Skip to content

Instantly share code, notes, and snippets.

View 0x9090's full-sized avatar
💭
🍌'>"><img src=x onerror=alert("never gonna give you up")>

nops 0x9090

💭
🍌'>"><img src=x onerror=alert("never gonna give you up")>
54 followers · 21 following
  • No Warranty Included
  • All public code is MIT licensed
View GitHub Profile
@0x9090
0x9090 / port_scanner.py
Created October 12, 2018 04:45
Pure Python Port Scanner
#!/usr/bin/env python
import socket
import subprocess
import sys
from datetime import datetime
remoteServer = raw_input("Enter a remote host to scan: ")
remoteServerIP = socket.gethostbyname(remoteServer)
@0x9090
0x9090 / makeApp.sh
Created March 5, 2018 18:54
Create a OSX desktop app from a web page. (not my code, unsure who to credit)
#!/bin/sh
# Usage:
# makeApp.sh <appname> <url> <iconurl>
#
# Examples:
# ./makeApp.sh Gmail https://gmail.com http://3.bp.blogspot.com/_rx1dHU9EQFY/THCcfaArRsI/AAAAAAAAB-k/-T1oLDCAEZg/s1600/gmail_logo_contact.png
# ./makeApp.sh Gmail file:///path/to/my/downloaded/icon
# The app name. Example "Gmail". No spaces.
@0x9090
0x9090 / Nops_Blogs.opml
Last active September 29, 2023 18:31
My Infosec Blog List
<?xml version="1.0" encoding="UTF-8"?>
<opml version="1.0">
<head>
<title>Nops subscriptions in feedly Cloud</title>
</head>
<body>
<outline text="Security" title="Security">
<outline type="rss" text="X-Force Research – Security Intelligence" title="X-Force Research – Security Intelligence" xmlUrl="http://securityintelligence.com/topics/x-force/feed/" htmlUrl="https://securityintelligence.com"/>
<outline type="rss" text="SecurityIntelligence" title="SecurityIntelligence" xmlUrl="http://securityint.blogspot.com/feeds/posts/default" htmlUrl="http://securityint.blogspot.com/"/>
@0x9090
0x9090 / gist:e02577d3bfa20d164b87f85cf60dc0e3
Last active October 13, 2017 05:36
Guide To Software Security
--- Reproduced From OneUpSecurity (Justin Taft) --- https://www.oneupsecurity.com/research/five-minute-guide-to-software-security/
Education is the best way to mitigate security breaches. Remember, security is not only a business decision, but also a moral decision. Always seek advice from an experienced security professional.
Hacker Mentality
Study and question everything. Break to learn, don't learn to break.
Don't assume something is secure without testing it.
Secure specifications are often implemented insecurely.
@0x9090
0x9090 / gist:57bbebd350cce6dcc51253b28894708d
Created September 24, 2017 05:24
iptables example
iptables -P INPUT ACCEPT
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -L -v
@0x9090
0x9090 / bin_to_cstr.py
Last active June 15, 2017 09:45
Binary File to C String
#!/usr/bin/env python
import os, binascii
# Converts the target binary file to a C formatted string. Useful for embedding binary files in C source code
target = "C:\\Windows\\System32\\cmd.exe"
output_file = "C:\\file.txt"
bytes_per_line = 16
@0x9090
0x9090 / listener.py
Last active April 12, 2017 09:05
Simple Socket Listener
#!/usr/bin/env python
import socket, sys
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
port = 6675
server_address = ("0.0.0.0", port)
sock.bind(server_address)
sock.listen(1)
while True:
@0x9090
0x9090 / gist:cb1e3b20f65c0919313d770d269f2486
Last active March 1, 2017 09:51
structured cookie testing
- clear your browsers cache, delete everyting (this will log you out)
- visit the page with the fresh reseted browser and see what cookie you get when you visit page first time (without being logged in)
- save this cookie for later
- now browse the site while beeing NOT logged in, see if and how the cookie changes
- after collecting all data that not involves a session, go and log in
- save this cookie, now compare with the cookie you gathered at first visit
- check what fields have changed, those that stayed same will move down on the list as second choice for alter testing
- any value that has changed, or any parameter that was beeing added, is now to be investigated
- now try changing values, start with the IP and useragent field first
- see if it logs you out after changing your useragent
@0x9090
0x9090 / hacker_history.txt
Last active January 31, 2024 17:29
History of Hacking
-------------------------------------------------------------
--- Mirrored From http://quietlydreaming.wumpy.xyz/qd.txt ---
-------------------------------------------------------------
1961.01.02 Caltech hackers (Fiendish Fourteen) hacked the stunt cards at the Rose Bowl (U of Wash vs Minnesota)
to say CALTECH instead of WASHINGTON and show a beaver instead of a husky
1969.10.29 The Internet is born as the first ARPANET link was established on October 29, 1969, between the IMP at UCLA and the IMP at SRI. By December, the entire 4-node network was connected.
1971.00.00 John Draper (Cap'n Crunch) uses whistle (blue box) to access Ma Bell
1971.00.00 First e-mail program written by Ray Tomlinson
1972.05.00 John Draper arrested for phone fraud
@0x9090
0x9090 / Coordinating ADFS Token Lifetime
Created July 27, 2016 20:50
------------
This is a backup of a useful article on ADFS token lifetimes that was taken down. Original URL is = https://tristanwatkins.com/coordinating-adfs-2012-r2-token-lifetime-logon-prompt-enforce-revocation-session-duration-public-network/
------------
Coordinating AD FS 2012 R2 token lifetimes to reduce logon prompts, enforce revocation and limit session duration over public networks
Back in February, I posted a question on the Geneva forum about Adjusting token lifetimes at the Web Application Proxy (WAP) for external access: