Home / Python / Miscellaneous

An Out-of-Band XXE server for retrieving file contents over FTP.

Out-of-Band XXE tool A python script to achieve file read via FTP! 230OOB is a tool that emulates an FTP server, assisting you in achieving file read via Out-of-Band XXE. Installation git clone https://g
Information
Category: Python / Miscellaneous
Watchers: 7
Star: 153
Fork: 44
Last update: Jun 12, 2022
Resource links
https://github.com/lc/230-OOB

Out-of-Band XXE tool
A python script to achieve file read via FTP!
230OOB is a tool that emulates an FTP server, assisting you in achieving file read via Out-of-Band XXE.

Installation

git clone https://github.com/lc/230-OOB

Usage:

Generate an XXE payload & DTD at http://xxe.sh

Start the server:

python3 230.py 2121

everything will be logged to -> extracted.log

1 Open More issues
Closed

Fixed the Clone Instruction

Fixed the Clone Instruction

opened May 27, 2020 by TiranaCorp 1
Closed

Implement dummy auth

Fixes #1. This PR implements a slightly different response for the USER and PASS command, which makes sure FTP clients don't fail when they receive an unexpected response when they authenticate. Every username/password combination is accepted by default.

This PR also includes two boy scouts: cleaned up some whitespace and I added the extracted.log file to the gitignore list to avoid having an unstaged file when you run the script from the repository.

opened Dec 26, 2017 by jobertabma 1
Closed

Inventory notification

Your tool/software has been inventoried on Rawsec's CyberSecurity Inventory:

  • https://inventory.rawsec.ml/tools.html#230-OOB

What is Rawsec's CyberSecurity Inventory?

An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.

More details about features here.

Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.

Why should you care about being inventoried?

Mainly because this is giving visibility to your tool and improve its referencing.

Badges

The badge shows to your community that your are inventoried. It looks good but also shows you care about your project, that your tool is referenced.

Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that Rawsec's CyberSecurity Inventory, but there are several styles available.

Want to thank us?

If you want to thank us, you can help make our open project better known by tweeting about it! For example: Twitter URL

So what?

That's all, this message is just to notify you if you care. Else you can close this issue.

opened Dec 12, 2019 by noraj 0
Closed

Implement dummy authentication for better spec implementation

opened Dec 26, 2017 by jobertabma 0
Open

230-OOB always crash after the 1st received message

230-OOB always crash after the 1st received message

$ python3 230.py 2121

=--------------------------------------=
|  230 OOB || an Out-Of-Band XXE tool  |
|    ____  _____  ___   ___  ____      |
|   (___ \(__  / / _ \ / _ \|  _ \     |
|     __) ) / / | | | | | | | |_) )    |
|    / __/ (__ \| | | | | | |  _ (     |
|   | |___ ___) ) |_| | |_| | |_) )    |
|   |_____|____/ \___/ \___/|____/     |
|              by Corben Leo           |
|                                      |
|      - https://www.corben.io         |
|      - https://hackerone.com/cdl     |
|      - https://twitter.com/hacker_   |
=--------------------------------------=

[+] 230OOB started on port: 2121
[*] Connection from: 172.20.0.2!
USER anonymous
 /NDc0ZmU3ZDNiZjMyCg==
TYPE I
SIZE /NDc0ZmU3ZDNiZjMyCg==
MDTM /NDc0ZmU3ZDNiZjMyCg==

Traceback (most recent call last):
  File "230.py", line 75, in <module>
    main()
  File "230.py", line 62, in main
    conn.sendall(response)
BrokenPipeError: [Errno 32] Broken pipe
opened Nov 3, 2019 by noraj 0

Contents

    mattnenterprise rust-ftp FTP mattnenterprise/rust-ftp — an FTP client for Rust
    robinrodricks An FTP and FTPS client for .NET & .NET Standard, optimized for speed. Provides extensive FTP commands, File uploads/downloads, SSL/TLS connections, Automatic directory listing parsing, File hashing/checksums, File permissions/CHMOD, FTP proxies, FXP support, UTF-8 support, Async/await support, Powershell support and more. Written entirely in C#, with no external dependencies.
    robinrodricks An FTP and FTPS client for .NET & .NET Standard, optimized for speed. Provides extensive FTP commands, File uploads/downloads, SSL/TLS connections, Automatic directory listing parsing, File hashing/checksums, File permissions/CHMOD, FTP proxies, FXP support, UTF-8 support, Async/await support, Powershell support and more. Written entirely in C#, with no external dependencies.
    mscdex node-ftp is an FTP client module for node.js
    andresoviedo Google Drive FTP Adapter to connect to google drive through the FTP protocol
    maxogden an ftp client that expose the node fs API
    haoxiangsnr PyTorch implementation of "A Full-Band and Sub-Band Fusion Model for Real-Time Single-Channel Speech Enhancement."
    TheNathannator A repository of documentation for chart files of guitar- or band-related rhythm games such as Guitar Hero and Rock Band
    Harlonxl minFTPD provide most of functions of FTP server. it's very simple, in order to learn the principle of FTP server.
    patrickjuchli FTP client for Node.js, supports FTPS over TLS, passive mode over IPv6, async/await, and Typescript.
    dg FTP Wrapper Class for PHP 5
    begriffs Browse git over anonymous FTP
    CYHSM A general framework for interpreting wide-band neural activity
    SunYanCN BAND:BERT Application aNd Deployment, A simple and efficient BERT model training and deployment framework.
    rishikksh20 MelGAN implementation with Multi-Band and Full Band supports...
    koofr An experimental go FTP server framework
    SpiderMate Toolkit to detect and keep track on Blind XSS, XXE & SSRF
    MicrosoftDocs A repo sharing out-of-band content created by the Windows Developer Documentation team.
    vp777 A bash script that automates the scanning of a target network for HTTP resources through XXE
    jvilk BrowserFS is an in-browser filesystem that emulates the Node JS filesystem API and supports storing and retrieving files from various backends.
    bandprotocol Monolithic repository of everything Band Protocol
    Share this repo

    Related Repos


    Miscellaneous
    100
    Playpen is a set of modern, gas optimized staking pool contracts.
    ZeframLou Playpen Playpen is a set of modern, gas optimized staking pool contracts. Features Support for both ERC20 staking and ERC721 staking Can start new rew
     
    Miscellaneous
    47
    DIAL(Did I Alert Lambda?) is a centralised security misconfiguration detection framework w...
    CRED-CLUB DIAL Workloads on cloud provide equal opportunities for hackers as much as they do for internal teams. Cloud-native companies are open to attacks from
     
    Miscellaneous
    42
    Code for "Semantic-Aware Implicit Neural Audio-Driven Video Portrait Generation"
    alvinliu0 Semantic-Aware Implicit Neural Audio-Driven Video Portrait Generation Code for "Semantic-Aware Implicit Neural Audio-Driven Video Portrait Generation"
     
    Miscellaneous
    40
    IDA Frida Plugin for tracing something interesting.
    P4nda0s IDAFrida A simple IDA plugin to generate FRIDA script. Edit template for functions or you can use the default template. Select functions you want to t
     
    Miscellaneous
    15
    https://t.me/master_thyself
    evmn Know Thyself 中文版 Chinese Title Authors Mind Hacks 刘未鹏 编程随想: 2009 ~ 2021 Blog Archives Program Think 晚点 LatePost 宋玮…… English Blogs Title Authors Essay
     
    Miscellaneous
    717
    a Jupyter kernel for Clojure
    clojupyter A Jupyter kernel for Clojure - run Clojure code in Jupyter Lab, Notebook and Console. Table of Contents Getting Started Installation Usage Scenarios -
     
    Miscellaneous
    132
    using your namespace as a notebook
    scicloj notespace Notebook experience in your Clojure namespace What is it? This tool is an attempt to answer the following question: can we have a notebook-l
     
    Miscellaneous
    794
    Python bindings for Clojure
    clj-python Deep Clojure/Python Integration Version Info New Versions Are HOT! Huge New Features! You Can't Afford To Miss Out! API Documentation Java API - you c
     
    Miscellaneous
    78
    Turn data into functions! A simple and functional machine learning library written in elix...
    mrdimosthenis emel Turn data into functions! A simple and functional machine learning library written in elixir. Installation The package can be installed by adding
     
    Miscellaneous
    6
    An optional component handler for hikari, inspired by discord.py's views.
    HyperGH hikari-miru An optional component handler for hikari, inspired by discord.py's views. Installation pip install git+https://github.com/HyperGH/hikari-m
     
    Miscellaneous
    5
    TikTok 4L and 4C checker that doesn't count banned usernames as available
    cliphd TikTok 4L and 4C checker that doesn't count banned usernames as available. Once a username is available, it will send it to your Discord Webhook
     
    Miscellaneous
    4
    TBOT Binance Smart Chain token
    TBOT-Project tbot-bsc-token TBOT Binance Smart Chain token Minting transaction: https://bscscan.com/tx/0xd387a96ac15a616f9b17bf9af84d63fd54de98e176a55bf11bb4f08855
     
    Miscellaneous
    4
    notes on reusable p5.js coding patterns
    M0nica p5.js Notes on random p5.js coding patterns Table of Contents Positioning Elements Responding to User Input Positioning Elements centering elements fu
     
    Miscellaneous
    3
    smart contracts for the implementation of a networked money stream using the ERC1155 stand...
    phydy MoneyStreamNetwork #Short Description A Tradable Cash-Flow DeFi-NFT that gives a holder the power to leverage their superfluid flow to get loans or fu
     
    Miscellaneous
    3
    Fb token and cookie making tools
    niloy0 🥀 🍁 ASSALAMU WALAYKUM 🥰 🥀 🥀 😻 🌺 HI I AM N!LOY 🥀 😘 😻 ! 🥀 😻 WELCOME TO MY PROFILE 🥰 MY PROFILE VISITORS : GITHUB STATES : CONTACT WITH ME :