $nameParts[1]);   $shortName = $shortNameParts[0]; $parameterTypeString = $shortNameParts[1];   if (substr($parameterTypeString, -1) === '+') { $isMulti = true; $parameterTypeString = substr($parameterTypeString, 0, -1); // remove trailing + } //if   switch ($parameterTypeString) { case 'i': case 'int': case 'integer': $parameterType = 'integer'; break; case 's': case 'str': case 'string': $parameterType = 'string'; break; default: throw new \UnexpectedValueException("Expecting parameter type". " to be either integer or string"); break; } //switch   break; case '+': if ($shortNameLength > 2) { throw new \UnexpectedValueException("Multiple flag charachter (+)". " should be last character in definition"); } //if   $shortName = substr($nameParts[1], 0, 1); $isMulti = true;   break; default: throw new \UnexpectedValueException("Expecting short name definition to be a single char"); break; } // switch   } //if   if (isset($this->longNames[$longName])) { throw new \UnexpectedValueException("Cannot redefine long name {$longName}"); } //if   if (isset($this->shortNames[$shortName])) { throw new \UnexpectedValueException("Cannot redefine short name {$shortName}"); } //if   $this->longNames[$longName] = array( 'shortName' => $shortName, 'isMultipleAllowed' => $isMulti, 'parameterType' => $parameterType, 'description' => $description );   $this->shortNames[$shortName] = $longName;   } //foreach   $this->isParsed = true; } // parseDefinitions() }

Ignore Space Show notes View 435 ■■■■■ ReportToolz/rep2.php 0 → 100755

#!/usr/bin/php <?php //error_reporting(0);   /*** * Configuration options */ $sub1 = 5; // header no in doc e.g. "5 Discovered Vulnerabilities"   /*** * Main program - Don't edit below */ echo "_____ _____ _____ 2\n||_// ||== ||_// \n|| \\ ||___ || \n\n";   foreach (glob("classes/*.php") as $filename) include $filename;   $definitions = new \Clapp\CommandLineArgumentDefinition( array( "help|h" => "Shows help message", "doc|d=s" => "/path/to/doc.odt to use", ) );   $filter = new \Clapp\CommandArgumentFilter($definitions, $argv);   if ($filter->getParam('h') === true || $argc < 2) { fwrite(STDERR, $definitions->getUsage()); exit(0); }   // see if doc exists if ($filter->getParam("doc") == false) die("[-] no doc set\n");   echo "[!] doc: ".$filter->getParam("doc")."\n"; if(!file_exists($filter->getParam("doc"))) die("[-] no such file! \n");   // extract doc and get contents $rand = uniqid(); mkdir("/tmp/$rand"); if(unzipFolder($filter->getParam("doc"), "/tmp/$rand/")) { $source = file_get_contents("/tmp/$rand/content.xml"); echo "[+] doc extracted\n"; } else { die("[-] unable to extract doc\n"); } // Parse Doc's XML $line = array(); $reader = new XMLReader(); if (!$reader->open("/tmp/$rand/content.xml")) die("[-] Failed to open 'content.xml'\n");   // font checker /*** * FUTURE FEATURE PERHAPS */ $fonts = array(); while ($reader->read()){ //print_r($reader->name); if ($reader->nodeType == XMLREADER::ELEMENT && ($reader->name === 'style:font-face')) { //if(!empty($reader->name)){ //echo "here2\n"; //$line[] = $reader->expand()->textContent; // Put the text into array in correct order... $fonts[] = $reader->getAttribute("style:name"); //echo $font;echo "\n"; // DEBUG //} } } $reader->close(); //die(); echo "[=] fonts found: ".sizeof($fonts)."\n";   // step through text:h and text:p elements to put them into an array $reader = new XMLReader(); if (!$reader->open("/tmp/$rand/content.xml")) die("[-] Failed to open 'content.xml'\n"); while ($reader->read()){ if ($reader->nodeType == XMLREADER::ELEMENT && ($reader->name === 'text:h' || $reader->name === 'text:p' || $reader->name === 'text:bookmark')) { if(!empty($reader->expand()->textContent)) $line[] = $reader->expand()->textContent; // Put the text into array in correct order... //echo $reader->expand()->textContent;echo "\n"; // DEBUG } } $reader->close();   // find the content we want $start = 0; $end = 0; foreach($line as $key => $val){ if(strpos($val, "Discovered Vulnerabilities") === 0){ $start = $key; } if(strpos($val, "This section provides a quick guide to plan your remediation for the vulnerabilities discovered during the test.") === 0){ $end = $key-2; } $line[$key] = trim($val); }   // add to sexy array's $vuln = array(); $vulnPlace = 0; $switch = 0; $sub2 = 0; $sub3 = 1; for ($i=$start; $i <= $end ; $i++) { // change state (action to take) /*** * ~states~ * 0 = do nothing * 1 = next is title * 2 = next is description * 3 = next is solution * 4 = next is remediation * 5 = next is cvss no * 6 = next is risk level * 7 = next is hosts * 8 = next possibly title */ switch ($line[$i]) { case 'Discovered Vulnerabilieies': $switch = 0; break; case 'Serious Risk Vulnerabilities': $sub2++; $sub3 = 1; $switch = 1; break; case 'High Risk Vulnerabilities': $sub2++; $sub3 = 1; $switch = 1; break; case 'Medium Risk Vulnerabilities': $sub2++; $sub3 = 1; $switch = 1; break; case 'Low Risk Vulnerabilities': $sub2++; $sub3 = 1; $switch = 1; break; case 'Description': $switch = 2; break; case 'Solution': $switch = 3; break; case 'Remediation': $switch = 4; break; case 'CVSS Base Score': $switch = 5; break; case 'Risk Level': $switch = 6; break; case 'Vulnerabilities Exist On': $switch = 7; break; default: # code... break; }   //take action switch ($switch) { case 1: $i++; $vuln[$vulnPlace]['title'] = $line[$i]; $vuln[$vulnPlace]['ref'] = "$sub1.$sub2.$sub3"; $sub3++; $switch = 0; break; case 2: @$vuln[$vulnPlace]['desc'] .= $line[$i]; break; case 3: @$vuln[$vulnPlace]['fix'] .= $line[$i]; break; case 4: $i++; $vuln[$vulnPlace]['rem'] = trim(strtok($line[$i], " ")); $switch = 0; break; case 5: $i++; $vuln[$vulnPlace]['cvss'] = $line[$i]; $switch = 0; break; case 6: $i++; $vuln[$vulnPlace]['risk'] = trim(strtok($line[$i], " ")); $vuln[$vulnPlace]['owasp'] = trim(substr($line[$i], strpos($line[$i], ":") + 1)); $switch = 0; break; case 7: $i++; $vuln[$vulnPlace]['hosts'] = $line[$i]; $switch = 8; $vulnPlace++; break; case 8: $vuln[$vulnPlace]['title'] = trim($line[$i]); $vuln[$vulnPlace]['ref'] = "$sub1.$sub2.$sub3"; $sub3++; $switch = 0; break; default: # code... break; }   //echo $line[$i]."\n"; // DEBUG }   // minor tidying of arrays for ($i=0; $i < sizeof($vuln) ; $i++) { if (strpos($vuln[$i]['desc'], "Description") === 0) $vuln[$i]['desc'] = substr($vuln[$i]['desc'], strlen("Description")); if (strpos($vuln[$i]['fix'], "Solution") === 0) $vuln[$i]['fix'] = substr($vuln[$i]['fix'], strlen("Solution")); $vuln[$i]['risk'] = rtrim($vuln[$i]['risk'], ":"); // remove html encoding foreach($vuln[$i] as $key => $val){ $vuln[$i][$key] = mb_convert_encoding($val, "UTF-8", 'UTF-8'); } }   //print_r($vuln); // DEBUG echo "[+] vulnerabilities identified\n";   delTree("/tmp/$rand"); echo "[+] temp files removed\n";   $resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/rep2"; if(!file_exists($resultsFolder."/")){ mkdir($resultsFolder."/"); echo "[+] created directory $resultsFolder/\n"; }else{ $i = 1; while (file_exists($resultsFolder."_$i/")) $i++; mkdir($resultsFolder."_$i/"); $resultsFolder .= "_$i"; echo "[+] created directory $resultsFolder/\n"; }   if(writeIssueTable($vuln, "Serious", $resultsFolder."/findings_serious.csv")) echo "[+] serious issues: $resultsFolder/findings_serious.csv\n"; if(writeIssueTable($vuln, "High", $resultsFolder."/findings_high.csv")) echo "[+] high issues: $resultsFolder/findings_serious.csv\n"; if(writeIssueTable($vuln, "Medium", $resultsFolder."/findings_medium.csv")) echo "[+] medium issues: $resultsFolder/findings_serious.csv\n"; if(writeIssueTable($vuln, "Low", $resultsFolder."/findings_low.csv")) echo "[+] low issues: $resultsFolder/findings_serious.csv\n";   if(writeAllTable($vuln, $resultsFolder."/findings_all.csv")) echo "[+] all issues: $resultsFolder/findings_all.csv\n";   if(writeRemediationTable($vuln, $resultsFolder."/remediation.csv")) echo "[+] remediation table: $resultsFolder/remediation.csv\n";   if(writeOWASPTable($vuln, $resultsFolder."/owasp.csv")) echo "[+] OWASP table: $resultsFolder/owasp.csv\n";   viewVulns($vuln);   function unzipFolder($zipInputFile, $outputFolder) { $zip = new ZipArchive; $res = $zip->open($zipInputFile); if ($res === true) { $zip->extractTo($outputFolder); $zip->close(); return true; } else { return false; } }   function XML2Array(SimpleXMLElement $parent){ $array = array();   foreach ($parent as $name => $element) { ($node = & $array[$name]) && (1 === count($node) ? $node = array($node) : 1) && $node = & $node[];   $node = $element->count() ? XML2Array($element) : trim($element); }   return $array; }   function delTree($dir){ $files = array_diff(scandir($dir), array('.', '..'));   foreach ($files as $file) { (is_dir("$dir/$file")) ? delTree("$dir/$file") : unlink("$dir/$file"); }   return rmdir($dir); }   function viewVulns($vuln){ $s = $h = $m = $l = 0; for ($i=0; $i < sizeof($vuln) ; $i++) { switch ($vuln[$i]['risk']) { case 'Serious': $s++; break; case 'High': $h++; break; case 'Medium': $m++; break; case 'Low': $l++; break; } } echo "[=] Serious = $s, High = $h, Medium = $m, Low = $l\n";   echo" Ref | Title | Risk | CVSS | Remediation | OWASP -------|-----------------------------------|--------|--------|---------------|------------------------------\n"; for ($i=0; $i < sizeof($vuln) ; $i++) { $ref = str_pad($vuln[$i]['ref'], 7); $title = str_pad($vuln[$i]['title'], 35); $risk = str_pad($vuln[$i]['risk'], 8); $cvss = str_pad($vuln[$i]['cvss'], 8); $rem = str_pad($vuln[$i]['rem'], 15); $owasp = str_pad($vuln[$i]['owasp'], 30);   echo substr($ref, 0, 7); echo "|"; echo substr($title, 0, 35); echo "|"; echo substr($risk, 0, 8); echo "|"; echo substr($cvss, 0, 8); echo "|"; echo substr($rem, 0, 15); echo "|"; echo substr($owasp, 0, 30); echo "\n"; } }   function writeIssueTable($vuln, $issue, $path){ $towrite = array(); for ($i=0; $i < sizeof($vuln) ; $i++) { if($vuln[$i]['risk'] == $issue){ $towrite[$i]['desc'] = $vuln[$i]['title']." - ".$vuln[$i]['desc']; $towrite[$i]['fix'] = $vuln[$i]['fix']; $towrite[$i]['ref'] = $vuln[$i]['ref']; $towrite[$i]['hosts'] = $vuln[$i]['hosts']; } } if(sizeof($towrite) > 0){ $fp = fopen($path, 'w'); fprintf($fp, chr(0xEF).chr(0xBB).chr(0xBF)); foreach ($towrite as $fields) { fputcsv($fp, $fields); } fclose($fp); return true; }else{ return false; } }   function writeAllTable($vuln, $path){ if(sizeof($vuln) > 0){ $fp = fopen($path, 'w'); fprintf($fp, chr(0xEF).chr(0xBB).chr(0xBF)); fputcsv($fp, array("Title", "Ref", "Description", "Solution", "Remediation", "CVSS", "Risk", "OWASP", "Affected")); foreach ($vuln as $fields) { fputcsv($fp, $fields); } fclose($fp); return true; }else{ return false; } }   function writeRemediationTable($vuln, $path){ $towrite = array(); for ($i=0; $i < sizeof($vuln) ; $i++) { $towrite[$i]['hosts'] = $vuln[$i]['hosts']; $towrite[$i]['ref'] = $vuln[$i]['ref']; $towrite[$i]['p'] = " "; $towrite[$i]['c'] = " "; $towrite[$i]['d'] = " "; $towrite[$i]['u'] = " "; switch ($vuln[$i]['rem']) { case 'Patch': $towrite[$i]['p'] = $vuln[$i]['risk'][0]; break; case 'Configuration': $towrite[$i]['c'] = $vuln[$i]['risk'][0]; break; case 'Development': $towrite[$i]['d'] = $vuln[$i]['risk'][0]; break; case 'Upgrade': $towrite[$i]['u'] = $vuln[$i]['risk'][0]; break; } } if(sizeof($towrite) > 0){ $fp = fopen($path, 'w'); fprintf($fp, chr(0xEF).chr(0xBB).chr(0xBF)); fputcsv($fp, array("Host", "Ref", "P", "C", "D", "U")); foreach ($towrite as $fields) { fputcsv($fp, $fields); } fclose($fp); return true; }else{ return false; } }   function writeOWASPTable($vuln, $path){ $towrite = array(); for ($i=0; $i < sizeof($vuln) ; $i++) { if(in_array($vuln[$i]['owasp'], array_column($towrite, 'owaspId'))){ $towrite[$vuln[$i]['owasp']]['no']++; }else{ $towrite[$vuln[$i]['owasp']]['owaspId'] = $vuln[$i]['owasp']; $towrite[$vuln[$i]['owasp']]['no'] = 1; } } if(sizeof($towrite) > 0){ $fp = fopen($path, 'w'); fprintf($fp, chr(0xEF).chr(0xBB).chr(0xBF)); foreach ($towrite as $fields) { fputcsv($fp, $fields); } fclose($fp); return true; }else{ return false; } }   ?>

Ignore Space Show notes View crack_zip.sh 0 → 100755

Ignore Space Show notes View evilsvgfile.svg 0 → 100755

Ignore Space Show notes View privesc/LinEnum.sh 0 → 100755

Ignore Space Show notes View privesc/linuxprivchecker.py 0 → 100755

Ignore Space Show notes View privesc/windows-privesc-check2.exe 0 → 100755
Not supported

Ignore Space Show notes View privesc/windows_privesc_check.py 0 → 100755

Ignore Space Show notes View search_dump.sh 0 → 100755

Show line notes below